Investigation management
Note
This feature is in the Preview stage. To get access, contact tech support or your account manager.
This section describes how to create investigations, manage their settings, and perform basic operations with them.
Getting started
The Yandex SIEM section will appear in the Cloud Center interface as a Security Deck module after the access request is approved.
You need the ycem.editor role to use the service.
Creating an investigation
To create an investigation:
- Go to Security Deck.
- In the left-hand panel, select Yandex SIEM.
- Navigate to the Investigations tab.
- Click New investigation.
- Enter a name for your investigation in the header field.
- Under Description, add a description for your investigation.
Tip
Use clear names that reflect the investigation objective, e.g., Failed login analysis for February or Prod cluster suspicious activity.
Updating an investigation
Renaming an investigation
To rename an investigation:
- Open an investigation.
- At the top of the page, click the investigation name.
- Enter a new name.
- Press Enter or click outside the input field.
Editing a description
To edit an investigation description:
- Open an investigation.
- Under Information, click the Description field.
- Enter a new description.
- Press Enter or click outside the input field.
Copying an investigation
To create an investigation copy:
- Open an investigation.
- In the actions menu, select Create copy.
- Wait until the copy is created.
The copy inherits all requests and settings of the original investigation.
Deleting an investigation
To delete an investigation:
- Open an investigation.
- In the actions menu, select Delete.
- Confirm the deletion.
Warning
Deleting an investigation is irreversible. All requests and results will be deleted.