- What's New
- Function Overview
- Service Overview
- Getting Started
- User Guide
- Best Practices
- API Reference
- SDK Reference
-
FAQs
- Must I Use an IAM User (Sub Account) to Configure Transfer on CTS and Perform Operations on an OBS Bucket?
- What Information Is on the Trace List?
- How Will CTS Be Affected If My Account Balance Is Insufficient?
- What Are the Recommended Users of CTS?
- What Will Happen If I Have Enabled Trace Transfer But Have Not Configured an Appropriate Policy for an OBS Bucket?
- Does CTS Support Integrity Verification of Trace Files?
- Why Are There Some Null Fields on the View Trace Page?
- Why Is an Operation Recorded Twice in the Trace List?
- What Services Are Supported by Key Event Notifications?
- How Can I Store Trace Files for a Long Time?
- Why Are user and source_ip Null for Some Traces with trace_type as SystemAction?
- How Do I Find Out Who Created a Specific ECS?
- How Do I Find Out the Login IP Address of an IAM User?
- Why Are Two deleteMetadata Traces Generated When I Buy an ECS in Pay-per-Use or Yearly/Monthly?
- What If I Cannot Query Traces?
- Can I Disable CTS?
- How Do I Make the Log Retention Period 180 Days?
- What Can I Do If a Tracker Cannot Be Created on the CTS Console?
- What Should I Do If I Cannot Enable CTS as an IAM User?
- How Do I Enable Alarm Notifications for EVS?
- Can I Receive Duplicate Traces?
- What Should I Do If I Fail to Transfer Data to an OBS Bucket Authorized by a Key of Another Tenant?
- Does the cts_admin_trust Agency Include OBS Authorization?
- Does CTS Record ECS Creation Failures?
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- Querying Traces
- Management Trackers
- Data Trackers
- Application Examples
- Trace References
- Cross-Tenant Transfer Authorization
- Verifying Trace File Integrity
- Auditing
- Permissions Management
- Supported Services and Operations
-
FAQs
- Must I Use an IAM User (Sub Account) to Configure Transfer on CTS and Perform Operations on an OBS Bucket?
- What Information Is on the Trace List?
- How Will CTS Be Affected If My Account Balance Is Insufficient?
- What Are the Recommended Users of CTS?
- What Will Happen If I Have Enabled Trace Transfer But Have Not Configured an Appropriate Policy for an OBS Bucket?
- Does CTS Support Integrity Verification of Trace Files?
- Why Are There Some Null Fields on the View Trace Page?
- Why Is an Operation Recorded Twice in the Trace List?
- What Services Are Supported by Key Event Notifications?
- How Can I Store Trace Files for a Long Time?
- Why Are user and source_ip Null for Some Traces with trace_type as SystemAction?
- How Do I Find Out Who Created a Specific ECS?
- How Do I Find Out the Login IP Address of an IAM User?
- Why Are Two deleteMetadata Traces Generated When I Buy an ECS?
- What If I Cannot Query Traces?
- Can I Disable CTS?
- How Do I Enable Alarm Notifications for EVS?
- Can I Receive Duplicate Traces?
- Does CTS Record ECS Creation Failures?
- API Reference (ME-Abu Dhabi Region)
-
User Guide (Paris)
- Service Overview
- Getting Started
- Querying Traces
- Management Trackers
- Application Examples
- Trace References
- Cross-Tenant Transfer Authorization
- Verifying Trace File Integrity
- Auditing
- Permissions Management
- Supported Services and Operations
-
FAQs
- Must I Use an IAM User (Sub Account) to Configure Transfer on CTS and Perform Operations on an OBS Bucket?
- How Will CTS Be Affected If My Account Balance Is Insufficient?
- What Are the Recommended Users of CTS?
- What Will Happen If I Have Enabled Trace Transfer But Have Not Configured an Appropriate Policy for an OBS Bucket?
- Does CTS Support Integrity Verification of Trace Files?
- Why Are There Some Null Fields on the View Trace Page?
- Why Is an Operation Recorded Twice in the Trace List?
- What Services Are Supported by Key Event Notifications?
- How Can I Store Trace Files for a Long Time?
- Why Are user and source_ip Null for Some Traces with trace_type as SystemAction?
- How Do I Find Out Who Created a Specific ECS?
- How Do I Find Out the Login IP Address of an IAM User?
- Why Are Two deleteMetadata Traces Generated When I Buy an ECS?
- What If I Cannot Query Traces?
- Can I Disable CTS?
- How Do I Enable Alarm Notifications for EVS?
- Can I Receive Duplicate Traces?
- Does CTS Record ECS Creation Failures?
- API Reference (Paris)
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Getting Started
- Querying Traces
- Management Trackers
- Trackers
- Organization Trackers
- Application Examples
- Trace References
- Cross-Tenant Transfer Authorization
- Verifying Trace File Integrity
- Auditing
- Permissions Management
- Supported Services and Operations
-
FAQs
- Must I Use an IAM User (Sub Account) to Configure Transfer on CTS and Perform Operations on an OBS Bucket?
- What Information Is on the Trace List?
- How Will CTS Be Affected If My Account Balance Is Insufficient?
- What Are the Recommended Users of CTS?
- What Will Happen If I Have Enabled Trace Transfer But Have Not Configured an Appropriate Policy for an OBS Bucket?
- Does CTS Support Integrity Verification of Trace Files?
- Why Are There Some Null Fields on the View Trace Page?
- Why Is an Operation Recorded Twice in the Trace List?
- What Services Are Supported by Key Event Notifications?
- How Can I Store Trace Files for a Long Time?
- Why Are user and source_ip Null for Some Traces with trace_type as SystemAction?
- How Do I Find Out Who Created a Specific ECS?
- How Do I Find Out the Login IP Address of an IAM User?
- Why Are Two deleteMetadata Traces Generated When I Buy an ECS?
- What If I Cannot Query Traces?
- Can I Disable CTS?
- How Do I Enable Alarm Notifications for EVS?
- Can I Receive Duplicate Traces?
- Does CTS Record ECS Creation Failures?
- API Reference (Kuala Lumpur Region)
-
User Guide (ME-Abu Dhabi Region)
- Videos
- General Reference
Copied.
Configuring Key Event Notifications
Scenarios
- Real-time detection of high-risk operations (such as VM restart and security configuration changes), cost-sensitive operations (such as creating and deleting expensive resources), and service-sensitive operations (such as network configuration changes).
- Detection of operations such as login of users with admin-level permissions or operations performed by users who do not have the required permissions.
- Connection with your own audit system: You can synchronize all audit logs to your audit system in real time to analyze the API calling success rate, unauthorized operations, security, and costs.
Usage Description
- SMN sends key event notifications to subscribers. Before setting notifications, you need to know how to create topics and add subscriptions on the SMN console.
- You can create up to 100 key event notifications on CTS:
- Specify key operations, users, and topics to customize notifications.
- Complete key event notifications can be sent to notification topics.
- If CTS and Cloud Eye use the same message topic, they can receive messages from the same terminal but with different content.
- You can configure one key event notification for operations initiated by a maximum of 50 users in 10 user groups. For each key event notification, you can add users from different user groups, but cannot select multiple user groups at once.
Creating a Key Event Notification
- Log in to the management console.
- Click
in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
- In the navigation pane on the left, choose Key Event Notifications.
The Key Event Notifications page is displayed.
- Click Create Key Event Notification. On the displayed page, specify required parameters.
- Enter a key event notification name.
Notification Name: Identifies key event notifications. This parameter is mandatory. The name can contain up to 64 characters. Only letters, digits, and underscores (_) are allowed.
- Configure key operations.
Select the operations that will trigger notifications. When a selected operation is performed, an SMN notification is sent immediately.
- Operation Type: Select All or Custom.
- All: This option is suitable if you have connected CTS to your own audit system. When All is chosen, you cannot deselect operations because all operations on all cloud services that have connected with CTS will trigger notifications. You are advised to use an SMN topic for which HTTPS is selected.
- Custom: This option is suitable for enterprises that require detection of high-risk, cost-sensitive, service-sensitive, and unauthorized operations. You can connect CTS to your own audit system for log analysis.
Customize the operations that will trigger notifications. Up to 1000 operations of 100 services can be added for each notification. For details, see Supported Services and Operations.
- Advanced Filter: You can set an advanced filter to specify the operations that will trigger notifications. Operations can be filtered by fields api_version, code, trace_rating, trace_type, resource_id, and resource_name. Up to six filter conditions can be set. When you configure multiple conditions, specify whether an operation is considered a match when all conditions are met (AND) or any of the conditions are met (OR).
- Operation Type: Select All or Custom.
- Configure users.
SMN messages will be sent to subscribers when the specified users perform key operations.
- If you select All users, SMN will notify subscribers of key operations initiated by all users.
- If you select Specified users, SMN will notify subscribers of key operations initiated by your specified users. You can configure key event notifications on operations for up to 50 users in 10 user groups. For each notification, you can select multiple users in the same user group.
- Configure an SMN topic.
- When Yes is selected for Send Notification:
- SMN Topic: You can select an existing topic or click SMN to create one on the SMN console.
- If you do not want to send notifications, no further action is required.
- When Yes is selected for Send Notification:
- Click OK.
Managing Key Event Notifications
After you create a key event notification, you can view its name, status, template, and SMN topic in the notification list and delete it as required.
- Log in to the management console.
- Click
in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
- Choose Key Event Notifications in the navigation pane on the left. On the displayed page, perform the following operations as required. For details, see Table 1.
Table 1 Related operations Operation
Description
Viewing a key event notification
Click View in the Operation column to view the operation list and user list details of the notification.
Enable/Disable a key event notification
Click Enable or Disable in the Operation column.
NOTE:
CTS can trigger key event notifications only after SMN is configured.
Modifying a key event notification
Click More > Modify in the Operation column to modify the configuration of the key event notification.
Deleting a key event notification
Click More > Delete in the Operation column.
Refreshing the key event notification list
Click
in the upper right corner.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot