Amazon Web Services provider permissions

Abstract

List of Amazon Web Services (AWS) permissions for use during Cortex Cortex XSIAM onboarding to enable continuous monitoring in your cloud environment.

When onboarding Amazon Web Services (AWS), Cortex XSIAM generates a CloudFormation authentication template that provisions the IAM roles and policies it needs to monitor your cloud environment. This page enumerates every permission that template requests, grouped by security capability.

Important

All conditional capabilities documented below require the mandatory Base and Discovery Engine permissions to be deployed alongside them. Base provides the foundational CortexPlatformRole and AWS-managed read-only baseline. Discovery Engine extends that baseline with the asset-inventory coverage that every other capability assumes.

  • Base

  • Discovery Engine

  • Log Collection

  • Agentless Disk Scanning (ADS)

  • Registry Scan

  • Serverless Scan

  • Data Security Posture Management (DSPM)

  • Kubernetes Security

  • Automations