Skip to main content

Events

Spot Security strives to reduce the Signal-to-Noise ratio of cloud security events for the users and highlight the events that have occurred on your cloud network within a defined time period based on event security.

To view the Events, go to Spot Security in the left menu of the console and click Events.

Overview

In the event overview section, you can view all event types and risk distribution.

events-1

The bar chart displays the distribution of risks for each event type. When you click a card, the bar graph will display the risk distribution of that particular event type.

events-2

You can select a date range in the top right corner to view events.

events-3

If you have both AWS and Azure events in your environment, you can use the toggle to the left of the events to switch between AWS and Azure.

events-4

Spot Security classifies the events into the following categories:

  • Configuration Change
  • IAM Change
  • Critical Event
  • Data Access
  • Operational
  • Anomalies

All Events

The All Events tab provides a list of events based on the time range or preset you defined. For each event, you can see the:

  • Event Name
  • Event Type
  • Asset Type
  • Asset Name
  • Failing Security Rules Count
  • Severity Level
  • Source IP
  • Region
  • User
  • Session ID
  • Event Time
  • Source
  • Suppress

events-5

In addition, you can use the Severity and Event Type filters to filter the events. You can also search for Event Name, Asset Type, Event Time, Source IP, and Users to view specific events.

events-6

Event Details

Clicking an individual event gives you the following details:

  • Event Details: Information about an event such as event time, user, event name, and source.

    events-e

  • Asset Details: Information about an asset, such as the asset name, cloud details, and cloud account name. You will also find information about:

    • Security Rules: List of all the security rules that were assessed for determining an event.
    • Affected Assets: List of all the assets that are impacted by an event.
    • Historical Events: List of the latest 500 events that occurred in the asset and has at least one failing security rule.
    • Session Events: List of the latest 500 events that occurred in the same session as an event and has at least one failing security rule.

Download the CSV option on the right corner of the table to view the latest 100,000 historical and session events.

events-8

Event Impact Map

For each security rule, you can see the Event Impact Map to visualize the asset’s network.

events-9

Event Detail Record

Event Detail Records present the time of an event, the source, region, and more for each event.

events-10