Help Center/ SecMaster/ User Guide/ Threat Operations/ Data Delivery/ Delivering Logs to Other Data Pipelines
Updated on 2024-12-28 GMT+08:00
View PDF

Delivering Logs to Other Data Pipelines

Scenario

This topic walks you through how to deliver logs to other pipelines. The main steps are as follows:

Limitations and Constraints

  • When performing cross-account delivery, the data can only be delivered to the pipelines instead of cloud services of other accounts.
  • If the new data delivery is cross-account, you need to log in to SecMaster using the destination account and authorize the delivery.

Step 1: Create a Data Delivery Task

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Threat Operations > Security Analysis. The security analysis page is displayed.

    Figure 2 Accessing the Security Analysis tab page

  6. In the data space navigation tree on the left, click the data space name to expand all pipelines. Next to the name of the target pipeline, click More > Deliver.

    Figure 3 Accessing data delivery settings page

  7. (Optional) Confirm the authorization information, select Agree to authorize, and click OK.

    Authorization is required first time you start a delivery to a specific destination type. If the destination type has been authorized, skip this step.

  8. On the Create Delivery panel, set data delivery parameters.

    1. Configure basic information.
      Table 1 Basic Information

      Parameter

      Description

      Delivery Name

      The name you specify for the delivery.

      Resource Consumption

      The value is generated by default. You do not need to configure it.
    2. Configure the data source.
      In the Data Source Settings area, the details about the current pipeline are displayed. You do not need to set this parameter.
      Table 2 Data source parameters

      Parameter

      Description

      Delivery Type

      Delivery destination type. The default value is PIPE.

      Region

      Region where the current pipeline is located.

      Workspace

      Workspace to which the current pipeline belongs.

      Data Space

      Data space to which the current pipeline belongs.

      Pipeline

      Name of the pipeline.

      Data Read Policy

      Data read policy of the current pipeline.

      Read By

      Identity of the data source reader.
    3. Configure the delivery destination.
      • PIPE: Deliver the current pipeline data to other pipelines of the current account or pipelines of other accounts. Set this parameter as required.
        • Current: Deliver the current pipeline data to another pipeline of the current account. For details about the parameters, see Table 3.
          Table 3 Destination parameters - Current account pipeline

          Parameter

          Description

          Account Type

          Account type of the data delivery destination. Select Current.

          Delivery Type

          Delivery type. Select PIPE.

          Workspace

          Workspace where the destination pipeline is located.

          Data Space

          Data space where the destination pipeline is located.

          Pipeline

          Pipeline where the destination pipeline is located.

          Written To

          The value is generated by default. You do not need to configure it.
        • Cross-account delivery: Deliver the current pipeline data to the pipeline of another account. For details about the parameters, see Table 4.
          Table 4 Destination parameters - Pipelines of other account

          Parameter

          Description

          Account Type

          Account type of the data delivery destination. Select Other in this case.

          Delivery Type

          Delivery type. Select PIPE.

          Account ID

          ID of the account to which the destination pipeline belongs.

          Workspace ID

          ID of the workspace where the destination pipeline is located. For details about how to query the workspace ID, see 7.

          Data Space ID

          ID of the data space where the destination pipeline is located. For details about how to query the data space ID, see 7.

          Pipeline ID

          ID of the destination pipeline. For details about how to query the pipeline ID, see 7.

          Written To

          The value is generated by default. You do not need to configure it.
    4. Under Access Authorization, view the permissions granted in 7.

      A delivery requires the read and write permissions to access your cloud resources. A delivery task cannot access your cloud resources unless the access is authorized by you.

  9. Click OK.

Step 2: Authorize the Data Delivery

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 4 Workspace management page

  5. In the navigation pane on the left, choose Threat Operations > Security Analysis. On the Security Analysis page that is displayed, click the Data Delivery tab. The Data Delivery page is displayed.
  6. On the Data Delivery page, click the Cross-tenant Permissions tab. On the page that is displayed, click Accept in the Operation column of the target delivery task.

    To accept authorization in batches, select all tasks to be authorized and click Accept in the upper left corner of the list.

    Figure 5 Data delivery authorization

    After the authorization is granted, the authorization status of the target delivery task is updated to Authorized. You can go to the delivery destination to view the delivery details.

Step 3: View Data Delivery in the Destination Pipeline

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 6 Workspace management page

  5. In the navigation pane on the left, choose Threat Operations > Security Analysis. The security analysis page is displayed.

    Figure 7 Accessing the Security Analysis tab page

  6. In the data space navigation tree on the left, click a data space name to show the pipeline list. Click a pipeline name. On the displayed page, you can search the pipeline data.

    Figure 8 Pipeline data page

  7. In the target pipeline, view the delivery log.

Operations Related to Data Delivery Authorization

On the Cross-tenant Permissions tab page, you can select to Reject or Cancel the authorization.

Table 5 Cross-tenant permission authorization options

Operation

Description

Reject

In the row containing the target delivery task, click Reject in the Operation column to reject the authorization.

To reject authorization in batches, select all tasks to be rejected and click Reject in the upper left corner of the list.

Cancel
  1. In the row containing the target delivery task, click Cancel in the Operation column to cancel the authorization.

    To cancel authorization in batches, select all tasks to be canceled and click Cancel in the upper left corner of the list.

  2. In the displayed dialog box, click OK.
Parent topic: Data Delivery