Security event management
Control panel
With the help of the authorization log you can find out who used the account and when.You can receive information about authorizations from a new IP address by e-mail.
The account owner sees the authorizations of all users in the account.Invited users see only their authorizations.For more information, see the User Types and Roles tutorial.
If you notice suspicious activity, reset all sessions and change your password.
Cloud and dedicated servers
In cloud and dedicated servers, operating system events and information security events can be collected and exported to external security event management systems using free tools:
Additional options for generating security events can be implemented using utilities:
Auditd— for Linux;Sysmon— for Windows.
Managed Kubernetes
Managed Kubernetes clusters can receive logs — cluster logs, container logs, and audit logs.
The cluster logs display events that occur with the cluster, such as cluster creation, changing node groups, certificate updates and versions. If a request was performed automatically, for example, a scheduled certificate update, this action will also be included in the logs. You can view the cluster logs in the control panel.
Container logs include events that happen to containers.For example, creating and deleting a container.Container log files are stored in /var/log/pods/ or /var/log/containers.You can view the logs of an individual container using kubectl logs <container_name>, where <container_name> is the name of the container.If there are many containers in a Managed Kubernetes cluster, you can configure to receive container logs via Filebeat.
Audit logs display events that occur in the cluster.For example, in pods or services.These events can be triggered by users, applications, or Control Plane.The list of events that are logged and the parameters of these events depend on the audit policy. The policy that applies to Managed Kubernetes audit logs can be found in the Selectel documentation on the GitHub site.
Audit logs can be passed to a security event management system.For example, the Wazuh SIEM system.To receive audit logs from a Managed Kubernetes cluster , configure the integration.