PAR18,1.071.07(1.071.07ca``030AD, CloudTrail CloudTrail( CloudTrail CloudTrailb``p/M )J0#]6,AWSAWS(AWSAWScf``p DD, Management Management( Management Managementb``MKLOM+]\t,$dEXAMPLE-ac7f-466c-a608-4ac8dEXAMPLE$dEXAMPLE-ac7f-466c-a608-4ac8dEXAMPLE($dEXAMPLE-ac7f-466c-a608-4ac8dEXAMPLE$dEXAMPLE-ac7f-466c-a608-4ac8dEXAMPLEcb```fT)>i&ffɺf&09wL.,J,cloudcloud(cloudcloudcb```B sKSG,D, 1.0.0-rc.2 1.0.0-rc.2( 1.0.0-rc.2 1.0.0-rc.2b``033-J3 8,xJGxJG(xJGxJGX:&J, us-east-2 us-east-2( us-east-2 us-east-2cb```fź%FI>6,AWSAWS(AWSAWScf``p D 4,6cb```fkS' 4,6cb```fkS'(L, AssumeRole AssumeRole( AssumeRole AssumeRolecb```fťA9a 4,6cb```fkS'6Z,sts.amazonaws.comsts.amazonaws.com(sts.amazonaws.comsts.amazonaws.comcb```f%zUyzR\t,$4EXAMPLE-0e8d-11e4-96e4-e55c0EXAMPLE$4EXAMPLE-0e8d-11e4-96e4-e55c0EXAMPLE($4EXAMPLE-0e8d-11e4-96e4-e55c0EXAMPLE$4EXAMPLE-0e8d-11e4-96e4-e55c0EXAMPLEcb```fT&>)&f@"4*S. 4,6cb```fkS'"F,IAMUserIAMUser(IAMUserIAMUsercb```fdũE"F,JohnDoeJohnDoe(JohnDoeJohnDoecb```fd^y.>b,AIDAQRSTUVWXYZEXAMPLEAIDAQRSTUVWXYZEXAMPLE(AIDAQRSTUVWXYZEXAMPLEAIDAQRSTUVWXYZEXAMPLEcb```f.A!aQ>VhҸ`|,&arn:aws:iam::777788889999:user/JohnDoe&arn:aws:iam::777788889999:user/JohnDoe(&arn:aws:iam::777788889999:user/JohnDoe&arn:aws:iam::777788889999:user/JohnDoecb```fTEyVVVV@`@`UZZ璟 20,H, 777788889999 777788889999( 777788889999 777788889999cb```f@`@; >b,AKIAQRSTUVWXYZEXAMPLEAKIAQRSTUVWXYZEXAMPLE(AKIAQRSTUVWXYZEXAMPLEAKIAQRSTUVWXYZEXAMPLEcb```fޞA!aQ>7E 4,6cb```fkS' 4,6cb```fkS' 4,6cb```fkS' 4,6cb```fkS' 4,6cb```fkS',Yaws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67Yaws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67(Yaws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67Yaws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67 M@0Fb#݀ZS{005IHЄ vޔ1%]=W>n_X!*Xެ KF) 9Mԓ~WT,1c 4,6cb```fkS'*N, 192.0.2.101 192.0.2.101( 192.0.2.101 192.0.2.101cb```fFzzFzF 4,6cb```fkS'$L,AuthenticationAuthentication(AuthenticationAuthenticationc``p,-H+LN,&]0,  (  _$L,Audit ActivityAudit Activity(Audit ActivityAudit Activityc``p,M,QpL.,,:H0,(cf``p30,(cd``y"J, Informational Informational( Informational Informationale``K/M,K@ 4,6cb```fkS'`|,&arn:aws:iam::111122223333:role/EC2-dev&arn:aws:iam::111122223333:role/EC2-dev(&arn:aws:iam::111122223333:role/EC2-dev&arn:aws:iam::111122223333:role/EC2-devcb```fTEyVVVV@`@`UlZ'#02V,JohnDoe-EC2-devJohnDoe-EC2-dev(JohnDoe-EC2-devJohnDoe-EC2-devcb```f^y.F)eڜ :,LogonLogon(LogonLogonce``On/W 0,(cd``y0,([9\Q2Z,Authentication: LogonAuthentication: Logon(Authentication: LogonAuthentication: Logone``p,-H+LN,ϳRO\B,OtherOther(OtherOthercb```fd%E?Y8,(cb```f U\  4,6cb```fkS',6( sharedEventID eventTypeOK1ŗފzj/ RE(RI< &ۙD//>X%f~I8q  F!֋ܬ!'$V]6żFòeLw\RA_^MnH[ LOEXѕn,zH/{]e.fjEߨ| ~7/c9=4r`*!tg{ϖɡD|^lbBULeK@sD 4$6ڪ6fͮtZ;b^z7 @$L@,P{RD3iK2h`%70ŸSO \sV\=/{R1EרHǾ,@Nnwĺ~ ~ +AHT;+ (+׭w> o4;#d B?b~ Q*f/$n.T,6($bEXAMPLE-efea-4a70-b951-19a88EXAMPLE 111122223333cf```gdXXBgb% "FHauthentication.5metadata5product %version% %name% % vendor_name%5feature %name% %uid%5profiles %array% %version%%time5cloud %region% %provider%5api 5response %error% %message% % operation% %version%5service %name%5request %uid%5 dst_endpoint %svc_name%5actor5user  %type% %name% %uid% %uuid% % account_uid% %credential_uid%5session% created_time%mfa %issuer% % invoked_by%5idp %name%5 http_request % user_agent%5 src_endpoint %uid% %ip% %domain% % class_name%% class_uid % category_name%% category_uid% severity_id %severity%5user %uid% %uuid% %name% % activity_name%% activity_id%type_uid % type_name% %status%% status_id%mfa5unmapped5map %key% %value%2& %8metadataproductversionj&<1.071.07(1.071.07& %8metadataproductname&< CloudTrail CloudTrail( CloudTrail CloudTrail& %8metadataproduct vendor_name`&<AWSAWS(AWSAWS& %Hmetadataproductfeaturename&< Management Management( Management Management& 5(metadatauid&<$dEXAMPLE-ac7f-466c-a608-4ac8dEXAMPLE$dEXAMPLE-ac7f-466c-a608-4ac8dEXAMPLE($dEXAMPLE-ac7f-466c-a608-4ac8dEXAMPLE$dEXAMPLE-ac7f-466c-a608-4ac8dEXAMPLE&  %8metadataprofilesarray& <cloudcloud(cloudcloud&  %(metadataversion& < 1.0.0-rc.2 1.0.0-rc.2( 1.0.0-rc.2 1.0.0-rc.2& %time& <xJGxJG(xJGxJG&  5(cloudregion& < us-east-2 us-east-2( us-east-2 us-east-2& %(cloudprovider`&<AWSAWS(AWSAWS& 58apiresponseerror6^&<6& 58apiresponsemessage6^&<6& 5(api operation&< AssumeRole AssumeRole( AssumeRole AssumeRole& 5(apiversion6^&<6& 58apiservicename&<sts.amazonaws.comsts.amazonaws.com(sts.amazonaws.comsts.amazonaws.com& 58apirequestuid&<$4EXAMPLE-0e8d-11e4-96e4-e55c0EXAMPLE$4EXAMPLE-0e8d-11e4-96e4-e55c0EXAMPLE($4EXAMPLE-0e8d-11e4-96e4-e55c0EXAMPLE$4EXAMPLE-0e8d-11e4-96e4-e55c0EXAMPLE& 5( dst_endpointsvc_name6^&<6& 58actorusertype&<IAMUserIAMUser(IAMUserIAMUser& 58actorusername&<JohnDoeJohnDoe(JohnDoeJohnDoe& 58actoruseruid&<AIDAQRSTUVWXYZEXAMPLEAIDAQRSTUVWXYZEXAMPLE(AIDAQRSTUVWXYZEXAMPLEAIDAQRSTUVWXYZEXAMPLE& 58actoruseruuid&<&arn:aws:iam::777788889999:user/JohnDoe&arn:aws:iam::777788889999:user/JohnDoe(&arn:aws:iam::777788889999:user/JohnDoe&arn:aws:iam::777788889999:user/JohnDoe&# 58actoruser account_uid&#< 777788889999 777788889999( 777788889999 777788889999&% 58actorusercredential_uid&%<AKIAQRSTUVWXYZEXAMPLEAKIAQRSTUVWXYZEXAMPLE(AKIAQRSTUVWXYZEXAMPLEAKIAQRSTUVWXYZEXAMPLE&(58actorsession created_time6^&(<6&(58actorsessionmfa6^&(<6&) 58actorsessionissuer6^&)<6&* 5(actor invoked_by6^&*<6&* 58actoridpname6^&*<6&+ 5( http_request user_agent&+<Yaws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67Yaws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67(Yaws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67Yaws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67&3 5( src_endpointuid6^&3<6&4 5( src_endpointip&4< 192.0.2.101 192.0.2.101( 192.0.2.101 192.0.2.101&6 5( src_endpointdomain6^&6<6&6 % class_name&6<AuthenticationAuthentication(AuthenticationAuthentication&8% class_uidb&8<  (  &9 % category_name&9<Audit ActivityAudit Activity(Audit ActivityAudit Activity&;% category_uidb&;<(&<% severity_idb&<<(&= %severity&=< Informational Informational( Informational Informational&? 5(useruid6^&?<6&@ 5(useruuid&@<&arn:aws:iam::111122223333:role/EC2-dev&arn:aws:iam::111122223333:role/EC2-dev(&arn:aws:iam::111122223333:role/EC2-dev&arn:aws:iam::111122223333:role/EC2-dev&D 5(username&D<JohnDoe-EC2-devJohnDoe-EC2-dev(JohnDoe-EC2-devJohnDoe-EC2-dev&F % activity_namet&F<LogonLogon(LogonLogon&G% activity_idb&G<(&H%type_uidb&H<(&I % type_name&I<Authentication: LogonAuthentication: Logon(Authentication: LogonAuthentication: Logon&L 5status&L<OtherOther(OtherOther&M5 status_idn&M<(&N5mfa6^&N<6&O %8unmappedmapkey&O<6( sharedEventID eventType&S %8unmappedmapvalue&S<6($bEXAMPLE-efea-4a70-b951-19a88EXAMPLE 111122223333,P,parquet.avro.schema{"type":"record","name":"authentication","fields":[{"name":"metadata","type":{"type":"record","name":"metadata_record","fields":[{"name":"product","type":{"type":"record","name":"metadataproduct_record","fields":[{"name":"version","type":"string"},{"name":"name","type":"string"},{"name":"vendor_name","type":"string"},{"name":"feature","type":{"type":"record","name":"metadataproductfeature_record","fields":[{"name":"name","type":"string"}]}}]}},{"name":"uid","type":["null","string"],"default":null},{"name":"profiles","type":["null",{"type":"array","items":"string"}],"default":null},{"name":"version","type":"string"}]}},{"name":"time","type":"long","logicalType":"timestamp-millis"},{"name":"cloud","type":{"type":"record","name":"cloud_record","fields":[{"name":"region","type":["null","string"],"default":null},{"name":"provider","type":"string"}]}},{"name":"api","type":{"type":"record","name":"api_record","fields":[{"name":"response","type":{"type":"record","name":"apiresponse_record","fields":[{"name":"error","type":["null","string"],"default":null},{"name":"message","type":["null","string"],"default":null}]}},{"name":"operation","type":["null","string"],"default":null},{"name":"version","type":["null","string"],"default":null},{"name":"service","type":{"type":"record","name":"apiservice_record","fields":[{"name":"name","type":["null","string"],"default":null}]}},{"name":"request","type":{"type":"record","name":"apirequest_record","fields":[{"name":"uid","type":["null","string"],"default":null}]}}]}},{"name":"dst_endpoint","type":{"type":"record","name":"dst_endpoint_record","fields":[{"name":"svc_name","type":["null","string"],"default":null}]}},{"name":"actor","type":{"type":"record","name":"actor_record","fields":[{"name":"user","type":{"type":"record","name":"actoruser_record","fields":[{"name":"type","type":["null","string"],"default":null},{"name":"name","type":["null","string"],"default":null},{"name":"uid","type":["null","string"],"default":null},{"name":"uuid","type":["null","string"],"default":null},{"name":"account_uid","type":["null","string"],"default":null},{"name":"credential_uid","type":["null","string"],"default":null}]}},{"name":"session","type":{"type":"record","name":"actorsession_record","fields":[{"name":"created_time","type":["null","long"],"logicalType":"timestamp-millis"},{"name":"mfa","type":["null","boolean"],"default":null},{"name":"issuer","type":["null","string"],"default":null}]}},{"name":"invoked_by","type":["null","string"],"default":null},{"name":"idp","type":{"type":"record","name":"actoridp_record","fields":[{"name":"name","type":["null","string"],"default":null}]}}]}},{"name":"http_request","type":{"type":"record","name":"http_request_record","fields":[{"name":"user_agent","type":["null","string"],"default":null}]}},{"name":"src_endpoint","type":{"type":"record","name":"src_endpoint_record","fields":[{"name":"uid","type":["null","string"],"default":null},{"name":"ip","type":["null","string"],"default":null},{"name":"domain","type":["null","string"],"default":null}]}},{"name":"class_name","type":"string"},{"name":"class_uid","type":"int"},{"name":"category_name","type":"string"},{"name":"category_uid","type":"int"},{"name":"severity_id","type":"int"},{"name":"severity","type":"string"},{"name":"user","type":{"type":"record","name":"user_record","fields":[{"name":"uid","type":["null","string"],"default":null},{"name":"uuid","type":["null","string"],"default":null},{"name":"name","type":["null","string"],"default":null}]}},{"name":"activity_name","type":"string"},{"name":"activity_id","type":"int"},{"name":"type_uid","type":"int"},{"name":"type_name","type":"string"},{"name":"status","type":["null","string"],"default":null},{"name":"status_id","type":["null","int"],"default":null},{"name":"mfa","type":["null","boolean"],"default":null},{"name":"unmapped","type":["null",{"type":"map","values":"string","default":null}],"default":null}],"version":"1.0.0-rc.2"}writer.model.nameavro0parquet-mr version 1.10.0 (build ${buildNumber})2)PAR1