Overview and Benefits
ActionTrail tracks your Alibaba Cloud account actions and records them as events to facilitate auditing. ActionTrail allows you to deliver these events to the specified Log Service Logstores and Object Storage Service (OSS) buckets. You can also query and download the recorded events. Then, you can perform behavior analysis, security analysis, and compliance auditing and track resource changes based on the events.
ActionTrail records the actions you take in the Alibaba Cloud Management console or by calling API operations and the actions triggered by Alibaba Cloud services when these services assume RAM roles. When an action is taken, ActionTrail tracks and records the action in ten minutes.
ActionTrail records the actions of your Alibaba Cloud account as events. You can query events recorded in the last 90 days in the ActionTrail console or calling API operations. For example, you can use ActionTrail to obtain the following information about a specific action: the person that initiated the action, when the action was initiated, the target of the action, the IP address where the action was initiated, whether the action was initiated in the Alibaba Cloud Management console or calling API operations, the result of the action, and the cause of failure in cases where the action failed.
Stability and Reliability
ActionTrail allows you to deliver events to OSS buckets and Log Service Logstores. OSS and Log Service provide extremely high availability and ensure the security of audit data by encrypting the data and controlling access permissions on the data. When an event is delivered, ActionTrail sends you a notification.
ActionTrail allows you to create up to five trails in each region to deliver events to OSS buckets and Log Service Logstores. This helps you track different types of events generated in different regions and back up various types of audit data for organization members based on their responsibilities.
Records Events Generated in the Last 90 Days
ActionTrail allows you to view the events recorded in the last 90 days.
Event Queries in the ActionTrail Console
By default, ActionTrail tracks the actions of your Alibaba Cloud account in the last 90 days and records them as events. You can query these events in the ActionTrail console without configuration.
Continuously Delivers Events
ActionTrail records the actions of your Alibaba Cloud account as events and can deliver these events to specified delivery destinations for long-term storage.
You can create a trail to allow ActionTrail to deliver events to a specific Log Service Logstore or OSS bucket. Events are stored as logs in Log Service and log files in OSS.
You can manage event logs as audit data using the retrieval and analysis features of Log Service or deliver the event logs to Alibaba Cloud big data services. For example, you can authorize other Alibaba Cloud services to access the event logs, define the lifecycle rules of the event logs, archive, retrieve, and analyze the event logs, configure alert rules based on the event logs, and manage the audit data of enterprises.
Collects Events Across Accounts
A master account is the account used to enable a resource directory and is the super administrator of the resource directory. The master account has all administrative permissions on the resource directory and member accounts in the resource directory. The master account also supports multi-account trails.
Management of Enterprise Audit Data
ActionTrail integrates with resource directories. You can use a master account to create multi-account trails to deliver the events of all member accounts in your resource directory to the specified delivery destination.
Compliance With the Requirements of Classified Protection
To comply with the regulations of the Baseline for Classified Protection of Cybersecurity 2.0, you must record the actions of your Alibaba Cloud account for 180 days or longer. You can create a trail to deliver the actions as events to the specified Log Service Logstore and OSS bucket for long-term storage. This certifies that your business complies with the requirements of classified protection.
ActionTrail records the actions of your Alibaba Cloud account as events so you can identify security issues that occur within your Alibaba Cloud account based on the recorded events. For example, you can configure a trail to enable the delivery of events as event logs to a specific Log Service Logstore. This allows you to store the event logs for a long time, and execute SQL statements to analyze the event logs.
Based on the events recorded by ActionTrail, you can find the cause of an anomaly that occurs during the use of your resources. For example, if one of your Elastic Compute Service (ECS) instances shuts down unexpectedly, you can use ActionTrail to identify the person that initiated the shutdown event, when the shutdown event occurred, and the IP address where the shutdown event was initiated.
If you use Resource Access Management (RAM) to manage the members in your organization, ActionTrail records the actions of each member account as events. This certifies that the actions of all member accounts meet the compliance auditing requirements of your organization. Based on the responsibilities of auditors, you can also create multiple trails to track different types of events in different regions and deliver the events to different OSS buckets and Log Service Logstores. Different countries and regions may have different data security requirements. If you have deployed resources on the Alibaba Cloud China site (aliyun.com) and the international site (alibabacloud.com). You can create multiple trails to track the events that are generated in different countries and regions. Then, you can deliver the events to the delivery destinations deployed in the corresponding regions.
Upgraded Support For You
1 on 1 Presale Consultation, 24/7 Technical Support, Faster Response, and More Free Tickets.