{"Records":[{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"4da9745b-de8b-4451-9544-60145504d852","eventID":"731d85d9-0680-4a66-be28-ec846826b71d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"a90a8805-cd4d-47bf-88a5-c8af1707fcfc","eventID":"16820008-edac-46ed-99ae-3b8a934075c8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"f51a86d2-4637-482f-81d9-aceec9f3663b","eventID":"0c9fd0fe-ff22-45a2-89b2-d12b6259f882","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"dff8bcd4-ef96-47a1-8ac6-de44c60d34f4","eventID":"21c250e6-3a14-4708-98cb-de2404bac0ad","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"77c0dc4d-0588-4938-9f11-413847e183b1","eventID":"3e056b28-7d2d-4dee-b02e-f27c364000d3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:51:11 PM","endTime":"Aug 17, 2021 11:52:10 PM","maxResults":1000},"responseElements":null,"requestID":"e5745aed-5f7f-4b44-a458-682cac73d5fb","eventID":"0d99de12-3a95-4bec-9856-ace13f89c224","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:30Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:51:11 PM","endTime":"Aug 17, 2021 11:52:30 PM","maxResults":1000},"responseElements":null,"requestID":"198edecc-839d-4e90-a321-bbf35d70526c","eventID":"199a1f58-edf4-4b94-a76c-acaaa9aa0b6c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"b79c4bc7-e02a-4803-9659-1824e3b24042","eventID":"f4c0e95e-29a1-4c6c-9b68-ae0cef730d4d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"0f92a271-7b81-4485-9b69-5af6b65acaec","eventID":"2c33af9c-18f2-435c-a79a-28cdc6850550","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"75915805-68d9-4c09-9566-075470c83eb3","eventID":"701c253e-8647-4d98-ba45-5cc60711e81b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"634b9d2c-e03f-4cb9-8ba8-fe7fb8a6bf13","eventID":"488e3671-d7b6-46bc-be31-19b8afcd2f98","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"840b802e-6cc9-4761-9a50-84639ec1f037","eventID":"9034dc72-4bb1-4170-84ec-d2bf1c8fcaa4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"2078ea47-7830-4ebc-871d-9acc8feb0196","eventID":"d9f00f1b-994c-4178-9b17-9f59813704e5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"dd6f35a2-08de-48c5-8131-86aa72b0cc43","eventID":"02ec3c7d-9f2b-4b3d-b903-b26a31c197a8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"476e6e82-1510-498e-843a-6ef921c2110f","eventID":"fc07a3ec-cf04-4590-8934-28a071ae8e57","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"ea31e951-6da2-4dbe-a8a7-f626ad6bec31","eventID":"f3a859ff-e824-405a-ad2b-02b66970a6a1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"b70c34c3-5537-40c1-813a-cde3985d67e5","eventID":"934f3ceb-d3f0-4c99-b0b4-c4ff3212094e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:34Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"4c8421cd-949f-4212-a607-76f6abdcf9ab","eventID":"fa438a74-4f41-4f52-8305-b7462f31bf61","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"42a3936a-99b3-4d72-9ccc-35ffafa67137","eventID":"a43d58d4-4128-4948-adb0-015388628189","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"64152c03-94c6-431d-a875-392631351803","eventID":"fd34af38-04f0-4d78-b74f-599a50971664","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"dcc7338e-5661-416a-94c8-e5bea1823fbc","eventID":"e01e6f96-9c73-45d1-abfe-2a37845bb625","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"760e30be-3e90-482f-981c-75719803e97f","eventID":"2b758b86-469f-44c7-adf3-5d4078094cca","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"8a90be4c-7cf0-45a9-b090-b9fbeb247078","eventID":"97fc2944-74de-4623-9bc0-e492d866fd19","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"b589521b-9ac2-41b6-909a-f369c15f2331","eventID":"ced340fa-eb6d-4d18-be2b-10e980c8d093","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"e66b2fa9-4888-4786-88b2-846ca7bea8dc","eventID":"d88692b6-7f0e-41e4-b85d-1f4b1afb44b1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"2277a54f-9682-4c2a-a1d7-c53b459644fb","eventID":"2dddb640-f901-4a28-b97b-984e16a3bb80","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"7a68b3c4-cf73-499b-8613-4222f79ffc30","eventID":"e049acec-bf2e-4299-8004-bb54e8ea5c6c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:35Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"caba7547-4c19-4eac-8b42-4ef5baf625a2","eventID":"8314c721-5178-4882-8360-661c0d6f85e0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"9cdf31b0-ff22-4b49-b441-b4397f55163b","eventID":"5f69a6b6-4dd8-4aed-b88a-3a853ea630ba","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"7439b438-53fe-49a9-aa61-9d6df090afd4","eventID":"5a7abedc-d469-461f-9d84-b1b457ee3e2c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"b09c9ff3-7a8f-45e6-9c64-6d6bb1507273","eventID":"cc822d62-8858-4427-abff-4625c84f0a0c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"7c10c772-2734-4124-85ec-e8b0c0be682b","eventID":"50cb8c53-621b-4ddf-b9f5-205ae0c53a1d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"ff656710-76d7-4f4a-b06b-d4986adb850d","eventID":"3d75ef54-647a-453c-bea4-10ecefb9e393","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"635fd1e1-f611-4753-8dfe-b6562a4eb890","eventID":"d7dac655-3b79-4d3d-bfc9-e6d4fc0a3643","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"385bfb0d-f5b1-424d-82ea-3d6b24160e08","eventID":"086c8640-419d-4fae-b2be-191bcfa23aee","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"2d5e6f3f-aa2c-47b0-be7f-98af8a98f00e","eventID":"7fd877b8-da45-4b31-bd6d-24fec827eb68","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"2c7fd077-db6f-4ee7-9517-9b6d6affde7c","eventID":"c17903f4-4ebd-4cae-94e3-31576f0545e9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"4b112889-9bb9-43f4-858f-d7f21febbe46","eventID":"d6727e6d-a95d-43fe-a214-87607699f62c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"0c3db18f-f18a-4425-8cee-a8529d4e0da9","eventID":"f0f0a1ff-ba67-4e5b-be4d-8328632280d9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:35Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"6fd1437d-e870-4621-b4f6-e1c9a31da4f6","eventID":"ced50432-d03c-40d5-8347-da739e53da2a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"db40dd55-9ca4-4fd3-8454-2ebb4d13ff0c","eventID":"920eb568-fa83-48c7-bfcd-d6d1a53952ba","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"d48daf60-ea47-48f9-a4c2-4e2ce7b9c03f","eventID":"84fd7675-520c-407c-a28b-487f63cd7680","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"fcb7dab0-6f5e-41f8-8149-43b796ee4865","eventID":"9a3a223e-4b17-46a3-acc2-bd2fbc47c7f9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"47b7b541-0f56-4fd5-b7e7-cf35f9b993aa","eventID":"3e186bb6-3b9f-402c-bc09-912ce4c7c213","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"09b3e511-ffda-4524-9e5a-6f8a63861459","eventID":"1d80844a-ded5-4564-ae8b-6ad76aac2785","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"89597478-d6a0-4299-9462-c7e6746be404","eventID":"f41757bf-9ea6-4f67-9895-85c31a05ce84","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"623a8635-a5af-4700-ab45-740e9342b477","eventID":"26a1993a-edc8-4220-a49a-70be11af21d5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"cd274c93-5eca-40f9-9fe6-055b2d98ae83","eventID":"c1492b85-2371-4f17-902f-924625a67ee5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"cecc0b63-dcfc-4545-8ecb-404fe2cf65c7","eventID":"7ca89970-0c88-49e7-995d-0fa1d2699241","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"140c4ab2-8d52-41f6-b83e-bc1ed5f5b8c6","eventID":"88818181-5448-4051-a94b-cc75c3873322","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"b73f8050-e2db-485e-9017-6ab765508028","eventID":"901b3a11-6ca7-496d-b805-5e8f47cebea5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"8a6e1e38-cee1-42bc-b027-e88ddba869a9","eventID":"e8b3dc92-a6c2-4bda-a6d5-81f032278f54","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"e705dc29-dbbd-4ef6-8c8e-fc7d5d48615f","eventID":"acdf66d0-263b-4ef6-bf5d-2e7cf6bccbf1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"27b40c38-11e0-4f1a-8165-5b611e25d8f0","eventID":"a66cbf5e-e54a-44a6-b8ce-af84e51d2a2f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"7be80384-3ee6-453e-a194-23721ef85fe1","eventID":"3f8997ce-1ee1-4481-84ed-dce903851d35","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"a3581d60-a330-414d-aee0-07dddaa7da43","eventID":"bd706498-3d76-451d-a5c0-287371a743d7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"5618d2c9-50fd-434d-8a21-0956301efd11","eventID":"6659ef1e-f195-4e15-b452-e61ac502c15f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"e4e2fc00-d5b0-4b36-9054-060307c3b3d1","eventID":"4e6f44a8-a50d-4c8c-9ac2-4be02665b2ab","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"7dfa6b95-bbc1-4cb8-883c-3f2d34ba5014","eventID":"7d7c9ca5-e67b-4541-97b3-17af0d71f404","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"044c3899-e9f1-4fd2-bef7-1b1b6569c369","eventID":"45581a56-2294-4d75-9e6c-32f8e996a015","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:11 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"ab08fc16-8055-428f-a3a2-ff5ddde8d527","eventID":"b4a4574a-c4dc-4142-aa76-bc5f5f0cf06b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"302b450e-c289-4449-b336-40844d8cf7ad","eventID":"8438cac9-a3af-4f35-a172-46ff181de9cc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"013233c0-9245-45d1-9f3b-1b433ce30c04","eventID":"d4727b24-f0e8-4cc7-b631-13f90070230b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"cc3ae510-4526-4e6e-b185-0e004f288f1b","eventID":"50888602-58d6-4428-aa80-b1a59961ed1f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"04fa54c3-5f98-4225-8c85-5675c715c607","eventID":"1a33b484-c1d2-4dab-8001-b510b3d1165a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"1b6a6e3d-e98a-4d46-a142-a87db99b1b1d","eventID":"7d94be6d-0a49-49e3-95b2-4ddbe902ca26","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"f487db63-047d-49dd-9e35-4e90a4186950","eventID":"ea406d56-ef06-4258-8f5e-2a70a818dc3b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"5ec34db7-785e-423d-a844-9d19a693666a","eventID":"beaf8b09-f701-46fe-a11a-ee25cec14a6c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"3ace1e79-6bba-4020-b342-29471746ab08","eventID":"9eb9a3c0-c806-486c-81bc-545f4d230a57","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"5c57f7bc-4259-49b7-a36d-ddad5432730a","eventID":"3616801d-04c2-4e7a-a7dc-41e0565eda81","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"55f2b9b5-546b-44e7-bb58-b0c7a28efef0","eventID":"14319041-520f-445d-8d79-69275e6a67c2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"21bb928e-53ec-49b0-92da-7e0af69d79d7","eventID":"922d5b78-eb9f-4c1e-b8a3-cf933d1f83f9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"ec18d9b6-3a26-471c-93e3-82d0546d53c1","eventID":"23ec5b1b-e9ce-4d9d-a23d-2caf6c2a433a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"c790a8eb-aa37-4e7a-8752-c9b1602ea03c","eventID":"322c98d4-264c-4bee-944a-dbae92af6328","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"516ab4d3-9dfe-42ff-b611-32ac9009c719","eventID":"3e17b5e3-c005-4c7c-9934-b04842517435","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"d1944f20-78b8-47d5-a027-f56eb37136c1","eventID":"72789e3b-2471-43cc-8127-7e0e16363a02","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:25Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"933caf49-a73c-4304-9396-14b8951835c9","eventID":"c6d3d16e-d9ba-412f-afd1-effc9899fed9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:25Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"bf9944bf-a663-42cf-b9ed-16775ea71c6a","eventID":"20a7ff40-9153-4cab-bf11-6b783d3b65e7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:26Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"acff671e-1d60-4b7c-83f4-6363b91762a7","eventID":"dfc90a17-4111-4c0d-9b21-b9970862c026","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:26Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"229074a5-928b-47eb-9270-a8eca36df478","eventID":"961c17d5-b354-4260-95e4-fce1759f4d5e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:26Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"af6fc275-0dbf-4ac0-94f5-30003cc82925","eventID":"11818859-bea6-449b-8a48-705ef241981d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:26Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"20620e35-e33a-4d3b-865a-64d2b56fca27","eventID":"12128585-8d04-4b92-a346-c66eea8f3d7c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"3cf4854a-3a6d-4956-b067-50bc7948dfd7","eventID":"b17332f7-bca7-4086-87aa-58da718e017d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:20Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:51:11 PM","endTime":"Aug 17, 2021 11:52:20 PM","maxResults":1000},"responseElements":null,"requestID":"58d14a44-8c2c-4135-86b1-0aade0094147","eventID":"f44cd4a5-5d5c-4332-8ef0-907fef4920bf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"95e4c18a-c73b-4fef-9b3e-96ab8f8b0aeb","eventID":"dce83744-6717-43bb-8f51-e8f0f54bfed1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"5ec51684-c4ac-41ed-b064-e26e93afeec1","eventID":"f35adacc-a277-4331-9e87-9cf952e4f067","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"c03a635d-1069-466c-b979-8c779a7039cf","eventID":"978d2cb6-12cc-4d2c-890b-8325ab3566e3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"81df2c81-f16e-4b50-b4af-89bc743b2df6","eventID":"48adefb9-9588-46f9-8422-b2b7c9b9667c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"f2deaf32-d14a-4a68-8042-fbffdfe08add","eventID":"9d2ece8c-09eb-419b-b4a1-7db811fd1a7f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:49Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"4718cf77-1555-4ab1-95c4-687a573f652a","eventID":"6e5f354a-2fbe-48ff-9e2c-7a952156c757","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:49Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"1de5b89c-19ce-45c5-9aa5-e93afbd2af1b","eventID":"011be3f9-82c3-4f89-9f8f-aa6f2399b5b1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:49Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"9fd1ff11-8d47-4e2d-935a-a85dc390a184","eventID":"c631a2a4-d830-4561-aa97-d4903862595e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:49Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"f6c15a56-5b93-4e1a-8825-93432249f90d","eventID":"339d22ab-a5c4-46c3-9ded-393c256c40ef","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"96085d5a-3543-49ab-bc48-c5d3c2c29724","eventID":"0b3109b0-ab9f-41cf-a058-b369054210a2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"337de00d-f8e7-4695-aa4f-8e5d4bd2d4fe","eventID":"aad7153a-b73c-4015-8a28-f94e8daad3ce","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"946a81a0-0e33-4007-8733-9f0bbbb209f3","eventID":"ce7ff114-3fa2-49b7-859f-fad488d91b60","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"429438de-f6c9-4d09-8954-8314693e8d34","eventID":"a8447e5b-0de9-47eb-a1d6-dfe6cd795ed0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"2e06cf7c-f640-4ef2-a97d-e88e326dc3c4","eventID":"eb144692-974a-4219-946d-7236a176421a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:22 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"103f63ba-58fc-4d0d-a516-3790ba514372","eventID":"cf7352df-c01a-4978-82cb-c56e3229d5a0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"66ee961d-079e-4bb2-8e2b-fc1a0bd3b205","eventID":"cb2f5f5c-b1b8-4b63-9406-6102bec14b6c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"e7a88cb4-2f10-49aa-861b-3ebb804b6f69","eventID":"62fe2f8f-e231-4b68-97f4-04501d180c28","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"9bd0bbee-bcc9-4c85-9ad3-b3f2adeb3871","eventID":"3b8dc7ee-3ae0-4242-b16c-a672d1f1dd62","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:41Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:51:11 PM","endTime":"Aug 17, 2021 11:52:40 PM","maxResults":1000},"responseElements":null,"requestID":"925e1099-5c5a-49f0-9c6f-847e081869c5","eventID":"c45441d1-5c9d-4023-b6f7-6ff6de81b594","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:29Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"5fc8b243-6172-44d6-b4ea-09588b1acdea","eventID":"013f0e8e-ab40-43d7-8fe8-abd2a3cc074e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"e741289c-aef9-4d13-8473-94627d78f297","eventID":"1832e4e5-7b8e-43c4-b4a2-2ec8707ed4ac","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:46Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"60426494-1c88-4e4f-be0c-f5dee8b4d244","eventID":"26d5a5c4-8cd3-4fb3-a033-e264b9833da2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"f25d0836-bfe8-4757-bc6c-632a6643c29e","eventID":"a82fbcab-f890-49a4-bd6a-7530e40755a9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"3cb45947-c003-410d-8129-68a536852851","eventID":"0a0782f6-ef6e-4703-a7bc-6c894a97961e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:36Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"c60a0ad9-3ff4-44c9-9765-8aceaeea9bdb","eventID":"9fccbc0e-ab95-47be-bd3d-439aa531f50a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:36Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"76060d41-a48d-4eb4-97df-8ed685d5bca7","eventID":"5ed7d098-dfa3-4285-8db6-89e8ddd1ce56","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:36Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"d8282bc1-d20b-428c-b116-767b87a05182","eventID":"34a595af-1ac6-4082-8bb8-6213d9a09d25","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"4bf8d2db-d6f5-449e-9b83-f5de50a55424","eventID":"693f39bd-042a-4c61-926a-e6676f103c65","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"0606bc4f-6fc9-46d8-bfc9-dd08153ff6e5","eventID":"8a73dcc7-380b-457a-969f-76472a6874f4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"941175ba-e55f-4324-8166-7e66915f798a","eventID":"bf8e7c14-4527-4dce-aa66-26eca75b74e2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"e9d67bac-5766-4139-96bf-a212ab5b734f","eventID":"9270ddbb-59ab-47bc-9698-944e62326498","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"19b4d2df-d3da-4f85-a8a5-809da54babe0","eventID":"e6648c97-3cca-4a93-a79d-02390d993cc4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:50Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:51:11 PM","endTime":"Aug 17, 2021 11:52:50 PM","maxResults":1000,"nextToken":"90lWo1JRQUKs+DeeKYDP8303mVxJMBmcOwJsgIhQ5XcEgxipqAp0y1Lhm1XsCEpF"},"responseElements":null,"requestID":"1c969ef8-ed0a-411a-ab4f-6e159fd86814","eventID":"9dd363c4-38f9-4d62-80d5-55b2302830b6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"9879711e-a2fb-4d64-ae62-305a22a3fdd9","eventID":"3033c97f-6e56-4dba-991e-c08761a595fc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"75938a33-15b1-42c4-a4e5-b8c17a93ede6","eventID":"9e5d2a9d-eeb5-437b-91c0-244dfcd1a773","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"fad4121d-4fb8-4e7b-9d4d-718609f8a28b","eventID":"1b0bdc66-7c36-425f-a3ca-4850dfd9592f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"39e6cd42-d425-4714-8822-0c108635cf6b","eventID":"527df7f4-803f-4819-a61a-b1eb88b3f3b2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"d2cdae08-a748-43fd-9b8d-dec0ced13256","eventID":"6306c5f1-ef1e-42ce-bad7-9e1224f76f4b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"f9e6f286-5237-4a56-9d4c-c7776b45c72d","eventID":"6e104b93-201e-4502-862a-e14d957bdae6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"290b4162-3c0b-42ce-b480-a29b47ba6ee1","eventID":"30a62906-0e4e-4daa-b19a-52cbc3fcf352","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"b1e925eb-a122-4548-b8ea-f780dcdb557a","eventID":"fb6f1d20-3933-4f13-8e00-81e1458802fc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:46Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"40b2d56d-65fe-454a-b674-0e5c8d3010fc","eventID":"0833c231-cf81-44bf-be1a-d6fcb877c4a4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:46Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"c924a413-152e-461d-b1be-45945477b1e4","eventID":"b063a0e5-d73e-4b66-915d-f4eda8080249","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:46Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"445e092d-05b4-43ae-8e33-a078eeeed49f","eventID":"de78cfed-692c-4db5-b7aa-d3c828df62e3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:46Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"a9d971be-1219-4df7-b4ee-53900abf61e2","eventID":"59592dfc-1895-4bcc-a8c4-e286b7468720","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"4483f75e-b667-4e06-90e2-c27532f3f93d","eventID":"392bb75d-e440-4e07-89ab-546e592ac618","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"efb4581e-56b0-4935-b617-647cc187202d","eventID":"32a05d23-4e6d-4937-97e4-b24e22aa89b8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"e559b757-7069-4e84-ae6a-beeef2ab1a26","eventID":"6a300852-cfea-4a63-bea1-2f1447c25af6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"d4f40db3-f901-4180-bad5-4e9fc39b9d0a","eventID":"a1b70e08-27a5-4ea2-a276-53209ca337e1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"98f14920-18bf-4160-8230-521471ae3a95","eventID":"9a589ced-17d9-4ed5-ab45-97cbd467c323","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"ce1fff59-ccc3-4a51-9445-8803408ae9ed","eventID":"695ea82f-2f04-4175-9113-878432fe4168","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"e5c4fdf5-d963-40f1-86b2-4647da4e46a1","eventID":"a9dd4acf-0144-49b7-9f5e-ea96e8cbd950","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"8a1226f6-32b8-4ef2-a259-2591499dc999","eventID":"44492431-0e15-47e6-b2f8-191e82c14d31","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"caaad6e7-398a-4cad-b8c0-e027803c3774","eventID":"6ebf3ea6-0a8b-487c-831b-4397badd86d1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"ff24d096-0c57-411d-b8da-01879b6a8542","eventID":"bcd8f28b-bed7-412c-a70f-9356cf7db019","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"76aba4a9-1f4b-4461-bc79-57592f8adfae","eventID":"97a8d902-f040-41aa-94d4-29ab20ca37e7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"4b95afa2-8710-496d-8310-4fce23ebbf86","eventID":"30d1526d-acf0-4aa6-9c27-1dbc487246cb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:46Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"df5f6275-1ddd-404c-8460-b39e24add731","eventID":"f364f452-4b3a-4f16-b1f1-6ab1e2ede1c8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"8e461d74-f73e-4a9f-97fd-ab9e8629d6ac","eventID":"3129c4a5-be9a-4723-b365-c55bf39b99a7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"846cfd53-2398-4f41-ba3b-47f33d4986cf","eventID":"53f6f545-cfc6-4411-833e-542d3a90500b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"63641b2f-01a7-4d55-a11e-33ffa3cacba1","eventID":"845ea41c-7883-44bf-96df-ba5c60f3c09b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"ff8b9aa9-8e16-4dea-9d77-96b5e750d93b","eventID":"636f560c-2212-4070-8055-83596b5d3772","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"a8d08e9a-5d72-4681-be15-5857bb7a35fb","eventID":"7da72302-574d-4060-a6d5-fe048a7750b6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"62ab2dea-6fc4-4995-aa19-2e06d075694f","eventID":"1d75334a-b5c8-45c0-9ccb-2cc9cf034944","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"c529a01b-7246-46e7-b219-6016444cfea3","eventID":"0216f5f2-dff7-480c-8dc6-7d1c41e0f2ef","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"65041130-9761-4248-bcf0-c3a6f443eabd","eventID":"0935792b-b379-4f32-b920-472a65a542cf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"1598a8a4-c08b-4f8d-bdde-2a559352ac61","eventID":"6cf589ed-66c3-4d03-9632-97a02c045c06","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"0bd24217-2e5a-4f30-8080-478a155fb3cd","eventID":"95e7eb9a-7a89-4d1a-a336-a15a46ef5872","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"58547d59-3e8f-4f6b-9235-01521c3eca5c","eventID":"9594cafd-1cf7-40fa-806e-d1e30cc53863","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:42 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"05ee61ad-3603-4f35-a99e-9d0bf9dce73e","eventID":"82884795-9ea0-46e0-b155-97f73bb29f13","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"71ea3f34-9062-417d-9cc4-0cc82cb56f21","eventID":"e6967abf-a50b-43b8-bc72-8a5954354cc2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"7a33a907-f82f-42a9-be82-d09bc670a2f4","eventID":"d905f3bc-3a73-41f5-b19e-199b3d2ac7e0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"10a1c401-49a9-4ed7-98de-82a688fa7837","eventID":"c31e11fb-1723-4526-9fbf-ce1f2d6fb3dc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"60de27f3-b1be-42ed-bfdb-f41f0f10de79","eventID":"6734e4a9-5898-46f8-b20f-aca379e5450f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"3cf14c6a-99bc-4a81-a523-6936ef74e019","eventID":"0022057c-5c44-44c3-897e-78c7d5073e12","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"cb703e60-3e96-4fb4-a663-40be48135a83","eventID":"c4b77812-ef79-4cd3-bb3c-7a12d50b0a00","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"8eeff631-26b6-4f0b-b3f3-4b5af23041e8","eventID":"ece942e1-4af3-4321-98d8-d3e49a91a9c5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"aa3f650b-b416-47ee-ad46-0e4c1bdd41af","eventID":"18967379-3cf2-4697-b548-4e8aeece5ca6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"b1f38388-4978-4249-9b6b-576c15eaa0ba","eventID":"d6788d22-787d-488b-84f6-45cf92ea6e04","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"56c4eb47-31a4-4616-8dd4-6dba6fe1d99f","eventID":"ce5e2263-7425-408c-adac-f9163b796907","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"64ee4b2e-8527-4b0e-ad20-32da8b963f16","eventID":"e03dab7f-f8c1-4cb9-b036-006fbb2a4e81","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"7ca96c90-b26a-4c28-a5ad-080553dbae1b","eventID":"49fca39d-6e6e-4652-a87e-5419d1f14196","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:51:11 PM","endTime":"Aug 17, 2021 11:53:11 PM","maxResults":1000,"nextToken":"vCdDQZuQznRSryeWR2eNwzL/Atn3/387AHMjWADaQOXwxkx2KWS5pHuscvfxPsvi"},"responseElements":null,"requestID":"cf147d58-2db1-40e5-81aa-f81353bd05fd","eventID":"75e7d00a-5287-40fc-ac2e-38798bfe00d1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"aed057f7-0f59-43c9-a803-a06eecb37741","eventID":"1c7bf8e9-34fb-42a3-9225-88aaf012a5f3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"7536ff49-3b05-4c43-90e4-5f8126d76235","eventID":"7bb99618-72cd-4132-8bbf-92dd89ab070d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"a189c627-8816-4747-a834-4744c615a0ea","eventID":"a0735ded-8cc8-4816-b8d6-b5e00a0ad55a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"b560b3db-7f2b-4012-9651-c4458e595c5c","eventID":"7214bd7f-bef9-4776-9792-9efdd82eebd2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"534f8551-87fd-4fcb-9a62-79604eed6fd6","eventID":"316852ad-0630-4d3b-b0b8-c8866eb2dcf6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:52:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"e7ae6581-1794-45a2-97ba-8a2b4d110e55","eventID":"97add129-6e0f-4faa-a855-29747a7b8d05","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"0e48cfd1-026c-4783-bde1-35eb13255c5e","eventID":"0830cbc0-91ac-448c-a81a-614b6094de95","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"45473031-05d6-4e8c-92ae-76d1f1268d25","eventID":"a4e110c2-5363-45b0-a72a-699d6893ed41","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:01Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:51:11 PM","endTime":"Aug 17, 2021 11:53:01 PM","maxResults":1000,"nextToken":"StOZv5olr2L0muQwKd/8Y3r0EQNIBacR/DmfOpg26XOZh4qHNanQDVzkoLQO80xN"},"responseElements":null,"requestID":"6aa3dfd6-9bd7-4000-9e6b-03faa03eb610","eventID":"22e72774-779f-4469-8fa8-1b9fc5b4d6f3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:21Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:51:11 PM","endTime":"Aug 17, 2021 11:53:21 PM","maxResults":1000,"nextToken":"dYRBMTZlrXX6BYx70wmnmdYxSH+PYmLvLTYHt1w6D3T1pGOzZI+7XiIlZuQXhJae"},"responseElements":null,"requestID":"d9176c3a-fb37-438f-95c4-ddcb64f92da4","eventID":"b550390e-29ad-4224-981a-5e9fc43b7ebf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"71b5c1d0-aba7-4861-bc55-4321ba98022b","eventID":"ca6e2e19-8bef-419c-be51-5eabc66904b0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"aba9dbfb-f158-4519-89eb-d6ec0d7a79b0","eventID":"bc656c10-7ec0-44b8-9675-3ee05a256c2e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"f60b5eb8-f16b-42f6-b23a-f9602d738240","eventID":"a2c8ed1c-1148-457d-9c5e-00d7f15ce387","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"e7370212-3e00-4ec6-91b8-d7fc10b0a5fd","eventID":"d2378210-e8ee-40bf-b25b-413b57371390","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"fdf84985-1b64-493a-b918-41494a6a2d6f","eventID":"0b3c7542-c072-4540-8f7b-c253bdf25982","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"81821126-b6e9-48e5-9be0-a1c6b75b3f3e","eventID":"7c93e5a7-eeac-4132-98aa-5d59c6e0ffd9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"cd0e8839-c040-4a74-9b01-e440db84f6d2","eventID":"fc66262a-6299-4c4c-b84b-18c69974636b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"32e7fbb1-8f35-4289-be51-452e7be5700b","eventID":"d700d544-9776-45f7-be68-fc033454da94","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"c972dd7a-1d7f-4e9e-885d-f69b30a85eb7","eventID":"454cb322-2959-4cf6-986b-b1b0b655abfa","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"229def48-346a-4e33-b590-cd3538f9d5c2","eventID":"614d6142-6a3f-40a6-943c-a0f21284177b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"6840c2af-5ca4-4fac-8968-d3c0ddc6b409","eventID":"a8b37b38-e7c6-44bf-a6bf-76530e51ba31","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"8b373367-0866-4c25-b70b-47252f58bfa8","eventID":"a03d0dd2-fb8a-47ab-ab2a-4ac9b5ab19c8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"3f48bde4-a356-46f2-ab26-02bf6f105ac5","eventID":"f7a24185-0d3c-4313-8299-272b8b655aaf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"fc287fa5-2d18-4bbb-8663-f69aeb9df2e2","eventID":"3aa98473-c860-40d3-a673-d84ed60084db","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"e1d56ad2-860e-40ba-a7f9-0c3b7be08952","eventID":"efd9f79b-0e41-4851-9efc-0f85f6dba334","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"a43a4156-2f26-4436-bf8b-a40d1c27f7a3","eventID":"305bea42-83f9-4fe2-9bce-6b6171e5a56a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"099011a6-49bf-45e6-a467-174ebf723b5f","eventID":"c467e56a-7ef8-42fe-92aa-0c1428637800","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"31613f5f-af12-4b94-82c0-93989fbd8cae","eventID":"a03c823f-956e-43d4-bb83-a9b9dd0b8779","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"48cfd4ba-c025-44a4-bdfe-3842b3c44876","eventID":"4c896b1b-b6f6-4289-be2e-e1b680208b20","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"5d3bf82b-d9bb-4df5-8066-c19713de7cd6","eventID":"a5b0b3a1-7e4b-4dac-8cae-a99ce8c4e61a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"e0438b58-5c39-4bd6-ac30-b5156cfaa1ce","eventID":"30b49ecb-1ec1-43a1-986d-e5a8c4c92584","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"9b91760f-4a62-45e5-998f-d5f64a0384c8","eventID":"a0f6942b-c7d8-40df-83d5-7981a5415bb5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"c03f2231-91b9-43b9-996b-3f4930225937","eventID":"2bbea6ef-0a5e-4173-8cf6-ca8db789aafd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"106d2db7-79b8-482e-9133-560df0f62d25","eventID":"177b19ae-de92-4f3e-b3f1-3e5e2aa2e14f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"c63ba8d5-5924-482a-888a-9b9ab6c50a2b","eventID":"dd128160-e9c3-4d9c-b1e1-9e1f6117419a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"4f58fff5-fed7-44d6-808a-59467ef5ca5c","eventID":"0f6ab177-1e57-4b92-8081-bba64931e704","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"a3d8dd9e-7d8b-4181-8ef9-524011c96072","eventID":"da48ffb5-307d-4b88-abdb-125d206a9834","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:52:52 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"05a6a55e-d637-4614-9d5e-57b5afed9875","eventID":"5d1b8b1c-50a1-4703-af2e-54543200ea85","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"c7761e13-d5f4-49d8-a342-bb32461d1c3a","eventID":"3a26914e-4831-4734-baa4-4b4727aa8a18","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"9060cc59-9d6f-4de7-86bd-05c07744b4af","eventID":"94aadd5f-d5e4-410b-989c-a960b215419a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"75f57c87-20d3-49de-af33-46e7214492f2","eventID":"5389ea9c-6f06-4ab7-8013-bebdc54efe49","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"f3f617e8-9e39-429d-a25c-ea7d777e1b8e","eventID":"f90d47b8-9ff5-42da-b2c4-54c889335d7d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"8012625d-6e17-4ef5-a44c-82a2af56acb1","eventID":"2a356e26-6c3d-4b78-8588-dab70877bd6e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"0b09b41a-dd44-43d1-a8b9-3f51c8ae6272","eventID":"8bee8de5-39c5-441a-aa4f-f519275b5332","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"f666e7a1-b539-4d14-8581-a91221fdbc5d","eventID":"d6845db4-cc2b-4f23-a1ff-f8a4168d5ceb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"04dbd4ef-a5dd-4f9f-8c4a-965bfa29162a","eventID":"abd59f7d-1b54-419b-806f-0af0df7b3b2a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"5c83a04f-5894-4f99-8cb0-cc5699d5bb1d","eventID":"cf771eb7-68d5-488d-b22b-c8ebb2d4ac3b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:36Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"172b8659-ac9b-41f4-a191-297d8e61ba9a","eventID":"c2f3c1b7-32a2-46cb-a9f2-28854158280d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:36Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"b87993ba-2b11-4458-a9d3-c72ea8742163","eventID":"ecc3c81c-4ef9-426e-901d-ba05c1d5c223","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:36Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"421d3f8e-b411-42d5-a75e-9d66e91912bf","eventID":"62f6133a-9048-4621-affd-00c98e4a8b11","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:37Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"41229110-8568-453a-9944-7c5b939db2a3","eventID":"6f6b758d-5b39-42c3-9d17-2c098b8007d6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"e99ca669-e03a-468a-875a-0a5dff7ec9de","eventID":"1c05fd84-876e-4cfd-929d-cde3dd7f87b2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"3a5e440d-9464-4714-9146-4613e1acf56f","eventID":"da779b3d-5c32-4a37-b651-ac1cec10f3df","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"7d36c897-7ef6-4732-a9a3-0ad246bb60cc","eventID":"8a985b10-e2f4-448a-8ef1-8c5525e5d454","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"c5a6f67a-84bb-44f3-aa6f-f79d1e5201e2","eventID":"8c00b506-7083-4869-b4b2-b084a690a2aa","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"9406288f-71b3-4923-aa39-f1f92209751e","eventID":"b8d42824-8f15-4c12-905c-46c420bee45b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"8e504d34-6c63-4090-8b05-1a59cf095d0b","eventID":"92901047-4863-4013-a56d-b3fc6ccff8d5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"478f0c4c-9d45-402e-8491-1cb2c99918b5","eventID":"74ceb4d3-af58-4d97-a727-bf76d8a635fe","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"39d11405-c01e-48ce-ada1-39c6937439d4","eventID":"3ec2f3ec-35de-48aa-a917-a1b9d974c439","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"5c8b9da5-d37f-49b6-a6bc-d2b8be3bdf66","eventID":"b16f4589-3745-4ce3-ac45-13256ae3df28","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"1145bba5-bb00-4a97-8b84-9cf1f4f36b7d","eventID":"c056d5e2-3cc6-400b-bc05-90916352503a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"491d5a67-7546-469e-af6e-db14c9c40567","eventID":"96c4a49a-de12-46d7-b77a-cfdbac3c962b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"beb4a86b-c746-4b35-96b5-f9a314f8a607","eventID":"00b853c0-0377-494d-964b-08ae889f0f50","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"a2dfaca4-3940-4aec-975b-ea23abe38e5d","eventID":"e57accba-7b5d-4346-a425-eb33aa9635e1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:15Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"f51d8be9-154c-4706-999e-bf540bffc3c4","eventID":"9da8dd63-41a7-465c-bd28-626b641b00bb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:15Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"db3c6f44-e7db-45e1-a1f3-23822f4dfec6","eventID":"e0152638-dba5-48d5-b44f-4bab4d94b30f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:15Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"4a0a4415-833b-4051-abe5-7c22943799fe","eventID":"80a114a9-7782-43bf-962b-cdb5e02e45d2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"5037a0f0-33c7-4ad1-8a21-fb05765d52c0","eventID":"a2a1017a-b1fc-4865-850c-6141fd0d7012","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"e4cacc43-c2c0-4a16-a7e3-927989faca29","eventID":"af724ff3-97db-4869-8879-1ddd2c580eba","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"1ddfc943-d01b-4ff7-b3a2-d88a205d8fd2","eventID":"13edf1ce-51b2-4c79-a59d-8e8b128eb15c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"7325d197-4e9b-45e0-a556-2a7011337a8f","eventID":"7d8938b2-fea8-4b5a-9d9a-5942febb5559","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"73766412-5352-4918-9fa3-12b66080dfb0","eventID":"df79ee61-de8b-46f7-afbb-daee61cdb35b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"397401fb-7352-4957-9896-10e29eb788eb","eventID":"a16d73cb-4133-46f4-b5bd-94541eb3d0d5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"4478044e-8d85-42cf-9550-f65bce6c321a","eventID":"775e9ef8-ee0c-4b95-b4ca-63881d8b45b8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:25Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"53a3814b-03fc-45a6-a48a-d2b5655568ae","eventID":"94ff3597-e00d-4024-9f91-c5b9efa084c0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:25Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"e991aa20-eb31-4473-b96f-7299ce8fdb9d","eventID":"12a1cce8-67fc-4f83-84f9-7bf745eee4a2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:25Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"23474f18-3844-4c7d-9f04-7a29f1629a3c","eventID":"12470f00-6bf8-4ae0-944f-2498b81ffaee","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:25Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"5072ff09-a098-49e1-ac2e-e7a37de19ccc","eventID":"185e0775-901e-4062-9302-8bf00ffb3625","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"b4f26b35-4a97-4bdf-a96c-bb1b5e9ba668","eventID":"fb428113-4a2c-4fe3-a8cf-ee17db97e8ed","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"8e5121f5-1cd9-48b0-8b5c-407dac2ea120","eventID":"a1024a1b-d987-4426-b1c6-872dc3ce00c6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"72fbfb44-5a81-4648-a015-8c8fff01d5e7","eventID":"184497d8-4c08-4052-a435-0f4e0fcc37ce","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"01f6adba-287c-4d77-8f21-36a456af7f44","eventID":"bcec5be0-2ef0-4356-a698-bb7bde3566b3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"5d273f28-8913-4e44-851c-c7a1d60e5d92","eventID":"f9256ecf-50b0-4461-806b-0ca86f872ce2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"a768a147-b9c7-4dc6-a5e2-d5f135ad6bd0","eventID":"17270992-5267-4f4c-b9d6-3b3919e5c90f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"f727590e-f9f6-43aa-afdd-bd767887bab1","eventID":"0932c6a9-24fc-4537-bc62-17724ada77b5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:25Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"81f83257-4240-4d87-8191-72de45a22e11","eventID":"514f17ad-5191-4075-be7a-2d53cfea018b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"5f5cfd82-210c-4d73-9e90-c7723455aba4","eventID":"49558c89-870a-4d3d-80a8-8bb67f1e1037","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"7b9ea463-9791-46d3-b0e4-d449f940f87b","eventID":"11ed57a4-c082-4ccc-b29a-07a1a8ad0aee","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"21703986-9261-47cd-8457-bfb9293e57df","eventID":"686eaa7c-8bf4-4ca4-b556-46672a152aec","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"dd9a62c6-a102-4867-8ba0-2bdeda9e5ee4","eventID":"8acd26f9-8c5a-4045-a3d7-08dc4b4c9803","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"aafd2726-f135-4fe0-89dd-661861f60895","eventID":"ad27723e-e987-46c0-981d-bdeafff8ae11","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"3fcf8971-2669-4f44-82a5-ce719e0e14ab","eventID":"75916930-b016-40c2-b953-a5c867a696b5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:11 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"1d9d9888-1033-41fb-9334-c8c2fbf709a5","eventID":"f6799789-fe14-4534-9d9e-9d8e143e58ee","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"34ee6494-bac4-46a8-a177-d2be5888af87","eventID":"e139d138-ecf4-4c95-a546-b6b374847fdb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"d8bc8e59-5859-435e-950b-aba6c0d1a905","eventID":"8fede5cd-e9e0-4346-b03d-8cd1cb3067d6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"c2749263-17e3-4ae2-b36c-c9743d78fe84","eventID":"8513e414-9bbd-4a6a-ae41-0f35c3ccc364","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"645470f8-fa69-4e2e-beee-a800c2b41f7b","eventID":"2d2a2ea9-5b29-454d-a77b-cbb26a240a6b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:37Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"2bb72616-3588-4545-b431-956d321c2e02","eventID":"0f72ed8f-0810-4f30-936e-482453e072f8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:38Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"6df06461-e370-4c16-b8c7-1f9cd58bf4a0","eventID":"4ffb06f4-b2df-4a5f-8473-e8d803336ea0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:38Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"b0a6f4b0-b0bf-4379-81ac-55fdfdb94a77","eventID":"5135d103-b6b9-45e7-a12c-a67cd7e66cac","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:38Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"69b874b0-3977-4043-90a4-a7fe4e1d9f4c","eventID":"59e863bd-f17f-450c-82aa-7169139a4d48","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"1caae2e7-8856-428d-97b8-31efb61109ca","eventID":"5e4d8f51-55b2-4d29-8b52-0d33ad92a06a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"9194531d-29e0-4530-bf1f-3fe87afe6c23","eventID":"6b3f3c88-214a-4f71-92c7-bbc53e37368d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"d3de5ef4-55a5-4572-a5c6-8d4e482d9b2f","eventID":"c1a348e5-7194-4c3c-bc0f-97e540704a90","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:45Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"5f874b04-5897-4fdb-a9d8-5fe359ab5da6","eventID":"efafdd71-36d2-4786-9a8a-2b7d4c6438c5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:50Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:53:50 PM","maxResults":1000},"responseElements":null,"requestID":"fb5661ab-3720-4c61-a922-22077891bf6d","eventID":"95890636-bf2f-4411-9f16-202062342f5c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"2ec48f63-fc4e-4c85-8d08-1a62b11f10b6","eventID":"05aa8886-f7f3-47c0-bddb-c380e39b39a7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"6d7f5d33-4ee1-4828-baa2-9a17f4892172","eventID":"1e9a410e-9b80-4f1c-898a-a62b083a1890","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"3cc0093b-0af9-4c17-aa05-383a8b59fb27","eventID":"c8deac68-2c05-44f9-ae93-bead4a1b996c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"1c8e39e2-3eda-443b-96e2-05093e009aef","eventID":"7bb90e36-0b29-4f09-8ffc-5773ddcca87b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"ba566dae-a944-48f5-9b7c-2206edba5206","eventID":"3cd96065-fbbe-448c-8969-1b7e4a195486","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:25Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"22478c59-727f-406a-a35b-7a4dfa3c959f","eventID":"65c2d587-6991-4036-838a-d05ace05908a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:25Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"bece3afd-70a3-47a7-bfdb-7d7f1482ac50","eventID":"14fbb0d8-5822-426c-88c0-0b965f8b8ac8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"666df12d-21f9-4bc7-b13c-1d4819354cc0","eventID":"286e0dc0-0ba5-4bde-bd9f-91eb989a57f2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"78fcced6-0955-4961-9bc9-4be35f3812b1","eventID":"82b06bcc-fbae-4cd6-a8e4-ea23cbb44c0a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:35Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"9123ad8f-656b-4537-b394-e9ca78e75c06","eventID":"4af5ee3c-8f26-43c9-9e77-656953cf02a3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:35Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"388cf1e6-2eef-4d62-9481-d62715c60d56","eventID":"0d3f4efd-ba66-4b04-9c62-8f21855fa97d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:47Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"e6c06117-ff5c-4c08-a8cd-2e28583fa28c","eventID":"5fd30240-89cd-46d7-b4d4-a46fbe22b3b9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:47Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"ecb7a9e3-47db-4670-b912-2cdc3f162063","eventID":"24055275-f9b8-43b0-9812-32f2289d23be","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:47Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"81f04aa8-8d83-4b59-b853-f0a0d34497eb","eventID":"cb336350-49d8-470b-8853-f76cc6eb543d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:40Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:53:40 PM","maxResults":1000},"responseElements":null,"requestID":"eafa3eeb-a249-46cc-9e73-743097084ad0","eventID":"54f62b95-79c0-40df-8da4-59b61cad273c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:30Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:51:11 PM","endTime":"Aug 17, 2021 11:53:30 PM","maxResults":1000,"nextToken":"ifNw0lC85QRKF5ytdiJPW4NMpDl9+Vl7wXH5rQP0qP6liMT8AKqP5gtFe1ZPu0Ur"},"responseElements":null,"requestID":"e2e82ff7-148e-4567-9254-ab0fba5fc618","eventID":"8f176228-6468-4a39-b21d-e5291fb0fb1a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"40884273-27b0-4661-8d02-abc270cf4e48","eventID":"483cb30e-fc4e-4098-8606-5282a65d1bc1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"b436b182-e64e-416d-8f55-f311ee5f3c38","eventID":"5248c9a1-7d1f-40e7-8852-b036c19a1cf5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"e2d13e91-9235-4462-b347-16e0cb1b402a","eventID":"f08caa6a-1762-470d-9e9e-c69737592f3b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:36Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"b89dd353-c700-4275-accf-9367af9956be","eventID":"3a4ea483-afd2-49f6-8abb-f5ab1807fd55","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"059c1368-cb0d-44cb-9936-9fbb60b834a1","eventID":"9e5b1f81-ab7d-482c-8054-a3df1da09a06","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"5abb5f5c-b3e5-409e-97e6-66dc74e50c39","eventID":"d07799e7-d931-4fa4-837a-2ef56491cd21","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"a27363bf-055c-43fd-9923-335f11ae33ab","eventID":"89d67548-8d19-4558-a79c-2d6c63e76320","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"2090826b-f13a-43b0-bb33-52398e524118","eventID":"9ff3bdb2-8d2c-4a65-99af-81ee06501275","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"29cf2713-eb03-4262-8a61-864de67dde45","eventID":"64264454-a7ef-42e8-be83-2cc27ea6f509","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"3a3f31a9-7696-41fd-ab4d-774f9b5ab167","eventID":"fdb0e329-045b-4b2b-9b61-34736340b2ad","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:34Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"b943a459-997f-4ff4-9151-3feafb619b39","eventID":"cab71320-e90c-4908-83a2-2d215426c3f1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"fb018c68-7d59-47d0-9248-7524a7ee2756","eventID":"3368ed35-d49a-4816-b1f9-5bcc387e3f59","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"30d164a9-fa78-4dca-b3c8-fce109d2da53","eventID":"55e45317-2058-48f5-8533-7ffd245ac26a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:36Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"a00ee4ce-3473-4b01-93ff-fd7efe2384bc","eventID":"0b4bf702-f105-4d47-8980-5addeb644bdc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"adb2da6b-8794-4a2c-a121-afa2909db291","eventID":"10f5fbce-47cd-4526-90a6-95fdebca87a3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"4da6e6bd-249b-4f6d-93d5-5b196a626127","eventID":"9032b7bf-2ac7-4ffb-baa2-612b36f886ee","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"1307394b-4c0b-43bb-9e97-48b50c6b5e57","eventID":"7f6424b9-f567-4ce4-9bf7-32aac4b80233","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"d9d9378d-43de-47f5-96ea-c174509dfccf","eventID":"f859805b-02e3-46e2-992f-d055afea2fab","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"7f91fd35-1032-47a5-aee3-6b28a1048d1c","eventID":"60b4744b-b226-459a-83a3-aa536420a727","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"71e9ff03-81f0-443a-9e12-1054ce6cc044","eventID":"58580586-dd33-40ac-822c-efa90155f09b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"f4a3cd31-ae90-473d-a2e7-110d2a4d8904","eventID":"caf30512-c2a4-4ae7-bbfe-897c5e1b83a6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"dd9bd804-c9c0-4291-aadf-6ea66d449ceb","eventID":"75d12a29-1852-4f4c-8192-435b4b549d96","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:37Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"91f2433a-b2ee-4713-b84f-ae650a3bb795","eventID":"10e0fca3-a3fa-4b8c-926f-7ed39907cda7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:37Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"b21ea936-2825-4719-80ef-a49d07aca93b","eventID":"d969e2b8-239f-4e7e-ad64-b22259c343fa","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:37Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:31 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"3a7644b2-a248-4d0f-b8fe-a1854e5206ec","eventID":"4529ac1f-af78-4356-8c8b-937f58ac9258","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"d073b715-468c-4208-92d5-51ff6aaaef4f","eventID":"46370ce7-cf4c-44e7-9904-1e259c5b46ce","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"e4f4e9db-e82a-4891-9bef-dd3459c3fc09","eventID":"a8573578-cf7b-4ad6-825a-e59e10e8034a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"25b582f9-0c12-448b-851d-6be05448c0f0","eventID":"2bcca117-ee33-4b68-b004-e1cd8ffa2edf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"ec4a528a-24ee-45e4-a7a7-3314588dbe8a","eventID":"41df8aa9-40ec-411c-a4db-576c6748ef51","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"790546d7-5903-4080-a251-2bb959c3b302","eventID":"3ca3843f-c276-44e3-ae74-ea2feda1f42f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"ef25c715-c7e0-4fbc-afa4-3f5197b19b70","eventID":"5b06e75b-bf6d-42d3-80de-9b0d73e4e0cf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"06904c85-16cd-4bcd-a98d-aa1ece59fa26","eventID":"a4b436a4-1008-4c18-9c6e-3b653bed37d3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"7ff76f7e-415c-4ec5-b738-3f7884f731b3","eventID":"27410e5d-053d-4aff-8b16-3f88f30ec6de","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"7d45e586-8ce1-4091-bf35-081b97ba722c","eventID":"852f249b-2921-41c1-b427-9e6f6e3eb836","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"35fa41dc-efd6-4568-aaa0-c02c370d448d","eventID":"5ca3baef-5166-4797-97bf-d95c80c4cd59","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"7cf49415-f96b-4ece-993a-62daf8c094bb","eventID":"f2e56de7-c758-43a0-8d71-ce28f021d7e6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"21958087-ed98-4bd9-9d17-d6a1b7eb73d1","eventID":"d0832dda-a4a6-4a71-9740-aca24c893bee","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:41 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"3fd2d4b2-6636-47b0-ba45-43581d8878d8","eventID":"4b9761ba-9f73-47fe-b4e1-27c935d570f5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"564414e4-6962-4755-8e9a-cb5f67144c14","eventID":"fe139a40-2e7b-4412-a0eb-a28917115e0d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"e010356d-d1f5-4d1d-8568-f3630a5139a7","eventID":"7c6995d6-faf3-48a0-abbb-3921b20930b1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"86054c38-9bc8-4772-a5d1-f0208f823d96","eventID":"6e169b4d-ecf6-41ce-a8c1-8a33c56fb676","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"799f5411-7836-4092-b49c-73d5bfee60ed","eventID":"ad065edc-32ae-4679-8942-ae427cdb7bfe","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"a201382a-298c-4594-b46c-045a2d0ae817","eventID":"508292dd-719b-474a-88df-064ffb0a15ff","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"ba14d5e3-71b0-4125-83f0-4d0a13ce25bb","eventID":"e14db6c2-21b6-40c6-948a-5e71d9b1540f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"86bfa836-067f-481e-9193-3eff3fc14445","eventID":"8e5efa74-aa99-4fd6-b3c6-9fa8a2f054ef","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"96ee3a93-cd98-4025-9159-7c1c5b1490d1","eventID":"375ec9c5-1e96-416f-a4f5-b461511c9f4f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"55a515cf-c016-43b7-885c-bb41a5e523dc","eventID":"c3e8735e-071a-4047-9a58-b2b1f6598662","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"3f6be2ac-ad5a-418a-b389-70df8d3981fa","eventID":"993871a7-1049-4eec-a0a6-1ce7efc469d4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"33bc2039-2bde-4334-92fd-5b4fd4144db3","eventID":"2637c299-5887-4c8e-b26a-85cdbb02cd43","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"7dd9f6cd-5a74-4866-9a74-bc15001d0bb2","eventID":"c3887403-794d-4e17-9f25-55fa7275bd42","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"9d7dd4f1-7204-4131-b8d8-9291e509a11e","eventID":"6bfcf4c6-fa62-4df8-a41f-839e0f415193","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"9b095498-4c69-4834-8db1-8f9fa83c371a","eventID":"4a18fa0a-f8b5-4fb4-8840-95bd4de71700","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"924eaa2e-ffa9-43fd-a319-c56acc0c4ba1","eventID":"d978f58d-159e-4485-b585-c2a56c348dc9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"264fff10-2980-4539-90a9-9dcb0d834eb5","eventID":"41e15f30-6b47-41f3-9179-51f61ddf5d94","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"0ff61ffd-a8fa-4e27-be50-85d3d4c4affc","eventID":"79921622-8187-4ef9-966d-d1445f32c442","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"817ea80a-6748-48b4-b027-9c7e9c7b7e04","eventID":"75cf1d60-2219-47b6-8925-3e81fafb2733","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:08Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"d73cea58-5de6-4f21-84f7-7e15cd18077d","eventID":"da52dd2a-dfbd-4ab5-84fe-b7a37f948f00","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:08Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"1c2ace4e-77c4-489b-843e-f27d58db14ae","eventID":"49a56b02-e6f0-4f43-b031-11a1273706b5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"c293720a-dfb8-4acf-8558-227314392ce6","eventID":"60019086-0e17-4820-a0bc-612cfaab2d44","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"ecfea36e-c12e-4963-9a8f-08d18f763d35","eventID":"fdecf988-8810-4b25-b4ac-4a0789317d42","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"8416fde4-e069-4450-9a05-13021c471f44","eventID":"858aa999-d541-45f1-9055-c0be688e0dfe","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"db4f9654-63d7-47e0-a564-65cce590a2a0","eventID":"defb9537-5bd5-4d39-ae98-3dfa9142a5a0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"e081791b-075b-44dd-99c5-67e7cd3b03b7","eventID":"9d779ec0-9519-4c69-9228-2d2804f1aba4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"dc8c63c2-3ea5-46f0-b032-2a202a84bd37","eventID":"c0db3530-d0f5-4fcb-ae20-77b59b1814e1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:58Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"2009df15-896d-41cf-9591-602a25729593","eventID":"f417cc22-4228-438b-b18f-80cdca1e2374","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"dad44770-e4eb-4d00-84de-48a4a57ef780","eventID":"fd46e1a8-c5af-4072-9114-332ca16f0c5a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"488de446-9412-4703-8050-bd019cedc9af","eventID":"3635b784-9157-4cb1-bf99-c3f834e52221","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"75a96eba-e585-4fa5-8fad-f396b259611a","eventID":"4e5ee051-504e-4d19-85b0-6c35358227c3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"10a5de67-df63-4619-b3c2-9fbcebcc26a7","eventID":"c3c57fbb-29bf-4226-af0d-e38d1271a4d1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"14f36299-fcc0-4f92-919e-6dc8b7ff15d6","eventID":"78104fe9-c3e5-4b74-91e1-a0f18f17cb6b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"283b5ea8-128b-4c4f-afa4-966ce4bbc7fd","eventID":"916c42c3-420a-4e44-b6ef-a0791cebd9cb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"51199731-f499-4bcf-abd1-cd8ef67ee7fd","eventID":"5b1642db-5e23-480e-b91a-6483e3c899b3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"d09d9f64-dc17-45f1-a4c9-dbd621000ef9","eventID":"5877ea12-cc71-4786-9044-a980d5f89f89","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"c9ad4720-d7d3-4a2f-be9f-d470176ba05d","eventID":"382eab25-7c67-456b-ac32-42b1c5478b35","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:08Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"a03b973d-d930-44ae-9e82-0318230839c8","eventID":"d39b56ff-e74e-4bb1-8f2c-46af7213ab62","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"d9cdc718-dc68-4bc8-871d-d9c400d0d724","eventID":"c0d4df4a-e2ed-4efe-849f-8bc6f3b93f82","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:11Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:54:10 PM","maxResults":1000},"responseElements":null,"requestID":"7b3945fc-4577-4be8-85c9-49120099ce06","eventID":"dfcab8df-dd8a-453c-ac36-56cd97661e6c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:00Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:54:00 PM","maxResults":1000},"responseElements":null,"requestID":"ec48562e-43e6-43f7-855b-d7e6330a8272","eventID":"9861c989-6f35-4527-9cf3-90572876601a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:21Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:54:21 PM","maxResults":1000},"responseElements":null,"requestID":"d09db4b1-820b-4ffa-b8c4-be82fac75ff6","eventID":"ebc34c82-0655-42cb-ab67-939846de8b92","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"e3eadfe7-7d6d-4d96-8fe7-b67d116a2c5e","eventID":"9f45a978-1661-48e7-90f7-5520b956ad56","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"9082600a-5d8d-441b-a006-af3aa8911fea","eventID":"7381b779-670d-48c1-9d90-00a481ebbb80","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"0f508dce-1a93-49f0-8c74-f840fddb1314","eventID":"d4608f0e-8a16-4c3f-be91-c3dd9db54650","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:18Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"05a594c6-05d4-49cc-a5c0-d901b3bd7d3f","eventID":"d3bc0961-d9ae-45aa-b7f9-7cc2465fbef5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:08Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"4e76ef7a-21ee-4723-b024-29ccabee101d","eventID":"e41f63e4-527a-4cf6-888c-fe9877c61a61","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"137601f0-572f-4af8-a21c-37d28c561d09","eventID":"c020ec2b-de50-4374-bd65-ae02807292e6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"271f1c2b-0e4f-4de7-b3a9-29eb66b55e2b","eventID":"d49be1eb-7a44-4c1e-8257-ce0c5f084ff3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"26202ebf-a0f8-4c0e-9f0c-6d3e3bc6fb1c","eventID":"0f187814-4170-42af-923e-0f3643be3008","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"278a60a6-144e-4039-bd7a-c04c275184e9","eventID":"19067841-9b26-443c-91b8-e26f6abde398","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"1387b820-f010-4f28-9391-313e7702b9ab","eventID":"91669403-af36-4f1a-82e1-667899348886","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"fd7ad799-25f2-4de1-8191-4c16c9815a2f","eventID":"b67120a1-5a3a-4d30-a4d2-dd03e889ce63","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:57Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"413d5ba2-bf8b-48ae-9707-abe3a01e308d","eventID":"6c5fef7d-cac1-499f-93bd-7741f09c7b74","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:53:57Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"f6ac39d7-c751-4171-9316-8c2fed205340","eventID":"bcd9d77c-f303-4f4e-afec-e04d5cbe23ba","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:53:51 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"6e011db0-963b-4524-98e8-02680282f20b","eventID":"6882c146-8407-48ed-a891-85db1df8b029","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"cb6cbdd5-4c37-4e7b-b188-a30fe4184d99","eventID":"420812d8-a8b0-4a9b-b5a3-fac257ffb8cd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"b7902a8f-46aa-40ce-9b24-0fa13ced0f1f","eventID":"7fa8b259-0f24-4d73-9ac7-c2e698de46bd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"8f71cd55-9c7d-45f5-a9be-578c9f4e77c2","eventID":"ecdf4cd5-9f7b-46ea-bc77-5e26675f6e8f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"c9bab831-f993-4a90-89dc-f0b2ef3af8a2","eventID":"5281d760-2ea8-4f16-8468-e113493b55c6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"f83d3918-3a52-4d0d-9725-b120fbc22f53","eventID":"b096292f-05aa-4cf0-acc0-926e114c2d14","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:15Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"30cf8064-bf9c-42f9-90ec-4f60d7bc1044","eventID":"1d106bb4-12d7-409d-bcd3-38601735b2f7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:15Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"716cc620-539b-46de-92f1-e25afed8d55f","eventID":"bc245874-9bb5-417c-a078-eb9f7bcc957d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"eedfc0d5-083e-4734-bdbc-16517b9ab64a","eventID":"1ab93254-961c-4aff-8c3f-b274ebc054e8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"1d38e6c7-9cd7-4e04-a99f-cdef8a62c3e5","eventID":"76b63f47-ce32-4d33-92b0-0d444f6d8438","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"375537d7-7469-4631-9b27-f11ac313035c","eventID":"bab19644-e7fe-4c78-a3d2-dd3180374e57","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"02e22569-9e68-4d7c-8e52-021b04040382","eventID":"568a4774-a6c9-4632-952b-92b2a4207f5f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:17Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"29126bc0-cc12-4f1d-a503-942517cb3044","eventID":"6bb02eab-9a2b-4575-8a14-19c0c1bbc3b7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:17Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"375ddec5-0052-43dc-a3a2-2ea4d9115f42","eventID":"825f1bd1-e724-47ca-a5a5-b72f120a48ab","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:20Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"ac68c5cc-2f05-439a-a1bb-1b43e6a7af02","eventID":"0a46c803-32b8-468f-b7e2-5f596a478b81","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:20Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"68b500b8-1abf-47b9-9d50-3930f594ff4f","eventID":"42954158-9558-45c3-8d32-6c7cc6dd1014","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:08Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"ee70215d-c908-40a0-a388-1de0ab6226ed","eventID":"074974fc-e9e3-4315-b883-0e1e9f9a4100","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"e6224776-17b2-4273-ad1f-96989b20375b","eventID":"6dd5c68d-42f2-472f-b862-c8894c613869","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"3ae06750-b441-4421-845d-ad827009cdb2","eventID":"c84227ae-694c-472a-9f75-42c6a1c37e84","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"67c70597-2ff4-4d3b-90d5-f25653cc88c1","eventID":"23f706c0-a01f-4596-b603-e74a06347917","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"55f4bf8a-8ddc-4b48-8a87-6f12e631ef8d","eventID":"a16e903f-1591-4b0c-908b-721eb8e2c12e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"2a7bc97f-51bd-4840-a9d6-e43dbbea706a","eventID":"3942783e-cfcc-4d70-9f94-c2d5d800be63","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"34290d29-cfc3-41f2-b835-d98efcd742aa","eventID":"01ee86fe-2619-4d16-a9fa-344e587a1890","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"4851b36b-f410-4e8e-8948-4cc09b2c3bef","eventID":"9f4ec17e-d396-488f-b058-3a514745c7b2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"86e3f86c-8d19-4a61-9881-5c1668c7dc0d","eventID":"c4a675fc-67b1-424a-80e2-421ae8ecc730","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"f465781d-fb72-4bbf-83c0-63ff8d2d7d43","eventID":"1ab4c2cc-7bbd-4a15-9de9-c08b149b9c46","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"e3eece3b-4931-435e-835b-52ae63410dc7","eventID":"7e345d14-2955-434f-9c0f-b413db96fb2a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"89cf61a4-506d-49ec-8ddf-d0006d087e27","eventID":"2ab43195-06fc-4c97-902a-9db07ec0fd1d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"dc7aa7e1-cd75-41de-8333-309108adc001","eventID":"44b9e1dc-01aa-43b5-ac84-2a33a60ac94c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"3e15ac5a-c9d1-4bfb-ae81-5049cf8ddb71","eventID":"22bfb06b-e115-4514-91b5-c3546f2e2eff","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"6e85aba8-99ca-4dca-a7c8-ac4333c17905","eventID":"b3346682-560c-49d9-be62-758ed960a1d1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"24b2e113-c467-45b1-9679-9ea6c05a39c2","eventID":"09f2640a-df1b-419d-8cb1-a467c5a6ce81","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:20Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"db11974c-cadb-43ec-9846-7ba584cebcd7","eventID":"21190e69-3f3c-4323-8c04-c90b70cf900a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:20Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"9a7a4048-a24c-4f52-9c0b-6d21d2c5edcf","eventID":"abaf5a6d-b2ab-472b-951f-085a2d04ded1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"b202bd12-cd6e-42c1-bab7-9df8b65ec297","eventID":"87a3ba72-f04f-4cc1-87e4-0a3763ba7592","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"3871cfa9-1e5d-4e05-a1da-52139edcd08e","eventID":"5378b141-8e90-439e-aa46-b5190f8575f4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"e613f789-d3b8-4470-82e0-42e0afff2709","eventID":"54e0d1af-d4b3-4755-8a83-dd58b95be5ec","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"ab464656-9b93-4605-a58b-04ec3132c970","eventID":"b6ed8e82-ea9a-4e16-910c-2c6087be6dc9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"b5b71ef9-dc1d-4355-b45e-bfd227722aa5","eventID":"5006bc9d-21b4-4dbe-bc14-966f4d043059","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"185047f5-7a03-4ef6-bbde-834402eff911","eventID":"11f171fd-d8e0-4191-bc8d-2178cf005dc3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"2996ed66-0022-45f3-b193-63eca0712b96","eventID":"1aecfdb3-fa42-4ca1-85f0-0edb43676527","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"84cd1739-e8e1-4a36-bcbd-41e52cc87767","eventID":"9023a5dc-441b-4ad4-81f1-c01182bb4597","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"da2d549a-c8f4-4e25-9520-c9affea9843b","eventID":"ba7c0388-2f5b-442e-bcb4-e570fa8d15dc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"0f350c22-c968-40be-a6b8-55a046ffed2d","eventID":"c4ec218f-6a25-4aa0-baed-eb3fa29eb834","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:19Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"52360225-6a1d-4f50-95b2-1a204846c26e","eventID":"72558267-026e-44ec-8761-54d8d4adcba3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:19Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"0cb8e67c-5ff7-432c-88cd-47a22ee283c4","eventID":"2f06c4b7-f015-4483-86d2-557cb3cb3cba","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:19Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"c5f39fd3-3ab1-48b3-b9b9-4818c5272b0b","eventID":"a0e7853b-f898-4a8f-b740-0b3f1905e6c6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"55b9c417-042c-4305-9288-09fb7ba755f0","eventID":"30c0a142-6a3e-4e0c-ac07-be67f7903fe1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"09484b84-fc43-4eeb-a296-cc03ec991aaa","eventID":"0b7a5ac4-6bdf-434f-a764-413093170e60","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"5d2afb69-582c-4ac4-92ed-5e105afeda48","eventID":"107857ee-7f91-4cc6-9d9c-858135c379e6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"6d50f3e7-c5b7-475b-9d09-a01ae919d91d","eventID":"c10dc8bc-2951-4319-a7cd-adb391d17daa","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"e2103c01-f506-4493-b5a6-70423f5867fa","eventID":"486013b0-8db2-4924-a06b-7f4a5cef69ca","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"83c09244-5f07-4cf4-8322-51312d2193e2","eventID":"2c6ad52b-255a-4543-bdaa-9bdc701f3174","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:12 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"1266aa4e-91aa-4611-986a-148759c1cab9","eventID":"ceb28ca5-4ac0-4d38-8450-0f0988521056","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"9e948ebd-2771-45e0-ab68-ff92eeee873e","eventID":"ea18fc9b-e91e-42d1-ac61-09a9119431e1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"89cbd04f-f6f8-4c4f-9a3b-4ee27ae4adb7","eventID":"7a4125b2-cced-4e53-b52a-17f2bc4a9e5f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"b349f0e2-d8df-4429-9ce6-6337b52b1229","eventID":"72afc3ec-d9fe-4d02-883e-31062d7d20d0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"90c3ab17-118c-4fe3-9075-71ffbec746d7","eventID":"0d743732-f0c6-40fb-907c-b18d41ad3f3f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"752daff5-7d30-4775-9cde-b06dfa7a0a9b","eventID":"6d4c190d-bb53-4bbd-abca-cf5352ba9c44","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"111c15b2-3265-472d-b8aa-13e77a85186a","eventID":"eaf2463d-a989-4985-976d-45c9913f1e03","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"c978d82c-23ee-4fb8-a76d-8a32b1f5b38e","eventID":"ee36146d-e02d-43a9-9d08-e9a4d9b9cfef","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"64ab13cd-f539-4782-b2f0-b2590d101863","eventID":"c51f6d35-cedd-4d4c-b49c-634918eedb6d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"db58bd75-8111-4250-a0d6-5765502eff16","eventID":"688bd7e0-2c68-4fd6-a66f-94e1c9065ccc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"2d147d47-3414-4622-898a-c8a47078096f","eventID":"106dec5d-a78f-413f-a7d2-c236d4c846a6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"991331d7-393d-4b32-a1a2-4463ed4200f2","eventID":"9071c977-45a5-4d7a-a31f-9bbadfd991c2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"2c0160d5-3588-4ba7-be21-eb556ccb84b6","eventID":"0755340e-9a87-4a27-ba36-2af67cc681bd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"045dd778-c566-4424-a48f-bf0605fad172","eventID":"69e24891-3de6-4c61-a1bc-13f3c2eb3870","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"ec245cb0-4a49-4f83-960a-81abd6112a4a","eventID":"c9ca41c3-b500-4c24-8ba6-274c1297afc6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"b5e1b824-0165-4d78-b3ff-cda8221ac6b1","eventID":"cc059bdf-8aec-4c8c-9d73-3b10ac296f73","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"081728fa-e4fd-4dea-ad00-260d3a391919","eventID":"823df081-e8b5-488b-88b6-15a903cffa82","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"6e338e6d-a6ac-4fc0-89ae-b35f229bd601","eventID":"ee9b3bf0-91ca-46d7-8175-4c5bcbb86b45","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"42fbf222-2470-4333-bd85-f92a9c91ca0c","eventID":"a856d2b0-b3f2-4991-a9ea-3de224f59628","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"df888d96-8bdf-470f-8e2e-708fcbfcbf6e","eventID":"3454be20-d1a9-4538-a37c-7db4ce7984b0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"27bf499d-3d9b-4418-961f-26f3679dcfa4","eventID":"d10a1e6d-4091-4a96-85fb-877b6a0035be","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:30Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:54:30 PM","maxResults":1000},"responseElements":null,"requestID":"fd2fbc4c-39cc-4ee6-a725-a459d3e76bfb","eventID":"7cfa9928-728d-4a0f-a311-76a04d832943","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:30Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"ead9d677-4719-478c-9ba0-56d61b1f1351","eventID":"7841d3b7-2cc9-43a7-a2bb-d79031afffd3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:30Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"b5792eb8-3e4b-4827-9d01-e4f850e9169f","eventID":"9e33cb92-7d8b-44b4-81e5-f892c12d154c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:30Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"47dcfd93-e543-444c-8734-509ed98b04df","eventID":"00e71815-6d65-4595-bdf7-2953903a28d2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:30Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"a7c15b24-735c-4738-920c-90900c110067","eventID":"e5a6296c-f29a-452e-af0c-c2d3bdd9936c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:30Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"5c654424-b6fd-4d26-809d-22debe511032","eventID":"1fcb3573-4481-4ab3-a743-cf216609c241","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"e8957d3b-b5ac-4061-99c0-5c466a23b03c","eventID":"67eab9af-1f52-4912-b548-76b3e5e42d19","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"6a234367-a4f4-46aa-8acf-21284692cde4","eventID":"c2e3be3d-487d-4f76-a82b-095147ce174c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"12256205-a0ae-424d-9cc9-b1aad611fdca","eventID":"01a260b2-6b8b-4fee-b896-ac34d6f69932","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"f0de8d03-3c75-43eb-9233-74ba34abd8b9","eventID":"fd5afa2d-bfa8-4ffa-9698-cf76b3e3e58f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"cca23722-5f11-40ab-9229-d84c217b74d1","eventID":"1f379916-e0a0-4f8e-b70f-b7c7574845c9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"4f72d236-c725-4bb4-9436-dc2f553ea864","eventID":"6d49a951-5190-4701-940d-b0d8a8dd0987","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:22 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"4fc8cda3-5bb6-4d26-af36-5e88546fb6a4","eventID":"4e585ff2-1928-4fc9-a070-e98ce5b15bb1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:40Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:54:40 PM","maxResults":1000},"responseElements":null,"requestID":"c6b9654f-1680-4c9b-a616-f3401e496694","eventID":"5020db06-a770-460c-bf37-0b12def0edbc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"38a5d4bf-d749-4036-87b5-152fcd5fee26","eventID":"48e8a1ab-0ea1-4732-a1af-5a03c7a037ef","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:54Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"0adef657-501b-43d1-aef1-893364b348e2","eventID":"618b2a57-c0d1-42e3-95d0-cba551529ab6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:54Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"862796e4-d1c2-4714-8c93-9d387480ef52","eventID":"8588cbec-d8f6-44aa-9aa7-f4656a9228d5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"d349cc16-4431-48bd-8eb6-da3c4863fbe4","eventID":"6170ea05-7fa1-4c83-8a77-1263834aed6e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"ccdb6d32-0b74-456e-933e-1eceb2a5d0a3","eventID":"8c3f858f-dc97-4d61-95d2-627d4d5cd811","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"f7251c5c-faa9-4e75-9d1f-50af4fbb5def","eventID":"e1e49645-d33a-4970-b5e7-444dcb49ec42","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"80636a88-f8b5-454d-971d-1f79dd33f87a","eventID":"dbb9563d-9b29-4681-84dd-9de0b87f94d1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"c14522c3-5a42-497f-9650-1426f3afa162","eventID":"372091cb-7b03-4143-ae21-fb5d5729e7fe","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"a63a26da-a9b5-413b-b08f-fc6d79320335","eventID":"cdda7de9-8fd3-484a-b474-b81de949aa73","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"1a1dbbe7-bd3a-4f52-8ead-b4e2f57be5b7","eventID":"805160e6-0d8e-4290-9e52-511ad77f1358","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"aa0290c3-d3c9-405f-98b2-26744a7fcaf1","eventID":"433ba792-ce07-4e5c-991e-435f437382f8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"e2126647-996a-4fa2-b8a3-a0e36162863a","eventID":"68b2831c-3a96-4b59-8a3c-98061495ebc2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:50Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:54:50 PM","maxResults":1000},"responseElements":null,"requestID":"bd9b8183-0ccf-4385-b11c-2860eb4af0d7","eventID":"b3953e34-f6ce-45fb-841c-c5b134d6b1a7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"2b389f50-1d0d-4b85-91af-7e8133118aaa","eventID":"7e1ce29a-43d7-4b9f-b0b3-bf57a8027486","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"5f1399e2-0b7b-4a82-96eb-f6e001435b97","eventID":"80bdad8b-0ae8-4151-9782-b67450610e58","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"66637e71-c204-487f-859c-ee8e605324c5","eventID":"d7c5a2a3-2478-4e7d-b951-107c6b79b25d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"272f18ea-d8d6-4dd7-9840-a9cebc8b72d1","eventID":"a2f6a83f-62ad-467f-9129-ac145266470c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"a6f25a0e-9dee-431b-9d98-a5a45567c560","eventID":"737b2ce1-baa7-4f0e-a7bb-ed8ef7f31b2b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"38272808-b0fb-4fe1-a780-c83a7ce34b64","eventID":"4881eefa-4a7a-4ba7-a26e-06a5aabf0a7f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"078b280e-c57f-418d-9418-9bfb4b030834","eventID":"ed57b11b-c18c-4833-be2c-5bf4513bdc61","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"a22b4d50-17ef-4433-9de9-38e9ea68e5d9","eventID":"7bd8678a-1b2e-4ea9-9cfa-80d9d26c938e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"5710c675-d148-4961-9dc6-aadfcf908eb3","eventID":"5291192e-65f9-475d-926a-785e0c530744","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"9b64619c-2094-48ed-8d30-fee135d015a9","eventID":"33c49dbf-45b0-4d6d-a439-3e607f2b59e9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"3965ea70-79d5-4eed-a96b-53fa0cb9489f","eventID":"b6d70a13-4d50-40ae-9784-3e1a14b72b3c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"1351badf-35a3-4e60-bd74-5cef62464d6e","eventID":"2ba65d2f-ecd5-4ea7-8555-a322b85f4d73","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"3dced010-ff12-4353-9b9c-127dcce50b48","eventID":"cb1f8b6f-f1db-4b44-b263-dcbd32e27677","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"350a5acb-636d-4161-ad8e-13c997ceae79","eventID":"cc57f331-a90e-4f6a-9ba4-cbdfe9de43b2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:54Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"a105e17b-c39d-44bd-b644-25071c44c888","eventID":"be62bab8-f8a1-409a-b68f-bdca00b8d68c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"a419e596-130e-4109-8228-88cc4767acb3","eventID":"7eac5819-407a-4924-af47-93b77a5b5916","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"5e283171-4253-4e7c-9e66-bee6a8e10b74","eventID":"75c7e3bf-ae99-4ea3-bf8d-9f54e999f7c9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"83487cd6-11e9-45a6-aaeb-c65a1e666bc7","eventID":"778b2cb4-081b-46bb-b6c9-5e05b4622a91","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"3fcc536a-41fc-46fd-97d5-65ec017ef4f1","eventID":"a81b98fd-af57-45ef-a190-a58f21c42f07","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"ca473826-341f-4178-a3bd-5a425c3f7f2b","eventID":"5cc4a625-208b-49ab-90ac-fdc7edb49314","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"e7140e09-600f-4a3b-a01d-1065056ba083","eventID":"731f6aed-ceff-43c6-9fa6-f18009c2d9ac","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"78ec2884-4473-446d-8d5e-e1397cdce090","eventID":"6cc7d975-04fe-430b-9e79-9599ff66a0b3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"3ebfa999-d73d-4ddd-b1af-d4a78c6ef1ed","eventID":"29df17ac-ef14-48e9-a4c1-6cfab7a63a26","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:41 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"225d0a35-fe64-47ce-86b0-95c551a5a727","eventID":"35a3e04d-9b68-43da-9431-8c46da3ddc8e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:00Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"b3530f93-7f18-4be9-92f7-40a33aa153f6","eventID":"929868a4-736c-48a9-97e7-208f5a2b8452","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"4ab8b30d-9a7a-4fbf-8437-ecf8d593e7d8","eventID":"0e28e352-36f9-41d9-b6f9-c3bd95cc67e8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"8205b236-371f-42e2-ae55-eed37e134215","eventID":"0e5bf724-bfeb-49f3-9724-a028500e1d70","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"60956fda-dadc-4e0d-86f3-3226cd8d67a3","eventID":"ab3a693f-5142-4476-84b8-e2346ebbce6a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"62dc2c9c-636d-42b4-8a0e-f74e1f1b926f","eventID":"7a502049-f433-46a4-b99d-86db81da1cea","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"cd8ea27f-1536-4e83-95a7-d910b566fb0c","eventID":"9de3a0c4-c31c-4180-ae88-70ad4a49604f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"b9fa6316-1a9b-41db-8618-ff95fbfb28f0","eventID":"89b93d4a-4166-40fb-81b2-7038c7df393f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"a7d98ea3-9320-4fe8-bb98-2c594623b486","eventID":"0e377726-2a02-42fa-aa42-95ec8d0c7b79","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"a0390cdc-3fda-4481-85fc-5d5f1bd5af3f","eventID":"6e5988ce-007e-4479-b6d2-3fb94bf8423d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"318e8618-1b78-4a6b-b5f1-8c78f5c233e0","eventID":"bcc0d03f-1135-45b3-a1c4-441507a3f362","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"21a28f95-7808-49d3-97e0-f98899941a6a","eventID":"f7666f6a-2f46-4fb8-8bfa-10f7de3e66e8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"8aee8afd-2d31-4866-9152-2781b3a2f76d","eventID":"9437bf2d-6f5b-4f7f-83ae-9680ec8ab1f9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"65d3de7b-e58b-4dd1-8dc8-7abbe1ee934f","eventID":"c05fdc57-66e0-4f67-ad6b-171d90dec199","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:59Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"bb1e1faf-8e49-4303-8033-bbfbf207ce2c","eventID":"f52186b4-81c7-4299-8d9c-d9e7d5d595a5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:59Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"375f6dc0-19bc-46b1-a666-5b70798e6547","eventID":"394a87a3-1b03-4275-932d-624fb5f27163","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:59Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"4ef5be82-06f4-4781-af96-4f7d471831c9","eventID":"24ce2c60-2943-49fa-bdc8-12f5bbd0ee1b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:00Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"f41e6446-a5a6-4c32-b4e7-adbc1ce449c6","eventID":"b217a177-1847-478a-b6b3-b86a5992b90a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"15ee21bb-6b66-447f-8fdd-64398e26661a","eventID":"3fce334a-8551-4eca-922d-9c8b4822709a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"725a96e1-6e11-4f03-96e4-ec04068cb884","eventID":"0ccbee2b-ba19-4ab7-aa0d-b548aabb3e5e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"4fdace4a-d715-4e93-bf9f-4a7b05df8a83","eventID":"0bd4db16-4086-4767-bbfa-711569a5e571","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"59601ae4-149f-4a87-9b8f-5269136e9edd","eventID":"a513ac47-858d-4ba0-845b-ee53a639de18","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"d25669c6-9507-4989-a461-74fffe962051","eventID":"1765f305-05cd-4ec3-ae28-bc86b892bb36","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:54Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"0be38863-66f2-4087-9a9a-0c1bafbcb45a","eventID":"07da167d-f522-4e40-a4c5-45b1d5279555","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:54Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"34a7b9d1-2b99-42e2-8072-63b00fa6cbd0","eventID":"2e7d8791-bcb5-459a-a49f-7bf2148aa24a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:54Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"b4235fa2-e17e-4745-97a9-ed6f745b16f0","eventID":"e84b9f34-aaa7-45b7-873b-0d5a2908b883","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"11585b4f-0e99-4a6f-8742-c9db46f44316","eventID":"1ec9a223-a4c9-4b15-91d7-53a87ed157ee","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"09f3ebec-9e4d-475c-b364-346226ff2139","eventID":"a0751d18-a4c2-41e8-8b27-91f8cabef301","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"cebce798-1b08-4ce0-9325-88eb5c2043d1","eventID":"996ad7a0-be27-49de-a4c8-0a5be8c0da72","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:59Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"fe1f8195-459e-4ded-a736-539feb78b183","eventID":"af3073d7-4891-4696-abf8-4b50841460ce","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"c0e12336-5411-4876-82af-e136deabb050","eventID":"4dc64254-cdc3-4e41-9e4b-83ba2a2f60c6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"04065fdd-afec-4ad7-bbf0-410c8485d81c","eventID":"04ce0a8c-b0cf-4535-b2b3-d1ada4185974","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"7bcdc6a1-0350-4d11-81bb-00235b721612","eventID":"a293acaf-c634-461f-8e62-65182900c4c7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"b9229452-b18f-461d-9eb6-1cb11d9000e7","eventID":"adf365d8-40da-4811-899f-175770cb8d0b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"06ec5eb5-c60d-4d71-af45-6e7635971742","eventID":"34507831-fad2-44d5-8aff-8d09a8e285d2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"7d2bca3e-d579-4631-8766-5a43eb793556","eventID":"6f53fc2f-38e4-47f2-8ae9-17670921c4b3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"8cf89cac-a23a-4101-96af-34f58c9ebc3f","eventID":"49cd1055-a212-4d2a-bf03-a35e6f8d8eee","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"1c2a9a69-38f6-40b2-b13f-26d31fc0e050","eventID":"c1275f74-ec66-4cbc-a11d-3efe8e669c88","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"a2215fcf-0f7b-46c4-af30-8f612ca6fcf5","eventID":"64f27329-1b63-4779-b14d-824429eb15da","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"b1fa916b-0ff6-4e2e-ba77-296b3e0dfade","eventID":"a2a1f82a-237d-474d-a101-b9f978422dd0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"a946c914-afad-4faf-8b06-3ab4900baf7c","eventID":"04afe53c-fc32-4dbc-af6c-ec2989b57a84","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:54:52 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"81ab3a5f-00d6-4fd3-8a03-3483ecde929a","eventID":"df5eedba-d949-45f5-8c8d-8ae6ed19403f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:59Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"4b9b0956-907c-4992-90ac-55bc1a198a90","eventID":"a5916837-110c-4cce-9ef4-6f4d46e3113e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:59Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"afe21290-406b-46aa-a007-bf3a52b9d5eb","eventID":"6883cd9c-fb2e-4c69-9c4a-82dfede01bf2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:59Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"d6ff4655-3c1c-4dbd-8cd0-87d4c3083821","eventID":"5a0c2c6d-b34b-41e2-bf84-3babc3ba1b32","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:54:59Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"770e3b2f-7d07-4d7c-a8e5-376c5eb9c1cc","eventID":"6a57d246-9fad-4e29-a75d-70c3fe52037e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"0f99b3bf-4727-4233-887e-fafcbd41c8eb","eventID":"e6061f0d-4e69-46b4-9044-362ac3895ce1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"c2061065-dc11-4b8d-bc62-a39bd028a5d2","eventID":"41ed3b49-72ad-478d-bc1e-0d89624dfc91","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"d7c51928-a31b-41d0-b229-b30e7e61f34d","eventID":"1e3a5ce6-3339-4164-b2a7-d2d1bd442c2c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"198392f7-7ff2-4362-ad22-ad684c009afc","eventID":"c23ae7c9-4236-45cb-b281-f5085c27b017","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"91d92cb0-9aff-40b0-b719-24b1be6d45ec","eventID":"a6fe3c0b-a14f-49b6-bef9-9b170aa0c669","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:21Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:55:20 PM","maxResults":1000,"nextToken":"uRd8qnxrVX8geQ/mQnZCw05QkCPec7aXE1j1ISQZyzlvD/hZG48k8GMFoIA/rZQ8"},"responseElements":null,"requestID":"b074fa90-e728-4b85-a03a-906ae5dccb56","eventID":"74f3a308-52ed-463a-8ea3-c2ef57656df3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:00Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:55:00 PM","maxResults":1000,"nextToken":"kn7tAKcx6UD+ReRWzCqol7Mmvz27eEbn/iDZgPeH+bZraNNnX9wKMGILmFT1AUcM"},"responseElements":null,"requestID":"b5e4f9a0-b110-4619-a233-0f13ddb6dc26","eventID":"6f227ef2-c36f-48ba-a250-30a85178f2ac","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:00Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"2b454d43-63dd-4852-b7b5-139e69de782e","eventID":"edff3b5e-ed60-4589-a5b1-0f5f3c3a486d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:00Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"f51e7e99-cfbc-4a04-b86b-91f38d5386a3","eventID":"e89c9a67-8c43-4d09-bdfb-1c7ce807a655","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:00Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"fc83803a-f3b1-40be-80c5-a4475c34dfcf","eventID":"1676254b-2fcc-4e89-be05-6b63f172f318","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"b526ecc9-a07d-4abd-9b54-ed9f76bdcbab","eventID":"0e784312-975f-4f01-bf00-86fcff2f4704","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:00Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"561c5194-eda3-4c9a-b6a9-bf88ecc8073e","eventID":"8115c0e7-1cef-413c-98b3-7c7b63e5be0c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:00Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"7c81039c-2ef5-4fbc-be72-58518ca4104c","eventID":"ad208e9e-941b-4cc1-981e-9264b0ac671e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:00Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"45f7a382-16eb-4a1d-b36d-c77c7d696102","eventID":"c2de2bf9-a802-4818-8b45-7874b48aaad3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:00Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"e486c044-dd68-4ce9-ac7c-0dea5bc8e3a8","eventID":"6e1761a1-bc46-427e-959f-2398f7643c59","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:18Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"952c37ab-0c1a-4470-8f5b-74ed6c1c4d09","eventID":"7af1f8e7-1c92-4b3e-b6bd-a4ba47dab802","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:18Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"9992e730-094e-41dc-b415-45d1bed8f6a7","eventID":"63eb8e7f-1be0-49ac-af44-93472ac6f772","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:18Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"c8b3b7f8-4481-481b-aa3c-3bf73078aeb2","eventID":"bf771009-aa6a-4d4f-ade4-d490526d1d90","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:19Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"833abd01-f6c5-4461-a7f7-b39e50b883ff","eventID":"f9fe0b7d-fa32-40b1-bfe1-346fd1e96575","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:19Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"71a825db-a9a7-4b1a-8b85-ca4d0473becd","eventID":"64304f1e-f475-476a-82f1-35f19a1574a6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"1636a4ae-3813-48d7-a591-0aaf20c213b8","eventID":"109583dd-cf3e-4d13-a072-c40fa55cd84e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"eb998b3e-13b3-47a6-8014-2a3cf196803f","eventID":"c365909a-b8fb-4e7a-9e3d-5abdc3a363c9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"234c8a0b-6efa-4e2f-bc28-e477fb5b2219","eventID":"c437506e-33ff-4a8e-9cde-04888c519d99","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"234bf72a-e980-4818-8406-9d22b2f86e03","eventID":"4e015b1b-1533-4f82-b619-6e78e831a0f6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"842fcfa1-bd1b-49bd-9f56-0938518bb101","eventID":"1dff3ead-2074-41aa-a33b-328e83f8350e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"e8fa0039-9067-4bbe-947b-9dc88ade37a6","eventID":"bc6b94dc-4577-434b-8fdb-4ba3935b9879","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"bf9230ca-3b1b-4d36-91c1-358deb7ffa5f","eventID":"8c2a8405-cde5-4b02-a1a3-d1cfab12bd43","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"df18e7aa-4fd9-486b-8a62-4172eb167954","eventID":"1e22985c-8d02-43c7-9845-2ce9b3dab9b8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"4b756057-f29a-440f-b3ec-c9f84d8b3d44","eventID":"2f63db0b-3220-44bc-b6b9-806199e8b9a6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"c7f74a79-4e2b-46dd-a986-002b9afe9a66","eventID":"73f47e82-0bd5-4735-bea2-372d57c52da2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"86d714aa-f4dd-4c56-8a37-00893f8f449f","eventID":"46c509cc-c1c7-446c-ad16-846f226bb084","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"727918d1-7792-420e-b5a3-89e82d5280ee","eventID":"2204d770-8ac5-45ad-a198-a54304e65e81","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"c130e2b7-f5ce-46c4-8016-c1ecc18cd948","eventID":"57d0c29d-a9f4-4009-aacb-e9a7995f41bb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"e00e64dc-194b-4286-b192-0a932ad0df58","eventID":"188ff101-585c-4565-9608-b3ac2fb6c45f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:19Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"ecd679bb-a8db-4416-8e4f-18fb38a9eed4","eventID":"eed0e350-1d09-4edc-88a0-d1bfbb2decf6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:27Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"fb0205de-3e13-4de4-9d76-c946ca07eed9","eventID":"764060e6-4ecb-4b35-b0ce-1fc995584e97","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:27Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"55887895-85ab-48e1-98ce-ed181a5bcf02","eventID":"81711f23-a05a-49c1-a39d-e1e04a614c86","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:27Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"915b153e-0f1e-44ae-a5dc-de8e96458ced","eventID":"de2d5ad4-9ec9-4ccc-a0e1-6c47a344be72","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:27Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"9a052a45-19c3-498b-ae47-abceef55c7dc","eventID":"f48bd499-1806-47f2-a8b2-e0b9069481f0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:27Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"d7f96b4b-0eff-48ef-9a15-34ac3b2185c2","eventID":"06f49334-81c4-4831-b2fb-de1886b77760","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"cd8797c8-b3ed-49ba-935e-28b45db284ce","eventID":"e7c99801-8f0c-4564-9b86-ad96aa8c2028","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:01 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"9c0e5d88-c99a-4abc-8d8f-06bc109b3938","eventID":"d3e75163-40e3-4515-a453-d6d46a87bae8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"7c4f5f9e-5fb0-4c76-afac-eabb08ba1d2d","eventID":"47fb18d8-88e7-4062-a5a6-bc5f5dd33faa","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"3ddf61fb-102b-4fac-9a61-8e169bdf7771","eventID":"db73202c-891a-453c-b8cb-5b5a7bf98291","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"e15189c4-24df-4fd5-ab6c-0d0630ea993d","eventID":"71085d20-e986-4be2-976d-9a2e93d554e7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"1fed37df-b2c2-4fc8-bd60-910a17504973","eventID":"4678a44f-83e3-486b-8ffe-226a1a0ef7f8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"aa1b35a1-407c-4fcf-bcf8-a7399ec02bca","eventID":"6edf2a0f-e064-4e74-a62e-23ccac9cd580","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"fe6e0000-2f40-485c-afb6-7b6e04bd7e25","eventID":"89de0985-f3af-459d-8c21-df889ae042fa","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"b07c7108-f933-4ba3-b4a4-24da075ec64c","eventID":"75503ea0-1390-41e9-838b-21f867a84152","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"da5b9fc0-c72b-4012-8446-e58e01a4fd97","eventID":"d23435fc-74a4-474c-b19d-14629b8dcc87","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"ad2e5317-acc3-4444-9fe6-60a8951f7910","eventID":"72ba1d40-b671-49e1-90e8-12431f01b5bd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"93ee97a7-9b4c-45c0-b756-47746d8e030a","eventID":"09815888-a2a4-45c6-bd7b-f89c9ff3c30f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"045f2516-8738-49a4-af05-bdc165448465","eventID":"7d45103e-9bda-4db4-a67b-e3b22a12a4d7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"7b468bee-690e-41f9-bbf8-64b7b11742e7","eventID":"597885ef-7550-4d00-a9b4-429e0c6612d7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"4ef42cd5-ebe5-4474-8db5-213cdd886331","eventID":"dae9d0d8-af2f-40e2-9021-537f797b6f1a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"9c224c34-35a6-4af7-879e-1ff72d3cdac7","eventID":"ff0782be-9221-43fa-a68c-820fe24e79cb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"28b083fe-0dce-4de7-86d7-5e40fe672cda","eventID":"8d20f21c-7613-439d-aa23-195965ee6631","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"394c2329-99d2-4b94-8d16-a91a2f76701a","eventID":"2946a6df-6338-44cd-bf20-d4146a74f9ef","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"7e8cd3db-4f69-46b6-8238-4eedcc7ff550","eventID":"2cf6edba-8b31-4dce-9f45-3570fa7266a1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"f675072d-d2f4-4815-b191-d50b9dc13814","eventID":"19d391f0-6484-4152-8d27-51580556c802","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"b825cb17-b1f4-40d6-9428-42aef291cfe7","eventID":"d9d3cb3e-b181-42a0-9eb1-0d485c04f9fb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"13b4fe01-2724-47c4-8daf-e85e3ed41ad6","eventID":"add2b034-5953-467a-8649-c866bb09098a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:15Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"92fed4f1-941f-4bfc-854e-02941a13154a","eventID":"2901acdd-3908-469f-bbb6-1eef7453e8bf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:15Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"c9d64766-63b0-4502-9f88-1958aa8ac5c9","eventID":"9d5cb2f5-b651-464a-952f-0492328ae307","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"551ce328-8d68-4a78-b8db-24ece285bdb5","eventID":"0aa2d92c-8b56-476d-b2b9-d39a1daab87d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"09ef2272-bfc0-4551-b989-85effceafab9","eventID":"2d7f0e82-74af-4541-906e-0fb833495851","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"dedc4702-10fd-4acc-9fc6-0742fe6b8732","eventID":"ca9798db-7343-45c5-bd1a-f583f889a432","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:10Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:55:10 PM","maxResults":1000,"nextToken":"djQBS1bjg9bywADu94XGFPu5TBOOBge5SE5APg6PirJ8pHA8/z0uhTsZtXKHDAJ7"},"responseElements":null,"requestID":"1aa338eb-aab2-48a9-b1c4-fb5f81b5f2db","eventID":"abcd15df-838f-46c9-9eee-e6899519776b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:31Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:53:30 PM","endTime":"Aug 17, 2021 11:55:31 PM","maxResults":1000,"nextToken":"Bz8XV69TdMmI2Sgq3Jq3hMWDG1uK/RsMnpJ7PcIDROTZU4U2V7eA4e1RMkfrES48"},"responseElements":null,"requestID":"80397224-4464-47d1-b32f-223d1546d344","eventID":"47401035-a7bc-457c-b7a9-0a60d2b2d430","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"986208e6-6e04-4cb5-83f4-fdf2fe23534d","eventID":"77b32976-6d06-4c92-a6b5-6cf741160f13","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"89804ab0-572c-4228-893a-19c675387566","eventID":"3d253af4-2a45-4e09-98c0-7541bbe5a763","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"3d7a2734-edfa-4369-a0de-a6dd091721fc","eventID":"fa10ea9e-6beb-4c5d-803f-6ac48f83dc00","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"ca85df83-565c-4c0b-96e8-08f203728ebc","eventID":"1cc8ed49-4822-4438-a95c-6d671936b79f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"f81333f2-eaa2-44f8-b0bd-48c5b31f3d55","eventID":"ca4b7e1b-00c5-4249-8f6d-67cee24a396f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"3b1a7542-5b53-4175-983c-559e488a8951","eventID":"fd98e9d1-9e86-4437-a389-70b543d0977f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"a093e335-a84e-47ce-b02e-6314351ba719","eventID":"e4cf23b8-55e3-476d-bca6-6f75e8b3409b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"56d5a7c3-875c-4763-bdfd-12e6cad94d60","eventID":"86638c23-0516-4d92-a70c-57f4396fef13","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"7a9db480-8594-496e-8743-70ecfd696e48","eventID":"d87b0509-ca25-4fa9-b948-09342ffc47e6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"eee2ea48-ed62-490d-ad1f-a86d13a291d4","eventID":"d39f29ea-ed41-4f4a-947f-d3e22e463e69","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"99bbfa8d-6443-4e25-85a3-b12c742a0b96","eventID":"9a08b796-4634-4cf9-999f-b300aa0833ef","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"b7d5b0fc-4e1c-4574-962e-169d535ac9f3","eventID":"d4ff12d5-b6c0-4cb4-9415-cdfb5bbb496c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"8fe87622-2abe-49ba-ade3-1a03b420710c","eventID":"3c7a2d8d-91c8-4da5-99ba-4c1008d67809","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"a880dc07-89d1-4f82-9567-4dfa9306c7d3","eventID":"89fa35d6-514b-4a5b-b993-46e05e139c2c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"f5860262-b103-4d33-ba12-e468d3e1c95f","eventID":"94ab4f6a-496b-40f2-a1ad-59b88193bc8e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"09a8510c-2fa7-4213-b50b-5dcf4c53f606","eventID":"dd2fde65-033d-4788-a33e-2aaf8fce6a96","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:26Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"9b6ca26f-3131-4853-9467-f1019c0c7bbb","eventID":"e2cd0173-23a4-48c8-be1c-311083138f13","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:26Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"c857ccf2-b2e5-4b55-b181-07831e3956ae","eventID":"f0a7f15a-3f67-48d5-a3dc-44e6d24bd3a5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:26Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"2eb42873-e7f9-45e5-8ede-0669a17daee9","eventID":"4e5478d9-7d30-4474-a4d4-4dea2e362162","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:26Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"44adff19-359c-41f0-9603-ecbeeadf2f7e","eventID":"92817d3f-eda0-4d57-8532-d5f706e6b1c0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:12 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"bde812aa-2122-4d7b-87ad-a0660f7679c4","eventID":"7591f619-0578-4d0b-927e-2b2839e5f8b5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"bc7627eb-8f3c-4a63-8c2e-544759018cff","eventID":"2bf10843-e9f3-4f63-8bf0-7f5e12ad9aed","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"5ce603df-25b9-4c85-8ecc-33e2124b657f","eventID":"580d27c3-1303-44e6-b09b-00631c14287d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"583d1696-506a-4644-86b4-77a35ef6c3fc","eventID":"5f0b8d5a-06e3-4644-a28f-99623a3c574b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"f19fdea3-1bb4-40e6-b0a2-d70313ca80ce","eventID":"40478429-bc30-4933-afa3-1ddab9cd46b3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"88b1d9b2-9ae0-48f9-8b9b-a9840765d03e","eventID":"be28bf9d-da16-43e0-80ca-959c5b487214","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"549c0481-0b7c-477b-93f1-0b376f0ad194","eventID":"995bd7fc-ab09-41c5-ac94-8e1b9ddaafb9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"ecf3d3be-ee28-4911-9112-0cbe416f0410","eventID":"5d7b2235-ca62-4bd2-93d0-5dc9685656b1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"3d1d2100-ee7e-4ec5-8ac6-f519f77d2ecd","eventID":"74c602d2-b506-4a2d-9a72-534d2a50fcfa","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"9290608c-9895-4f15-838e-7d365e14ad1f","eventID":"0c6a1407-082c-437d-98c5-a2a0d36671c6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"b4dcde3b-a5e1-4212-9bbc-917afdeb3cc4","eventID":"3344019c-0f24-4152-8b06-8ced74eca2aa","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"e0f163c2-da13-4374-ad93-75e4b872d2a4","eventID":"63924b79-b332-48e6-bb92-f4100fa0c6f3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"d17a428f-32ca-4c50-b16e-627021b775e0","eventID":"675fc417-97b0-4952-ad04-4391be5495af","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"7ac567cb-9acc-48d0-bd8a-eee714ea9235","eventID":"b115494d-40c5-4e6f-973f-87728a390860","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"1fe6688b-cc12-480c-9b49-ff3620517dff","eventID":"98ced0ea-065e-4dfe-b08f-fe0abfaf41ad","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"0cc04059-b0c1-4e61-a534-067e406617bc","eventID":"b7b2d99e-77b7-494b-9183-682b8e201aa2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"c836742e-7d0a-4852-91fa-2deb41160584","eventID":"92acc834-81a4-4311-b10a-8d5d42e2d6a7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"a5a75c68-a689-4e82-add3-0a88738bcf32","eventID":"dc2a296b-f11d-4582-bc23-b0f90965a5df","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"45e5c742-732d-4bd0-9f01-b431e911320a","eventID":"8b12c3f7-2b47-4c1e-8751-d9c8a42d351c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:28Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"ca01b150-9b6e-454c-99d7-a17b41c13cca","eventID":"80b71495-49ba-46b4-af34-7cf6c507d435","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:28Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"5f1e65f7-59c2-47c4-8a96-d886fce511eb","eventID":"61332c3f-6546-40d2-809a-786fdfc8d019","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"744a5f43-581f-458a-871b-8861dcc6ca04","eventID":"39443a13-1656-449d-a589-78d0d603a3f9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"90339c70-0e35-4d55-b21f-ea4e3c18f074","eventID":"f9019eaf-e7ac-4429-b593-5614e9c49b03","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"caaab67f-2640-4a72-85e1-d6d1f7e1c23c","eventID":"2f6da212-eb7a-4891-93c6-24264330afc7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"a4e6351d-a1eb-4235-8504-bdcf43cdf84d","eventID":"d3bf93d9-bc21-40fb-96d0-76f95c215f86","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"7c4ad004-1ef4-44a9-898e-50c158b5f7c4","eventID":"75dd3623-7fc1-488f-a1a7-ef0f2cf3bd1b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"2ea006cb-8760-4d4c-8d18-d59400bc3196","eventID":"f6539645-c780-4dc8-b7d9-fb4384b95bd6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"de7e9c6d-b6c4-4aa9-b91a-fa46cf919f35","eventID":"ca8cc870-03e4-432f-9a06-d67f7c48d647","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:41Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:55:31 PM","endTime":"Aug 17, 2021 11:55:40 PM","maxResults":1000},"responseElements":null,"requestID":"f04b8f46-2ae2-4415-8b99-caa2c7e60e40","eventID":"2ea2354c-d71b-49e3-a543-64687e23677d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:31Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"b829d8ee-95d2-453c-bb04-d2ee0a5d847f","eventID":"244afbf5-fb36-4967-af17-c91ee43d9844","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:54Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"0fe9f345-94d7-4b9c-8a0c-85726c66f492","eventID":"c682f0a5-1619-4f99-8498-1381d46ada03","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:54Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"2a46fc27-db2a-4288-a99f-abd37d569fe7","eventID":"213b62b1-6cda-4b5b-82d3-3e770c140875","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:54Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"e101e86d-0479-4a71-9c3a-94f6ef252034","eventID":"e92a7bad-3c56-4d0a-a7ba-751c4b20c69f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:54Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"5413cc1c-c539-493e-8189-2795f924308d","eventID":"7ccf9f29-22ea-46c3-8165-b35051134335","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"ad3ba95a-52ee-403b-859b-0716e1db7854","eventID":"e09665f0-d0ea-499c-a952-b7c89ee7706b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:28Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"03de3226-89f2-48e4-9a00-54543484fdd6","eventID":"1ef2ca3d-11f5-48b4-adc9-b1638a4b7c38","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:28Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"d712115f-5aed-48d5-b287-fff393dfb72d","eventID":"4efe3125-8f75-468c-84e2-b5087c5f11c3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"7b5c71f1-7932-4236-b36a-b9f9b5698a97","eventID":"08c67625-2a79-4067-a5ce-905c0fe296fd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"139a1e06-a261-42ef-ad5d-48504a65f952","eventID":"553b1e3b-2e47-4f7f-86e1-b4ab34145b15","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"18e7fe65-ed7a-4e03-8512-b651b4cb2899","eventID":"4b7c83f1-569c-42ae-a8b4-2970c9d09eb6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"a041c3e6-e0c0-4050-a6b5-c9884ada9cb6","eventID":"d1e7e734-d333-41a2-adee-c02cd6ea9e2a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:34Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"9ef0d6fc-ba93-4072-aa91-8848cc5f4dd9","eventID":"a1e397c7-4bc1-4b02-9bcc-d9a70f9d9066","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:34Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"ccfce123-95e7-40fe-b277-7f9cec4118c1","eventID":"f840e803-56b6-4df7-a6aa-d1cc815fa397","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"0572a826-2b6e-4fcd-847d-6aa18b17cb1e","eventID":"6de1b4d1-0c3f-4ebd-bbcc-07f473f83d23","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"afbc8a5c-7dc5-4bb2-b591-170539d1c54a","eventID":"4bc925e3-3620-47ba-8840-2fdbecd1b9c8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"ce931d30-7f18-47f0-b9b2-59af9f46f554","eventID":"0da7d5ef-eee1-4883-9f4c-54984ecbba24","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"a494c49c-8be3-4c98-af61-863af5f8782c","eventID":"88dea680-921b-466b-98cb-d2782941d80d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"784afeab-545f-4b2d-977b-0e0efdb50fb3","eventID":"0bc4cda2-355e-4443-9884-37f3a824d009","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"471a17b2-db06-4b30-9252-071333531885","eventID":"328d6bcb-5f09-49a5-8d62-5bb72887411f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"9d830cd7-1437-486c-92cc-059340749c36","eventID":"1872dd8e-cecc-47d7-b118-24ddcedd3ed3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"00d77665-b9b6-40f7-ad94-a3899bdb26f9","eventID":"76cb3217-4788-4b10-9814-1b7f9a657415","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"b446d2ca-d1d5-464e-988b-0f325fa8c6e4","eventID":"fb9e7bf9-24ef-40c1-886f-83f281c42908","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"1e2534de-ed84-4354-9202-4701a88a48ca","eventID":"44e94283-dc7c-4b15-8bf8-2a67aa754df0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"6915cac9-e3e0-440f-a2fa-455ddb0a84a3","eventID":"ecbfbb8d-3ab0-419a-be94-6d2f7264ca55","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"7b7c0205-1812-4ea8-9cef-3dfb5af51a6e","eventID":"6a5873a3-b3b1-42e3-aadb-17de78d9bab8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"6b461197-08d4-4cae-bedb-f15f987f29f2","eventID":"bcbeb12d-503f-49c1-9185-68b6c10006ca","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"bce97a9f-2a2f-43d6-b8d7-0e170fc8c428","eventID":"cbc27b64-c877-4abd-b439-546b3f06d73d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"d9bb0959-0dc9-43f4-8bcc-7dd5fcc3af05","eventID":"5648eafd-9d6e-45e9-ad42-b49ad0c5e190","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"956c4819-531f-421b-8c5a-6e013d2c9652","eventID":"5977e26d-a09b-4d95-9b0d-445d16b9a868","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"a975441d-f2e8-4616-be60-1d2c59fd789e","eventID":"5f47e424-0002-4a3a-9903-ccb983316626","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"292cf7b4-d27a-4efa-a926-653e6192333e","eventID":"17ba0a87-bd14-4bf1-8cb3-1ea6f776bf6e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"8cecee1f-9b70-4cc1-8834-8ade3883a177","eventID":"fa8c9f27-a297-4498-98b2-3bbd4ad55c56","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"5307be16-b55f-4660-8ac7-187212076b5b","eventID":"bd8e1363-c56c-43b3-b5f0-f982667b02cb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"251e2b26-ffcd-4d0d-af54-60b09ab412d0","eventID":"8e0ac7bc-d9d8-4d79-9eb0-8120110f3978","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"9576e0c1-f3d4-480d-980b-cc9729f5a7f6","eventID":"c17d22c6-5748-4f19-9466-dfbcc5ed1269","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:58Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"a0050578-3b85-475d-a90c-98eed4163798","eventID":"937922ef-3452-4e85-8dd9-97f6e9b7f931","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"2a62c8d1-37ab-4870-83c5-7015ebaf5522","eventID":"62e28b3e-5678-4a09-ae3c-fe861186a0e7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"07d2f8d8-dabe-486b-8889-ccd10c84c36f","eventID":"bddcd78d-2da8-4eee-aae5-97ff575058f4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"53d70ee0-6473-4a70-8a59-a2a014357d6a","eventID":"f1f86fbd-bd21-4459-9f53-6752231d30e8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"43cace2c-3ca5-4fe6-ac25-bcf2155ec525","eventID":"92ddf499-a805-4f47-909e-dd0647b0d826","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"1bb32bda-4020-47cb-85a5-db92ebf0f1f9","eventID":"0ad9d747-523a-421a-b185-838da274aa9c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"0deea3c0-bb1f-4b97-9400-dd5aead5d310","eventID":"c0357aaa-4cbd-42da-9853-15a31d621ea2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"a584c0a4-7ef7-4ac0-9b09-9394e0c50338","eventID":"058cf734-3a72-47d7-a46f-f6f2aafc63bc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"beace915-cdb3-468d-9edc-0cf996107eac","eventID":"d489ca9b-4e15-4103-8f90-6bf1fabb3be2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"30d9d816-e296-46df-8366-e11e2d296812","eventID":"e998efe2-2488-4311-8012-f8a6537ac86a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"1cb7cb43-71e4-48db-8cb4-17cbcd39ecc2","eventID":"37ca02e9-c46f-4faf-ab7e-ddea15614159","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"3914dc19-ec98-432c-a0fb-e18160698010","eventID":"e5b29b63-7dd3-4c7a-b4c7-5e8492ce3ec3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"43c4cf15-056d-42ce-b01a-54a6abf2c039","eventID":"e98dbd76-1761-4317-a0b9-bf4fce351b75","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"30904474-a83c-4097-ae20-2bcd19c92323","eventID":"a337bba2-5187-4f80-a3d6-0fe222c417b4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"354909ce-583a-45dd-ba87-da4c62541d7f","eventID":"ed9e1aee-6827-4c0b-a691-ddd7eeb073d3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"aaec2cc6-402f-449d-a906-7e77b7051a6d","eventID":"56b8bd9c-3316-4977-95b3-921610967cb3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:32 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"7f86e0a5-0e6c-47bd-bb1f-3c1dce3e643d","eventID":"e3fccf7f-616a-406f-a45d-038024134048","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"fa14201d-57b6-4f1e-bae5-4174e7215bd0","eventID":"71c900b7-c228-494e-9a15-091a9a195f0b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"b97f34a0-386a-4847-ac89-6dc10d5ada36","eventID":"82a055be-17f0-49c2-88f7-2933b3b52239","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"787c3aa9-75b2-4151-b238-c448149257c4","eventID":"8c629adc-3f33-471b-9f1f-b026eb9bdcaa","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"4ecb6348-9baf-4857-b0f8-7a3107af9cfc","eventID":"1214f2aa-a35d-4bb7-8245-2cdbf56a9d16","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"56f105c9-6774-4b31-94b2-873b2562716c","eventID":"9f0fff75-5392-4379-9702-c615eb88c415","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"2b535026-95e1-483f-9633-a8b7a644a5d3","eventID":"c5a7db07-e87e-49d9-ac5d-df069243cc3c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"178a184e-6894-4537-a43e-146bdd72f4e8","eventID":"c3f86c83-67eb-4e06-83fe-f2b279da9746","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"73a1a02f-0b56-4e0a-b042-99e2fec4ab40","eventID":"c269c7a0-bad7-41a8-ae0f-ae88a7f79e95","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"5a0d9976-79c1-49ee-bd9f-5e6e9a9a2544","eventID":"c9fb7449-e86b-4026-97de-4f298e3021e8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"0923725f-9a09-4acf-bd92-7716ad847585","eventID":"48d65cfb-9dbd-4f05-b32b-e6b1048bdea9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"8adbf383-b324-47a2-8fd1-c30fcdecac5d","eventID":"0bd087d3-43f3-4a81-ae42-192090ea808c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"57ab428a-d54f-4cd2-ab1e-7da3d1e0fa2a","eventID":"17fa2bef-da7e-40d9-8b29-e4fee90e8acf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"1d0bf4c6-a653-4798-9db2-fa169194e1b3","eventID":"c79082af-dc21-4e7a-b637-5bd6abd5309d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"5d180f6c-5e82-49c4-b75f-06bfe2f44add","eventID":"f1c0716c-da9e-4798-b91a-e68de39ce8e4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"1311a199-7e5e-4971-8785-85be43caacca","eventID":"2c997b0c-ef9a-4927-bcc7-4e817f889fb5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"9ce9cd76-9803-4913-8154-9fcc8d7fde6a","eventID":"f3cc648f-7f58-4991-bd16-7ac38c9f6923","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"6660045f-8085-405f-a504-c872810eb635","eventID":"3a39422c-6ded-4f82-aea6-b81ab6b1e126","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"dcf57828-f39f-4cb1-a73c-525f8a4858c2","eventID":"bb811af0-a9bb-40f8-88ff-3ff81f021797","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"6ea5a7ad-1d53-497d-97cd-832a0982b624","eventID":"baead70d-2709-4ae1-861b-62f16acb4435","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"0b1142a3-141d-4ac0-804a-db9a99ada2b1","eventID":"0596c16b-0ca7-4efc-a1f9-d7aa7329d2c9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"c89dfedc-1c5d-4830-b385-9b4ffa3836da","eventID":"23b533d2-6cfe-4c36-905b-31ba5db14022","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"47b6291a-d1e2-4d48-8822-a2df66c0d17c","eventID":"c82b3b21-01df-4eff-8df6-53cae962f14c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"5dff1154-6d8a-422b-b2de-2b7c11203163","eventID":"07ae339c-6b7a-4dd0-b40a-e29644adc1b0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"245d6f4d-0477-450a-9947-de6b0781a79f","eventID":"0bb7fcb2-faf2-4d62-b3d6-4f36bf5a4b8d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"5e0cf419-9921-4f28-9c1a-a040b440e8c0","eventID":"611d68c6-6d4f-44fc-a9b3-523da278e838","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:50Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:55:31 PM","endTime":"Aug 17, 2021 11:55:50 PM","maxResults":1000},"responseElements":null,"requestID":"a67df5c8-4c51-4a96-bf2e-8df1aa0ec68d","eventID":"4a20ced0-abc4-418f-a8d7-f013b5d70015","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:00Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:55:31 PM","endTime":"Aug 17, 2021 11:56:00 PM","maxResults":1000},"responseElements":null,"requestID":"2221fdda-2f7f-4bc7-b6d1-a66e6423694b","eventID":"4ff478ef-a256-4f33-8f16-b537e5175234","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:10Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:55:31 PM","endTime":"Aug 17, 2021 11:56:10 PM","maxResults":1000},"responseElements":null,"requestID":"3d194a67-7773-4420-ae9a-614dad695dd2","eventID":"7219b857-1ed3-4d10-9109-b2f592d17a02","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"2918eb0a-6a2e-4b68-b6e6-7a0e3e6ef3aa","eventID":"48d3293f-3543-42e7-8583-143220c352a2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"cc601077-cdca-4ccc-9d65-4807d91db418","eventID":"737b4c34-b486-4b94-a8c1-4423982d4f90","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"073a47a1-918a-4f8f-b0a3-f6288e647531","eventID":"39f851a7-30eb-44c4-b57f-98790d227d18","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"7753bea5-bc50-4c63-9a8f-277c27089cb3","eventID":"5f2d860b-a8a0-483a-a9a8-99d4509b114f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:15Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"86b0bea3-a8a5-4a4a-a70d-f163ca118a6d","eventID":"9ba5b159-dfbd-4922-ab4c-b890be84386a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:15Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"99f7bdbe-3892-461f-936f-a20e2623c62e","eventID":"f9c4dcaf-9323-4b02-976e-a45dc82d9248","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:15Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"6f6c5855-ddab-45b9-bf38-44dc45ccd413","eventID":"bd8ba9ff-3c5d-48e2-a8d9-00225a0bb541","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:15Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"c0f2fde4-1504-43db-b381-ee22a947852e","eventID":"e9e92ee6-461b-4899-a696-7b1fc6046e46","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"039f92c4-ef32-47a6-98da-fdc36865b0a8","eventID":"a9ecc4cd-d1c7-4104-82c5-710a1b096198","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"6c86b56c-816f-4736-a058-1bd9d3c49c1b","eventID":"ac3a7c3f-f06a-42f2-8666-688517f32cbf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"489f947c-ec4d-44f6-aa36-12a7d7457d38","eventID":"644f576e-7122-4a76-8035-fb29e288c268","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"f7e32744-f1d7-442d-bd13-d1ef2d9354c8","eventID":"aa212044-b840-429c-a373-60fe42473c40","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"7004d3f4-a1f2-4b83-bd5f-1f748d05f86c","eventID":"fd1e3f21-235e-4ca7-8057-3e69899bc791","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"93aae8a1-1041-4230-854c-9e7533d00d43","eventID":"6783ac9d-8bcc-45fe-9a6a-576342464435","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"ae8584ac-0ae7-4a38-b5dd-7ff23b0561ff","eventID":"2e96a778-bd37-4595-af44-6502e63d5451","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"8d2f62ef-1047-4ab5-b742-9043a7cd690c","eventID":"59840ebb-c201-4ba2-8bf0-f292df2f3265","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"4e1bc746-4be0-449d-9fe4-0ccc62fa0ba7","eventID":"7bd6b6a3-d86b-4693-bf21-b3c1165814a9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"0794a101-f47d-4349-b78e-f170d6c5581e","eventID":"47b684a2-cf7d-4949-9a9f-3bd144dc34ef","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"977cc31f-8865-431d-b4d7-e25a4a5a78bc","eventID":"c0aeadba-7a58-4d18-8d21-9099af6571bf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"535baf99-232b-4198-9b5e-6c16994f1291","eventID":"0898f575-f522-42be-bab5-b2017559faff","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"4afb1725-eccf-470e-b777-ab4891e4d5f9","eventID":"3c02f70a-a455-4ac0-a7fd-b33845023d1f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"06fcf4b6-091f-48b4-97c3-ff160c77e00e","eventID":"7d4f2b0d-99d4-46aa-b6d8-2a829d09fa3e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"1dc69cdc-c310-40be-915f-c9fa691d75fb","eventID":"53a1ab36-a634-4e28-bf2c-1f6fc52186b6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"16b97a3b-04cb-4355-b266-83a34b330309","eventID":"a320b899-e195-4c2c-8155-12f020c208c1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"e654e309-56c6-4df7-a1d0-ebefffe1f700","eventID":"417ed31b-f445-4454-a77e-fc1b94c96675","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"40e3f891-df83-46c8-99f3-c161eabfb5b1","eventID":"1b74c077-b9af-4a0b-8669-49063774e164","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"080fe755-ae70-419d-9728-33251cf24d1d","eventID":"425880ae-72cf-4a9c-91d1-82a36e663723","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:55:59Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:55:52 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"05d9d425-bdae-4fd5-8492-e3ee6df86c25","eventID":"945c8098-6754-47ce-8b6b-f6487e0a8d70","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"303af5a7-bd03-474c-aa19-855a9f019ebb","eventID":"4adfc7b3-5aea-4057-8c1e-41f353d19268","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"a0cb7e71-05f4-4651-8f15-a88851cb4d19","eventID":"d7264ebb-ad2b-4146-baf1-7df84025474d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"61363436-248b-4f9a-8b9a-32e378bec870","eventID":"8c2d869b-92fd-4b4c-9165-98237551e992","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"21058376-c528-4631-8678-9b05c96b2931","eventID":"c9873955-276c-44a0-abef-84e63065919e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"bd2754b2-36bd-43d0-9b10-280f66313574","eventID":"6b0f4a7e-0473-4604-8a9a-37a81c79bb15","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"dec9a5c0-545b-4bb4-9e19-d359a3ca0a42","eventID":"09066688-ef19-477e-986d-347036ce07b6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"128b8784-fb45-4e1b-bd23-133642affc54","eventID":"c3481787-fb6f-4a32-8b03-c0b1530dfd0b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"39f36322-7e75-4a42-aabb-0fee61524966","eventID":"9918e694-678a-4e61-bb2e-ecce6b03c108","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"f4c14048-eb64-4ac1-9f32-9c85a5c29e5a","eventID":"cdd9c420-d1f8-4658-a447-511c0b040034","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"cff37ab2-885e-4634-935c-96b6ae2e45bf","eventID":"14ac94af-1eb2-4864-8884-d987fbceac44","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:17Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"447e7a4e-1ea1-4a4f-86ca-badae01e3506","eventID":"53914720-e9fa-493e-acd8-fb938b2fa6bd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:14Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"d8f94390-47da-416f-8ad1-7c5bdd146168","eventID":"45ad59e5-5733-4c14-b34a-087911db9aee","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"147760d2-e6a4-4227-97d3-55ca2dd83934","eventID":"2f9d7398-5f36-4ca5-9ddf-853daf700472","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"a79a46e7-71ab-4218-ac57-f23554bd73b1","eventID":"35a968a1-1723-434f-8e4a-5d601160cfb4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:24Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"c4fef7ac-f736-4d37-bd24-6abeb6748491","eventID":"74a5d37b-669e-4d9e-b80f-0a5a02efa66b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"352757fb-a232-4961-9da1-61c303449a00","eventID":"41ec31dc-5821-46fc-bae6-94bc538d2616","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"5b1d3515-76cb-4784-91a6-7ead63422e8b","eventID":"8eea92dc-0c5c-4a71-8670-e5949ca769ff","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"bdda2eb8-543e-4cdd-a6d5-0c1890af8f46","eventID":"f52afd23-a069-42b4-80a4-193770ded485","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"7ab15284-0ef1-4b9b-9be9-7886f61db40b","eventID":"8d4ada4c-c03f-434f-ba8a-700ba47895dd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:20Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:55:31 PM","endTime":"Aug 17, 2021 11:56:20 PM","maxResults":1000},"responseElements":null,"requestID":"df35e807-7ccc-4eb4-8732-de580fe397a1","eventID":"3aaf370a-fffc-41bd-adf1-088b82a649c5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"cb75e7ed-5366-4f89-9c1b-08ebbf97bb41","eventID":"d201feb6-1c7e-4bf1-b3ef-9c29f2afe4cc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"d9a9e4e1-dc6e-4681-826f-4bfd4e03d7a2","eventID":"6b1308bc-9506-4bce-be16-0903a9a48786","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:31Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:55:31 PM","endTime":"Aug 17, 2021 11:56:31 PM","maxResults":1000},"responseElements":null,"requestID":"d95f04f2-08e5-4174-85d4-480d1120836d","eventID":"4c31d9f8-dea2-4c09-a548-6c8754a0d90a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"1491dafb-b5be-4094-a23f-d4df3f068316","eventID":"5f4d6313-483c-49e0-8284-469334300e63","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"13dcee71-f775-49a4-ae41-5b13a1767670","eventID":"cdca9464-fdef-426b-b232-b1e3bcf41671","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"61294bfc-8d1a-4db8-a1e5-76b7e8407df8","eventID":"6c67a618-9130-451d-9e54-7062ce9d7d05","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:02 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"819ef8f7-c279-4031-991d-9428b5636f6a","eventID":"52820a53-4aca-4656-8a3e-19a0fbe9ca82","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"7434993b-fe56-46fd-9eba-0320f26e76b2","eventID":"ca56640c-37cf-4d25-a230-350aebb5c0d3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"e5227cce-ef2b-4623-b13f-f2d1dcc150e4","eventID":"2b51a068-401d-43fc-a7e8-ef23cb3a6c6b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:22Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"a8b61469-ec58-471a-b2d3-ef29f3b2dab5","eventID":"e7044a00-e029-49d7-abe7-c9d048b976e6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"94e38680-0d44-40ce-a88a-5cc6ac167e3b","eventID":"62f6ef89-3a76-4a16-b93a-7303536cb816","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"20d2be32-fe55-422a-87ac-c7d9e95df397","eventID":"50043166-b7b6-4042-b3f5-79d349f4c2e5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"7aa25679-d636-4de4-8022-ce70151245eb","eventID":"dac50bb4-1050-4e43-b5f1-cb22aadc6ec3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"af1bcb7a-c845-454d-babd-c8fd8c8dec4a","eventID":"576d1e0a-3f59-46d9-94f7-3185774f22ee","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"81dbb73e-d8d5-44b1-88e1-91ae9a08b0d9","eventID":"3b48542b-4838-4b36-a704-0e98452d5953","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"9652ccb7-ebbe-4129-be99-114c4ba4154a","eventID":"da52b266-6934-46c5-ba11-19b21bd1a425","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"7cd0d3c4-5e64-4b90-b646-a10e7ec52372","eventID":"480d7490-be31-4570-9569-b0206758f953","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:41Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:55:31 PM","endTime":"Aug 17, 2021 11:56:41 PM","maxResults":1000},"responseElements":null,"requestID":"147e1797-5a4c-4ea1-abfd-481b19e00628","eventID":"1332148d-ea9d-4060-b10f-465ecda5beb1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"6e3ba8c4-7cbb-4eeb-82a0-0f65b8f5acb6","eventID":"322dfb2b-3a71-4689-beab-0ab303339856","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"28115892-8556-4334-bc6c-be3a97364c83","eventID":"9fec9747-3b16-491e-8ccc-59367af7c706","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"21a315cc-b189-4d39-b7a7-7bf80aa34b99","eventID":"40fc18ff-3dfa-4bbe-bd05-24aff1b625ae","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"9abea0b0-7448-491d-9d4d-9a3068f9a24c","eventID":"4228ed42-c747-4b79-9364-edfd65e6e6b7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"54c8277f-4619-4833-b2ef-ec2a401040a0","eventID":"70c20542-401f-413f-9632-55d952bd1526","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"7512f868-94aa-4b10-a253-8c6899282535","eventID":"3c6e1564-d3da-4302-9a95-9f103fefa731","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"b1c5940c-54ee-4788-bc90-8d0a008aad7a","eventID":"a270abf5-d33d-494c-aba5-a3e04acd1277","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"16c6403b-fae6-4cd5-a395-29d52e7a6fb2","eventID":"1cd9b05b-740e-4fe6-9796-21a656185a1b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"28cd11d5-ffe5-43db-8a24-e1f08e4a9005","eventID":"9839abda-fc51-4444-af1c-922fa2dceb5d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"d00b8a23-0cd1-4c7a-a096-53f5606b56a7","eventID":"9d1cf488-1a66-4369-be14-3cc85d5a9ce4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"5d8eec3c-ee41-47ca-ad97-c43bbdbd966d","eventID":"b62ecce1-57d3-4131-a437-48331eda2e5e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:41Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"fa9a3419-cfbb-4d07-8c04-328022097c14","eventID":"5bc2bef2-7aea-45c3-87a2-57d312b3b1b8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"b00aaf57-0267-45fd-bfa7-c84c79e0d302","eventID":"7059e7d3-7b20-4dff-a99d-0a1edb3d3ad3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"0a9227af-a02d-49f7-9a0d-f3ceb83ffb9b","eventID":"07897a2b-2920-4d12-8286-5d364bdaf0dc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:53Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"4fb4a28c-091e-41b5-b968-1cbc725f674d","eventID":"297a6fd9-f264-4b23-bfb1-1dda651c5bbc","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"818bcbd5-69ef-4d71-8dc8-eb17be83bf03","eventID":"25c9650e-02d2-48c6-adb4-864779400d31","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"a74acfe5-283d-465c-b5a0-582d472aa62c","eventID":"f1d68dfc-331e-4086-89cd-205717ef04a7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"2b7e479f-e036-48d8-b1f0-220b6a548da0","eventID":"0d563d54-77f7-4662-8e04-e7a11381a03e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"468ba9ec-bf87-492b-af1c-b3d321eb3466","eventID":"701247f1-9885-4a99-b460-bf16a5b5a1a4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"1efa9267-b339-47a2-883e-055be48e9206","eventID":"07210592-d310-4673-b8d5-0e0c10a4fe52","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"657eefac-74fc-4550-8f45-7809e7cc4d2b","eventID":"5b7908ce-6ea5-4b35-a78f-452d9a4cfcd0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:33Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:22 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"9db8e46b-ae0a-4a0a-b749-25383864184f","eventID":"f0183fc4-a48e-46d2-a6f9-9656ec1ae91a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"6445a964-659c-4acb-8997-0e7ffac40860","eventID":"5812d24e-56ee-48fb-9978-4ea8a64aa1d0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:43Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"f6685bd0-014a-428a-9ac6-a6549f1e9853","eventID":"3a20d1a1-b680-48bc-866d-8d52c779e4fd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"198a1b59-b741-4812-9426-2a57bc22d1a1","eventID":"51bbbf80-ec17-4816-83bd-b9c49ed4ce4a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"fb43e866-8110-42e4-8f2a-46ca2a2ad332","eventID":"84a4b6b5-d9b8-4a3c-9580-cf99c4c11c34","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:44Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"3ec82600-1409-4e91-986a-b271508f856b","eventID":"fb4cce92-4d4b-43b9-a55c-8a77628c0751","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"f21cdedf-f5c2-4c3a-9308-f0c8f8c07fd8","eventID":"f7462b8f-6f9b-405c-8fa2-90d78397cff2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"394bfab4-7b69-4514-a2b0-ba5d247ff660","eventID":"e8903c6a-6c88-436e-8b6b-79fa4e7248a1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"c7359833-63ca-455e-b24d-d195fe9fb995","eventID":"f0bb2646-5973-4f9d-8d84-3a8053441b6f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"ebbc2b3c-e550-4187-b558-652f590865ec","eventID":"8bada35a-f9db-45c0-a248-292ed7bba328","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"7ad0478e-106d-41b6-8abe-f03dec37c303","eventID":"3ee4540a-621e-4e2c-8caa-e6a8a301c1f0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"f0f9804c-f6fd-4605-b29e-680580ad8bfd","eventID":"5221fd39-f9e5-4bcb-92cb-a1d057bb6461","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"f7762d1e-1922-4ec8-a053-cfae75a5818c","eventID":"5363ee00-d835-418d-8b5b-edd955525050","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"76f08c8c-4fef-4ee7-a064-56b6fbfe79ac","eventID":"6e4912f9-5f02-49b5-aa49-7166d39d6351","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"7a8b6a99-ddd1-4918-b4bf-94ed39227179","eventID":"94fd2e75-6d23-45ea-a6e7-921796aa64b9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:55Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"5fac5ea0-9e01-44c1-8d2a-6b961afbb78d","eventID":"ed558cb0-117f-4d90-8c52-517585bc0fec","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"186a066b-f31a-42c3-9e58-3fa67b102597","eventID":"cc38ad7b-c76b-4065-a193-3085e8af7e14","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"962bbb42-9038-4620-bc63-af609b88ef85","eventID":"1133826d-fafb-4b7e-b23f-3cdfd62b3cac","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"3920da0b-c532-49d1-bb16-e1e779b33756","eventID":"24267a57-6401-4bbb-9a67-5a55a43266b0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"5f76eee3-7f7e-4005-b4a6-7a4ed56b87d7","eventID":"166a17d2-1c8a-4686-b4c3-6d1b6dfc28e7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"3098cee0-2267-4b08-acb0-7c15580711c8","eventID":"63afb0d4-b424-4902-9096-d05b0c4d9a1c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:42Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:42 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"2033bb17-89e7-40ff-9315-2df91af19ad2","eventID":"bc70d5de-6fcc-459c-90a4-a5182710f54d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"0ea2b50d-bf73-4907-aa50-c4c857a36873","eventID":"86876c64-43b5-494a-99d6-bd70f1691f83","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"b1ace41f-2aad-45b9-892e-874db3603d85","eventID":"ca64d799-401f-4a02-a03a-521df76ea1a5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"3c2d5017-2f47-4bb8-8fc3-43ed209caf2b","eventID":"846998f3-bfe7-4697-a60d-3a6f6e8c21f4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"e328a992-5af5-4912-99a4-d4787ff711a5","eventID":"6ce302bd-252e-4040-8f67-5c4f55c58cc2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"87eef688-061c-42a2-8770-1bedbe0b5501","eventID":"34bcdb93-a91d-4e39-8639-a1877ebeb9c9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:55:31 PM","endTime":"Aug 17, 2021 11:56:50 PM","maxResults":1000},"responseElements":null,"requestID":"f28acb9c-b87c-4f14-a29f-46ffe9a632fc","eventID":"571248fd-25da-4793-9b3e-2ac91c1bd0f1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"ee2a1cc8-549d-4f0d-8a6d-bfda0c1a79dd","eventID":"5a3b66b2-f0b1-4db2-a809-9dd1f1a4ff0e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"048cabe1-b85e-402f-b2d3-9c6b3899a1ce","eventID":"af7b11d2-97b7-4358-badc-b629e695c197","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"2c4660ed-556d-4501-80f3-08cbbafa3fb3","eventID":"bef531ac-0ba3-4319-933d-64d11e576178","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"81e4975c-5973-499d-9dba-9ac946fa75f5","eventID":"9ae2bbd9-0fc1-4bbc-a9c7-c17ce2aab5d9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"9b514e45-5d98-4f3b-b0dd-8f612d9913ea","eventID":"0a044627-6cf2-47ea-a8ab-d464d576cef2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"8a1a092d-f168-43f3-bc18-ee50275f6e06","eventID":"a734f88e-eb07-4276-9141-bd9882a9c2e9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"ff89203e-290c-438e-a40c-6eb7e4006716","eventID":"967463f0-9145-45ff-a49a-1a48ef5166a7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"cf405bc6-9001-49f6-8fa9-9677b7b4a8ba","eventID":"e21c5e35-fdba-4ff9-8a14-1f6990dc01c8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"1bd60f5b-276b-4ac6-a9d9-8dd3427eb2e6","eventID":"858d8a72-6f2d-4a97-b36d-6fa320cb454d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:07Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"f1028227-64c8-47cf-a7c4-6d73b1c1b084","eventID":"67f2a8b4-68ba-405e-89a9-52b1a6f6ecf3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"14fe3bc2-70c3-43e4-b002-729852895517","eventID":"537a021c-5c23-4b68-8219-8a1a7e748520","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"1302e2ca-f2cd-4ed4-b13c-881d0ca8fc51","eventID":"e8bc0e12-e380-42d2-a368-aa25c107c24a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"7602333c-63ae-4ab3-a46f-bc954a486024","eventID":"7bc5badf-12fc-4434-acf8-816d55167ad2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"2cecf292-5c90-49a8-a608-9ba4fc178ed4","eventID":"4aeb8778-2d38-4d91-9f33-e1bc3a57abdb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"5aa88279-05a2-4c94-a1d5-c96dabe6a0b8","eventID":"f970882e-47a8-4e39-9662-2abc43c636b4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"16f91ff8-0866-4250-9db5-8c40623c6c1d","eventID":"d5b969c7-95e0-4a06-98a2-1ce723797811","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"90c7995a-a9e2-4111-b9ec-7f40b8c54952","eventID":"1cd65f45-1bda-4c57-8c61-ac810c98704b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"b2a64a96-569c-43aa-9770-f3c369802408","eventID":"1260d8b9-96e1-45db-95c4-9433b6985752","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"7d6305ae-b6a7-4cba-9644-d52e955fff42","eventID":"2d1207e7-dc5e-44c4-8c22-95692846168b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"533d8b8c-3697-4e35-a56f-09a642f74f17","eventID":"f23c671c-e733-4b7e-bd97-ca5b3d1f0122","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"81696c02-4db9-408d-8d5f-16de6f4bd28a","eventID":"840bd83c-6c72-4c8d-9086-1f9fcd97b857","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"d15f02eb-15b6-4e5f-ba00-ecfe5b4ec30c","eventID":"1913531c-8c0b-4d24-9ff9-c74b15442639","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"ded4236f-e65d-4ea4-992e-486313c051df","eventID":"9a5782a1-cc31-437e-8b88-6c8f1f76dc91","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"209e9fda-38a9-491e-9d60-bf47c68eeaf7","eventID":"54a67509-1567-4876-aafd-d107a758f866","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"294f772e-fe46-429c-8bba-90fc5cda3786","eventID":"ef39f91f-50fa-49bb-86a3-57c10921ee2b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"a3546792-ff7c-4a9e-b397-83429dbefaea","eventID":"101140b7-5362-4a13-b8f5-a846034dfbc0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"84f90d0d-b06f-454f-a8e4-2a5eeeabd7bf","eventID":"fe9a0469-54d6-4b4a-8f78-9d7ceb8514a8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"f2dd23c5-ba17-4cff-ae91-83077815831a","eventID":"470a2eb9-96d4-40a7-af3d-040ebe285885","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"d656954f-3a16-40ab-aa34-a27bb5cb5176","eventID":"c4891cde-d049-4a33-8934-faa7d05bb2a9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"7a94dc4c-f232-47c1-8e9f-f5dd4afbf024","eventID":"4fc6c099-ac4d-4c68-81c0-2c263e7ff0a7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"c4f31774-698c-4662-87de-d77a7c3b6cb0","eventID":"b0c3dc3a-6def-42a0-a35e-3574cdcd52eb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"b54c2167-3d0d-4034-9648-20793d6d6cdc","eventID":"146be826-8c02-4f26-816c-b0245bf659a2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"5ef4d9fd-8cb2-4f7a-86d7-4122732ff4e5","eventID":"e5755fc2-8680-4051-9983-8fff402a7137","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"0f4e0014-4fa7-43b8-ad83-e3f195ee91af","eventID":"5a2cd16b-277a-4223-8c18-9babe9028d5c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"032f710a-8803-40e2-9b47-2d332a54131d","eventID":"f791fa83-0674-4dce-9d81-bc05e19d4594","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"ff0508f9-9c1e-496a-b8c5-6948ff5f76bb","eventID":"72d20d5b-4d1f-4139-8efc-b2b86169b512","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"d1334de8-2e9c-45f7-a8cb-ead7008812d4","eventID":"99ea76ea-dbf3-49d0-87d6-2216af617a63","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"a55e1078-8447-4aee-8ee3-7147f79d1693","eventID":"ad1b6dca-a21c-4170-8638-95e7c520fed8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"c227a227-04ce-4c65-96f7-4caaf17649f7","eventID":"e632cd08-8476-44c3-9a86-a8be3ad3735f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"024b9b6d-0f50-4f8a-b106-7294380516e8","eventID":"18af0ae4-0de9-4b80-b447-091089c41081","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"6ed9d1b7-9c5c-49d8-a9eb-cbfe3ce47ff0","eventID":"b4a6716e-1978-49be-9872-c6c9120d72bb","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"6009970c-d390-4543-b5b9-0f48f7130a56","eventID":"318964cb-ac6d-43ae-a045-20452edd313c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"9b1d58ec-ffdc-488d-a55f-f49491112890","eventID":"27237267-654f-4600-a693-40b150c1b450","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:51Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"4d5361d2-28ca-429a-bd8d-16ed89916faf","eventID":"e392efb4-4909-48c4-bc71-faa3c2e55b8a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"9387908e-5fad-458b-a24b-6661046ce5cd","eventID":"18719eec-b336-4fca-89ea-8da5336b8427","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:52Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"a5ee0337-21e6-4557-acbb-939743b9fb5d","eventID":"e4016efa-8ae3-4d8d-9b5d-f777e3584001","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"e5f515d6-f603-41f1-a1eb-536a4707f99a","eventID":"8d472166-9d88-4865-aa0d-086863fbc1a5","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"577c9f2f-5bab-4f4c-b830-617051860a2e","eventID":"ade26508-d9c0-4485-8bd2-fa3ba478b432","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:18Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"348eefbb-3ff2-4984-bc19-1e3c4055fe63","eventID":"f152afe9-53f3-4732-ac6a-3ccea399edb3","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:18Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"e1edc8c0-bd47-4d4f-9fd3-530750ce66f8","eventID":"a0f4b326-8049-46e2-a603-2adb351ecf56","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:18Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"82c0c864-c2f7-4a0b-9a34-7be1d45908f5","eventID":"f2afc076-fbf2-4615-9378-749c550ae05b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"883f0644-a030-4024-b0c7-7a1e76b3f178","eventID":"e7612ffc-817f-4d24-91d8-bbcc0a84e01f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"4fe13ace-393a-4754-9463-c5f0d47e827e","eventID":"39174ce4-9b17-42f7-909b-d2777e633425","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"f8d79501-bc33-4f81-b3e3-f8fe6a40c046","eventID":"fd27df6f-2a7f-4513-8658-b2aea7666a32","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"048ad304-4f50-4cb0-adbd-c683ad5b7c14","eventID":"4e51fb23-de42-4c5d-b0b2-1dd3242861f0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-Unauthorized Activity Attempt"},"responseElements":null,"requestID":"d85c98e1-b94b-45a2-956c-519db0cd311f","eventID":"1e449d70-7367-4ec2-a90c-83c1084c71c6","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"ce793673-f745-4a46-b870-7eb6c75c38cc","eventID":"4db456d1-0dd4-4724-88f6-9d8e28ca237f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CloudTrailAuthorizationFailures"},"responseElements":null,"requestID":"ef61c330-6217-4f1f-afb9-654ff8c5a9c6","eventID":"d8afafc2-e09d-4144-a4f6-d4806d988a75","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:19Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"6c963128-6c53-4666-b68b-17bc47d67276","eventID":"33252a3f-cf84-4096-a5a9-9c3841d4e644","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:19Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"3d658a2e-9cfc-4e8f-a834-0a05152120ba","eventID":"86917b77-3280-4097-bca8-8f2b45d2744e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:00Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:55:31 PM","endTime":"Aug 17, 2021 11:57:00 PM","maxResults":1000},"responseElements":null,"requestID":"fd024c79-c97c-4b58-b6d6-4d8f061e80c6","eventID":"0cd55e48-edb0-4f17-b631-19fc82496768","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:05Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"3c3dfe02-3411-452e-bd97-c1c458fecacd","eventID":"f5a5c9ce-3c46-40f6-89cb-a701594c8405","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"6996762d-e5fa-45e0-a45c-32bb9b18cd81","eventID":"03a537b5-74cd-4d78-8ff2-0ee999891f85","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"68a6787b-294e-4e8b-bcb8-ec84d64848f5","eventID":"621c27b2-2ec3-42f9-8c61-3b0092c7d3f9","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"0cc4654c-6ef7-46d5-884b-0098f5420802","eventID":"18e008d6-74c6-4c54-808b-e146ba3d49ed","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"6a0f2ee9-c3dc-434a-b229-4896cd48793b","eventID":"f7314363-f3f6-494a-9576-e746696a5294","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-VPC Has Changed"},"responseElements":null,"requestID":"899c2a1b-0876-4a32-8182-e958e41be2b2","eventID":"0d907a6f-1bb9-44fe-9e0d-75570fc79f58","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CloudTrailChanges"},"responseElements":null,"requestID":"0bf47e6c-eaad-4694-9cd5-b3983b1c450c","eventID":"c1120671-5dbd-41f6-967b-be6dd5f264f7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"dffc22af-2339-4665-9256-57d67b6a531a","eventID":"9631137a-4690-4e49-be0f-d2edad23956f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"0eaed898-71e2-4b4a-84f8-9194c7a3b512","eventID":"83b51405-b88c-4795-b968-d3dc67d79fb4","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"eca3b801-1855-4bb2-bb5a-97b40afab30a","eventID":"7d8b68e1-ca6d-44cc-9595-e99a0ea8826b","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"6df67dcd-818a-40c1-9a4b-f670ea0c7001","eventID":"0d89cc60-5a0e-484e-bcc0-586c727aefdf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"c15eb284-27af-4ea2-b374-8b9b9c331b9f","eventID":"92c7c692-3b3e-4c98-ac6e-5bc99c22e3e8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:02Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"d1363063-4521-48fd-bf98-5530edba41e8","eventID":"662b98f6-4f86-4d43-8c99-5ef0ca0de74e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"2a826707-92c6-4d0c-8c62-96926c4557e7","eventID":"8baa4fb0-3254-4760-abff-13708c97452c","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"03826bb1-6561-4435-81f0-4684c5398da8","eventID":"aa35337e-2d19-471c-adb6-fd5942b0a42f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"e6e6a14e-c27d-4c31-ae13-69668d0e43d0","eventID":"bfc97f3c-ed72-4f8d-8085-1622bb3870e8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"9eac5786-4d0e-4001-9fa7-62952b44ec54","eventID":"a56d6df4-5a5f-4962-a17c-287975022d15","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"842524f4-1afc-492a-b554-a39ebc0b0dae","eventID":"a271c222-3aaf-41f3-b5c2-53fff6a16563","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:56:56Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:56:52 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"197eaf35-5a73-4814-8dca-67da4764e56b","eventID":"c4389d16-294d-4405-83f3-579c45c50bb0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"a38c7bab-a65e-4b1f-87eb-529bbf72e101","eventID":"e640ca5f-08a3-49a1-b27e-33b27745a0c8","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:06Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CloudTrailVpcChanges"},"responseElements":null,"requestID":"0b8dd203-e662-4225-92a7-281ee022ed6c","eventID":"8c71836f-bb4c-440a-933b-04b2184d8e27","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"1ea0eb75-9f8f-47fc-8096-ec452703d574","eventID":"6d193cb6-14f9-44d6-a284-ad0ae658a404","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:01Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"d61d919c-5144-47df-ac75-790642cee292","eventID":"e65b7c78-31f1-4c9d-94a4-5b7bd24f29dd","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"2bedccb7-d6f9-4b53-97a4-a93f3a4b172b","eventID":"5823b0bb-0bef-4d5d-880d-4e10a88d45d7","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"0bf72d09-76b8-410c-80bb-b72aa749c2ae","eventID":"13924de9-cd6e-40ef-a0b9-bac697907a2a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:23Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"81ae16f1-448f-4e7e-9a66-5efcd04844ac","eventID":"f8b77b92-8747-43cc-ab47-7c5a60dd1876","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-S3 Bucket Policy Changed"},"responseElements":null,"requestID":"6dc2a47b-76b1-4b7c-8cd6-6d621e910256","eventID":"a3f491d8-e8f9-4286-8581-eb9c4097fa43","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"a08ddc8a-dc9d-433b-a700-d7fb8281f942","eventID":"9b6d1c55-2356-4bb8-9024-40ee70d36e5f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"68083fa0-45c1-408f-a485-25eab995ed4f","eventID":"145b83f2-7c64-4316-a55e-805a6bbf7a71","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:16Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"239f60b2-b898-4eb3-8866-c9cce53e0593","eventID":"43f0a736-804f-4550-8bf8-355cdb49207f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:31Z","eventSource":"cloudtrail.amazonaws.com","eventName":"LookupEvents","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.1.25 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startTime":"Aug 17, 2021 11:55:31 PM","endTime":"Aug 17, 2021 11:57:30 PM","maxResults":1000,"nextToken":"JKNW0qK3FGjana/ccVKRTp3GncXcarFpjLsUJEFmqOxlqad0E9uI/e9K9qdK9oYS"},"responseElements":null,"requestID":"469b681f-a52a-414a-8718-b12172e07932","eventID":"74c62125-ad4f-4a3d-aa4b-e0659a7260de","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"cloudtrail.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:03Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"CloudTrailEC2InstanceChanges"},"responseElements":null,"requestID":"36b11595-6d4f-4d4c-85e2-a3e92ef43747","eventID":"a72557b5-0c0d-41b8-a3e9-85618713f8a1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:32Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:21 PM","maxRecords":50,"alarmName":"CloudTrailConsoleSignInFailures"},"responseElements":null,"requestID":"43bc656d-67f9-4ba9-a494-b318871912d1","eventID":"cde48517-9eaf-427c-a208-5f6aaddf19b1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"c353ee1a-d465-437a-ac26-5690c5da396d","eventID":"f7106f87-0d1d-484e-a22c-d580612692b0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailNetworkAclChanges"},"responseElements":null,"requestID":"e5ca51a8-bea1-4d1c-9897-ca6f240a5357","eventID":"451d7786-bf86-4c94-9df3-57c644e1e652","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:04Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CloudTrailSecurityGroupChanges"},"responseElements":null,"requestID":"aec19f48-8c5a-4611-a044-dd0190f97fdd","eventID":"08ae6059-e129-48be-9105-aa44aa2bb51f","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CloudTrailEC2LargeInstanceChanges"},"responseElements":null,"requestID":"d43a266a-ebfc-4ef1-b479-ccc18705777e","eventID":"b99e0ea4-012c-4a4c-bba8-de66cc0f5e9e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:13Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CloudTrailGatewayChanges"},"responseElements":null,"requestID":"015a40e6-ead9-44a1-b2fd-f244d96f320c","eventID":"b262a857-c1f5-48c3-9913-7ceaa1fb0832","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:20Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"IAMPolicyChanges"},"responseElements":null,"requestID":"ab6d37e6-9814-42ee-a810-732fab652e27","eventID":"e125c415-f91b-430d-b16b-f8895d746b74","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:20Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"eb798e4a-fb6e-4418-9545-cd7e6a39f481","eventID":"e98365d4-a78e-4bd7-964e-458b2948d016","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-Root Activity"},"responseElements":null,"requestID":"26d5a600-eae1-4cff-9af0-7b3d718ca3ff","eventID":"67b5e18c-c9e1-4ac1-89ae-b7521f58f13a","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-Route Tables Have Changed"},"responseElements":null,"requestID":"5689e3be-6b21-493a-81ff-494ad263ffa0","eventID":"7cb3e492-72e1-40de-9383-924d9accb8a2","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Login Failures"},"responseElements":null,"requestID":"0f64b321-1a57-4558-8378-244b70e30a92","eventID":"b8d03a2b-fc94-4600-91ce-1f5b8e3f8992","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Console Signin Without MFA"},"responseElements":null,"requestID":"e8ed72c0-da12-43c9-82a4-0acd02a03c5b","eventID":"6371fe11-e540-441d-9338-0484c5417194","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"a6e39b3b-b449-4892-9ad6-c760c28db623","eventID":"21b1fb5d-1e55-41c9-aae6-a4b4b7cee600","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarms","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"maxRecords":50},"responseElements":null,"requestID":"d51ea865-5f76-4560-af07-5927a9eeaaac","eventID":"73c1a6c0-ff97-4b39-ba4f-6046ef82b7d0","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-AWS Config Configuration has changed"},"responseElements":null,"requestID":"d20fd052-00d5-4671-a26c-b5c19c428ff6","eventID":"743fac62-cc68-4153-8c94-9f320124fdec","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:21Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"e840737c-859d-435b-b02f-12302b2b9f51","eventID":"ba4eeaf7-7d21-4b68-b01f-8536c6889eb1","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:09Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:01 PM","maxRecords":50,"alarmName":"RootLogin"},"responseElements":null,"requestID":"5a7ea32a-309d-4908-a702-06de02f23a12","eventID":"b3d643e2-d575-438e-8c3d-50c9915cbefe","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-Network Gateways Have Changed"},"responseElements":null,"requestID":"c986c5ae-ca04-49d0-9a7d-d058ed07a7ff","eventID":"52b146b5-b348-4013-a190-275b7ea2f903","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:12Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"7ff6f469-abbc-4495-8d52-f4fb6b227e80","eventID":"ca8f552c-6116-4d50-8d56-0e908a91bcdf","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:35Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 12, 2021 7:30:25 PM","maxRecords":50,"alarmName":"CIS-Security Groups Have Changed"},"responseElements":null,"requestID":"744cbe52-ef62-4531-b548-5256138ce6e2","eventID":"bea68892-897d-4e94-a9b8-de879722b84d","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-Cloudtrail Config Changes"},"responseElements":null,"requestID":"1da119fc-8203-480b-915c-754729c64909","eventID":"33da70af-a3b7-4428-a91f-a3846efd043e","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-IAM Policy Changes"},"responseElements":null,"requestID":"bed08cef-fee8-4805-b74c-a1dc7b62a196","eventID":"2629614a-0624-4c30-9472-1171c13bd9ed","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-KMS Key Disabled or Scheduled for Deletion"},"responseElements":null,"requestID":"54d20939-6555-4efb-94fd-2735df335bd4","eventID":"5beb6823-8688-4ada-9e29-b9bd6ec1f349","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}},{"eventVersion":"1.08","userIdentity":{"type":"IAMUser","principalId":"AIDAQCGMVG645BZHFD3WT","arn":"arn:aws:iam::004724176825:user/logrhythm-read-user","accountId":"004724176825","accessKeyId":"AKIAQCGMVG64ZLBFSYUR","userName":"logrhythm-read-user"},"eventTime":"2021-08-17T23:57:11Z","eventSource":"monitoring.amazonaws.com","eventName":"DescribeAlarmHistory","awsRegion":"eu-west-1","sourceIPAddress":"185.23.100.9","userAgent":"aws-sdk-dotnet-35/3.3.6.0 aws-sdk-dotnet-core/3.3.21.20 .NET_Runtime/4.0 .NET_Framework/4.0 OS/Microsoft_Windows_NT_10.0.14393.0 ClientSync","requestParameters":{"startDate":"Aug 16, 2021 11:57:11 PM","maxRecords":50,"alarmName":"CIS-NACLs Have Changed"},"responseElements":null,"requestID":"3b96d142-647f-4426-addd-b88c02e73d8a","eventID":"ca5c053e-2ac1-4638-b5c0-6dda185347fa","readOnly":true,"eventType":"AwsApiCall","managementEvent":true,"recipientAccountId":"004724176825","eventCategory":"Management","tlsDetails":{"tlsVersion":"TLSv1.2","cipherSuite":"ECDHE-RSA-AES128-SHA","clientProvidedHostHeader":"monitoring.eu-west-1.amazonaws.com"}}]}