All Products
Search

This Product

    Alibaba Cloud Service Mesh:Use the OpenAPI operation audit feature in ASM

    Document Center

    Alibaba Cloud Service Mesh:Use the OpenAPI operation audit feature in ASM

    Last Updated:Feb 06, 2024

    If you want to comprehensively monitor and audit OpenAPI operations in Service Mesh (ASM), you can use the OpenAPI operation audit feature of ASM to record and trace operations of users, and thus improve the mesh security and traceability.

    Prerequisites

    An ASM instance is created.

    Procedure

    1. Log on to the ASM console. In the left-side navigation pane, choose Service Mesh > Mesh Management.

    2. On the Mesh Management page, click the name of the ASM instance. In the left-side navigation pane, choose Mesh Security Center > OpenAPI Operation Audit.

    3. In the ActionTrail console, choose Events > Event Query in the left-side navigation pane.

      By default, you can query events that are generated in the last 90 days on the Event Query page. You can select an appropriate method to query events in different scenarios.

      ScenarioQuery methodReferences
      Query management events that were generated in the last 90 daysPerform event detail queries.

      You can perform event detail queries to query management events that were generated in the last 90 days. You can specify only one filter condition for each event detail query.

      		Query events in the ActionTrail console
      Query statistics collected at intervals of 2 hours for management events that were generated in the last 90 daysPerform event summary queries.

      You can perform event summary queries to query the statistics collected at intervals of 2 hours for management events that were generated in the last 90 days. This helps improve the online query efficiency of events. You can specify only one filter condition for each event summary query.

      		Event summary query
      Query events that were generated more than 90 days agoPerform advanced event queries.

      If you enable the advanced event query feature for an existing trail, you can perform advanced event queries to query management events and insight events that were generated both in the last 90 days and more than 90 days ago. You can specify multiple filter conditions for each advanced event query.

      		Perform custom event queries
      Query exceptional operations that were performed in the last 90 daysPerform insight event queries.

      You can perform insight event queries to query exceptional operations that were performed in specific scenarios in the last 90 days. You can specify only one filter condition for each insight event query. For example, an IPInsight event helps you gain an insight into an operation that was performed from an unusual IP address and identify potential risks at the earliest opportunity. You can perform online queries of IPInsight events that were generated in the last 90 days.

      		Query Insights events in the ActionTrail console