ActionTrail supports the event alerting feature. After you set alert rules and specify users or user groups, ActionTrail sends alert notifications to the specified users or user groups by using various methods once it detects abnormal events in the cloud. This allows users or user group members to handle exceptions at the earliest opportunity.

Features

  • Real-time inspection of events: After you set alert rules, ActionTrail inspects events in the cloud in a real-time manner to detect abnormal events. This helps discover risks at the earliest opportunity.
  • Multiple built-in alert rules: ActionTrail provides multiple built-in alert rules regarding account security, permission management, and resource management. ActionTrail allows you to enable an alert rule in a few clicks. After you enable an alert rule, ActionTrail performs an inspection based on the alert rule every 15 minutes to scan the events recorded by the specified trail within the past half hour.
  • Multiple notification methods: ActionTrail supports multiple notification methods such as SMS message, email, and DingTalk. One alert notification is sent only once within 1 hour. For example, if ActionTrail sends an alert notification to the specified users or user groups at 10:00, the alert notification will not be sent again from 10:00 to 11:00.
  • User group management: ActionTrail allows you to create users and user groups, and flexibly configure alert contacts.

Procedure

Steps
Step Operation Description
Step 1 Create a trail The event alerting feature of ActionTrail allows you to inspect the events recorded by a specified trail. Therefore, you must create a trail first.

For more information, see Step 1: Create a trail.

Step 2 Enable the event alerting feature You must enable the event alerting feature to inspect the events recorded by a specified trail.

For more information, see Step 2: Enable the event alerting feature.

Step 3 Create users and a user group You must create users and user groups before you can specify alert contacts.

For more information, see Step 3: Create users and a user group.

Step 4 Create an alert template (Optional) By default, ActionTrail uses the SLS actiontrail builtin content template to send alert notifications. You can also create custom alert templates based on your business requirements.

For more information, see Step 4: (Optional) Create an alert template.

Step 5 Create an action policy (Optional) By default, ActionTrail uses the SLS actiontrail builtin action policy to send alert notifications. You can also create custom action policies based on your business requirements.

For more information, see Step 5: (Optional) Create an action policy.

Step 6 Enable an alert rule You must enable an alert rule so that ActionTrail can inspect events based on the alert rule. An alert is triggered when an event meets the condition of the alert rule.

For more information, see Step 6: Enable an alert rule.

Step 7 Set alert parameters (Optional) After you enable an alert rule, ActionTrail inspects events and triggers alerts based on the severity preset for the alert rule. You can also set alert parameters based on your business requirements.

For more information, see Step 7: (Optional) Set alert parameters.

Step 8 Create a whitelist (Optional) If you want some Alibaba Cloud accounts, RAM users, RAM roles, and IP addresses to be exempt from an alert rule, you can add them to a whitelist.

For more information, see Step 8: (Optional) Create a whitelist.