Skip to content

Security Monitoring

TrueWatch integrates the core capabilities of CSPM and SIEM to build a unified security monitoring system covering "Assets ➛ Configuration ➛ Behavior" for you, achieving full coverage from static configuration risks to dynamic threats.

Core Capabilities

SIEM

Focuses on the security of "active behaviors" in the runtime environment.

Core problem it solves: Are malicious or abnormal activities occurring in the environment?

✅ Collects and analyzes various log data (such as operating system logs, network traffic, cloud platform operation audit logs) in real-time. It utilizes rules and threat detection models to detect and respond to "dynamic" security threats that have already occurred or are ongoing.

Its core value lies in threat discovery and incident response, suitable for scenarios like security monitoring, intrusion detection, and incident investigation.

CSPM

Focuses on the security of the "configuration state" of cloud infrastructure.

Core problem it solves: Are cloud resources configured correctly from the start?

✅ Through automated policies, it continuously scans the configurations of the cloud platform itself and its services (such as bucket public access, security group rules, IAM policies), aiming to prevent and discover "static" security vulnerabilities and compliance deviations caused by misconfigurations.

Its core value lies in risk prevention and governance, suitable for scenarios like security hardening and compliance audits.

Use Cases

  • Cloud storage bucket leak monitoring
  • Internal data access violations
  • Malicious file upload detection
  • Infrastructure misconfigurations
  • Unauthorized access
  • Insecure interfaces/APIs
  • Compliance and regulatory issues
  • ...

Getting Started

1. Create Detection Rules

In the console, create security detection rules. Customize the detection frequency, detection interval, generated event title and description, and associate alert strategies.

2. Execute Detection and Generate Events

After a rule is successfully created, the system will execute detection based on the set rules. When the detection results match the rule logic, the system generates corresponding events.

3. Event Handling and Notification

The system will determine if the event meets the trigger conditions of the associated alert strategy:

  • Conditions met: Sends external alert notifications.
  • Conditions not met: Only records the event, does not send notifications.

4. Signal Viewing and Analysis

Based on these raw indicators or events generated from various data sources that may indicate potential security threats, unified visualization, viewing, and analysis can be performed via signals.

In the signal explorer, efficiently handle these massive signals using small but powerful component features like quick filters and search. Transform them from "cluttered information requiring manual screening" into "clear alerts ready for prioritized processing".