Updated on 2024-07-18 GMT+08:00

Access Data

Scenario

For the first workspace created in each region, all data and asset details in the current region are synchronized to it automatically, and preconfigured models and playbooks are enabled for it automatically. For the non-first workspaces, you need to configure log access manually.

SecMaster can access logs of multiple cloud products with your authorization. After you authorize the access, you can manage logs centrally and search and analyze all collected logs.

This topic describes how to access logs and view where logs are stored.

Limitations and Constraints

It takes about 10 minutes for the log access settings to take effect.

Allowing SecMaster to Access Service Logs

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. In the navigation pane on the left, choose Settings > Data Integration.

    Figure 2 Data Integration page

  5. Locate the cloud service from which you want to collect logs, click in the Logs column to enable log access.

    To access logs of all cloud services in the current region, click on the left of Access Service Logs.

  6. Set the lifecycle.

    By default, data is stored for 7 days. You can set the storage period as required.

  7. Set Automatically converts alarms.

    Locate the row containing the target security products. In the Automatically converts alarms column of that row, click to enable the function. After that, SecMaster will automatically convert cloud service logs into alerts when the logs meet certain alert rules. Those alerts will be displayed on the Alerts page.

    • If this function is disabled, logs that meet certain alert rules will not be converted into alerts or displayed on the Alerts page.
    • You can access host vulnerability scan results on the Vulnerabilities page of SecMaster. If such results have been accessed during data integration but this conversion function is disabled, the results will not be displayed on the Vulnerabilities page.

  8. Click Save. In the displayed dialog box, click OK.

    After the access completes, a default data space and pipeline are created.

    It takes about 10 minutes for the log access settings to take effect.

Viewing the Log Storage Location

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 3 Workspace management page

  4. In the navigation pane on the left, choose Settings > Data Integration. On the displayed Cloud Service Access tab, view the log data storage location in the Storage Location column.

    You can go to the corresponding pipeline in the target workspace to view the accessed logs.

Related Operations

  • Canceling Data Access
    1. In the Log column of the target cloud services, click to disable the access to cloud service logs.
    2. Click Save.
  • Editing the Data Access Lifecycle
    1. In the Lifecycle column of the target cloud services, enter the data storage period.
    2. Click Save.
  • Canceling Automatic Converting Logs to Alarms
    1. In the Automatically converts alarms column of the target cloud products, click to disable the alarms.
    2. Click Save.