Overview Cloud SIEM Content Packs provide out-of-the box content for key security integrations. Depending on the integration, a Content Pack can include the following:
Detection Rules to provide comprehensive coverage of your environmentAn interactive dashboard with detailed insights into the state of logs and security signals for the Content Pack Investigator , an interactive graphical interface for investigating suspicious activity by a user or resourceWorkflow Automation , to automate actions and accelerate investigation and remediation of issuesConfiguration guides Content Packs are grouped into the following categories:
Cloud Audit : AWS CloudTrail, Azure Security, GCP Audit Logs, Kubernetes Audit LogsCloud Security : Google Security Command Center, WizAuthentication : 1Password, Auth0, Cisco DUO, JumpCloud, OktaCollaboration : Google Workspace, Microsoft 365, Slack Audit LogsNetwork : Check Point Quantum Firewall, Cisco Meraki, Cisco Secure Firewall, Cisco Umbrella DNS, Cloudflare, Palo Alto Networks Firewall, Palo Alto Panorama, ZeekWeb Security : NGINXCloud developer tools : GitHubEndpoint : CrowdStrikeCloud Audit Content Packs AWS CloudTrail Monitor the security and compliance levels of your AWS operations.
The AWS CloudTrail Content Pack includes:
Azure Security Protect your Azure environment by tracking attacker activity.
The Azure Security Content Pack includes:
GCP Audit Logs Protect your GCP environment by monitoring audit logs.
The GCP Audit Logs Content Pack includes:
Kubernetes Audit Logs Gain coverage by monitoring audit logs in your Kubernetes control plane.
The Kubernetes Audit Logs Content Pack includes:
Cloud Security Content Packs Google Security Command Center Track and analyze Google Security Command Center findings.
The Google Security Command Center Content Pack includes:
Wiz View and monitor Wiz audit logs and issues, including toxic combinations.
The Wix Content Pack includes:
Authentication Content Packs 1Password Monitor account activity with 1Password Events Reporting.
The 1Password Content Pack includes:
Auth0 Monitor and generate signals around Auth0 user activity.
The Auth0 Content Pack includes:
Cisco DUO Monitor and analyze MFA and secure access logs from Cisco DUO.
The Cisco DUO Content Pack includes:
JumpCloud Tracks user activity by monitoring JumpCloud audit logs.
The JumpCloud Content Pack includes:
Okta Track user activity by monitoring Okta audit logs.
The Okta Content Pack includes:
Collaboration Content Packs Google Workspace Optimize your security monitoring within Google Workspace.
The Google Workspace Content Pack includes:
Microsoft 365 Monitor key security events from Microsoft 365 logs.
The Microsoft 365 Content Pack includes:
Slack Audit Logs View, analyze, and monitor Slack audit logs.
The Slack Content Pack includes:
Network Content Packs Check Point Quantum Firewall Monitor and alert on your network’s Check Point Quantum firewalls.
The Check Point Quantum Firewall Content Pack includes:
Cisco Meraki Monitor Cisco Meraki logs and identify attacker activity.
The Cisco Meraki Content Pack includes:
Cisco Secure Firewall Gain insights into Cisco Secure Firewall logs.
The Cisco Secure Firewall Content Pack includes:
Cisco Umbrella DNS Collect and monitor logs from Cisco Umbrella to gain insights into DNS and Proxy logs.
The Cisco Umbrella Content Pack includes:
Cloudflare Enhance security for your web applications.
The Cloudflare Content Pack includes:
Palo Alto Networks Firewall Analyze traffic and detect threats with Palo Alto Networks Firewall.
The Palo Alto Networks Firewall Content Pack includes:
Palo Alto Panorama Monitor and detect your Palo Alto Panorama firewalls.
The Palo Alto Panorama Content Pack includes:
Zeek Analyze and store Corelight / Zeek logs to gain insights into network threats.
The Zeek Content Pack includes:
Web Security Content Packs NGINX Monitor and respond to web-based risks with NGINX.
The NGINX Content Pack includes:
Cloud developer tools Content Packs Atlassian Jira and Confluence Audit Records Monitor, secure, and optimize your Atlassian’s Jira and Confluence environments.
The Atlassian Jira and Confluence Audit Records Content Pack includes:
GitHub Track user activity and code change history by monitoring GitHub audit logs.
The GitHub Content Pack includes:
Snowflake Collect Snowflake logs to monitor for threats, conduct hunts, and perform investigations.
The Snowflake Content Pack includes:
Endpoint Content Packs CrowdStrike Improve the security posture of your endpoints with CrowdStrike.
The CrowdStrike Content Pack includes:
Jamf Protect Endpoint security and mobile threat defense (MTD) for Mac and mobile devices.
The Jamf Protect Content Pack includes:
SentinelOne Integrate SentinelOne Singularity Endpoint alerts and threats into Cloud SIEM.
The SentinelOne Content Pack includes:
Windows Event Logs Monitor and analyze your Windows system for potential threats with Windows Event Logs.
The Windows Event Logs Content Pack includes:
Further reading Additional helpful documentation, links, and articles:
