AWS CloudFormation

Version: AWS and NetsurionAWSIntegrator v2.0.2 and above.

AWS CloudFormation is an AWS service that uses template files to automate the setup of AWS resources.

Netsurion Open XDR manages logs retrieved from AWS CloudFormation. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in AWS CloudFormation.

The following are the key assets included with this Data Source Integration.


SecurityAWS CloudFormation – Stack instance manipulation detectedTriggered when CloudFormation configurations have been modified or deleted related to stack instances in the specified accounts or in the specified regions.


SecurityAWS CloudFormation – Configuration exploit activitiesProvides details related to the manipulation of various resources in AWS CloudFormation.
ComplianceAWS CloudFormation – Activity overviewProvides relevant information related to all activities for stacks in AWS CloudFormation.


SecurityAWS CloudFormation – Critical ActivityDisplays critical configuration changes that may alter the way CloudFormation works.
SecurityAWS CloudFormation – User activity by IPDisplays activity performed by a particular user with a specific IP address.
SecurityAWS CloudFormation – Actions by userDisplays the actions performed by the different users.
ComplianceAWS CloudFormation – Activity overviewDisplays all the actions related to CloudFormation.


The configuration details are consistent with Netsurion Open XDR 9.3 and later, and AWS CloudFormation.

Download the Integration Guide for configuration instructions and more information.