Skip to main content

Security ContentWhat's New in Security Content

Introducing TDIR for Public Cloud

October 2022

Threat Detection, Investigation, and Response (TDIR) for Public Cloud is a cloud-specific content package. It supports threat detection in the following environment:

  • Amazon Web Services (AWS)

As cloud technology becomes the new normal in many environments, organizations increasingly rely on cloud services for mission-critical operations. As the landscape of cloud environments needing security coverage expands, so do the threats of malicious cloud activity, such as account hijacking and data exfiltration. These attacks can be difficult to detect, but when they occur, they can be disruptive, destructive, and costly.

TDIR for Public Cloud can help narrow this gap in security visibility across cloud-based applications, networks, and infrastructure. When this cloud-specific content is ingested, the full range of Exabeam modeling and behavioral analysis capabilities can be leveraged to understand what normal cloud behavior looks like in different environments.

TDIR for Public Cloud expands the cloud security capabilities of Advanced Analytics. It is designed for use with the following versions:

  • i62.4 – This version uses the legacy data structure and log data enters the application through the legacy Auto Parser Generator.

  • i63 – This version uses the new common information model data structure and log data enters the application through the new Log Stream.

Note

Rules delivered in TDIR for Public Cloud are disabled by default so that they don't begin creating noise in your system as soon as the connection to a cloud platform is created. For information about implementing the new cloud content, see Prepare to Use TDIR for Public Cloud.

For information about the types of threat detection enabled and the use cases, rules, and MITRE ATT&CK® techniques covered, see the TDIR for Public Cloud Guide.

To use TDIR for Public Cloud, no content package installation is required. However, to ingest logs that contain cloud content, you must complete specific tasks. For information about those tasks, see Prepare to Use TDIR for Public Cloud.