检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
It is an essential part of security risk control for information systems in enterprises and public sectors, and is also necessary for compliance with many industry standards and audit specifications.
This section describes how to monitor your Huawei Cloud account using the operation audit and audit log transfer to LTS functions in CTS, and how to use the log alarm function of LTS to generate alarms. Preparations Add the CTS and LTS operation permissions to the user.
This section describes how to use the operation audit and audit log transfer to LTS functions of CTS to monitor access key-related traces, and how to use the log alarm function of LTS to generate alarms. Preparations Add the CTS and LTS operation permissions to the user.
With CTS, you can record operations associated with CTS itself for later query, audit, and backtracking.
This can be used for security analysis, compliance audit, resource tracking, and fault locating. This section describes how to use operation audit and key event notification of CTS to monitor the operation of creating an IAM user and send an alarm by email.
Other APIs Other CTS APIs, including those for querying the tracker quota, querying all operations on a cloud service, querying audit log operator list, checking whether data can be transferred to the configured OBS bucket, and querying the resources involved in the traces.
The operator information reported to CTS audit logs varies depending on the operators identity.
This section describes how to use the operation audit and trace filtering and querying functions of CTS to monitor DEW key usage. Preparations Add CTS operation permissions.
For details about DEW audit operations, see Operations supported by CTS. Deselect Exclude DEW traces On the Configure Transfer page, set parameters as follows and click Next > Configure.
Then the delegated administrator account can implement cloud audit capabilities, such as security audit. Constraints Only one organization tracker can be enabled for an organization.
By default, CTS does not record query operations because these are very frequent (such as querying a list of ECSs, metrics, or logs multiple times a day) and can generate a large volume of audit logs, making it difficult to find relevant information.
You have planned an OBS bucket for the delegated administrator to store audit traces. Configuring an Organization Tracker Log in to the management console. Click in the upper left corner to select the desired region and project.
CTS can also save audit logs to LTS log streams. This section describes how to view historical operation records in trace files downloaded from OBS buckets and in LTS log streams. Prerequisites You have configured a tracker in CTS and enabled Transfer to OBS or Transfer to LTS.
The following are real application examples: You can configure HTTP or HTTPS notifications targeted at your independent systems and synchronize traces received by CTS to your own audit systems for auditing.
This section describes how to use CTS to audit EVS creation and deletion operations performed in the last two weeks.
If the value is set to true, the audit logs of all members in the ORG organization in the current region will be transferred to the OBS bucket or LTS log stream configured for the management tracker.
CTS can also save audit logs to LTS log streams. This section describes how to view historical operation records in trace files downloaded from OBS buckets and in LTS log streams.
For details about DEW audit operations, see Operations supported by CTS. Deselect Exclude DEW traces On the Configure Transfer page, set parameters as follows and click Next > Configure.
For details about which OBS operations and read/write traces can be recorded by CTS, see "Table 2 OBS data operations logged by CTS" in Using CTS to Audit OBS. On the transfer configuration page, set related parameters and click Next.
Note: In the cross-tenant scenario, CTS copies an audit log so that both tenants can view the trace on the CTS console. read_only No boolean Whether a user request is read-only. tracker_name No String Name of the tracker that records the trace.
