The data detection and response feature is a value-added feature that is provided by Data Security Center (DSC). The feature detects leaks of Object Storage Service (OSS) data and databases. To use the feature, you must purchase sufficient OSS protection capacity and database instances. The feature can check whether an object in an OSS bucket contains the AccessKey pairs of Alibaba Cloud accounts or Resource Access Management (RAM) users or database information, such as endpoints, ports, and accounts. The feature can also check risky operations, such as access to buckets and objects that use leaked or abnormal AccessKey pairs and access to databases that use leaked accounts. This topic describes the billing rules and purchase methods of the data detection and response feature.
Prerequisites
If you use a RAM user to enable the data detection and response feature, the AliyunBSSOrderAccess and AliyunBSSRefundAccess system policies are attached to the RAM user to allow the RAM user to purchase, renew, and unsubscribe from DSC. The AliyunYundunSDDPFullAccess system policy is also attached to the RAM user to allow the RAM user to manage and access the DSC console. For more information, see Grant permissions to a RAM user.
Background information
For more information about AccessKey pair leak detection and alerting, see Overview.
Billing rules
The data detection and response feature uses the subscription billing method. For more information, see Billing overview.
Purchase and enable the data detection and response feature
You can refer to the following steps to purchase the data detection and response feature based on your business scenarios.
Activate DSC for the first time and purchase value-added features
Log on to the DSC buy page by using your Alibaba Cloud account.
Select an edition.
You can select Enterprise Edition or Value-added Plan. For more information, see Purchase DSC.
Set the Data Detection and Response parameter to Enable in the Value-added Module section.
After you enable the feature, you are provided with 1 TB of OSS protection capacity and 1 database instance per month free of charge.
Configure the Data Detection and Response - OSS Protection Capacity parameter (Unit: TB.) and the Data Detection and Response - Number of Database Instances parameter.
The price varies based on the OSS protection capacity. You can purchase OSS data capacity based on the OSS capacity that requires protection after subtracting the free 1 TB each month. For more information about the pricing of OSS protection capacity, see Billing overview.
Configure the Duration parameter.
Click Buy Now and follow the on-screen instructions to complete the payment.
The first time you log on to the DSC console, the Workbench page prompts you to authorize DSC to access cloud resources. After the authorization is complete, DSC can access OSS resources and perform operations such as sensitive data scan and analysis on the cloud resources.
For more information, see Authorize DSC to access Alibaba Cloud resources.
Purchase value-added features after you purchase DSC
Log on to the DSC console.
On the Overview page, click Upgrade.
On the page that appears, set the Data Detection and Response parameter to Enable and configure the Data Detection and Response - OSS Protection Capacity and Data Detection and Response - Number of Database Instances parameters in the Value-added Module section.
When you use the data detection and response feature, the data auditing feature is required. If you use the Value-added Plan edition, we recommend that you upgrade DSC to Enterprise Edition to purchase sufficient log storage capacity.
Click Buy Now and follow the on-screen instructions to complete the payment.
What to do next
After you enable the data detection and response feature and complete authorization, you can refer to the use of the OSS data leak and database leak features to detect and handle relevant data leaks at the earliest opportunity. For more information, see Overview .