Hi,
I configured this event pattern
{
"$or": [{
"detail": {
"eventType": ["AwsApiCall", "AwsConsoleSignIn", "AwsServiceEvent", "AwsConsoleAction", "AwsCloudTrailInsight"],
"eventName": [{
"anything-but": ["GetObject", "CreateLogStream"]
}]
}
}, {
"detail-type": ["Inspector2 Finding", "Inspector2 Coverage"]
}]
}
For some reason Im not reciving read only events except a few(LookupEvents, AssumeRole, etc...) but, im not recieving any of the Describe*, List* (basically any read only management events).
Earlier, I had no issues related to read or write events. Everything was working as expected.
I also have tested the event pattern by entering a pattern from cloudwatch to test the pattern
I have a trail with all read, write, management as well as data events enabled, but still its the same issue.
I also have updated to event pattern to capture everything starts with accountID
{
"account": ["941086XXXXXX"]
}
Even after updating, its still the same.
What I need to do to solve this problem? Thanks!
