- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
When a security signal alerts on suspicious activity by a user or a resource, some commonly asked questions during the investigation include:
For example, suppose you receive a security signal that someone changed the configuration of an Amazon S3 bucket so that it is accessible by everyone, but the action was taken by an assumed role. To investigate, look into who took the action and what other activities they did recently, as that could indicate compromised credentials.
The Cloud SIEM Investigator provides a graphical interface for you to pivot from one affected entity to another, so that you can see user behavior and its impact on your environment.
Navigate to Security > Cloud SIEM and click the Investigator tab.
Select an entity type in the In field dropdown menu.
Select an entity or enter a specific entity name in the Investigate field to see a diagram of the activities associated with the entity.
Click on a node and select View related logs or View in Log Explorer to see the related logs. Use the and filter by dropdown menu to filter by actions.
Navigate to Security > Cloud SIEM and click the Investigator tab, and then the GCP tab.
Select an entity type in the In field dropdown menu.
Select an entity or enter a specific entity name in the Investigate field to see a diagram of the activities associated with the entity.
Click on a node and select View related logs or View in Log Explorer to see the related logs. Use the and filter by dropdown menu to filter by actions.
Navigate to Security > Cloud SIEM and click the Investigator tab, and then the Azure tab.
Select an entity type in the In field dropdown menu.
Select an entity or enter a specific entity name in the Investigate field to see a diagram of the activities associated with the entity.
Click on a node and select View related logs or View in Log Explorer to see the related logs. Use the and filter by dropdown menu to filter by actions.
You can also navigate to the Cloud SIEM Investigator directly from a security signal. In the security signal panel, click Investigate user activity (where user
is the user identity in question) to see the Investigator view filtered to the specific user identity.