Skip to main content
Security event management

Security event management

Control panel

With the help of authorization log, you can find out who used the account and when. You can receive information about authorizations from a new IP address by email.

The account owner sees the authorizations of all account users. Invited users see only their authorizations. See more in the instructions User types and roles.

If you notice any suspicious activity, reset all sessions and change your password.

Cloud and dedicated servers

In cloud and dedicated servers, operating system events and information security events can be collected and exported to external security event management systems with the free tools:

Additional options for generating security events can be implemented using utilities:

  • Auditd — for Linux;
  • Sysmon — for Windows.

Managed Kubernetes

Managed Kubernetes clusters can receive logs — cluster logs, container logs, and audit logs.

The cluster logs display events that happen to the cluster. For example, creating a cluster, changing node groups, updating certificates and versions. If a request was performed automatically, for example, a scheduled certificate update occurred, this action will also be logged. You can check the cluster logs in the control panel.

Container logs include events that happen to containers. For example, the creation and deletion of a container. Container log files are stored in the directory /var/log/pods/ or /var/log/containers. Logs of an individual container can be viewed with kubectl logs <container_name>where <container_name> — container name. If there are many containers in a Managed Kubernetes cluster, you can configure container logs to be received via Filebeat.

Audit logs display events that occur in the cluster. For example, in pods or services. These events can be triggered by users, applications, or Control Plane. The list of events that are logged and the parameters of these events depend on the policy (audit policy).

Audit logs can be transferred to a security event management system. For example, to a SIEM system Wazuh. To receive audit logs from a Managed Kubernetes cluster, configure the integration.