Overview

ActionTrail tracks your Alibaba Cloud account actions and records them as events to facilitate auditing. ActionTrail allows you to deliver these events to the specified Log Service Logstores and Object Storage Service (OSS) buckets. You can also query and download the recorded events. Then, you can perform behavior analysis, security analysis, and compliance auditing and track resource changes based on the events. ActionTrail records the actions you take in the Alibaba Cloud Management console or by calling API operations and the actions triggered by Alibaba Cloud services when these services assume RAM roles. When an action is taken, ActionTrail tracks and records the action in ten minutes.

Detailed Records

ActionTrail records the actions of your Alibaba Cloud account as events. You can query events recorded in the last 90 days in the ActionTrail console or calling API operations. For example, you can use ActionTrail to obtain the following information about a specific action: the person that initiated the action, when the action was initiated, the target of the action, the IP address where the action was initiated, whether the action was initiated in the Alibaba Cloud Management console or calling API operations, the result of the action, and the cause of failure in cases where the action failed.

Stability and Reliability

ActionTrail allows you to deliver events to OSS buckets and Log Service Logstores. OSS and Log Service provide extremely high availability and ensure the security of audit data by encrypting the data and controlling access permissions on the data. When an event is delivered, ActionTrail sends you a notification.

Custom Tracking

ActionTrail allows you to create up to five trails in each region to deliver events to OSS buckets and Log Service Logstores. This helps you track different types of events generated in different regions and back up various types of audit data for organization members based on their responsibilities.

Features

Records Events Generated in the Last 90 Days

ActionTrail allows you to view the events recorded in the last 90 days. Event Queries in the ActionTrail Console By default, ActionTrail tracks the actions of your Alibaba Cloud account in the last 90 days and records them as events. You can query these events in the ActionTrail console without configuration.

Continuously Delivers Events

ActionTrail records the actions of your Alibaba Cloud account as events and can deliver these events to specified delivery destinations for long-term storage. Storage Methods You can create a trail to allow ActionTrail to deliver events to a specific Log Service Logstore or OSS bucket. Events are stored as logs in Log Service and log files in OSS. Data Management You can manage event logs as audit data using the retrieval and analysis features of Log Service or deliver the event logs to Alibaba Cloud big data services. For example, you can authorize other Alibaba Cloud services to access the event logs, define the lifecycle rules of the event logs, archive, retrieve, and analyze the event logs, configure alert rules based on the event logs, and manage the audit data of enterprises.

Collects Events Across Accounts

A master account is the account used to enable a resource directory and is the super administrator of the resource directory. The master account has all administrative permissions on the resource directory and member accounts in the resource directory. The master account also supports multi-account trails. Management of Enterprise Audit Data ActionTrail integrates with resource directories. You can use a master account to create multi-account trails to deliver the events of all member accounts in your resource directory to the specified delivery destination.