Amazon Cognito Integration

Amazon Cognito

Version: Netsurion AWS Integrator v2.0.1 and above.

Amazon Cognito is an Amazon Web Services product that controls user authentication and access for mobile applications on internet-connected devices. The service saves and synchronizes end-user data, which enables an application developer to focus on writing code instead of building and managing the back-end infrastructure.

Netsurion Open XDR receives logs from Amazon CloudWatch by parsing the AWS CloudTrail logs and triggers from Amazon EventBridge. The Netsurion Open XDR console dashboards and reports will track the overall actions performed related to the Amazon CloudWatch service to keep you informed about its activities. It will trigger alerts whenever an action that is critical to the service is carried out.

The following are the key Data Source Integrations available in Netsurion Open XDR.

Alerts

Type	Name	Description
Security	Amazon Cognito – Unauthorized activity detected	Triggered whenever a configuration related to Cognito is deleted or changed.

Reports

Type	Name	Description
Security	Amazon Cognito – Identity federation and userpool configurations modified or deleted	Provides details of all configurations related to Cognito that were deleted or changed.

Dashboards

Type	Name	Description
Security	Amazon Cognito – Admin create a new user internally	Displays information about users created by administrators in Amazon Cognito.
Security	Amazon Cognito – Configurations modification deleted	Displays information about configuration modification in userpool or federated identities.
Security	Amazon Cognito – Userpool misconfigurations detected	Displays information while creating userpools that are misconfigured.
Compliance	Amazon Cognito – Enabled and disabled users in userpool	Displays details on all users enabled and disabled by the administrator in the user pool.
Security	Amazon Cognito – Federated identities and userpools configuration deleted	Displays details about configurations deleted from the Amazon Cognito Service.

Saved Searches

Type	Name	Description
Compliance	Amazon Cognito – Activity overview	Provides details of all user management activities been performed in Amazon Cognito console.
Security	Amazon Cognito – Configurations modification and deletions	Provides information when any modification or deletion of configuration occurs.
Security	Amazon Cognito – Federated identities and userpool API information	Provides information about API authorization.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Amazon Cognito.

Download the Integration Guide for configuration instructions and more information.

24X7 SOC-AS-A-SERVICE

OPEN XDR PLATFORM

USE CASES

WHY NETSURION

PARTNERS

ALL CYBERSECURITY INSIGHTS

Level up your cybersecurity!

ABOUT NETSURION

XDR Hot Company

Next-Gen MDR Service

Best MDR Solution