Version: Netsurion AWS Integrator v2.0.1 and above.
Amazon Cognito is an Amazon Web Services product that controls user authentication and access for mobile applications on internet-connected devices. The service saves and synchronizes end-user data, which enables an application developer to focus on writing code instead of building and managing the back-end infrastructure.
Netsurion Open XDR receives logs from Amazon CloudWatch by parsing the AWS CloudTrail logs and triggers from Amazon EventBridge. The Netsurion Open XDR console dashboards and reports will track the overall actions performed related to the Amazon CloudWatch service to keep you informed about its activities. It will trigger alerts whenever an action that is critical to the service is carried out.
The following are the key Data Source Integrations available in Netsurion Open XDR.
|Security||Amazon Cognito – Unauthorized activity detected||Triggered whenever a configuration related to Cognito is deleted or changed.|
|Security||Amazon Cognito – Identity federation and userpool configurations modified or deleted||Provides details of all configurations related to Cognito that were deleted or changed.|
|Security||Amazon Cognito – Admin create a new user internally||Displays information about users created by administrators in Amazon Cognito.|
|Security||Amazon Cognito – Configurations modification deleted||Displays information about configuration modification in userpool or federated identities.|
|Security||Amazon Cognito – Userpool misconfigurations detected||Displays information while creating userpools that are misconfigured.|
|Compliance||Amazon Cognito – Enabled and disabled users in userpool||Displays details on all users enabled and disabled by the administrator in the user pool.|
|Security||Amazon Cognito – Federated identities and userpools configuration deleted||Displays details about configurations deleted from the Amazon Cognito Service.|
|Compliance||Amazon Cognito – Activity overview||Provides details of all user management activities been performed in Amazon Cognito console.|
|Security||Amazon Cognito – Configurations modification and deletions||Provides information when any modification or deletion of configuration occurs.|
|Security||Amazon Cognito – Federated identities and userpool API information||Provides information about API authorization.|
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Amazon Cognito.
Download the Integration Guide for configuration instructions and more information.