Protective Monitoring information in the UKCloud Portal
This document describes what showback information you can view in the UKCloud Portal about the different clouds, networks and security domains supported by UKCloud's Protective Monitoring service.
The document also includes examples of the security events that are displayed in the Portal and what you should do when you see an incident.
You can find UKCloud's Protective Monitoring Portal showback information on the My Security Events page. To view this page, you must have Read monitoring permissions on the page.
What is supported for Portal showback?
Clouds and security domains
Multi-cloud for VMWare, Assured-OFFICIAL
All other clouds and networks
Note that all other clouds and networks are supported by UKCloud's standard Protective Monitoring service. UKCloud's security team will inform you of any security incidents for anything other than Multi-cloud for VMWare on the Assured security domain, using internet connectivity in the usual way (that is, via email or phone call).
Example security incidents
Communication seen with known malware sites
Data being exchanged in plain text
Brute force attacks
Attempts to compromise operating systems and services
Machines contacting known malicious domains
Machines being used for personal use (if you're running a VPN server, UKCloud will capture internet browsing)
Any traffic that is encrypted will not be spotted by UKCloud unless it's contacting known malicious domains
What to do when a security incident appears
If a security incident appears on the My Security Events page, then UKCloud will contact you via email or a phone call.
If you would like to request that other clouds, networks or security domains are supported, contact firstname.lastname@example.org.