About Yandex Cloud Detection and Response

Yandex Cloud Detection and Response is a module that monitors and responds toYandex Cloud infrastructure incidents. YCDR is built around Yandex Cloud's in-house Security Operations Center (SOC). The module collects data from the cloud infrastructure to detect anomalies. When YCDR detects an anomaly, it creates alerts indicating a potential incident.

The Yandex Cloud SIEM system analyzes the collected data. Events are sent to the SIEM system via a collector. The collector is installed in a Managed Service for Kubernetes cluster, which ensures its scalability and fault-tolerance.

The collector must have access to the external network to send events to the Yandex Cloud SIEM. Yet, since events are sent over the TLS protocol and SIEM is physically located in the Yandex Cloud infrastructure, the data remains inside the data center.

The collector works at the cloud level. Each cloud must have a dedicated collector for sending events.

The collector architecture comprises two modules:

1. Vector-based component for collecting and sending events. It enables receiving events from osquery agents and random events over HTTP.
2. syslog event collection component which collects events and sends them to the Vector-based component for further processing.

In Yandex Cloud Detection and Response, you can acess a list of detected incidents and select one to get troubleshooting recommendations with additional context and view the incident details and category. To see the statistics for detected incidents, refer to the dashboard on the main page.

See alsoSee also

• About Alerts