Skip to content

Security Monitoring

TrueWatch integrates the core capabilities of CSPM and SIEM to build a "Assets ➛ Configuration ➛ Behavior" integrated security monitoring system for you.

  • SIEM: Focuses on the "active behavior" security in the runtime environment.

Core problem solved: Are malicious or abnormal activities occurring in the environment?

Real-time collection and analysis of various log data (such as operating system logs, network traffic, cloud platform operation audit logs), using rules and threat detection models, aims to detect and respond to "dynamic" security threats that have occurred or are ongoing. Its core value lies in threat discovery and incident response, suitable for scenarios such as security monitoring, intrusion detection, and incident investigation.

  • CSPM: Focuses on the "configuration state" security of cloud infrastructure.

Core problem solved: Are cloud resources configured correctly from the start?

Through automated policies, continuously scans the configuration of the cloud platform itself and its services (such as the publicness of storage buckets, security group rules, IAM policies), aims to prevent and discover "static" security vulnerabilities and compliance deviations caused by configuration errors. Its core value lies in risk prevention and governance, suitable for scenarios such as security hardening and compliance audits.

Use Cases

  • Cloud storage bucket leakage monitoring
  • Internal data violation access
  • Malicious file upload detection
  • Infrastructure misconfiguration
  • Unauthorized access
  • Insecure interfaces/APIs
  • Compliance and regulatory issues
  • ......

Getting Started

When creating security detection rules in the console Create Detection Rules, you can customize the detection frequency, detection interval, generated event title and description, and associate alert strategies.

After the rules are successfully created, the system will execute the detection according to the set rules. When the detection results meet the rule logic, the system generates corresponding Events. Subsequently, the system will determine whether the event meets the trigger conditions of the associated alert strategy. If the conditions are met, the system will send an alert notification externally; if not, only the event will be recorded.

Based on these raw indicators or events generated from various data sources that may indicate potential security threats, you can also perform unified visualization and analysis through Signals. In the signal explorer, with the help of quick filtering, search, and other small but precise component functions, efficiently process these massive signals, transforming them from "messy information requiring manual screening" into "clear alarms that can be prioritized for processing."