This topic describes the alert rules for the security of OSS data. You can configure and enable alert rules in the Simple Log Service console to monitor the security of OSS data. If an alert is triggered, you can identify the error cause and fix the error at the earliest opportunity.
Alert rules
The following alert rules are supported. For information about how to set alert parameters, configure whitelists, and perform other relevant operations, see Configure alerts.
OSS Object Frequent Deletion Alert
ID | sls_app_audit_storage_at_oss_obj_del |
Name | OSS Object Frequent Deletion Alert |
Version | 1 |
Type | Cloud Platform, Alicloud, Data Security, and OSS Data Security |
Usage | Monitors the delete operations in OSS buckets. If the delete operations exceed the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 1 minute. |
Time Range | The data of the last 2 minutes is checked. |
Parameter Settings | You can specify the following parameters:
|
External Configurations | None. |
Solution | Check whether an exception occurs in the OSS bucket that triggered the alert. |
Prerequisites | The Access Log switch of OSS is turned on. To turn on the switch, go to the Log Audit Service console, and then choose . |
OSS Bucket Account Access Control
ID | sls_app_audit_storage_at_oss_access_control |
Name | OSS Bucket Account Access Control |
Version | 1 |
Type | Cloud Platform, Alicloud, Data Security, and OSS Data Security |
Usage | Monitors the access to OSS bucket. If an OSS bucket is accessed by an unspecified Alibaba Cloud account or RAM user, an alert is triggered. |
Check Frequency | Fixed interval: 1 minute. |
Time Range | The data of the last 2 minutes is checked. |
Parameter Settings | You can specify the following parameters: Severity: The severity level of the alert. Valid values: Critical-10, High-8, Medium-6, Low-4, and Report-2. |
External Configurations | You can specify a whitelist and add the Alibaba Cloud account and RAM user to the whitelist. If an OSS bucket is accessed by a whitelist account, no alert is triggered. |
Solution | Do not allow Alibaba Cloud accounts or RAM users that are not included in the whitelist to access OSS buckets. |
Prerequisites | The Access Log switch of OSS is turned on. To turn on the switch, go to the Log Audit Service console, and then choose . |