Amazon S3 - Learn more about the Amazon S3 standard data source and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex

Amazon S3 - Learn more about the Amazon S3 standard data source and content pack integrations in Cortex XSIAM. - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM 3.x Documentation

Product

Cortex XSIAM

Creation date

2025-07-15

Last date published

2026-06-04

Category

Administrator Guide

Abstract

Learn more about the Amazon S3 standard data source and content pack integrations in Cortex XSIAM.

You can configure collecting Amazon S3 logs using a standard data source or with a content pack integration:

Amazon S3 vendor	Description
Standard data source overview	Forward different types of logs to Cortex XSIAM from Amazon Simple Storage Service (Amazon S3) using the Amazon S3 data source.
Links to standard data source instructions	The following types of logs can be ingested from Amazon S3: Audit logs: See Ingest audit logs from AWS Cloud Trail Flow logs: See Ingest network flow logs from Amazon S3 Generic logs: See Ingest generic logs from Amazon S3 BeyondTust Privilege Management Cloud logs: See BeyondTrust Privilege Management Cloud Route 53 logs: See Ingest network Route 53 logs from Amazon S3 Configuring these types of Amazon S3 logs can include following these instructions: Create an assumed role Configure data collection from Amazon S3 manually
Links to content pack/integration details	The AWS - S3 content pack provides integration with the Amazon Web Services Simple Storage Service (S3) for management, security controls, and visibility of stored objects. It includes the following integration: AWS - S3: Use this integration to manage Amazon Web Services Simple Storage Service (S3) objects and security configurations, including listing contents, setting encryption, and blocking public access. Commands are included for fetching bucket encryption status (`aws-s3-get-bucket-encryption`), controlling public access settings (`aws-s3-put-public-access-block`, `aws-s3-get-public-access-block`), and listing objects within a bucket, with support for pagination, delimiters, and prefixes (`aws-s3-list-objects`), alongside core support for authentication using AWS STS session tokens. The AWS - Route53 content pack provides an interface to manage the Amazon Web Services managed Cloud DNS service. It includes the following integration: AWS - Route53: Use this integration to manage the Amazon Web Services managed Cloud DNS service. Commands included allow users to list resource record sets, address issues such as when a set is missing its TTL value, and manage configurations related to AWS authentication like STS endpoint resolution logic. The AWS - CloudTrail content pack provides functionality for interacting with an AWS CloudTrail trail via automation and includes rules for parsing and modeling ingested audit logs. It also includes the following integration: AWS - CloudTrail: Use this integration to interact with a CloudTrail trail on AWS via playbooks and the Playground. It includes commands that enable retrieving information about the trail status using `aws-cloudtrail-get-trail-status`, and manage authentication configurations like specifying the AWS STS endpoint resolution logic.

Amazon S3 vendor

Description

Standard data source overview

Forward different types of logs to Cortex XSIAM from Amazon Simple Storage Service (Amazon S3) using the Amazon S3 data source.

Links to standard data source instructions

The following types of logs can be ingested from Amazon S3:

Audit logs: See Ingest audit logs from AWS Cloud Trail
Flow logs: See Ingest network flow logs from Amazon S3
Generic logs: See Ingest generic logs from Amazon S3
- BeyondTust Privilege Management Cloud logs: See BeyondTrust Privilege Management Cloud
Route 53 logs: See Ingest network Route 53 logs from Amazon S3

Configuring these types of Amazon S3 logs can include following these instructions:

Links to content pack/integration details

The AWS - S3 content pack provides integration with the Amazon Web Services Simple Storage Service (S3) for management, security controls, and visibility of stored objects. It includes the following integration:
- AWS - S3: Use this integration to manage Amazon Web Services Simple Storage Service (S3) objects and security configurations, including listing contents, setting encryption, and blocking public access. Commands are included for fetching bucket encryption status (aws-s3-get-bucket-encryption), controlling public access settings (aws-s3-put-public-access-block, aws-s3-get-public-access-block), and listing objects within a bucket, with support for pagination, delimiters, and prefixes (aws-s3-list-objects), alongside core support for authentication using AWS STS session tokens.
The AWS - Route53 content pack provides an interface to manage the Amazon Web Services managed Cloud DNS service. It includes the following integration:
- AWS - Route53: Use this integration to manage the Amazon Web Services managed Cloud DNS service. Commands included allow users to list resource record sets, address issues such as when a set is missing its TTL value, and manage configurations related to AWS authentication like STS endpoint resolution logic.
The AWS - CloudTrail content pack provides functionality for interacting with an AWS CloudTrail trail via automation and includes rules for parsing and modeling ingested audit logs. It also includes the following integration:
- AWS - CloudTrail: Use this integration to interact with a CloudTrail trail on AWS via playbooks and the Playground. It includes commands that enable retrieving information about the trail status using aws-cloudtrail-get-trail-status, and manage authentication configurations like specifying the AWS STS endpoint resolution logic.