Overview Cloud SIEM Content Packs provide out-of-the box content for key security integrations. Depending on the integration, a Content Pack can include the following:
Detection Rules to provide comprehensive coverage of your environmentAn interactive dashboard with detailed insights into the state of logs and security signals for the Content Pack Investigator , an interactive graphical interface for investigating suspicious activity by a user or resourceWorkflow Automation , to automate actions and accelerate investigation and remediation of issuesConfiguration guides Content Packs are grouped into the following categories:
Cloud Audit : AWS CloudTrail, Azure Security, GCP Audit Logs, Kubernetes Audit LogsAuthentication : 1Password, Auth0, Cisco DUO, JumpCloud, OktaCollaboration : Google Workspace, Microsoft 365, Slack Audit LogsNetwork : Cloudflare, Cisco Meraki, Cisco Umbrella, Palo Alto Networks FirewallWeb Security : NGINXCloud developer tools : GitHubEndpoint : CrowdStrikeCloud Audit Content Packs AWS CloudTrail Monitor the security and compliance levels of your AWS operations.
The AWS CloudTrail Content Pack includes:
Azure Security Protect your Azure environment by tracking attacker activity.
The Azure Security Content Pack includes:
GCP Audit Logs Protect your GCP environment by monitoring audit logs.
The GCP Audit Logs Content Pack includes:
Kubernetes Audit Logs Gain coverage by monitoring audit logs in your Kubernetes control plane.
The Kubernetes Audit Logs Content Pack includes:
Authentication Content Packs 1Password Monitor account activity with 1Password Events Reporting.
The 1Password Content Pack includes:
Auth0 Monitor and generate signals around Auth0 user activity.
The Auth0 Content Pack includes:
Cisco DUO Monitor and analyze MFA and secure access logs from Cisco DUO.
The Cisco DUO Content Pack includes:
JumpCloud Tracks user activity by monitoring JumpCloud audit logs.
The JumpCloud Content Pack includes:
Okta Track user activity by monitoring Okta audit logs.
The Okta Content Pack includes:
Collaboration Content Packs Google Workspace Optimize your security monitoring within Google Workspace.
The Google Workspace Content Pack includes:
Microsoft 365 Monitor key security events from Microsoft 365 logs.
The Microsoft 365 Content Pack includes:
Slack Audit Logs View, analyze, and monitor Slack audit logs.
The Slack Content Pack includes:
Network Content Packs Cloudflare Enhance security for your web applications.
The Cloudflare Content Pack includes:
Cisco Meraki Monitor Cisco Meraki logs and identify attacker activity.
The Cisco Meraki Content Pack includes:
Palo Alto Networks Firewall Analyze traffic and detect threats with Palo Alto Networks Firewall.
The Palo Alto Networks Firewall Content Pack includes:
Cisco Umbrella Collect and monitor logs from Cisco Umbrella to gain insights into DNS and Proxy logs.
The Cisco Umbrella Content Pack includes:
Web Security Content Packs NGINX Monitor and respond to web-based risks with NGINX.
The NGINX Content Pack includes:
Cloud developer tools Content Packs GitHub Track user activity and code change history by monitoring GitHub audit logs.
The GitHub Content Pack includes:
Endpoint Content Packs CrowdStrike Improve the security posture of your endpoints with CrowdStrike.
The CrowdStrike Content Pack includes:
Further reading Additional helpful documentation, links, and articles:
