Integrations with Yandex Audit Trails, more tools supporting Yandex Cloud, and security-related platform updates.
Today, Yandex Cloud allows you to develop and design an architecture that is based on secure-by-design principles, fully complies with industry standards and legal requirements, and comprehensively ensures infrastructure security and data protection.
Yandex Audit Trails is a service that collects and uploads audit logs from Yandex Cloud resources. Today, we’ll look at its most recent features and integrations:
With the integration of Yandex Audit Trails and Yandex Data Streams, users will be able to submit audit logs to the service’s managed databases for further analysis.
Yandex Audit Trails collects audit logs from the cloud and allows you to analyze and export them to your external SIEM systems such as Arcsight, Splunk, Elasticsearch, and others.
See our documentation for more details.
Previously, you could upload Audit Trails in one of two ways:
Object Storage (for long-term storage and export)
Cloud Logging (for analysis, writing and viewing queries, and responses).
Now it is possible to upload audit trails to the Data Streams service.
Detailed guidelines are available here.
What are the benefits of integrating Audit Trails and Data Streams?
simple export of Audit Trail events from Yandex Data Streams to other cloud services via Data Transfer. To learn how to export to ClickHouse for further analysis and visualization in DataLens, check out this guide.
export of events to third-party SIEM systems that support AWS Kinesis Datastreams. How to use Yandex Data Streams for fluentd.
a simplified and streamlined connector development for SIEM service providers.
Some SIEM systems have been integrated with the Kinesis API (YDS can send data via the Kinesis API). Now you can use YDS to analyze and search for events in Yandex Query.
Thanks to the integration of Yandex Audit Trails and Yandex Query, you can now run both common audit log searches and unique YQL queries.
MaxPatrol SIEM is a system that detects information security incidents. MaxPatrol SIEM can now access audit logs from Yandex Cloud in Yandex Data Streams. Learn more
To ensure the safety of your data and infrastructure, use and monitor your secrets with caution. Avoid using secrets that have been compromised. Here’s a list of Yandex Cloud secrets:
Check out our detailed guide on how to manage secrets that have become accessible to the public.
We’ve added user group management. You can now group users based on any criteria, e.g. role or department.
The pgcrypto extension, which is now available in the Yandex Managed Service for Greenplum®, allows DBAs to specify which columns should be encrypted. Learn more
Osquery is an open-source security tool that converts the operating system into a single database with tables and allows you to send queries using statements similar to SQL. You can now use these requests to monitor file integrity in Yandex Cloud, check the status and configuration of the firewall, perform security checks on the target server, and much more. Details
Cloud Query is a cloud-based malware scanning service that offers users unprecedented insights into potential security risks. The service provides accurate and timely results by utilizing a regularly updated cloud database and data from ATP gateways around the world. This service now supports Yandex Cloud. Learn more
checkov, the industry-leading tool for scanning terraform manifests for security flaws, now supports Yandex Cloud terraform resources.
Yandex Cloud users can now employ the Infrastructure as a Code framework to monitor for and block the creation of malicious cloud objects.
For example:
public address for VMs or k8s clusters
public access to the object storage bucket
no need to encrypt bucket or k8s secrets
For a complete list of features, see the security checklist.
If you want to learn how to integrate this tool into your Managed Service for GitLab CI / CD instances (in blocking or auditing mode), visit our Security Solutions Library, Checkov + Yandex Cloud, where you will find a detailed list of checks and guidelines.
When using Lockbox, you have to create secrets in our native Lockbox and synchronize them in k8s.
You can manage certificates directly in Certificate Manager and synchronize them with k8s secret type tls native objects.
To learn more about standard integration, check out the documentation.
We’re planning to publish a script that will let you use NGINX Ingress Controller with a certificate from CM.
