AWS - CloudTrail | Marketplace

Details
Content
Dependencies
Version History

Amazon Web Services CloudTrail.

What does this pack do

The AWS CloudTrail pack contains the following:

Integration for interacting with a trail on AWS via an automation (Playbooks, Playground, etc.). See the AWS - CloudTrail integration docs for additional details.
Data normalization rules for parsing and modeling AWS CloudTrail Audit Logs that are ingested into the amazon_aws_raw dataset via the Amazon S3 data source on Cortex XSIAM. See Ingest audit logs from AWS Cloud Trail for configuration details. When configuring the Amazon S3 data source on Cortex XSIAM, select the Audit Logs log type:

Integrations

Name	Description
AWS - CloudTrail	Amazon Web Services CloudTrail.

Integrations

Name	Description
AWS - CloudTrail	Amazon Web Services CloudTrail.

Modeling Rules

Name	Description
Amazon AWS CloudTrail Modeling Rule

Parsing Rules

Name	Description
Amazon AWS CloudTrail Parsing Rule

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

1.1.15 - 8515806 (April 27, 2026)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 43940

Download

1.1.14 - 8479105 (April 26, 2026)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 43941

Download

1.1.13 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43567

Download

1.1.12 - 7197348 (February 17, 2026)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 43143

Download

1.1.11 - 5844120 (November 12, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41880

Download

1.1.10 - 5689147 (November 2, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41690

Download

1.1.9 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.1.8 - 3683768 (June 8, 2025)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.3575453.

Related pull requests:
- 40151

Download

1.1.7 - R3392471 (May 13, 2025)

Integrations

AWS - CloudTrail

Metadata and documentation improvements.

Related pull requests:
- 39225

Download

1.1.6 - R2988287 (March 26, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 37156

Download

1.1.5 - 1602991 (November 6, 2024)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.115129.

Related pull requests:
- 37081
- 37070

Download

1.1.4 - 1142826 (July 2, 2024)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.100468.

Related pull requests:
- 35045

Download

1.1.3 - 1101126 (June 18, 2024)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.98661.

Related pull requests:
- 34904

Download

1.1.2 - 927547 (April 1, 2024)

Integrations

AWS - CloudTrail

Added the new parameter AWS STS Regional Endpoints to specify the AWS STS endpoint resolution logic.

Related pull requests:
- 33321

Download

1.1.1 - 925751 (April 1, 2024)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.91694.

Related pull requests:
- 33676

Download

1.1.0 - 881200 (March 10, 2024)

Integrations

AWS - CloudTrail

Added the aws-cloudtrail-get-trail-status command, use this command to get information about the trail status.
Updated the Docker image to: demisto/boto3py3:1.0.0.89556.

Related pull requests:
- 33277
- 32960

Download

1.0.11 - 839519 (February 20, 2024)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.88114.

Related pull requests:
- 33008

Download

1.1.15 - 8542515 (April 28, 2026)

Modeling Rules

Amazon AWS CloudTrail Modeling Rule

Documentation and metadata improvements.

Related pull requests:
- 43940

Download

1.1.14 - 8479105 (April 26, 2026)

Parsing Rules

Amazon AWS CloudTrail Parsing Rule

Documentation and metadata improvements.

Related pull requests:
- 43941

Download

1.1.13 - 7850318 (March 23, 2026)

Documentation and metadata improvements.

Related pull requests:
- 43567

Download

1.1.12 - 7197348 (February 17, 2026)

Modeling Rules

Amazon AWS CloudTrail Modeling Rule

Updated the Amazon AWS CloudTrail Modeling Rule logic, allocating the user_identity_arn from xdm.source.user.username to xdm.source.user.identifier.

Related pull requests:
- 43143

Download

1.1.11 - 5844120 (November 12, 2025)

Modeling Rules

Amazon AWS CloudTrail Modeling Rule

Updated the Amazon AWS CloudTrail Modeling Rule to support array of ip's on xdm.source.host.ipv4_public_addresses.

Related pull requests:
- 41880

Download

1.1.10 - 5689147 (November 2, 2025)

Modeling Rules

Amazon AWS CloudTrail Modeling Rule

Implemented structure changes for backend compatibility.

Related pull requests:
- 41690

Download

1.1.9 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.1.8 - 3683768 (June 8, 2025)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.3575453.

Related pull requests:
- 40151

Download

1.1.7 - R3392471 (May 13, 2025)

Integrations

AWS - CloudTrail

Metadata and documentation improvements.

Related pull requests:
- 39225

Download

1.1.6 - R2988287 (March 26, 2025)

Modeling Rules

New: Amazon AWS CloudTrail Modeling Rule

Added an XDM mapping for AWS CloudTrail audit logs which are ingested via the AWS S3 Data Source (Available from Cortex XSIAM 2.4).

Parsing Rules

New: Amazon AWS CloudTrail Parsing Rule

Added an assignment of the ingested Audit logs eventTime timestamp field to the _time field for audit logs ingested via the AWS S3 Data Source (Available from Cortex XSIAM 2.4).

Related pull requests:
- 37156

Download

1.1.5 - 1602991 (November 6, 2024)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.115129.

Related pull requests:
- 37081
- 37070

Download

1.1.4 - 1142826 (July 2, 2024)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.100468.

Related pull requests:
- 35045

Download

1.1.3 - 1101126 (June 18, 2024)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.98661.

Related pull requests:
- 34904

Download

1.1.2 - 927547 (April 1, 2024)

Integrations

AWS - CloudTrail

Added the new parameter AWS STS Regional Endpoints to specify the AWS STS endpoint resolution logic.

Related pull requests:
- 33321

Download

1.1.1 - 925751 (April 1, 2024)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.91694.

Related pull requests:
- 33676

Download

1.1.0 - 881200 (March 10, 2024)

Integrations

AWS - CloudTrail

Added the aws-cloudtrail-get-trail-status command, use this command to get information about the trail status.
Updated the Docker image to: demisto/boto3py3:1.0.0.89556.

Related pull requests:
- 33277
- 32960

Download

1.0.11 - 839519 (February 20, 2024)

Integrations

AWS - CloudTrail

Updated the Docker image to: demisto/boto3py3:1.0.0.88114.

Related pull requests:
- 33008

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	September 6, 2020
Last Release	April 27, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

By downloading or using Marketplace content, you agree to the applicable Terms of Use and End User License Agreement. Third-party content is provided by its publisher, and Palo Alto Networks does not warrant, endorse, support, or assume responsibility for content not expressly identified as owned by Palo Alto Networks.