Amazon EventBridge enables real-time delivery of AWS service events to Blink via secure webhooks, by configuring rules and API destinations in AWS. For additional information, please refer to AWS’s documentation.Documentation Index
Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
Use this file to discover all available pages before exploring further.
Sample Event
{
"account": "[REDACTED_ACCOUNT_ID]",
"detail": {
"accountId": "[REDACTED_ACCOUNT_ID]",
"arn": "arn:aws:guardduty:us-east-1:[REDACTED_ACCOUNT_ID]:detector/[REDACTED_DETECTOR_ID]/finding/[REDACTED_FINDING_ID]",
"createdAt": "[REDACTED_TIMESTAMP]",
"description": "The EC2 instance [REDACTED_INSTANCE_ID] is querying a domain name of a remote host that is known to hold credentials and other stolen data captured by malware.",
"id": "[REDACTED_FINDING_ID]",
"partition": "aws",
"region": "us-east-1",
"resource": {
"instanceDetails": {
"availabilityZone": "[REDACTED_AZ]",
"iamInstanceProfile": {
"arn": "arn:aws:iam::[REDACTED_ACCOUNT_ID]:instance-profile/[REDACTED_PROFILE_NAME]",
"id": "[REDACTED_PROFILE_ID]"
},
"imageDescription": "[REDACTED_IMAGE_DESCRIPTION]",
"imageId": "[REDACTED_IMAGE_ID]",
"instanceId": "[REDACTED_INSTANCE_ID]",
"instanceState": "running",
"instanceType": "[REDACTED_INSTANCE_TYPE]",
"launchTime": "[REDACTED_TIMESTAMP]",
"networkInterfaces": [
{
"networkInterfaceId": "[REDACTED_ENI_ID]",
"privateIpAddress": "[REDACTED_IP]",
"publicIp": "[REDACTED_PUBLIC_IP]",
"securityGroups": "[REDACTED]",
"subnetId": "[REDACTED_SUBNET_ID]",
"vpcId": "[REDACTED_VPC_ID]"
}
],
"outpostArn": "[REDACTED_OUTPOST_ARN]",
"productCodes": "[REDACTED]",
"tags": "[REDACTED]"
},
"resourceType": "Instance"
},
"schemaVersion": "2.0",
"service": {
"action": {
"actionType": "DNS_REQUEST",
"dnsRequestAction": {
"blocked": false,
"domain": "[REDACTED_DOMAIN]",
"domainWithSuffix": "[REDACTED_DOMAIN_SUFFIX]",
"protocol": "UDP"
}
},
"additionalInfo": "[REDACTED]",
"archived": false,
"count": 8,
"detectorId": "[REDACTED_DETECTOR_ID]",
"eventFirstSeen": "[REDACTED_TIMESTAMP]",
"eventLastSeen": "[REDACTED_TIMESTAMP]",
"evidence": {
"threatIntelligenceDetails": "[REDACTED_THREAT_LISTS]"
},
"resourceRole": "TARGET",
"serviceName": "guardduty"
},
"severity": 5,
"title": "The EC2 instance [REDACTED_INSTANCE_ID] queried a Drop Point domain name.",
"type": "Trojan:EC2/DropPoint!DNS",
"updatedAt": "[REDACTED_TIMESTAMP]"
},
"detail-type": "GuardDuty Finding",
"id": "[REDACTED_EVENT_ID]",
"region": "us-east-1",
"resources": [],
"source": "aws.guardduty",
"time": "[REDACTED_TIMESTAMP]",
"version": "0"
}