All Products
Search
Document Center

ActionTrail:Query Insights events in the ActionTrail console

Last Updated:Apr 26, 2024

The Insights feature uses mathematical models to intelligently analyze management events that are generated within your Alibaba Cloud account to help you identify unusual activities. After the Insights feature is enabled, ActionTrail analyzes management events, identifies unusual activities that are associated with API call rates, API error rates, IP addresses, and AccessKey pair call rates, and generates Insights events. This topic describes how to query Insights events in the ActionTrail console. You can view management risks in the cloud and implement remedial measures at the earliest opportunity. In this topic, a single-account trail is created, and Insights events generated for unusual activities that are associated with API call rates are queried.

Prerequisites

A single-account trail that meets the following conditions is created:

  • The trail delivers events from all regions.

  • The trail delivers all types of events.

For more information, see Create a single-account trail.

Note

If no unusual activities are found in your Alibaba Cloud account, no Insights events are generated.

Step 1: Enable the Insights feature

  1. Log on to the ActionTrail console.

  2. In the left-side navigation pane, click Insights.

  3. On the Insights page, click Enable Insights.

    Note

    After the Insights feature is enabled, ActionTrail generates the first Insights event after at least 24 hours.

Step 2: Query Insights events

  1. In the left-side navigation pane, click Insights.

  2. In the top navigation bar, select the region of the Insights events that you want to query.

  3. On the Insights page, set the Event Type parameter to ApiCallRateInsight and click the 查询按钮 icon.

    Note

    You can specify a single search condition such as IP Address or Event Type to query Insights events.

  4. Find the Insights event that you want to query and click View Event Details in the Actions column.

  5. In the Insights Events section on the right, click an Insights event record.

    image.png

    • On the Insights Events tab, you can view Basic Information and Multi-dimensional Aggregation Analysis of the Insights event record.

    • On the Related Events tab, you can view all the related events and their details.

    • On the Insights Event Records tab, you can view the Insights event record in the JSON format.

      Note

      For more information about the fields in an Insights event, see Insights event structure.

References