A tracker named system is automatically created when you enable CTS. This tracker identifies and associates with all cloud services your tenant account is using, and records all operations of your tenant account.
Traces are operation logs of cloud service resources and are captured and stored by CTS. You can view traces to get to know details of operations performed on specific resources.
There are two types of traces:
The trace list displays traces generated in the last seven days. These traces record operations on cloud service resources, including creation, modification, and deletion, but query operations are not recorded. There are two types of traces:
- Management traces: record details about creating, configuring, and deleting cloud service resources in your tenant account.
- Data traces: record operations on data, such as data upload and download.
A trace file is a collection of traces. CTS generates trace files based on services and transfer cycle and send these files to your specified OBS bucket in real time. In most cases, all traces of a service generated in a transfer cycle are compressed into one trace file. However, if there are a large number of traces, CTS will adjust the number of traces contained in each trace file.
Traces files are in JSON format. Figure 1 shows an example of a trace file.
Verifying Trace File Integrity
The authenticity of operation records during a security incident investigation is often affected by trace files being deleted or tampered with. The records therefore cannot be used as an effective basis for investigation. Therefore, CTS provides trace file integrity verification to help you ensure the authenticity of trace files.
The verification function for trace file integrity adopts industry standard algorithms and generates a Hash value for each trace file. This Hash value changes when the trace file is modified or deleted. Therefore, by tracking the Hash value, you can confirm whether the trace file is modified. In addition, the RSA algorithm is used to sign on the digest file to ensure that the file is not modified. In this way, any operations of modifying or deleting trace files are recorded by CTS.
After the verification function for trace file integrity is enabled, CTS generates a digest file for Hash values of all trace files recorded in the past hour and synchronizes the digest file to an OBS bucket configured for the current tracker.
CTS signs on each digest file using public and private keys. You can verify the digest file using the public key after the file is stored to the OBS bucket.
A region refers to a geographic area where the server for installing CTS is located. AZs in the same geographic area can communicate with each other through an internal network.
Data centers (DCs) of the public cloud are scattered across different regions of the world, for example, Europe and Asia. Enabling CTS in different regions makes applications more user-friendly and meets the laws and regulations of different regions.
A project corresponds to a Huawei Cloud region. Default projects are defined to isolate resources (including computing, storage, and network resources) across regions. You can create sub-projects in a default region project to isolate resources more precisely.
Was this page helpful?Provide feedback
For any further questions, feel free to contact us through the chatbot.Chatbot