Amazon Cognito

Version: Netsurion AWS Integrator v2.0.1 and above.

Amazon Cognito is an Amazon Web Services product that controls user authentication and access for mobile applications on internet-connected devices. The service saves and synchronizes end-user data, which enables an application developer to focus on writing code instead of building and managing the back-end infrastructure.

Netsurion Open XDR receives logs from Amazon CloudWatch by parsing the AWS CloudTrail logs and triggers from Amazon EventBridge. The Netsurion Open XDR console dashboards and reports will track the overall actions performed related to the Amazon CloudWatch service to keep you informed about its activities. It will trigger alerts whenever an action that is critical to the service is carried out.

The following are the key Data Source Integrations available in Netsurion Open XDR.


SecurityAmazon Cognito – Unauthorized activity detectedTriggered whenever a configuration related to Cognito is deleted or changed.


SecurityAmazon Cognito – Identity federation and userpool configurations modified or deletedProvides details of all configurations related to Cognito that were deleted or changed.


SecurityAmazon Cognito – Admin create a new user internallyDisplays information about users created by administrators in Amazon Cognito.
SecurityAmazon Cognito – Configurations modification deletedDisplays information about configuration modification in userpool or federated identities.
SecurityAmazon Cognito – Userpool misconfigurations detectedDisplays information while creating userpools that are misconfigured.
ComplianceAmazon Cognito – Enabled and disabled users in userpoolDisplays details on all users enabled and disabled by the administrator in the user pool.
SecurityAmazon Cognito – Federated identities and userpools configuration deletedDisplays details about configurations deleted from the Amazon Cognito Service.

Saved Searches

ComplianceAmazon Cognito – Activity overviewProvides details of all user management activities been performed in Amazon Cognito console.
SecurityAmazon Cognito – Configurations modification and deletionsProvides information when any modification or deletion of configuration occurs.
SecurityAmazon Cognito – Federated identities and userpool API informationProvides information about API authorization.


The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Amazon Cognito.

Download the Integration Guide for configuration instructions and more information.