Insight events help you identify unusual operations that are recorded in management events. After you enable the insight event feature for a trail, ActionTrail identifies API calls from unusual IP addresses recorded in management events and generates insight events. Insight events help you identify potential risks to your cloud resources and allow you to take remedial measures at the earliest opportunity. This topic describes how to query insight events in the ActionTrail console.
Prerequisites
- The permissions to manage insight events are granted to you after you request the permissions by submitting a ticket.
- A single-account trail that meets the following conditions is created:
- The trail delivers events from all regions.
- The trail delivers all types of events.
Step 1: Enable the insight event feature for a trail
You can enable the insight event feature when you create a trail or for an existing trail. The following steps show how to enable the insight event feature for an existing trail.
- Log on to the ActionTrail console.
- In the left-side navigation pane, click Trails.
- On the Trails page, click the name of the trail that you want to set as the default trail for the insight event feature.
- In the Log Event section of the trail details page, turn on State next to Calls from Unusual IP Addresses.