Yandex SIEM overview
Note
This feature is in the Preview stage. To get access, contact tech support or your account manager.
Yandex SIEM is Yandex Cloud‘s proprietary SIEM (Security Information and Event Management) system for monitoring and analysis of security events in the cloud infrastructure. Yandex SIEM collects and analyzes the cloud infrastructure events to detect anomalies and potential security threats. When Yandex SIEM detects an anomaly, it creates an alert indicating a potential incident.
Access to the service
Note
You get access to Yandex SIEM in the Security Deck interface in Cloud Center after your access request gets approved.
In Yandex SIEM, you can access a list of detected incidents and select one to get troubleshooting recommendations with additional context and view the incident details and category. To see the statistics on detected incidents, refer to the dashboard on the service's home page.
For automatic threat detection, Yandex SIEM uses correlation rules, i.e., sets of conditions by which the system analyzes events and generates alerts. To eliminate false positives, you can configure exceptions for correlation rules.