ActionTrail supports the event alerting feature. After you set alert rules and specify users or user groups, ActionTrail sends alert notifications to the specified users or user groups by using various methods when abnormal events are detected on the cloud. This allows users or user group members to handle exceptions at the earliest opportunity.

Benefits

  • Real-time inspection of events: After you set alert rules, ActionTrail inspects events in the cloud in real time to detect abnormal events. This helps discover risks at the earliest opportunity.
  • Built-in and custom alert rules: ActionTrail provides multiple built-in alert rules regarding account security, permission management, and resource management. ActionTrail also allows you to create custom alert rules. You can enable an alert rule with a few clicks. After you enable an alert rule, ActionTrail performs an inspection based on the alert rule every 15 minutes to scan the events recorded by the specified trail within the past half hour.
  • Multiple notification methods: ActionTrail supports multiple notification methods such as text message, email, and DingTalk. One alert notification is sent only once within 1 hour. For example, if ActionTrail sends an alert notification to the specified users or user groups at 10:00, the alert notification will not be sent again from 10:00 to 11:00.
  • User group management: ActionTrail allows you to create users and user groups, and flexibly configure alert contacts.

Procedure

Step Description
Step 1: Create a trail The event alerting feature of ActionTrail allows you to inspect the events recorded by a specified trail. Therefore, you must create a trail first.
Step 2: Enable the event alerting feature You must enable the event alerting feature to inspect the events recorded by a specified trail.
Step 3: Create users and a user group You must create users and user groups before you can specify alert contacts.
Step 4: Create an alert template (Optional) By default, ActionTrail uses the SLS actiontrail builtin content template to send alert notifications. You can also create custom alert templates based on your business requirements.
Step 5: Create an action policy (Optional) By default, ActionTrail uses the SLS actiontrail builtin action policy to send alert notifications. You can also create custom action policies based on your business requirements.
Step 6: Enable an alert rule You must enable an alert rule so that ActionTrail can inspect events based on the alert rule. An alert is triggered when an event meets the condition of the alert rule.
Step 7: Set alert parameters (Optional) After you enable an alert rule, ActionTrail inspects events and triggers alerts based on the severity preset for the alert rule. You can also set alert parameters based on your business requirements.
Note You can set alert parameters only for built-in alert rules.
Step 8: Create a whitelist (Optional) If you want specified Alibaba Cloud accounts, RAM users, RAM roles, and IP addresses to be exempt from an alert rule, you can add them to a whitelist.