Help Center/ Cloud Trace Service/ User Guide/ Creating a Key Event Notification
Updated on 2024-10-30 GMT+08:00
View PDF
Share

Creating a Key Event Notification

You can create key event notifications on CTS so that SMN sends you SMS, email, or HTTP/HTTPS notifications of key events. This function is triggered by CTS, and notifications are sent by SMN. SMN sends key event notifications to subscribers. Before setting notifications, you need to know how to create topics and add subscriptions on the SMN console.

Scenarios

You can use this function for:
  • Real-time detection of high-risk operations (such as VM restart and security configuration changes), cost-sensitive operations (such as creating and deleting expensive resources), and service-sensitive operations (such as network configuration changes).
  • Detection of operations such as login of users with admin-level permissions or operations performed by users who do not have the required permissions.
  • Connection with your own audit system: You can synchronize all audit logs to your audit system in real time to analyze the API calling success rate, unauthorized operations, security, and costs.

Usage Description

  • For global services, you must configure key event notifications on the CTS console in the central region (CN-Hong Kong). This configuration enables the function of sending key event notifications. The preceding function will not take effect if you perform the configuration on the CTS console in any region outside the central region. For details about Huawei Cloud global services, see Constraints.
  • SMN sends key event notifications to subscribers. Before setting notifications, you need to know how to create topics and add subscriptions on the SMN console.
  • You can create up to 100 key event notifications on CTS:
    • Specify key operations, users, and topics to customize notifications.
    • Complete key event notifications can be sent to notification topics.
  • If CTS and Cloud Eye use the same message topic, they can receive messages from the same terminal but with different content.
  • You can configure one key event notification for operations initiated by a maximum of 50 users in 10 user groups. For each key event notification, you can add users from different user groups, but cannot select multiple user groups at once.

Creating a Key Event Notification

  1. Log in to the management console.
  2. Click in the upper left corner and choose Management & Governance > Cloud Trace Service. The CTS console is displayed.
  3. In the navigation pane on the left, choose Key Event Notifications.

    The Key Event Notifications page is displayed.

  4. Click Create Key Event Notification. On the displayed page, specify required parameters.
  5. Enter a key event notification name.

    Notification Name: Identifies key event notifications. This parameter is mandatory. The name can contain up to 64 characters. Only letters, digits, and underscores (_) are allowed.

  6. Configure key operations.
    Select the operations that will trigger notifications. When a selected operation is performed, an SMN notification is sent immediately.
    • Operation Type: Select All or Custom.
      • All: This option is suitable if you have connected CTS to your own audit system. When All is chosen, you cannot deselect operations because all operations on all cloud services that have connected with CTS will trigger notifications. You are advised to use an SMN topic for which HTTPS is selected.
      • Custom: This option is suitable for enterprises that require detection of high-risk, cost-sensitive, service-sensitive, and unauthorized operations. You can connect CTS to your own audit system for log analysis.

        Customize the operations that will trigger notifications. Up to 1,000 operations of 100 services can be added for each notification. For details, see Supported Services and Operations.

    • Advanced Filter: You can set an advanced filter to specify the operations that will trigger notifications. Operations can be filtered by fields api_version, code, trace_rating, trace_type, resource_id, and resource_name. Up to six filter conditions can be set. When you configure multiple conditions, specify whether an operation is considered a match when all conditions are met (AND) or any of the conditions are met (OR).
      Table 1 Advanced filtering parameters

      Parameter

      Description

      api_version

      Version of the API called in a trace.

      Enumerated values:

      • v1
      • v3

      code

      HTTP status code returned by an API.

      trace_rating

      Trace status.

      Enumerated values:
      • normal
      • warning
      • incident

      trace_type

      Trace type. The value can be system (management traces) or data (data traces).

      Enumerated values:

      • system
      • data

      resource_id

      ID of a cloud service resource on which operations are performed. Example: 5a0215bed7a14de38193a******facef

      resource_name

      Resource name recorded in a trace.
  7. Configure users.

    SMN messages will be sent to subscribers when the specified users perform key operations.

    • If you select All users, SMN will notify subscribers of key operations initiated by all users.
    • If you select Specified users, SMN will notify subscribers of key operations initiated by your specified users. You can configure up to 50 users across up to 10 user groups. During each selection, you can choose multiple users within a single group, but not multiple groups at once. To add more groups, click Add for each one.
  8. Configure an SMN topic.
    • When Yes is selected for Send Notification:
      • Create a cloud service agency.: (Mandatory) If you select this check box, CTS automatically creates a cloud service agency when you create a key event notification. The agency authorizes you to use SMN.
      • SMN Topic: You can select an existing topic or click SMN to create one on the SMN console.
    • If you do not want to send notifications, no further action is required.
  9. Click OK.

Managing Key Event Notifications

After you create a key event notification, you can view its name, status, template, and SMN topic in the notification list and delete it as required.

  1. Log in to the management console.
  2. Click in the upper left corner and choose Management & Governance > Cloud Trace Service. The CTS console is displayed.
  3. Choose Key Event Notifications in the navigation pane on the left. On the displayed page, perform the following operations as required. For details, see Table 2.

    Table 2 Related operations

    Operation

    Description

    Viewing a key event notification

    Click a notification name to view the operation list and user list details of the notification.

    Enable/Disable a key event notification

    Click Enable or Disable in the Operation column.

    NOTE:

    CTS can trigger key event notifications only after SMN is configured.

    Modifying a key event notification

    Click Modify in the Operation column.

    Deleting a key event notification

    Click Delete in the Operation column.

    Searching for a notification

    In the search box above the list, you can search for notifications by notification name, status, template type, or SMN topic.

    Refreshing the key event notification list

    Click in the upper right corner.

    Configuring basic settings

    Click in the upper right corner to set table text wrapping, fixed operation column position, and custom columns.