Discovery Logs

Discovery logs may be forwarded to Security Information Event Management (SIEM) systems to aggregate into a single management platform.

Multicloud Defense supports viewing security event information directly within the UI. These events are available under the Investigate > Traffic section. The events are categorized and viewable as follows:


Category	Type	Description
DNS Logs	DNS_LOG	Correlation of Threat Intelligence with DNS Log information gathered from cloud provider
VPC Logs	VPC_LOG	Correlation of Threat Intelligence with VPC/VNet Flow Log information gathered from cloud provider

Each of the categories can be sent to a SIEM using a Log Forwarding Profile and attaching the Profile to the onboarded Cloud Account. The Log Forwarding destinations currently supported by Multicloud Defense are:

AWS S3 Bucket
Datadog
GCP Logging
Microsoft Sentinel
Splunk
Sumo Logic
Syslog

To forward Discovery Logs, use the steps below: