View "Security Check" Function Logs
2024-09-05
This document primarily introduces the function logs generated by security check tasks in Guance.
1. Introduction
Similar to other functions executed in DataFlux Func (Automata), after configuring function logs to be reported to Guance, the logs of security check tasks can also be conveniently queried on the Guance platform.
For details on how to configure function log reporting to Guance and explanations of each reported field, please refer to Manual / Deployment and Maintenance / Upload Self-Observation Data
2. Basic Queries
Key fields:
| Field | Type | Description |
|---|---|---|
source |
str | Fixed as DFF_task_record_func |
func_id |
str | Detection trigger task logs: guance__api.siem_triggerDetection result reception logs: guance__api.siem_receive_results |
workspace_uuid |
str | UUID of the associated Guance workspace Format: wksp_xxxxx |
df_trigger_task_id |
str | Trigger task ID Includes detection trigger task logs, detection result reception logs |
df_monitor_checker_id |
str | Security check ID Format: srul_xxxxx |
exception_type |
str | Error type Example: KodoAPI call error "KodoAPIError" |
exception |
str | Specific error Example: KodoAPIError('Status Code: 400, ... <略>') |
event_count_total |
int | Total number of events produced by this task |
In the Guance "Log Explorer," fill in the following filtering conditions to filter out all security check task logs for a specific workspace:
| Text Only | |
|---|---|
1 | |
If you need to view logs for a particular security check task, use the df_monitor_checker_id filter, such as:
| Text Only | |
|---|---|
1 | |
If you need to view logs for a security check task related to a specific event, use the df_trigger_task_id field from the "Security Check Event" to filter, such as:
| Text Only | |
|---|---|
1 | |
If you only want to view error logs, add the status filter condition, such as:
| Text Only | |
|---|---|
1 | |
3. Common Query Conditions
The following are common query conditions; copy the query conditions into the filter bar of the Guance "Log Explorer" for searching
All security check task logs:
| Text Only | |
|---|---|
1 | |
Failed security check task logs:
| Text Only | |
|---|---|
1 | |
All security check task logs for a specific workspace:
| Text Only | |
|---|---|
1 | |
Failed security check task logs for a specific workspace:
| Text Only | |
|---|---|
1 | |
Logs for a specific security check task:
| Text Only | |
|---|---|
1 | |
Failed logs for a specific security check task:
| Text Only | |
|---|---|
1 | |