Help Center/ Managed Threat Detection/ Best Practices/ Data Synchronization between MTD and OBS
Updated on 2022-03-14 GMT+08:00

Data Synchronization between MTD and OBS

Scenario

MTD stores data of the latest 30 days only. You can upload data to an OBS bucket to store it for a longer time.

Procedure

  1. Log in to the management console.
  2. Click and choose Security & Compliance > Managed Threat Detection. The Detection Result page is displayed. Choose Settings > Data Synchronization form the navigation pane.

    Figure 1 Data Synchronization page

  3. Click next to Upload to OBS and set required parameters. Table 1 describes the parameters. The detection results will be uploaded to the configured OBS bucket according to the specified frequency.

    Figure 2 Uploading detection results to the OBS bucket
    Table 1 Parameter description

    Parameter

    Description

    Example Value

    Upload Frequency

    Frequency of uploading real-time detection results to the OBS bucket. MTD detects threats in real time and allows you to set the upload frequency as needed. Only the newly generated data will be uploaded.

    • Every 30 minutes
    • Every hour (default)
    • Every 3 hours

    Every 30 minutes

    Bucket Name

    Name of the OBS bucket that stores the detection results

    NOTE:

    If no OBS bucket is available, click View/Create OBS Bucket. For details, see Creating a Bucket.

    obs-mtd-beijing4

    Object Name

    Name of the object storing the detection results. You can enter the name of an existing object in the bucket or customize an object name. If the custom object name does not exist, an OBS bucket will be automatically created. You are advised to customize a name.

    mtd-warning-data

    Storage Path

    Path of the OBS bucket storing the detection results

    obs://obs-mtd-beijing4/mtd-warning-data

  4. Confirm the information and click OK.

Example

After data synchronization is enabled, you can view the alarm information on OBS.

  • After MTD data synchronization is enabled, you will be billed for using the OBS bucket on a pay-per-use basis. For details, see OBS Billing. There is no limit on storage space.
  • If you have purchased fixed storage space in yearly/monthly mode, you can clear historical data only when the data has been stored for at least 180 days. The required capacity should be greater than or equal to the size of MTD alarm files to be stored in OBS.
  1. Log in to the management console. Click and choose Storage > Object Storage Service. The OBS console is displayed. On the Buckets page, locate and click the target bucket obs-mtd-beijing4. In the navigation pane on the left, choose Object. In the object list, locate the mtd-warning-data object.

    Figure 3 Object

  2. Click mtd-warning-data to view the file. The alarm data generated for by MTD for the services is stored in mtd-warning-data. The alarm files are stored one by one based on the modification time.

    Figure 4 Alarm files

If you need to change the auto update frequency or storage path, go to the Data Synchronization page and click Modify.
Figure 5 Modifying the parameters