This topic provides answers to some frequently asked questions about Cloud Threat Detection and Response (CTDR) feature.
Does the CTDR feature support devices in a data center?
No,
the CTDR feature supports only cloud devices. For more information about the cloud services supported by the CTDR feature, see Supported services and log types.
What do I do if the amount of log data that is added and stored exceeds the purchased log capacity?
If the log data that is added to the threat analysis response feature within a day exceeds the purchased log capacity, new log data cannot be added. Log shipping is stopped even if the purchased log storage capacity is not exhausted.
If the log data that is added to the threat analysis response feature within a day does not exceed the purchased log capacity and the purchased log storage capacity is exhausted, log addition is not affected but log shipping is stopped.
If the amount of data that is added exceeds the purchased log capacity, log shipping is stopped.
Is the quantity of alerts reduced after the CTDR feature is enabled?
Yes,
the CTDR feature analyzes alerts, identifies and builds complete attack chains, and generates security events. This effectively reduces the quantity and frequency of alerts.
Am I charged for enabling the log management feature in the CTDR module?
Yes,
you are charged for enabling the log management feature based on the log storage duration and log storage capacity that you purchased for the CTDR feature. When you purchase the CTDR feature, you must purchase log storage capacity. After you purchase log storage capacity or increase the current log storage capacity, no fees are generated when you query and export logs in the Security Center console.
After the CTDR feature delivers logs to the specified Logstore, you may be charged for the operations that you perform in the Simple Log Service console, such as transforming and shipping logs. For more information, see Billing overview of Simple Log Service (SLS).