Step 2: Configure a Custom Log Collection Policy

Logs are important data support for security operations. You can use One-Click Log Integration to ingest all security logs into SecMaster and enable auto alert conversion to let models convert logs that hit rules into alerts. After that, you can track and monitor all alerts on the Alerts page in SecMaster.

Customizing the Log Collection Policy

Log in to the SecMaster console.
Go to the target workspace.
In the navigation pane on the left, choose Log Audit > Cloud Service Access.

Figure 1 Cloud Service Access
On the cloud service log integration page, click One-Click Log Integration and enable log integration of all cloud services in the current region. This is highly recommended during cybersecurity drills. On the One-Click Log Integration page, select the data source region from the Region drop-down list and select the cloud service log types you need to integrate. After completing the configuration, click OK.

On the Cloud Service Access page, click Settings in the Operation column of the target cloud service product. On the settings page, enable log types of products based on your needs. Enable Auto Alert Conversion for HSS vulnerability scan result, DDoS attack log, and Database audit service alarm.

**Table 1** Parameters on the log integration settings page
Parameter	Description
Log Type	Type of log you want to integrate.
Enable Log Integration	Whether to enable log integration. If this button is toggled on, logs will be integrated into SecMaster.
Auto Alert Conversion	In the Auto Alert Conversion column, click to enable the function. After that, if cloud service logs meet certain alert rules, SecMaster will automatically convert them into alerts. These alerts will be displayed on the Alerts page.
Lifecycle	Log retention duration after integration.
Log Status	Log integration status. Succeeded: Logs have been integrated and the integration is successful. Integration pending: Logs have not been integrated. Failed: Logs failed to be integrated.
Last Active	Last log integration time.
Operation	You can Edit the lifecycle of the log type, in days. Lifecycle indicates the retention duration of integrated logs. If the account has been managed by an operations account, you can modify the log lifecycle only in the primary workspace of the operations account.

After completing log integration, check the log integration status of cloud service products on the Log Audit > Cloud Service Access page.

It takes about 10 minutes for the log integration settings to take effect. After the integration is complete, a default data space and pipeline will be created.

Parent topic: Using SecMaster to Enable Efficient Security Operations

Previous topic: Step 1: Organize Your Service Information

Next topic: Step 3: Perform Security Self-Checks and Rectification

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot