This topic describes the alert rules for the security of Object Storage Service (OSS) traffic. You can configure and enable alert rules in the Simple Log Service console to monitor the security of OSS traffic. If an alert is triggered, you can identify the error cause and fix the error at the earliest opportunity.
Alert rules
The following alert rules are supported. For information about how to set alert parameters, configure whitelists, and perform other relevant operations, see Configure alerts.
OSS Flow Anomaly Inspection
ID | sls_app_audit_dataflow_at_oss_flow_detc |
Name | OSS Flow Anomaly Inspection |
Version | 1 |
Type | Cloud Platform, Alicloud, Data Security, and OSS Flow Security. |
Usage | Monitors the inbound and outbound traffic of OSS. If the number of traffic exceptions exceeds the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 4 hours. |
Time Range | The data of the last 4 hours is checked. |
Parameters Settings | You can specify the following parameters:
|
External Configurations | None. |
Solution | Check whether an exception occurs in the OSS bucket that triggered the alert. |
Prerequisites | The Access Log switch of OSS is turned on. To turn on the switch, go to the Log Audit Service console, and then choose . |
OSS Inflow Anomaly Inspection
ID | sls_app_audit_dataflow_at_oss_inflow_detc |
Alert Name | OSS Inflow Anomaly Inspection |
Version | 1 |
Type | Cloud Platform, Alicloud, Data Security, and OSS Flow Security. |
Usage | Monitors the inbound traffic of OSS. If the number of traffic exceptions exceeds the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 4 hours. |
Time Range | The data of the last 4 hours is checked. |
Parameters Settings | You can specify the following parameters:
|
External Configurations | None. |
Solution | Check whether an exception occurs in the OSS bucket that triggered the alert. |
Prerequisites | The Access Log switch of OSS is turned on. To turn on the switch, go to the Log Audit Service console, and then choose . |
OSS Outflow Anomaly Inspection
ID | sls_app_audit_dataflow_at_oss_outflow_detc |
Name | OSS Outflow Anomaly Inspection |
Version | 1 |
Type | Cloud Platform, Alicloud, Data Security, and OSS Flow Security. |
Usage | Monitors the outbound traffic of OSS. If the number of outbound traffic exceptions exceeds the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 4 hours. |
Time Range | The data of the last 4 hours is checked. |
Parameter Settings | You can specify the following parameters:
|
External Configurations | None. |
Solution | Check whether an exception occurs in the OSS bucket that triggered the alert. |
Prerequisites | The Access Log switch of OSS is turned on. To turn on the switch, go to the Log Audit Service console, and then choose . |
OSS Access PV Anomaly Inspection
ID | sls_app_audit_dataflow_at_oss_pv_detc |
Name | OSS Access PV Anomaly Inspection |
Version | 1 |
Type | Cloud Platform, Alicloud, Data Security, and OSS Flow Security. |
Usage | Monitors the PVs of OSS. If the number of PV exceptions exceeds the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 4 hours. |
Time Range | The data of the last 4 hours is checked. |
Parameters Settings | You can specify the following parameters:
|
External Configurations | None. |
Solution | Check whether an exception occurs in the in the OSS bucket that triggered the alert. |
Prerequisites | The Access Log switch of OSS is turned on. To turn on the switch, go to the Log Audit Service console, and then choose . |
OSS Access UV Anomaly Inspection
ID | sls_app_audit_dataflow_at_oss_uv_detc |
Name | OSS Access UV Anomaly Inspection |
Version | 1 |
Type | Cloud Platform, Alicloud, Data Security, and OSS Flow Security. |
Usage | Monitors the UVs of OSS. If the number of UV exceptions exceeds the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 4 hours. |
Time Range | The data of the last 4 hours is checked. |
Parameters Settings | You can specify the following parameters:
|
External Configurations | None. |
Solution | Check whether an exception occurs in the OSS bucket that triggered the alert. |
Prerequisites | The Access Log switch of OSS is turned on. To turn on the switch, go to the Log Audit Service console, and then choose . |
OSS Bucket Valid Request Rate Too Low Alert
ID | sls_app_audit_dataflow_at_oss_req_rate |
Name | OSS Bucket Valid Request Rate Too Low Alert |
Version | 1 |
Type | Cloud Platform, Alicloud, Data Security, and OSS Flow Security. |
Usage | Monitors the valid request rate of OSS buckets. If the rate is lower than the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 1 minute. |
Time Range | The data of the last 2 minutes is checked. |
Parameters Settings | You can specify the following parameters:
|
External Configurations | None. |
Solution | Check whether an exception occurs in the OSS bucket that triggered the alert. |
Prerequisites | The Access Log switch of OSS is turned on. To turn on the switch, go to the Log Audit Service console, and then choose . |
Detection of OSS Bucket Visit through Internet
ID | sls_app_audit_dataflow_at_oss_internet_access |
Name | Detection of OSS Bucket Visit through Internet |
Version | 1 |
Type | Cloud Platform, Alicloud, Data Security, and OSS Flow Security. |
Usage | Monitors the access of OSS buckets over the Internet. If an OSS bucket is accessed over the Internet, an alert is triggered. |
Check Frequency | Fixed interval: 1 minute. |
Time Range | The data of the last 2 minutes is checked. |
Parameter Settings | You can specify the following parameters: Severity: The severity level of the alert. Valid values: Critical-10, High-8, Medium-6, Low-4, and Report-2. |
External Configurations | You can specify a whitelist of accounts. If an OSS bucket belongs to an account on the whitelist and the OSS bucket is accessed over the Internet, no alert is triggered. |
Solution | Do not allow OSS buckets that do not belong to an account on the whitelist to be accessed over the Internet. |
Prerequisites | The Access Log switch of OSS is turned on. To turn on the switch, go to the Log Audit Service console, and then choose . |