Mirtov Alexey 33d0bd4365 add english | il y a 2 ans | |
---|---|---|
.. | ||
docker | il y a 3 ans | |
functions | il y a 3 ans | |
images | il y a 3 ans | |
terraform | il y a 3 ans | |
README.md | il y a 2 ans | |
README_RU.md | il y a 2 ans |
The solution lets you collect, monitor, and analyze audit logs in Yandex.Cloud from the following sources:
The Yandex.Cloud security team has collected the most relevant use cases in the folder of the auditlogs repository.
cr.yandex/crpjfmfou6gflobbfvfv/s3-splunk-importer:1.0
image.Terraform module /modules/yc-splunk-trail:
module "yc-splunk-trail" {
source = "../modules/yc-splunk-trail/" #path to module yc-elastic-trail
folder_id = var.folder_id
splunk_token = var.splunk_token // Run the command export TF_VAR_splunk_token=<SPLUNK TOKEN> (replace <SPLUNK TOKEN> with your value)
splunk_server = "https://1.2.3.4" // format: https://<your hostname or address>
bucket_name = yandex_storage_bucket.trail-bucket.bucket // Specify the name of the bucket with audit trails if the call is not from example
bucket_folder = "folder" // Specified when creating Trails
sa_id = yandex_iam_service_account.sa-bucket-editor.id // Specify an SA with bucket_editor rights if the call is not from example
coi_subnet_id = yandex_vpc_subnet.splunk-subnet[0].id // Specify the subnet_id if the call is not from example
}