Skip to main content

Managing Security Events

Control panel

With the authorization log, you can find out who used the account and when. You can receive information about authorizations from a new IP address via email.

Account Owner can see the authorizations of all account users. Invited users only see their own authorizations. For more details, see the Access Management in Servercore Products instruction.

If you notice suspicious activity, reset all sessions and change your password.

Cloud and dedicated servers

In cloud and dedicated servers, operating system events and information security events can be collected and exported to external security event management systems using free tools:

Additional options for security event generation can be implemented using utilities:

  • Auditd — for Linux OS;
  • Sysmon — for Windows OS.

Managed Kubernetes

In Managed Kubernetes clusters, you can receive logs — cluster logs, container logs, and audit logs.

Cluster logs display events that occur to the cluster. For example, cluster creation, node group changes, and certificate and version updates. If a request was performed automatically, for example, a scheduled certificate update occurred, this action will also appear in the logs. You can view cluster logs in the control panel.

Container logs contain events that occur to containers. For example, container creation and deletion. Container log files are stored in the /var/log/pods/ or /var/log/containers directory. Logs for a specific container can be viewed using kubectl logs <container_name>, where <container_name> is the name of the container. If you have many containers in a Managed Kubernetes cluster, you can configure container log retrieval via Filebeat.

Audit logs display events that take place in the cluster. For example, in pods or services. These events can be initiated by users, applications, or the Control Plane. The list of events included in the logs and their parameters depend on the policy (audit policy).

Audit logs can be sent to a security event management system. For example, the Wazuh SIEM system. To receive audit logs from a Managed Kubernetes cluster, configure the integration.