Content Packs

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Overview

Cloud SIEM Content Packs provide out-of-the box content for key security integrations. Depending on the integration, a Content Pack can include the following:

  • Detection Rules to provide comprehensive coverage of your environment
  • An interactive dashboard with detailed insights into the state of logs and security signals for the Content Pack
  • Investigator, an interactive graphical interface for investigating suspicious activity by a user or resource
  • Workflow Automation, to automate actions and accelerate investigation and remediation of issues
  • Configuration guides

Content Packs are grouped into the following categories:

Authentication Content Packs

1Password

Monitor account activity with 1Password Events Reporting.

1Password Content Pack includes:

LastPass

Monitor LastPass activity and analyze with detection rules

LastPass Content Pack includes:

Okta

Track user activity by monitoring Okta audit logs.

Okta Content Pack includes:

Cisco DUO

Monitor and analyze MFA and secure access logs from Cisco DUO.

Cisco DUO Content Pack includes:

Jumpcloud

Track user activity by monitoring Jumpcloud audit Logs.

Jumpcloud Content Pack includes:

PingOne

Analyze PingOne audit events

PingOne Content Pack includes:

Auth0

Monitor and generate signals around Auth0 user activity.

Auth0 Content Pack includes:

Ping Federate

Collect and analyze Ping Federate admin and audit logs

Ping Federate Content Pack includes:

Cloud Audit Content Packs

GCP Audit Logs

Protect your GCP environment by monitoring audit logs.

GCP Audit Logs Content Pack includes:

Kubernetes Audit Logs

Monitor open source Kubernetes and Amazon Elastic Kubernetes Service (EKS) audit logs for threats.

Kubernetes Audit Logs Content Pack includes:

AWS CloudTrail

Monitor security and compliance levels of your AWS operations.

AWS CloudTrail Content Pack includes:

Azure Security

Protect your Azure environment by tracking attacker activity.

Azure Security Content Pack includes:

Cloud Developer Tools Content Packs

Twilio

Collect and analyze Twilio message, call summary, and event logs

Twilio Content Pack includes:

Atlassian Organization Event Logs

Monitor admin activity from your organization's Atlassian Org including your Atlassian Guard subscription, Jira, and Confluence

Atlassian Organization Event Logs Content Pack includes:

Snowflake

Collect snowflake logs to monitor for threats, conduct hunts, and perform investigations.

Snowflake Content Pack includes:

Confluent Cloud Audit Logs

Monitor Confluent Cloud audit logs

Confluent Cloud Audit Logs Content Pack includes:

Gitlab Audit Events

Collect GitLab Audit Events to assess risk, security, and compliance

Gitlab Audit Events Content Pack includes:

HCP Terraform

Collect activity and audit logs from Terraform

HCP Terraform Content Pack includes:

Atlassian Jira & Confluence Audit Records

Monitor, secure, and optimize your Atlassian's Jira & Confluence environments.

Atlassian Jira & Confluence Audit Records Content Pack includes:

GitHub

Track user activity and code change history by monitoring Github audit logs.

GitHub Content Pack includes:

Cloud Security Content Packs

Wiz

View and monitor Wiz audit logs and issues, including toxic combinations.

Wiz Content Pack includes:

Google Security Command Center

Track and analyze Google Security Command Center findings.

Google Security Command Center Content Pack includes:

Microsoft Graph

Collect security logs and alerts from Defender, Purview, Entra ID, and Sentinel

Microsoft Graph Content Pack includes:

Collaboration Content Packs

Google Workspace

Optimize your security monitoring within Google Workspace.

Google Workspace Content Pack includes:

Zoom Activity Logs

Collect and monitor Zoom activity

Zoom Activity Logs Content Pack includes:

Microsoft 365

Monitor key security events from Microsoft 365 logs.

Microsoft 365 Content Pack includes:

Slack

View, analyze, and monitor Slack audit logs.

Slack Content Pack includes:

Email Security Content Packs

Abnormal Security

Monitor threat events, cases, and audit logs for Abnormal Security

Abnormal Security Content Pack includes:

Mimecast

Analyze logs and generate signals from Mimecast email security solutions

Mimecast Content Pack includes:

Trend Micro Email Security

Analyze email policy events and track mail flows for Trend Micro Email Security

Trend Micro Email Security Content Pack includes:

Endpoint Content Packs

SentinelOne

Integrate SentinelOne Singularlity Endpoint alerts and threats into Cloud SIEM.

SentinelOne Content Pack includes:

Crowdstrike

Improve the security posture of your endpoints with Crowdstrike.

Crowdstrike Content Pack includes:

Sophos Central Cloud

Monitor and analyze Sophos Central Cloud events and alerts

Sophos Central Cloud Content Pack includes:

Cisco Secure Endpoint

Collect Cisco Secure Endpoint alerts and audit logs

Cisco Secure Endpoint Content Pack includes:

Windows Event Logs

Monitor and analyze your Windows system for potential threats with Windows Event Logs.

Windows Event Logs Content Pack includes:

Jamf Protect

Endpoint security and mobile threat defense (MTD) for Mac and mobile devices.

Jamf Protect Content Pack includes:

Network Content Packs

Imperva

Collect and analyze Imperva web application firewall logs, audit logs, and attack analytics

Imperva Content Pack includes:

Palo Alto Networks Firewall

Analyze traffic and detect threats with Palo Alto Networks Firewall.

Palo Alto Networks Firewall Content Pack includes:

Checkpoint Quantum Firewall

Monitor and alert on your network's Check Point Quantum firewalls.

Checkpoint Quantum Firewall Content Pack includes:

Bind9

Collect Bind9 DNS server logs

Bind9 Content Pack includes:

Cisco Meraki

Monitor Cisco Meraki logs and identify attacker activity.

Cisco Meraki Content Pack includes:

Cisco Secure Firewall

Gain insights into Cisco Secure Firewall logs.

Cisco Secure Firewall Content Pack includes:

Zeek

Analyze and store Corelight / Zeek logs to gain insights into network threats.

Zeek Content Pack includes:

Cisco Umbrella DNS

Collect and monitor logs from Cisco Umbrella to gain insights into DNS and Proxy logs.

Cisco Umbrella DNS Content Pack includes:

Cloudflare

Enhance security for your web applications.

Cloudflare Content Pack includes:

Palo Alto Panorama

Monitor and detect your Palo Alto Panorama firewalls.

Palo Alto Panorama Content Pack includes:

Web Security Content Packs

NGINX

Monitor and respond to web-based risks with Nginx.

NGINX Content Pack includes:

Further reading

추가 유용한 문서, 링크 및 기사:

Create log detection rulesDOCUMENTATION more more Learn more about the InvestigatorDOCUMENTATION more more Investigate security signalsDOCUMENTATION more more What's new in Cloud SIEM Content Packs: September 2024BLOG more more How attackers take advantage of Microsoft 365 servicesBLOG more more Detect malicious activity in Google Workspace apps with Datadog Cloud SIEMBLOG more more
PREVIEWING: domalessi/docs-10186