Step 1: Purchase MTD and Create a Detector

Prerequisites

MTD permissions have been granted to a user of the IAM account. For details, see How Do I Use My IAM Account to Grant MTD Permissions to a User?

To create a detector and then perform other operations, you need to obtain permissions from the IAM account first.

Otherwise, you cannot perform operations on MTD.

If you are an administrator, perform the following operations to grant required permissions to the user:

1. Create a custom policy.

Create a custom policy on the IAM console. For details, see Creating a Custom Policy.

2. Create a user group and grant permissions to the user group.

Grant policy permissions to the group where the user belongs. For details, see Creating a User Group and Assigning Permissions.

Constraints

• Currently, MTD is supported in AP-Bangkok, AP-Singapore, LA-MexicoCity1, LA-Sao Paulo1, CN-Hong Kong, AF-Johannesburg, and LA-Santiago regions only.
• You can create a detector only in the region where your cloud services locate.

Procedure

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the navigation pane on the left and choose Security & Compliance > Managed Threat Detection.
   Figure 1 Home page of MTD
   

4. Click Create Now. The purchase details page is displayed.
5. On the displayed page, set the Region, Edition, and Required Duration as needed.
   Figure 2 Purchasing MTD
   
   1. Specify the Region.

      Select the desired region. MTD cannot be used across regions.

   2. Select the Edition.

      There are four detection packages you can choose from. Each package allows you to scan different volumes of cloud service logs. For details, see Specifications. DNS and VPC service logs are counted by data volume, and CTS, IAM, and OBS service logs are counted by event (one log is an event).

      Table 1 Specifications

      Edition	DNS and VPC Logs	CTS Logs	IAM Logs	OBS Logs
      Bronze package	1 GB/month	50 thousand/month	50 thousand/month	500 thousand/month
      Silver package	70 GB/month	1 million/month	500 thousand/month	30 million/month
      Gold package	230 GB/month	20 million/month	2 million/month	300 million/month
      Platinum package	600 GB/month	50 million/month	5 million/month	700 million/month

   3. Choose an Add-on Package.

      The system automatically purchases an add-on package based on the volume of scanned data that exceeds the purchased package. The add-on package is billed on a pay-per-use basis.

   4. Specify the Required Duration.

      The required duration can be from one month to three years.

      

      • For archiving purposes, you are advised to buy at least three months of the service.
      • You can enable Auto-renew after specifying the required duration.

        Deduction rule: The renewal charges are automatically deducted from your account balance. For details, see Auto-Renewal Rules.

        Renewal duration: For a monthly subscription, the system renews the package on a monthly basis. For a yearly subscription, the system renews the package on a yearly basis.

6. Read and select Managed Threat Detection Service Disclaimer and Add-on Pack Usage Rules.
7. Click Create Now in the lower right corner to continue on the confirmation page.
8. Confirm the purchase information and click Pay Now in the lower right corner. The Pay page is displayed.
9. Select a payment method and complete the payment. Payment processed successfully. is displayed.
10. Click Back to Console to switch to the MTD management console. On the Detection Result page, view the Process Flow. If Buy MTD is checked as shown in Figure 3, the purchase is successful. You then need to create a detector in the current region.
    Figure 3 MTD successfully purchased
    

11. Click Create Now in the Create Detector pane. After the creation is complete, Detector created. is displayed. The page is automatically refreshed. Click in the upper left corner of the page to show the Process Flow. If Create Detector is checked as shown in Figure 4, the detector is successfully created. The purchased package is displayed in the upper right corner of the page.
    Figure 4 Detector created successfully
    
    

    The detection function is enabled for logs of all supported services by default after you create the detector for the first time.