Updated on 2025-01-20 GMT+08:00

Security Analysis Overview

The security analysis function works as a cloud native security information and event management (SIEM) solution in SecMaster. It can collect, aggregate, and analyze security logs and alarms from multiple products and sources based on predefined and user-defined threat detection rules. It helps quickly detect and respond to security incidents and protect cloud workloads, applications, and data.

Cloud services and logs that can be interconnected with SecMaster

SecMaster can integrate logs of multiple cloud products. You can search for and analyze all collected logs in SecMaster.

For details, see Cloud Service Log Access Supported by SecMaster.

Use process

Table 1 Use process

Step

Description

Adding a Workspace

Add a workspace for resource isolation and control.

Integrating Data

Configure the sources of security data you need to collect.

SecMaster can integrate log data of multiple products, such as services in storage, management and governance, and security domains. You can search and analyze all collected logs in SecMaster.

(Optional) Adding a Data Space

Create a data space for storing collected log data.

For data accessed through the console, the system creates a default data space. You do not need to create a data space.

(Optional) Creating a Pipeline

Create pipelines for collecting, storing, and querying log data.

For data accessed through the console, the system creates a default data pipeline. You do not need to create a pipeline.

Configuring Indexes

Configure indexes to narrow down the query scope.

Querying and Analyzing Collected Data

Query and analyze the accessed data.

Downloading Logs

Download raw logs or queried and analyzed logs.

Viewing Result Charts

If you run query and analysis statements, SecMaster displays query and analysis results in charts and tables.

Currently, results can be displayed in tables, line charts, bar charts, and pie charts.