Uploading audit logs to KUMA SIEM

In this tutorial, you will create an Audit Trails trail to provide audit logs to the KUMA collector.

The solution described in the tutorial works as follows:

1. A trail uploads logs to an Yandex Object Storage bucket with encryption enabled.
2. The bucket is mounted as a part of the file system on the server with the KUMA collector installed.
3. The KUMA collector receives event data from the mounted bucket and forwards it for processing.

You can use the following tools to create an audit log upload infrastructure:

• Management console, CLI: Use the Yandex Cloud management console, CLI, or API to create your infrastructure step by step.
• Terraform: Streamline creating and managing your resources using the infrastructure as code (IaC) approach. Download a Terraform configuration example and then deploy the infrastructure using the Yandex Cloud Terraform provider.