Content Packs

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Overview

Cloud SIEM Content Packs provide out-of-the box content for key security integrations. Depending on the integration, a Content Pack can include the following:

  • Detection Rules to provide comprehensive coverage of your environment
  • An interactive dashboard with detailed insights into the state of logs and security signals for the Content Pack
  • Investigator, an interactive graphical interface for investigating suspicious activity by a user or resource
  • Workflow Automation, to automate actions and accelerate investigation and remediation of issues
  • Configuration guides

Content Packs are grouped into the following categories:

Authentication Content Packs

1Password

Monitor account activity with 1Password Events Reporting.

1Password Content Pack includes:

Auth0

Monitor and generate signals around Auth0 user activity.

Auth0 Content Pack includes:

Cisco DUO

Monitor and analyze MFA and secure access logs from Cisco DUO.

Cisco DUO Content Pack includes:

Delinea Privilege Manager

Gain insights into Delinea Privilege Manager events.

Delinea Privilege Manager Content Pack includes:

Delinea Secret Server

Track privileged credential usage and user activity from Delinea Secret Server to monitor authentication events and secure access to sensitive systems.

Delinea Secret Server Content Pack includes:

Jumpcloud

Track user activity by monitoring Jumpcloud audit Logs.

Jumpcloud Content Pack includes:

Keycloak

Gain insights into user and administrative activity from Keycloak.

Keycloak Content Pack includes:

LastPass

Monitor LastPass activity and analyze with detection rules

LastPass Content Pack includes:

Okta

Track user activity by monitoring Okta audit logs.

Okta Content Pack includes:

Ping Federate

Collect and analyze Ping Federate admin and audit logs

Ping Federate Content Pack includes:

PingOne

Analyze PingOne audit events

PingOne Content Pack includes:

Cloud Audit Content Packs

AWS CloudTrail

Monitor security and compliance levels of your AWS operations.

AWS CloudTrail Content Pack includes:

Azure Security

Protect your Azure environment by tracking attacker activity.

Azure Security Content Pack includes:

GCP Audit Logs

Protect your GCP environment by monitoring audit logs.

GCP Audit Logs Content Pack includes:

Kubernetes Audit Logs

Monitor open source Kubernetes and Amazon Elastic Kubernetes Service (EKS) audit logs for threats.

Kubernetes Audit Logs Content Pack includes:

Linux Audit Logs

Monitor user activity, authentication events, and policy changes with enriched Linux audit logs across Red Hat, Ubuntu, and CentOS.

Linux Audit Logs Content Pack includes:

Cloud Developer Tools Content Packs

Atlassian Jira & Confluence Audit Records

Monitor, secure, and optimize your Atlassian's Jira & Confluence environments.

Atlassian Jira & Confluence Audit Records Content Pack includes:

Atlassian Organization Event Logs

Monitor admin activity from your organization's Atlassian Org including your Atlassian Guard subscription, Jira, and Confluence

Atlassian Organization Event Logs Content Pack includes:

Confluent Cloud Audit Logs

Monitor Confluent Cloud audit logs

Confluent Cloud Audit Logs Content Pack includes:

GitHub

Track user activity and code change history by monitoring GitHub audit logs.

GitHub Content Pack includes:

GitLab Audit Events

Collect GitLab Audit Events to assess risk, security, and compliance

GitLab Audit Events Content Pack includes:

HCP Terraform

Collect activity and audit logs from Terraform

HCP Terraform Content Pack includes:

Snowflake

Collect snowflake logs to monitor for threats, conduct hunts, and perform investigations.

Snowflake Content Pack includes:

Sonatype Nexus

Collect instance health and repository analytics from Sonatype Nexus to monitor software artifact infrastructure.

Sonatype Nexus Content Pack includes:

Twilio

Collect and analyze Twilio message, call summary, and event logs

Twilio Content Pack includes:

Cloud Security Content Packs

Falco

Detect runtime threats across containers, Kubernetes, and cloud workloads using enriched alert logs from Falco.

Falco Content Pack includes:

Google Security Command Center

Track and analyze Google Security Command Center findings.

Google Security Command Center Content Pack includes:

Microsoft Graph

Collect security logs and alerts from Defender, Purview, Entra ID, and Sentinel

Microsoft Graph Content Pack includes:

Orca Security

Ingest cloud security alerts from Orca to monitor risk, compliance, and workload protection across your cloud environment.

Orca Security Content Pack includes:

Wiz

View and monitor Wiz audit logs and issues, including toxic combinations.

Wiz Content Pack includes:

Collaboration Content Packs

Asana

Explore and analyze Asana audit logs

Asana Content Pack includes:

Google Workspace

Optimize your security monitoring within Google Workspace.

Google Workspace Content Pack includes:

Microsoft 365

Monitor key security events from Microsoft 365 logs.

Microsoft 365 Content Pack includes:

Salesforce

Collect Salesforce real-time platform events as Datadog logs.

Salesforce Content Pack includes:

Slack

View, analyze, and monitor Slack audit logs.

Slack Content Pack includes:

Zendesk

Ingest Zendesk audit and access logs to monitor user and admin activity.

Zendesk Content Pack includes:

Zoom Activity Logs

Collect and monitor Zoom activity

Zoom Activity Logs Content Pack includes:

Email Security Content Packs

Abnormal Security

Monitor threat events, cases, and audit logs for Abnormal Security

Abnormal Security Content Pack includes:

Cisco Secure Email Threat Defense

Gain insights into Cisco Secure Email Threat Defense message logs.

Cisco Secure Email Threat Defense Content Pack includes:

Mimecast

Analyze logs and generate signals from Mimecast email security solutions

Mimecast Content Pack includes:

Trend Micro Email Security

Analyze email policy events and track mail flows for Trend Micro Email Security

Trend Micro Email Security Content Pack includes:

Endpoint Content Packs

Bitdefender

Ingest endpoint threat detections and incident activity from Bitdefender EDR, including malware, phishing, exploits, and ransomware events.

Bitdefender Content Pack includes:

Cisco Secure Endpoint

Collect Cisco Secure Endpoint alerts and audit logs

Cisco Secure Endpoint Content Pack includes:

Crowdstrike

Improve the security posture of your endpoints with Crowdstrike.

Crowdstrike Content Pack includes:

ESET Protect

Monitor endpoint threats, firewall activity, and web filtering logs from ESET Protect.

ESET Protect Content Pack includes:

Jamf Protect

Endpoint security and mobile threat defense (MTD) for Mac and mobile devices.

Jamf Protect Content Pack includes:

Microsoft Sysmon

Gain insights into Windows system activity events.

Microsoft Sysmon Content Pack includes:

OSSEC

Ingest OSSEC alerts from monitored hosts

OSSEC Content Pack includes:

SentinelOne

Integrate SentinelOne Singularlity Endpoint alerts and threats into Cloud SIEM.

SentinelOne Content Pack includes:

Sophos Central Cloud

Monitor and analyze Sophos Central Cloud events and alerts

Sophos Central Cloud Content Pack includes:

Trend Micro Vision One Endpoint Security

Collect and analyze extensive logs from Trend Micro Vision One Endpoint Security

Trend Micro Vision One Endpoint Security Content Pack includes:

Trend Micro Vision One XDR

Gain insights into Trend Micro Vision One XDR logs.

Trend Micro Vision One XDR Content Pack includes:

Windows Event Logs

Monitor and analyze your Windows system for potential threats with Windows Event Logs.

Windows Event Logs Content Pack includes:

Network Content Packs

Bind9

Collect Bind9 DNS server logs

Bind9 Content Pack includes:

Checkpoint Quantum Firewall

Monitor and alert on your network's Check Point Quantum firewalls.

Checkpoint Quantum Firewall Content Pack includes:

Cisco Secure Firewall

Gain insights into Cisco Secure Firewall logs.

Cisco Secure Firewall Content Pack includes:

Cisco Umbrella DNS

Collect and monitor logs from Cisco Umbrella to gain insights into DNS and Proxy logs.

Cisco Umbrella DNS Content Pack includes:

Cloudflare

Enhance security for your web applications.

Cloudflare Content Pack includes:

ExtraHop

Gain insights into ExtraHop detection and investigation logs.

ExtraHop Content Pack includes:

Fortinet FortiManager

Monitor device health, security telemetry, and more across your networks managed by Fortinet, including FortiGate Next Generation Firewalls (NGFW).

Fortinet FortiManager Content Pack includes:

Imperva

Collect and analyze Imperva web application firewall logs, audit logs, and attack analytics

Imperva Content Pack includes:

Ivanti Connect Secure

Monitor Ivanti Connect Secure logs to gain visibility into authentication activity, system changes, and security events.

Ivanti Connect Secure Content Pack includes:

Juniper SRX Firewall

Monitor session activity, security threats, and authentication events from Juniper SRX Firewall logs.

Juniper SRX Firewall Content Pack includes:

Cisco Meraki

Monitor Cisco Meraki logs and identify attacker activity.

Cisco Meraki Content Pack includes:

Microsoft DNS

Gain insights into Microsoft DNS Server audit events.

Microsoft DNS Content Pack includes:

OpenVPN

Monitor VPN session activity and authentication events with real-time insights from OpenVPN logs.

OpenVPN Content Pack includes:

Palo Alto Cortex XDR

Collect and analyze Palo Alto Cortex XDR logs

Palo Alto Cortex XDR Content Pack includes:

Palo Alto Networks Firewall

Analyze traffic and detect threats with Palo Alto Networks Firewall.

Palo Alto Networks Firewall Content Pack includes:

Palo Alto Panorama

Monitor and detect your Palo Alto Panorama firewalls.

Palo Alto Panorama Content Pack includes:

Suricata

Gain insights into Suricata logs.

Suricata Content Pack includes:

WatchGuard Firebox

Analyze firewall, VPN, proxy, and system events from WatchGuard Firebox logs.

WatchGuard Firebox Content Pack includes:

Zeek

Analyze and store Corelight / Zeek logs to gain insights into network threats.

Zeek Content Pack includes:

Web Security Content Packs

Apache

Collect and analyze Apache logs and metrics

Apache Content Pack includes:

Cisco Secure Web Appliance

Gain visibility into access and traffic logs from Cisco Secure Web Appliance to detect web threats and enforce security policies.

Cisco Secure Web Appliance Content Pack includes:

Fastly

Monitor HTTP server performance, traffic, and uptime metrics.

Fastly Content Pack includes:

Forcepoint Secure Web Gateway

Monitor user web activity and data loss prevention events with real-time logs from Forcepoint Secure Web Gateway.

Forcepoint Secure Web Gateway Content Pack includes:

Forcepoint Security Service Edge

Collect and analyze cloud activity, access, admin, and health logs from Forcepoint Security Service Edge

Forcepoint Security Service Edge Content Pack includes:

NGINX

Monitor and respond to web-based risks with Nginx.

NGINX Content Pack includes:

Further reading

추가 유용한 문서, 링크 및 기사:

Create log detection rulesDOCUMENTATION more more Learn more about the InvestigatorDOCUMENTATION more more Investigate security signalsDOCUMENTATION more more What's new in Cloud SIEM Content Packs: September 2024BLOG more more How attackers take advantage of Microsoft 365 servicesBLOG more more Detect malicious activity in Google Workspace apps with Datadog Cloud SIEMBLOG more more Normalize your data with the OCSF Common Data Model in Datadog Cloud SIEMBLOG more more