AWS CloudFormation
Version: AWS and NetsurionAWSIntegrator v2.0.2 and above.
AWS CloudFormation is an AWS service that uses template files to automate the setup of AWS resources.
Netsurion Open XDR manages logs retrieved from AWS CloudFormation. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in AWS CloudFormation.
The following are the key assets included with this Data Source Integration.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | AWS CloudFormation – Stack instance manipulation detected | Triggered when CloudFormation configurations have been modified or deleted related to stack instances in the specified accounts or in the specified regions. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | AWS CloudFormation – Configuration exploit activities | Provides details related to the manipulation of various resources in AWS CloudFormation. |
| Compliance | AWS CloudFormation – Activity overview | Provides relevant information related to all activities for stacks in AWS CloudFormation. |
Dashboards
| Type | Name | Description |
|---|---|---|
| Security | AWS CloudFormation – Critical Activity | Displays critical configuration changes that may alter the way CloudFormation works. |
| Security | AWS CloudFormation – User activity by IP | Displays activity performed by a particular user with a specific IP address. |
| Security | AWS CloudFormation – Actions by user | Displays the actions performed by the different users. |
| Compliance | AWS CloudFormation – Activity overview | Displays all the actions related to CloudFormation. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and AWS CloudFormation.
Download the Integration Guide for configuration instructions and more information.