DenialEvent
DenialEvent
DenialEvent
A DenialEvent represents a single AWS access denial captured from SIEM integration.
Denial events are retrieved from external SIEM systems (e.g., Splunk) and enriched with Turbot metadata including the denying policy and linked prevention. Events are retained for a short period (~2 hours) before being rolled up into aggregated statistics.
For more information, please see SIEM Integration.
account |
Resource | The AWS account resource where this denial event occurred. |
policy |
Resource | The policy resource (e.g., SCP) that caused this denial, if identified. |
prevention |
Prevention | The prevention that caused this denial, if identified. |
turbot |
TurbotDenialEventMetadata! | Turbot metadata for this DenialEvent. |