- Overview of TDIR for Public Cloud
- Supported Cloud Environments and Log Sources
- Types of Threat Detection Enabled by TDIR for Public Cloud
- Prepare to Use TDIR for Public Cloud
- View Cloud Content Activity
Prepare to Use TDIR for Public Cloud
To implement TDIR for Public Cloud, you must use Advanced Analytics version i62.4 or i63 or a later version. There is no content package installation required, however, to ingest logs that contain cloud content, you must complete the following tasks:
Ensure that the appropriate log sources are available, depending on the cloud environment in use. The following cloud platforms are supported:
Google Cloud Platform (sample log source: CloudAudit)
Amazon Web Services (sample log source: CloudTrail)
Microsoft Azure (sample log source: Azure Activity Logs)
Set up cloud connectors that will enable data from a specific cloud provider to be sent to Exabeam. The procedure for setting up connectors varies depending on the version of Advanced Analytics you are using:
i62.4 and later – See the procedures outlined in the legacy Cloud Connectors Configuration Guide for the specific cloud platforms you want to use.
i63 and later – See the procedures in the new Cloud Collectors Guide for the specific cloud platform you want to use.
In Advanced Analytics, rules that support the new cloud content must be enabled. The new content is delivered with the rules disabled by default so that they don't begin creating noise in your system as soon as the connection to a cloud platform is created. For procedures to enable the appropriate rules, see Disable or Enable Rules in the Advanced Analytics Administration Guide.
For a list of the new rules for a specific cloud platform, see Rules by Use Case for Each Cloud Platform.