The Other Settings tab in Feature Settings lets you enable Global Log Filter to reduce log noise, and provides quick access to Resource Access Management (RAM) operations for access control.
Global Log Filter
How it works
The filter uses two methods to identify and suppress repeated events before they reach storage:
Field-based filtering
Command line, username, and parent process command line are combined into a composite key. During each evaluation window, events that share the same key are counted. Events within the threshold are reported normally; events that exceed the threshold are filtered out.
Process chain filtering
The process chain of each collected event is normalized, and its characteristics are extracted as a key. The same counting and threshold logic applies: events within the threshold are reported; the rest are filtered out.
Enable global log filtering
Before you enable Global Log Filter, make sure the log analysis feature is enabled. For details, see Enable log analysis.
If log analysis is not enabled, the Global Log Filter section does not appear in the console.
Log on to the Security Center console. In the top navigation bar, select the region of the assets you want to manage: China or Outside China. In the left-side navigation pane, choose System Configuration > Feature Settings.
On the Other Settings tab of the Settings tab, turn on Log Filter in the Global Log Filter section.
Access control
Resource Access Management (RAM) lets you create and manage RAM users — such as employees, internal systems, and applications — and control what each user can access. This is the recommended approach for enterprises where multiple team members share access to cloud resources: grant each user only the permissions they need, without sharing your Alibaba Cloud account's AccessKey pair.
The RAM section on the Other Settings tab gives you quick access to the RAM operations most relevant to Security Center.
| Operation | What it does |
|---|---|
| Data Delivery of ActionTrail | Enables Security Center to access ActionTrail log data for Cloud Infrastructure Entitlement Management (CIEM) checks. Enable this before using CIEM-type check items in the Cloud Security Posture Management (CSPM) feature. |
| Service-linked role | Shows the description of AliyunServiceRoleForSas, the service-linked role created for Security Center. For details, see Service-linked roles for Security Center. |
| Permission policy management | Links to the RAM console to manage all permission policies in your Alibaba Cloud account. For details, see Policy management. |
| User Management | Links to the RAM console to manage all RAM users in your Alibaba Cloud account. For details, see RAM user management. |
| Role Management | Links to the RAM console to manage all RAM roles in your Alibaba Cloud account. For details, see RAM role management. |
If multiple team members share access to cloud resources, follow the principle of least privilege: grant each user only the permissions required for their role, and review permissions in the RAM console regularly.
Configure access control
Log on to the Security Center console. In the top navigation bar, select the region of the assets you want to manage: China or Outside China. In the left-side navigation pane, choose System Configuration > Feature Settings.
On the Other Settings tab of the Settings tab, view the service-linked role description and perform the operations you need in the RAM section:
To use CIEM-type check items, turn on Data Delivery of ActionTrail.
To manage permission policies, click Manage next to Permission policy management.
To manage RAM users, click Manage next to User Management.
To manage RAM roles, click Manage next to Role Management.