Help Center> Managed Threat Detection> User Guide> Usage> Step 2: Create a Tracker
Updated on 2023-09-22 GMT+08:00

Step 2: Create a Tracker

After you create the detector, CTS threat detection is enabled by default. However, MTD cannot obtain log data from the CTS service without a tracker.

This section describes how to configure the tracker.

Limitations and Constraints

CTS threat detection is not supported for the CN-Hong Kong region.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the left navigation pane and choose Security & Compliance > Managed Threat Detection.

    View the notice on the Detection Result page.
    Figure 1 Notice on the detection result page

  4. Click Creating a Tracker to switch to the CTS Tracker List page. In the tracker list, locate the only default tracker which is of the Management type.

    Figure 2 Management tracker

  5. In the row that contains the target tracker, click Configure in the Operation column.

    1. On the Basic Information page, the tracker name is generated by default.
    2. Click Next to go to the Configure Transfer page.
    3. On the Configure Transfer page, toggle on Transfer to LTS.
      Figure 3 Configure Transfer
    4. Click Next to go to the Preview and Finish page
    5. Confirm settings and click Configure.

  6. Go back to the MTD console.
  7. In the left navigation pane, choose Settings > Detection Settings. On the Detection Settings page, click next to Cloud Trace Service (CTS) to turn the toggle off. In the displayed dialog box, click OK to temporarily disable CTS threat detection. Operation successfully! is displayed in the upper right corner.

    Figure 4 Disabling CTS

  8. Click next to Cloud Trace Service Log (CTS) to enable CTS threat detection. Operation successfully! is displayed in the upper right corner.

    Figure 5 Enabling CTS

  9. In the navigation pane on the left, choose Detection Result. On the displayed page, "No threats have been found in the latest log data of IAM log, OBS log, DNS log, CTS log up to now" disappears. If CTS threat detection is enabled, the tracker is configured successfully.

    Figure 6 Tracker configured