All Products
Search

This Product

    Security Center:[Notice] Unpublish CTDR 2.0 Process File Write Logs and CTDR 1.0 File Read-Write Logs

    Document Center

    Security Center:[Notice] Unpublish CTDR 2.0 Process File Write Logs and CTDR 1.0 File Read-Write Logs

    Last Updated:Mar 06, 2026

    Background

    To improve log processing efficiency and reduce resource consumption, Security Center will unpublish the data sources of CTDR 2.0 "Process File Write Logs" and CTDR 1.0 "File Read-Write Logs." Concurrently, the automatic investigation path from host alerts to security incidents, previously reliant on these data sources, will now depend on Security Center's host tracing investigation capabilities, with the investigation results provided by the Security Center business center.

    Affected users

    • CTDR 1.0 users: Alibaba Cloud users who activated CTDR on or before April 3, 2025.

    • CTDR 2.0 users: Alibaba Cloud users who activated CTDR after April 3, 2025.

    Upgrade time

    The system will automatically complete the unpublishing of the corresponding data sources and the switch of the CTDR automatic investigation path on June 19, 2025.

    Upgrade impacts

    • Switch automatic investigation path

      The CTDR automatic investigation path from host alerts to security incidents, previously reliant on the data sources of CTDR 1.0 "File Read-Write Logs" and CTDR 2.0 "Process File Write Logs," will now depend on Security Center's host tracing investigation capability to obtain host investigation results.

    • Remove data sources

      Removal of CTDR 2.0 "Process File Write Logs" data source and CTDR 1.0 "File Read-Write Logs" data source.

    • Optimize traffic and cost

      After the data sources are removed, the log traffic of the integrated services will decrease, effectively reducing log storage and delivery costs.

    • End log delivery tasks

      For users who have enabled Security Center "File Read-Write Logs" or "Process File Read-Write Logs" data source delivery tasks, the delivery will automatically stop after the data sources are removed.

    • Disable log delivery switch

      The CTDR 1.0 console will disable the Security Center "File Read-Write Logs" delivery switch in Log Management. After this shutdown, manual activation will no longer be supported. However, previously delivered file read-write log data will remain accessible and unaffected.

    • Delete log access policies

      The log access policies attached to "File Read-Write Logs" and "Process File Read-Write Logs" data sources will be deleted.

    If you need assistance, you can submit a ticket.