- Overview of TDIR for Public Cloud
- Supported Cloud Environments and Log Sources
- Types of Threat Detection Enabled by TDIR for Public Cloud
- Prepare to Use TDIR for Public Cloud
- View Cloud Content Activity
Overview of TDIR for Public Cloud
Threat Detection, Investigation, and Response (TDIR) for Public Cloud is a cloud-specific content package. As cloud technology becomes the new normal in many environments, organizations increasingly rely on cloud services for mission-critical operations. As the landscape of cloud environments needing security coverage expands, so do the threats of malicious cloud activity. These attacks can be difficult to detect, but when they occur, they can be disruptive, destructive, and costly.
TDIR for Public Cloud can help narrow this gap in security visibility across cloud-based applications, networks, and infrastructure. When cloud-specific content is ingested, the full range of Exabeam modeling and behavioral analysis capabilities can be leveraged to understand what normal cloud behavior looks like in different environments.
TDIR for Public Cloud expands the cloud security capabilities of Advanced Analytics. It is designed to work equally well in Exabeam products that use either the latest common information model or the legacy data structure. However, there are some differences in the way that cloud content is collected and accessed in the two data structures. Understanding these differences is important when you are preparing to use TDIR for Public Cloud and when you want to view cloud content.
Legacy data structure – For Advanced Analytics versions that use the legacy data structure (i62.4 and later), log data enters the application through the legacy Parser Manager.
Common information model structure – For Advanced Analytics versions that use the common information model data structure (i63 and later), log data enters the application through Log Stream.
For information about which cloud platforms are supported for specific Advanced Analytics versions, see Supported Cloud Platforms and Log Sources.
Note
Rules delivered in TDIR for Public Cloud are disabled by default so that they don't begin creating noise in your system as soon as the connection to a cloud platform is created. For information about implementing the new cloud content, see Prepare to Use TDIR for Public Cloud.