Yandex Cloud
Search
Contact UsGet started
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Pricing
  • Customer Stories
  • Documentation
  • Blog
© 2025 Direct Cursus Technology L.L.C.
Yandex Audit Trails
  • Getting started
    • All tutorials
    • Searching for Yandex Cloud events in Object Storage
    • Searching for Yandex Cloud events in Cloud Logging
    • Alert settings in Monitoring
    • Configuring a response in Cloud Functions
    • Processing Audit Trails events
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Management event reference
  • Data event reference
  • Release notes

In this article:

  • How it works
  • Implementation example
  • What's next
  1. Tutorials
  2. Configuring a response in Cloud Functions

Configuring responses in Yandex Cloud Logging and Yandex Cloud Functions

Written by
Yandex Cloud
Updated at June 4, 2025
  • How it works
  • Implementation example
  • What's next

You can configure Cloud Functions to automatically respond to audit log events, e.g., to send messages through notification channels you prefer or automatically modify Yandex Cloud resource settings.

How it worksHow it works

In general, you will need the following components to configure responses via Cloud Functions:

  1. Trail that uploads audit logs to a log group.
  2. Log group that acts as an interface between the trail and a Cloud Functions trigger.
  3. Yandex Cloud Logging trigger that invokes a function when adding a record to a log group.
  4. Cloud Functions function that implements the response logic.
  5. Optional auxiliary component, such as a Telegram bot or mail server.

Implementation exampleImplementation example

Yc-security-solutions-library contains a solution example that uses Cloud Functions to notify of specific events via a Telegram bot and modify Yandex Cloud resources in line with changes using API methods.

You can get notifications of the following events:

  • Security groups: Allowing incoming traffic to all private addresses (0.0.0.0/0).
  • Object Storage: Enabling public access to buckets.
  • Yandex Lockbox: Assigning permissions to a secret.

The following actions may be performed on Yandex Cloud resources:

  • Security groups: Deleting the rule.
  • Yandex Lockbox: Removing assigned permissions to the secret.

Note

Yandex Cloud Security Solution Library is a public repo on GitHub with a set of examples and recommendations on how to build a secure infrastructure in Yandex Cloud.

This solution contains the source codes of a Python function and a Terraform script that configures all the required Yandex Cloud components.

What's nextWhat's next

  • Learn more about the audit log format.
  • Learn about existing solutions to export audit logs to SIEM.

Was the article helpful?

Previous
Alert settings in Monitoring
Next
Processing Audit Trails events
© 2025 Direct Cursus Technology L.L.C.