Expanding TDIR for Public Cloud to Additional Platform
June 2023
Threat Detection, Investigation, and Response (TDIR) for Public Cloud is a cloud-specific content package. It previously supported threat detection in the Amazon Web Services (AWS) environment. Now it has been expanded to support threat detection in the following additional environments:
Google Cloud Platform (GCP)
Microsoft Azure
TDIR for Public Cloud expands the cloud security capabilities of Advanced Analytics. This new coverage is designed for use with the following version:
i63.5 – This version uses the new common information model data structure and log data enters the application through the new Log Stream.
Note
Rules delivered in TDIR for Public Cloud are disabled by default so that they don't begin creating noise in your system as soon as the connection to a cloud platform is created. For information about implementing the new cloud content, see Prepare to Use TDIR for Public Cloud.
For information about the types of threat detection enabled and the use cases, rules, and MITRE ATT&CK® techniques covered, see the TDIR for Public Cloud Guide.
To use TDIR for Public Cloud, no content package installation is required. However, to ingest logs that contain cloud content, you must complete specific tasks. For information about those tasks, see Prepare to Use TDIR for Public Cloud.