Amazon CloudWatch - Learn more about the Amazon CloudWatch standard data source and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex

Amazon CloudWatch - Learn more about the Amazon CloudWatch standard data source and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-16

Category

Administrator Guide

Abstract

Learn more about the Amazon CloudWatch standard data source and content pack integrations in Cortex XSIAM.

You can configure collecting Amazon CloudWatch logs and data using a standard data source or with a content pack integration:

Amazon CloudWatch vendor	Description
Standard data source overview	Forward generic and Elastic Kubernetes Service (EKS) logs to Cortex XSIAM from Amazon CloudWatch using the Amazon CloudWatch data source.
Link to standard data source instructions	The following types of data can be ingested from Amazon CloudWatch: Generic logs of the raw data or in a JSON format from Amazon Kinesis Firehose EKS logs are automatically ingested in a JSON format from Amazon Kinesis Firehose For more information, see Ingest logs from Amazon CloudWatch.
Links to content pack/integration details	The AWS - CloudWatchLogs content pack facilitates interaction with the Amazon Web Services CloudWatch Logs service. It contains the following integration: AWS - CloudWatchLogs: Use this integration to monitor, store, and access your log files from AWS Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, AWS Route 53, and other sources. You can then retrieve the associated log data from CloudWatch Logs. It contains commands for managing log streams and log groups, including creating, deleting, filtering, and describing log streams and log groups. For detailed instructions about setting up authentication, see AWS Integrations - Authentication.

Amazon CloudWatch vendor

Description

Standard data source overview

Forward generic and Elastic Kubernetes Service (EKS) logs to Cortex XSIAM from Amazon CloudWatch using the Amazon CloudWatch data source.

Link to standard data source instructions

The following types of data can be ingested from Amazon CloudWatch:

Generic logs of the raw data or in a JSON format from Amazon Kinesis Firehose
EKS logs are automatically ingested in a JSON format from Amazon Kinesis Firehose

For more information, see Ingest logs from Amazon CloudWatch.

Links to content pack/integration details

The AWS - CloudWatchLogs content pack facilitates interaction with the Amazon Web Services CloudWatch Logs service. It contains the following integration:

AWS - CloudWatchLogs: Use this integration to monitor, store, and access your log files from AWS Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, AWS Route 53, and other sources. You can then retrieve the associated log data from CloudWatch Logs. It contains commands for managing log streams and log groups, including creating, deleting, filtering, and describing log streams and log groups.

For detailed instructions about setting up authentication, see AWS Integrations - Authentication.