OBS Usage Audit
DSC detects OBS buckets based on sensitive data identification rules and monitors identified sensitive data. After abnormal operations of the sensitive data are detected, DSC allows you to view the monitoring result and handle the abnormal events as required.
Prerequisites
- An abnormal event has been detected and displayed on the page.
- The OBS audit function has been enabled in the asset center.
- Sensitive data of OBS assets has been identified.
Procedure
- Log in to the management console.
- Click in the upper left corner and select a region or project.
- In the navigation tree on the left, click . Choose .
- In the navigation tree on the left, choose OBS Usage Audit page is displayed. For details about the parameters, see Table 1.
. The In the upper right corner of the list, select a time range, set the time period, and select an event type and status to query the abnormal behaviors you want to view.Figure 1 Data usage audit parameter
Table 1 Parameters of detected risky behaviors Parameter
Description
User ID
ID of a resource owner
Event Type
DSC classifies abnormal events into the following three types:- Unauthorized data access
- Access sensitive files without granted permissions.
- Download sensitive files.
- Abnormal data operations
- Update sensitive files.
- Append data to sensitive files.
- Delete sensitive files.
- Copy sensitive files.
- Abnormal data management
- When a bucket is added, the system detects that the bucket is a public read or a public read/write bucket.
- When a bucket is added, the system detects that the access/ACL access permissions of a private bucket are granted for anonymous users or registered user groups.
- The policy of a bucket containing sensitive files is changed or deleted.
- The ACL of a bucket containing sensitive files is changed or deleted.
- The cross-region replication configuration of a bucket containing sensitive files is modified or deleted.
- The ACL of a sensitive file is modified or deleted.
Event Name
Event that causes an exception
Alarm Time
Time when an exception occurs
Status
Status description is as follows:
- Unhandled: indicates that an abnormal event is not handled.
- Confirmed Violation: indicates that a handled abnormal event causes an exception.
- Confirmed Non-violation: indicates that a handled abnormal event does not cause any exceptions.
- Unauthorized data access
- Click View Details in the Operation column of an abnormal event to view details about the event.
Figure 2 Abnormal event details
- In the Operation column of the abnormal event, click Handle to handle the event. The handling method is as follows:
- The event is confirmed as a violation.
Should a policy violation occur and remain unhandled, DSC will persistently alert the event.
- The event is deemed normal and requires no action.
It can be configured to be ignored. Once set, DSC will cease alerts for this event, and it will not appear in the list of abnormal events.
- The event is confirmed as a violation.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.