To ingest product logs, you must associate an access policy with a data source. Agentic SOC ingests logs exclusively from Alibaba Cloud Simple Log Service (SLS) and supports both custom Logstores and dedicated Agentic SOC Logstores.
Prerequisites
You have purchased and activated the Agentic SOC service.
Data source types
Type | Recommended use cases | Description | Actions |
Custom Log Capability | Your logs are already ingested into SLS. | This refers to a Project and Logstore that you or another Alibaba Cloud service created in Simple Log Service (SLS). Billing for this data source is separate from Agentic SOC. Agentic SOC automatically creates some initial Custom Log Service data sources for certain Alibaba Cloud services based on the following rules:
|
|
Agentic SOC Dedicated Data Collection Channel | Your logs are not yet ingested into SLS. | This refers to a Project and Logstore created by Agentic SOC within Simple Log Service (SLS) for its exclusive use. Billing for this data source is covered by Agentic SOC. The Project follows the naming convention Note If a dedicated Agentic SOC Project already exists in the selected region, the new Logstore is added to it. |
|
Predefined Log Capability | Logs delivered directly by Alibaba Cloud services. | Certain Alibaba Cloud services send logs directly to Agentic SOC with no configuration required. Examples include alert logs from security services like WAF and Cloud Firewall. | View |
Add data source for logs in SLS
Log on to the Security Center console.
In the left-side navigation pane, choose Agentic SOC > Integration Settings.
On the Data Source tab, click Add Data Source in the upper-left corner. Configure the parameters as described in the following table.
Parameter
Description
Data Source Name
Enter a custom name for the data source.
Data Source Type
Select Custom Log Capability. This option is recommended if your logs are already in Simple Log Service (SLS) to avoid duplicate data ingestion and reduce costs.
ImportantIf your logs are not yet in SLS, but you want to use this method, you must first go to the Simple Log Service console, create a Logstore, and then ingest your logs into it.
Region
The region where your Logstore is located.
Project
Custom Log Capability: Select the target Project from the list of Projects in your account.
Logstore
Custom Log Capability: Select the target Logstore from the list of Logstores within the selected Project.
Click OK. The new data source appears in the data source list.
Add data source for logs not in SLS
Log on to the Security Center console.
In the left-side navigation pane, choose Agentic SOC > Integration Settings.
On the Data Source tab, click Add Data Source in the upper-left corner. Configuration depends on the data source type you select.
ImportantYou cannot change the data source type after creation. Choose carefully.
Custom Log Service
WarningIf your logs are not yet in SLS, but you want to use the Custom Log Capability type, you must first go to the Simple Log Service console, create a Logstore, and then ingest your logs into it.
Parameter
Description
Data Source Name
Enter a custom name for the data source.
Data Source Type
Custom Log Capability
Region
The region where your Logstore is located.
Project
Custom Log Capability: Select the target Project from the list of Projects in your account.
Logstore
Custom Log Capability: Select the target Logstore from the list of Logstores within the selected Project.
Agentic SOC Dedicated Data Collection Channel
Parameter
Description
Data Source Name
Enter a custom name.
Data Source Type
Select Agentic SOC Dedicated Data Collection Channel.
ImportantIf you use this method for multiple services in the same region, all logs are stored in a single Project named
aliyun-cloudsiem-channel-{Alibaba-Cloud-account-ID}-cn-{region-ID}.Region
The region for storing logs.
Project
Agentic SOC Dedicated Data Collection Channel: The Project name is fixed to
aliyun-cloudsiem-channel-{Alibaba-Cloud-account-ID}-cn-{region-ID}and cannot be changed.Logstore
Agentic SOC Dedicated Data Collection Channel: You must manually enter a name for the Logstore. For instructions, see Create a Logstore.
Create a Logstore
If you select the Agentic SOC Dedicated Data Collection Channel type, follow these steps to create the required Logstore.
Click Create Logstore and enter a name. The name can contain only lowercase letters, digits, hyphens (-), and underscores (_).
In the confirmation dialog box, verify the details and click OK.
After the Logstore is created, you can view the new Project (
aliyun-cloudsiem-channel-{Alibaba-Cloud-account-ID}-cn-{region-ID}) and Logstore on the Simple Log Service console.
ImportantIf a dedicated Agentic SOC Project already exists, the new Logstore is added to it.
If a Logstore with the same name already exists, new log data is appended to it. If you need to store different types of logs separately, use a unique Logstore name.
Click OK. The new data source appears in the data source list.
Edit a data source
Predefined Log Servicedata sources cannot be modified.You cannot modify a data source that is associated with an enabled access policy. To make changes, you must first disable the access policy. For details, see Why can't I modify a data source?.
Data sources that are automatically created for a member account cannot be modified. To make changes, you must first remove the ingestion configuration for that account. For details, see Remove a member account.
Log on to the Security Center console.
In the left-side navigation pane, choose Agentic SOC > Integration Settings.
On the Data Source tab, find the data source you want to edit, and click Edit in the Operation column. Configure the parameters as described below.
Parameter
Description
Data Source Name
Enter a custom name.
Region
The region where the Logstore is located.
Project
Custom Log Capability:
Select the target Project from the list of Projects in your account.
Agentic SOC Dedicated Data Collection Channel:
The Project name is fixed to
aliyun-cloudsiem-channel-{Alibaba-Cloud-account-ID}-cn-{region-ID}and cannot be changed.
Logstore
Custom Log Capability:
Select the target Logstore from the list of Logstores within the selected Project.
Agentic SOC Dedicated Data Collection Channel:
You must manually enter a name for the Logstore. For instructions, see Create a Logstore.
Click OK.
Delete a data source
Predefined Log Servicedata sources cannot be deleted.You cannot delete a data source that is associated with an access policy, including policies for member accounts.
Log on to the Security Center console.
In the left-side navigation pane, choose Agentic SOC > Integration Settings.
On the Data Source tab, find the data source you want to delete, and click Delete in the Operation column.
Related topics
To learn how to associate a data source with an access policy, see Connect a product.
To learn which products are supported by default data sources, see Integration settings.
If you encounter issues, see FAQ for solutions.