Capabilities surrounding detection, discovery, and classification of access, events, and inventory are provided by the Data Detection and Response feature (DDR) in DSPM.
These capabilities are broadly classified under these three headings:
- Access Details
- Activity Events Risk Detection
- Anomaly Detection
DSPM’s DDR functionality reads the CloudTrail logs to detect specific predefined scenarios and then tags each of them to one of the aforementioned DDR types.
Setting up the configuration and access to the CloudTrail logs happens during the Account Onboarding stage and this can be edited as needed.
The CloudTrail can be managed by DSPM or set up as a custom trail created by the cloud administrator allowing for both Read and Write events.
Learn more about each capability in the following sections.