Página inicial Explorar Ajuda
Entrar
bat9go
/
Ycsecurity
mirror de https://github.com/yandex-cloud/yc-solution-library-for-security
Observar 1
Favorito 0
Fork 0
Arquivos Issues 0 Wiki
Branch: fix-typos
Branches Tags
Ycsecurity
/
auditlogs
/
_use_cases_and_searches
alavret a4e7f4deb8 correct query no 6 in AIM group 1 ano atrás
..
backup a664b639a3 add new use cases 2 anos atrás
README.md d7ad2ca1f6 Update README.md 2 anos atrás
README_RU.md 33d0bd4365 add english 2 anos atrás
Use-casesANDsearches.docx 282ae91d29 add yq search lang in use cases 2 anos atrás
Use-casesANDsearches.pdf 282ae91d29 add yq search lang in use cases 2 anos atrás
Use-casesANDsearches_RU.docx a4e7f4deb8 correct query no 6 in AIM group 1 ano atrás
Use-casesANDsearches_RU.pdf e3857341b1 add new yq queries from audit webinar v3 1 ano atrás

README.md

Use cases and important security events in audit logs

This section contains use cases and important security events on the Yandex.Cloud platform.

Actual Use Cases and important security events are collected in the repository file here.Use-casesANDsearches.pdf

You can ship audit logs from the service Audit Trails in Cloud Logging or in Yandex Managed Service for Elasticsearch (ELK) or in your other own SIEM

Syntax of file

Event analysis expressions are prepared in KQL (ElsticSearch) and CloudLogging to choose image

Example Analysis of Events in Cloud Logging

Screen Shot 2022-02-15 at 17 11 06

An example of event analysis in ELK

image

An example of event analysis in YQ

image