All Products
Search

This Product

    ActionTrail:Terms

    Document Center

    ActionTrail:Terms

    Last Updated:Jan 08, 2025

    This topic describes the terms that are used in ActionTrail to help you better understand and use the service.

    Term

    Description

    management account

    A management account is used to enable a resource directory and serves as the super administrator of the resource directory. The management account has all administrative permissions on the resource directory and the members in the resource directory. You can use only an Alibaba Cloud account that passed enterprise real-name verification as a management account. Each resource directory can have only one management account.

    member

    A member is a container for resources and is also an organizational unit in a resource directory. A member can be a project or an application. The resources of different members are isolated. You can use a management account to authorize Resource Access Management (RAM) users, user groups, or RAM roles to access the resources of members.

    You can use the management account of a resource directory to invite a member to join the resource directory or create a member in the resource directory.

    event

    An event is a record that is generated when you perform operations in the Alibaba Cloud Management Console, call API operations, or use developer tools to access and manage services on Alibaba Cloud. An event records information about an operation that you perform, including the operation time, username, resource, operation type, operation result, and source IP address. Events can be classified into management events and Insights events based on event sources.

    management event

    A management event is a record that is generated when you perform a control plane operation to manage resources on Alibaba Cloud. For example, a management event is generated when you create or delete an ApsaraDB RDS instance or an Object Storage Service (OSS) bucket. However, no management events are generated when you perform data plane operations such as operations on tables of an ApsaraDB RDS instance or on objects in an OSS bucket.

    Insights event

    The Insights feature helps you analyze the stability and security of your Alibaba Cloud account based on the management events that are generated within your Alibaba Cloud account. Insights events are generated when unusual activities are identified. ActionTrail generates Insights events for unusual activities that are associated with API call rates, API error rates, IP addresses, AccessKey pair call rates, permission changes, password changes, and trail concealment.

    global service

    A global service applies to all regions of Alibaba Cloud, such as RAM.

    global event

    A global event is a record of a global service. To query all global events, log on to the ActionTrail console. In the left-side navigation pane, choose Events > Event Query. On the page that appears, select the required region to query all global events. After you create a trail to deliver global events to an Object Storage Service (OSS) bucket, the global events are stored in the same directory as the events that occur in the home region of the trail.

    Note

    Starting from 00:00:00 on December 22, 2022, you can query global events only in the Singapore region.

    home region

    A home region is the region where a trail is created.

    trail

    A trail is created to deliver events to an OSS bucket or a Simple Log Service Logstore for storage and further analysis. Trails are divided into the following categories based on the creator, applicable scope, and delivered content: single-account trails, multi-account trails, and trails for the Inner-ActionTrail feature.

    single-account trail

    A single-account trail is used to track and record the events of the Alibaba Cloud account that is used to create the trail.

    multi-account trail

    A multi-account trail is created by using a management account to track and record the events of all members in the resource directory enabled by the management account. A multi-account trail can deliver the events of all members to an OSS bucket or a Simple Log Service Logstore.

    Alibaba Cloud-initiated event

    An Alibaba Cloud-initiated event is generated when the Alibaba Cloud O&M team performs maintenance operations on your services. You can create a trail for the Inner-ActionTrail feature to deliver Alibaba Cloud-initiated events to a storage service.

    trail for the Inner-ActionTrail feature

    A trail for the Inner-ActionTrail feature is created by using an Alibaba Cloud account to deliver Alibaba Cloud-initiated events to a storage service.

    shadow trail

    If you create a trail to track and record events in specific regions, ActionTrail automatically creates a shadow trail that uses the same configuration in each of the regions to track and record the events.

    data event

    A data event records operations that are frequently called within resources by using an Alibaba Cloud account, RAM user, or RAM role.

    data event selector

    A data event selector is used to specify events of the read or write type, specific services, and associated resources. If you configure the data event selector when you create a trail, ActionTrail tracks only the specified events and delivers the events to the Simple Log Service Logstore that you specify.