Content Packs


Cloud SIEM Content Packs provide out-of-the box content for key security integrations. Depending on the integration, a Content Pack can include the following:

  • Detection Rules to provide comprehensive coverage of your environment
  • An interactive dashboard with detailed insights into the state of logs and security signals for the Content Pack
  • Investigator, an interactive graphical interface for investigating suspicious activity by a user or resource
  • Workflow Automation, to automate actions and accelerate investigation and remediation of issues
  • Configuration guides

Cloud Audit Content Packs

AWS CloudTrail

Monitor the security and compliance levels of your AWS operations.

The AWS CloudTrail Content Pack includes:

  • Detection Rules
  • An interactive dashboard
  • AWS Investigator
  • Workflow Automation
  • Configuration guides

Azure Security

Protect your Azure environment by tracking attacker activity.

The Azure Security Content Pack includes:

  • Detection Rules
  • An interactive dashboard
  • Azure Investigator
  • Configuration guides

GCP Audit Logs

Protect your GCP environment by monitoring audit logs.

The GCP Audit Logs Content Pack includes:

  • Detection Rules
  • An interactive dashboard
  • GCP Investigator
  • Configuration guides

Kubernetes Audit Logs

Gain coverage by monitoring audit logs in your Kubernetes control plane.

The Kubernetes Audit Logs Content Pack includes:

Authentication Content Packs


Monitor account activity with 1Password Events Reporting.

The 1Password Content Pack includes:


Monitor and generate signals around Auth0 user activity.

The Auth0 Content Pack includes:


Tracks user activity by monitoring JumpCloud audit logs.

The JumpCloud Content Pack includes:


Track user activity by monitoring Okta audit logs.

The Okta Content Pack includes:

Collaboration Content Packs

Google Workspace

Optimize your security monitoring within Google Workspace.

The Google Workspace Content Pack includes:

Microsoft 365

Monitor key security events from Microsoft 365 logs.

The Microsoft 365 Content Pack includes:

Network Content Packs


Enhance security for your web applications.

The Cloudflare Content Pack includes:

Cloud developer tools Content Packs


Track user activity and code change history by monitoring GitHub audit logs.

The GitHub Content Pack includes:

Endpoint Content Packs


Improve the security posture of your endpoints with CrowdStrike.

The CrowdStrike Content Pack includes:

Further reading