Twilio¶
About¶
Twilio Inc. is an American cloud communications company based in San Francisco, California, which provides programmable communication tools for making and receiving phone calls, sending and receiving text messages, and performing other communication functions using its web service APIs.
Product Details¶
Vendor URL: Twilio
Product Type: Audit
Product Tier: Tier III
Integration Method: API
Integration URL: Twilio - Cyderes Documentation
Log Guide: Twilio - Log Guide
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 100%
Data Label: TWILIO_AUDIT
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| account_sid | observer.resource.product_object_id |
| action | security_result.action_details |
| actor_sid | principal.user.userid |
| actor_sid | principal.resource.product_object_id |
| actor_type | principal.asset.category |
| event_data.resource_properties.amount.updated | security_result.detection_fields |
| event_data.resource_properties.email.previous | security_result.detection_fields |
| event_data.resource_properties.email.updated | target.user.userid |
| event_data.resource_properties.emergency_address_sid.previous | security_result.detection_fields |
| event_data.resource_properties.emergency_address_sid.updated | security_result.detection_fields |
| event_data.resource_properties.emergency_status.previous | security_result.detection_fields |
| event_data.resource_properties.emergency_status.updated | security_result.detection_fields |
| event_data.resource_properties.payment_type.updated | security_result.detection_fields |
| event_data.resource_properties.roles.previous | security_result.detection_fields |
| event_data.resource_properties.roles.updated | target.user.attribute.roles.name |
| event_data.resource_properties.status.previous | security_result.detection_fields |
| event_data.resource_properties.status.updated | security_result.detection_fields |
| event_type | product_event_type |
| links.actor | principal.url |
| links.resource | target.url |
| resource_sid | target.resource.product_object_id |
| resource_type | target.resource.type |
| source | principal.resource.type |
| source_ip_address | principal.ip |
| source_ip_address | principal.hostname |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| deleted | USER_RESOURCE_DELETION |
| generic | GENERIC_EVENT |
| other | STATUS_UPDATE |
| updated | USER_RESOURCE_UPDATE_CONTENT |
Log Sample¶
{"account_sid":"ABC123abc123ABC123abc123","actor_sid":"ABC123abc123ABC123abc123","actor_type":"account","event_date":"2024-07-02T21:06:21Z","event_type":"user-session.created","resource_sid":"B123456789C1234567","resource_type":"user-session","sid":"abcfefg123456789abcdefg","source":"web","source_ip_address":"10.0.0.0","url":"https://monitor.twilio.com/v1/Events/abcfefg123456789abcdefg","links":{"actor":"https://api.twilio.com/2010-04-01/Accounts/ABC123abc123ABC123abc123","resource":null}}
Sample Parsing¶
metadata.event_type = "STATUS_UPDATE"
metadata.log_type = "TWILIO_AUDIT"
metadata.product_event_type = "user-session.created"
metadata.product_log_id = "abcfefg123456789abcdefg"
metadata.product_name = "Twilio Audit"
metadata.vendor_name = "Twilio"
observer.resource.product_object_id = "ABC123abc123ABC123abc123"
principal.asset.category = "account"
principal.ip = "10.0.0.0"
principal.resource.product_object_id = "ABC123abc123ABC123abc123"
principal.resource.type = "web"
principal.url = "https://api.twilio.com/2010-04-01/Accounts/ABC123abc123ABC123abc123"
security_result.about.url = "https://monitor.twilio.com/v1/Events/abcfefg123456789abcdefg"
target.resource.product_object_id = "B123456789C1234567"
target.resource.type = "user-session"