Help Center> Managed Threat Detection> User Guide> Usage> Step 1: Purchase MTD and Create a Detector
Updated on 2022-12-02 GMT+08:00

Step 1: Purchase MTD and Create a Detector

MTD uses a detector to scan service logs in the target region in real time.

Prerequisites

MTD permissions have been granted to a user of the IAM account. For details, see How Do I Use My IAM Account to Grant MTD Permissions to a User?

To create a detector and then perform other operations, you need to obtain permissions from the IAM account first.

Otherwise, you cannot perform operations on MTD.

If you are an administrator, perform the following operations to grant required permissions to the user:

1. Create a custom policy.

Create a custom policy on the IAM console. For details, see Creating a Custom Policy.

2. Create a user group and grant permissions to the user group.

Grant policy permissions to the group where the user belongs. For details, see Creating a User Group and Assigning Permissions.

Constraints

  • Currently, MTD is supported in AP-Bangkok, AP-Singapore, LA-MexicoCity1, LA-Sao Paulo1, CN-Hong Kong, AF-Johannesburg, and LA-Santiago regions only.
  • You can create a detector only in the region where your cloud services locate.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the navigation pane on the left and choose Security & Compliance > Managed Threat Detection.

    Figure 1 Home page of MTD

  4. Click Create Now. The purchase details page is displayed.
  5. On the displayed page, set the Region, Edition, and Required Duration as needed.

    Figure 2 Purchasing MTD
    1. Specify the Region.

      Select the desired region. MTD cannot be used across regions.

    2. Select the Edition.

      There are four detection packages you can choose from. Each package allows you to scan different volumes of cloud service logs. For details, see Specifications. DNS and VPC service logs are counted by data volume, and CTS, IAM, and OBS service logs are counted by event (one log is an event).

      Table 1 Specifications

      Edition

      DNS and VPC Logs

      CTS Logs

      IAM Logs

      OBS Logs

      Bronze package

      1 GB/month

      50 thousand/month

      50 thousand/month

      500 thousand/month

      Silver package

      70 GB/month

      1 million/month

      500 thousand/month

      30 million/month

      Gold package

      230 GB/month

      20 million/month

      2 million/month

      300 million/month

      Platinum package

      600 GB/month

      50 million/month

      5 million/month

      700 million/month

    3. Choose an Add-on Package.

      The system automatically purchases an add-on package based on the volume of scanned data that exceeds the purchased package. The add-on package is billed on a pay-per-use basis.

    4. Specify the Required Duration.

      The required duration can be from one month to three years.

      • For archiving purposes, you are advised to buy at least three months of the service.
      • You can enable Auto-renew after specifying the required duration.

        Deduction rule: The renewal charges are automatically deducted from your account balance. For details, see Auto-Renewal Rules.

        Renewal duration: For a monthly subscription, the system renews the package on a monthly basis. For a yearly subscription, the system renews the package on a yearly basis.

  6. Read and select Managed Threat Detection Service Disclaimer and Add-on Pack Usage Rules.
  7. Click Create Now in the lower right corner to continue on the confirmation page.
  8. Confirm the purchase information and click Pay Now in the lower right corner. The Pay page is displayed.
  9. Select a payment method and complete the payment. Payment processed successfully. is displayed.
  10. Click Back to Console to switch to the MTD management console. On the Detection Result page, view the Process Flow. If Buy MTD is checked as shown in Figure 3, the purchase is successful. You then need to create a detector in the current region.

    Figure 3 MTD successfully purchased

  11. Click Create Now in the Create Detector pane. After the creation is complete, Detector created. is displayed. The page is automatically refreshed. Click in the upper left corner of the page to show the Process Flow. If Create Detector is checked as shown in Figure 4, the detector is successfully created. The purchased package is displayed in the upper right corner of the page.

    Figure 4 Detector created successfully

    The detection function is enabled for logs of all supported services by default after you create the detector for the first time.