From 06206c5a7e66b0c25b4f0f81dafecf0c0dbd4ae9 Mon Sep 17 00:00:00 2001
From: Zach Siguaw <zach.siguaw@invitae.com>
Date: Tue, 16 Sep 2025 10:45:01 -0600
Subject: [PATCH] fix(ops): capture Root logins

---
 main.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index 5517d9b..6a99114 100644
--- a/main.go
+++ b/main.go
@@ -178,7 +178,10 @@ func FilterRecords(logFile *CloudTrailFile, eventRecord handler.Record) error {
 				continue
 			}
 		case en == "ConsoleLogin":
-			continue
+			// Ignore ConsoleLogin events, except for Root
+			if userIdentity["type"] != "Root" {
+			    continue
+			}
 		case strings.HasSuffix(en, "VirtualMFADevice"):
 			continue
 		case en == "CheckMfa":