Configuring Key Event Notifications

Scenarios

You can create key event notifications on CTS so that Simple Message Notification (SMN) sends you notifications of key events. This function is triggered by CTS, and notifications are sent by SMN. You can use this function for:

Real-time detection of high-risk operations (such as VM restart and security configuration changes), cost-sensitive operations (such as creating and deleting expensive resources), and service-sensitive operations (such as network configuration changes).
Detection of operations such as login of users with admin-level permissions or operations performed by users who do not have the required permissions.
Connection with your own audit system: You can synchronize all audit logs to your audit system in real time to analyze the API calling success rate, unauthorized operations, security, and costs.

Prerequisites

SMN sends key event notifications to subscribers. Before setting notifications, you need to know how to create topics and add subscriptions on the SMN console.
Currently, you can create up to 100 key event notifications on CTS and specify key operations, users, and topics for each notification. Complete key event notifications and typical key event notifications can be sent to specified users and notification topics.
If CTS and Cloud Eye use the same message topic, they will send messages to the same targets, but the message contents will be different.
You can configure key event notifications on operations for up to 50 users in 10 user groups. For each notification, you can select multiple users in the same user group.
You can select up to 1000 key operations of 100 cloud services for each notification.
More configurations and more powerful functions are provided for key event notifications.

Creating a Key Event Notification

Log in to the management console.
Click in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
In the navigation pane on the left, choose Key Event Notifications.
The Key Event Notifications page is displayed.
Click Create Key Event Notification. On the displayed page, specify required parameters.
Enter a key event notification name.
Notification Name: Identifies key event notifications. This parameter is mandatory. The name can contain up to 64 characters. Only letters, digits, and underscores (_) are allowed.
Configure key operations.
- Operation Type: Select All, Typical, or Custom.
  - All: This option is suitable if you have connected CTS to your own audit system. When All is chosen, you cannot deselect operations because all operations on all cloud services that have connected with CTS will trigger notifications. You are advised to use an SMN topic for which HTTPS is selected.
  - Custom: This option is suitable for enterprises that require detection of high-risk, cost-sensitive, service-sensitive, and unauthorized operations. You can connect CTS to your own audit system for log analysis.
    Select the operations that will trigger notifications. Up to 1000 operations of 100 services can be added for each notification. For details, see section "Supported Services and Operations" in the Cloud Trace Service User Guide.
- Advanced Filter: You can set an advanced filter to specify the operations that will trigger notifications. Operations can be filtered by fields api_version, code, trace_rating, trace_type, resource_id, and resource_name. Up to six filter conditions can be set. When you configure multiple conditions, specify whether an operation is considered a match when all conditions are met (AND) or any of the conditions are met (OR).
Configure users.
SMN messages will be sent to subscribers when the specified users perform key operations.
- If you select All users, SMN will notify subscribers of key operations initiated by all users.
- If you select Specified users, SMN will notify subscribers of key operations initiated by your specified users. You can configure key event notifications on operations for up to 50 users in 10 user groups. For each notification, you can select multiple users in the same user group.
Configure an SMN topic.
- If you select Yes for Send Notification, you can select an existing topic or click Topic to create one on the SMN console.
- If you do not want to send notifications, no further action is required.
Click OK.

View Key Event Notification

Log in to the management console.
Click in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
In the navigation pane on the left, choose Key Event Notifications. The Key Event Notifications page is displayed.
Click View in the Operation column. The View Key Event Notifications page is displayed.

Enable Key Event Notification

Log in to the management console.
Click in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
In the navigation pane on the left, choose Key Event Notifications. The Key Event Notifications page is displayed.
Click Start in the Operation column. The Enabling Key Event Notifications page is displayed.
Click Yes to enable the key event notification function.

Modifying a Key Event Notification

Log in to the management console.
Click in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
In the navigation pane on the left, choose Key Event Notifications. The Key Event Notifications page is displayed.
Click More > Modify in the Operation column. The Key Event Notifications page is displayed.
Then, click OK.

Deleting a Key Event Notification

Log in to the management console.
Click in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
In the navigation pane on the left, choose Key Event Notifications. The Key Event Notifications page is displayed.
Choose More > Delete in the Operation column. The Delete Key Event Notifications page is displayed.
Click Yes to delete the key event notification function.