Detection and Response provides the access traceability graph feature. This feature visualizes access paths for OSS objects and helps you intuitively analyze complex data access relationships in OSS. You can track and analyze access to your OSS objects, create effective data security solutions, and improve your overall threat defense capabilities.
View an access traceability graph
Follow these steps to explore the relationships that originate from a single entity, such as an AccessKey ID, an IP address, an OSS bucket, or an OSS object. The system generates a visualized data stream graph to help you gain a complete and accurate overview of threat activities related to your OSS objects.
Log on to the Data Security Center console.
In the navigation pane on the left, choose . On the search page, view the graph by search node:
Search node
Description
AK
Enter or select the target AccessKey information from the drop-down list.
The graph shows the objects and OSS buckets that were accessed using the specified AccessKey ID, and the IP addresses used for access.
Intelligence source
Enter an object name from the intelligence source.
The graph shows the AccessKey IDs found in the object. It also shows the objects and OSS buckets accessed using these AccessKey IDs, and the IP addresses used for access.
Bucket
Enter the name of the target OSS bucket.
The graph displays the entities, such as IP addresses and AccessKey IDs, that accessed objects in the bucket.
IP
Enter an IP address.
The graph displays the OSS buckets and objects that are accessed using the IP address.
File
Enter the name of the target object.
The graph displays the entities, such as IP addresses and AccessKey IDs, that accessed objects with the specified name across different buckets.
About the access traceability graph
For example, if you enter an IP address, the graph displays the OSS buckets and objects that are accessed from that IP address.
Detection and Response displays a traceability graph only when access behavior is detected for the target search node.
By default, the traceability graph shows only the access paths associated with the search node. The search node is highlighted in purple.
By default, a maximum of five downstream nodes are displayed for a single access node. If there are more than five, you can expand the view to show more nodes. A maximum of five additional nodes are displayed each time.
Click the Help
icon in the upper-right corner of the traceability graph to view the description of each node icon.
Click the Settings
icon in the upper-right corner of the traceability graph to configure the graph layout.
Click the Download
icon in the upper-right corner of the traceability graph to export the graph. You can share the graph with relevant security administrators to improve the efficiency of access traceability analysis for the target object.In a blank area of the graph, click and drag to move the entire graph. Click and hold a node to change its position.
Move the mouse pointer over an IP node to display its region information.
Click an access node to view its basic information. For example, you can view the details of an OSS bucket.
References
On the Log Analysis page, you can view and analyze the audit logs for OSS object access. For more information, see View audit logs.