Security Auditing
Scenarios
You can query operation records matching specified conditions and check whether operations have been performed by authorized users for security analysis.
This section describes how to use CTS to audit EVS creation and deletion operations performed in the last two weeks.
Constraints
To store operation records for longer than 90 days, you must configure transfer to OBS or LTS for trackers so that you can view them in OBS buckets or LTS log groups.
Prerequisites
You have enabled CTS and trackers are running properly.
Viewing Real-Time Traces in the Trace List of the Old Edition
The following takes the records of EVS disk creation and deletion in the last week as an example.
- Log in to the management console as a CTS administrator.
- Click
in the upper left corner to select the desired region and project.
- Click
in the upper left corner and choose Management & Deployment > Cloud Trace Service. The CTS console is displayed.
- Choose Trace List in the navigation pane.
- Set the time range to Last 1 week.
- Set filters above the trace list to query the EVS disk creation and deletion operations.
- To query disk creation operations, set Trace Type to Management, Trace Source to EVS, Resource Type to evs, and Search by to Trace name. Enter createVolume in the text box on the right of Trace name.
- To query disk deletion operations, set Trace Type to Management, Trace Source to EVS, Resource Type to evs, and Search by to Trace name. Enter deleteVolume in the text box on the right of Trace name.
- Click Query to check the filtering results.
- Check the user information in the results to identify unauthorized operations or operations that do not conform to security rules.
- (Optional) To query operation records older than 90 days, go to the OBS bucket or LTS log group. For details, see Querying Transferred Traces.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot