By Charles Comiskey Andrew Low JP Parkin 5 min read
June 1, 2022

With Event Routing, you can configure and route your Activity Tracker event data to multiple locations within the IBM Cloud Activity Tracker service.

IBM Cloud Activity Tracker is expanding your ability to configure and route activity event data to alternate locations. Audit events are critical data for security operations and a key element for meeting compliance requirements. Control over the handling of these events, and the storage location is critical to building enterprise-grade solutions on the IBM Cloud. 

Effectively immediately, you can configure and route your Activity Tracker event data to multiple locations within the IBM Cloud Activity Tracker service. Routing includes the ability to redirect or forward both global and location-based event data from one region to an Activity Tracker hosted search or IBM Cloud Object Storage (COS) bucket in an alternate region.  This enables you to do the following:

  • Consolidate Activity Tracker data to the region of your primary operations
  • Route to one or multiple locations
  • Improve your data residency compliance stature, keeping data at-rest within certain regions
  • Feed a data lake for analytics
  • Forward your activity event data to IBM COS for IBM Cloud for Financial Services compliance

This new ability is available within the IBM Cloud Activity Tracker Event Routing feature. The feature is supported the Dallas, Washington DC, Frankfurt, London and Sydney regions. The Event Routing feature is also enhanced to support service-to-service authorization, helping to simplify IP allow list security configurations when sending data to a COS bucket.

Consolidate your activity event data

Activity Tracker data originates within the regions of each IBM Cloud account where you use IBM Cloud. Location-based events default to the region they originate, optimized for data residency. Global events may cover multiple regions and default to Frankfurt, optimized for GDPR compliance. These default approaches are not practical in some operations environments because it results in data needing to be managed through multiple Activity Tracker instances: 

The new Event Routing feature enables you to consolidate your event data to a single Activity Tracker instance within your account or to consolidate multiple locations of activity event data into a common Activity Tracker instance within an account. The account may also be an enterprise account consolidating event data from multiple accounts.   

In the example below, location-based and global events from Account A and Account B are routed to a common Activity Tracker-hosted event search instance. Events aggregated to the common instance may be alerted and searched together within a single instance. Consolidated data may also be shared with a SIEM or data lake locations: 

Route to multiple locations

The new routing features also supports sending data to multiple locations at the same time. An example is a global company running on IBM Cloud with multiple applications running across multiple accounts. Each account maintains their own operations. The company also needs an additional copy of activity event data required for corporate-level management and compliance:

Routing data to target instances can be defined for one or more locations. Routing data to targets is accomplished through a set of defined routes. Routes may have multiple rules assigned, and multiple routes can be configured per account. Routes can be coordinated across accounts to build enterprise-grade solutions. 

Whether your use of IBM Cloud as a single account or an enterprise with multiple child accounts, the IBM Cloud Activity Tracker Event Routing features provide the ability to control the target location of the data.

Improve your data residency stature

The Activity Tracker Event Routing feature helps improve your data residency compliance stature if data needs to be kept within a designated region or country. Global event data generated in IBM Cloud can be routed to land in the region of your choice:

For example, a technology company has a compliance requirement to keep all related activity events in-country, including global events. Routes can be configured to redirect global events to a desired target within a location. Routes may also be configured to redirect location-based events from regions where event routing is supported. 

The new Event Routing features also help you maintain control for how your data and route metadata is managed. Your account can be configured to only use private endpoints. Routing metadata can be stored in designated regions:

Add data-level control with Activity Tracker streaming

The IBM Cloud Activity Tracker streaming feature boosts your level of data control, and you can configure advanced filtering of event data in-motion. Filtering is done with exclusion rules evaluating each data event. Data meeting evaluation criteria is sent to a configured IBM Event Streams instance.

The combination of event routing for locational control and streaming for data-level control provides a high degree of flexibility. Enterprise customers can solve for more complex data management needs and may create highly customized solutions. 

Sending data to data lakes

Whether your environments have data puddles, ponds, lakes or oceans, IBM Cloud Activity Tracker events can be routed to the right target. Targets may include sending data to COS and using Data Engine.

Configuring data for IBM Cloud for Financial Services compliance with service-to-service authorization

Clients seeking IBM Cloud for Financial Services compliance may continue to send data directly and exclusively to IBM Cloud Object Storage (COS). Service-to-service authorization between IBM Cloud Activity Tracker Event Routing and COS is now possible. This authorization simplifies IP allow list and key management and can be configured from either the CLI or API. Account admins only need to set up the authorization once per account.

Configuring Event Routing

IBM Cloud Activity Tracker Event Routing is configurable by API, CLI or Terraform. First-time users of the Event Routing features should begin with the Event Routing getting-started section. When ready to enable the new routing features shared in this blog, plan where data will be routed. Several key configuration decisions include the following:

  • Will data be forwarded exclusively to a Cloud Object Storage bucket or to an Activity Tracker event search instance? Data can also be configured to go to both at the same time.
  • Which COS bucket or hosted event search instance will store the consolidated data?
  • Which admins have the ability to manage the routes and from where will admins be able to manage them?
  • Where will routing configurations be stored?

Increase your IBM Cloud activity awareness today

IBM Cloud Activity Tracker captures a record of your IBM Cloud activities. The new Event Routing features enable you to optimize where your activity event data lands. A comprehensive list of cloud services and the events generated is available here:

  • IBM Cloud Activity Tracker events increase your visibility to IBM Cloud configuration changes so you can manage the risk of incorrectly configured services more effectively.
  • Activity events simplify your understanding of IT complexity and agile development actions in the cloud. The combination of events provides a holistic view of what happened.
  • Insights from the event data help accelerate identification of abnormal activities. For example, track the frequency and volume of access management events or multi-factor authentication configuration changes.

Learn more about the IBM Cloud Activity Tracker service and configure event routing to best meet your needs.

Categories

Announcements  |  Cloud
Charles Comiskey
Product Manager
Andrew Low
Senior Technical Staff Member
JP Parkin
IBM Cloud Observability Architect

More from Announcements
September 21, 2023

IBM TechXchange underscores the importance of AI skilling and partner innovation

3 min read - Generative AI and large language models are poised to impact how we all access and use information. But as organizations race to adopt these new technologies for business, it requires a global ecosystem of partners with industry expertise to identify the right enterprise use-cases for AI and the technical skills to implement the technology. During TechXchange, IBM's premier technical learning event in Las Vegas last week, IBM Partner Plus members including our Strategic Partners, resellers, software vendors, distributors and service…

August 29, 2023

Introducing Inspiring Voices, a podcast exploring the impactful journeys of great leaders

< 1 min read - Learning about other people's careers, life challenges, and successes is a true source of inspiration that can impact our own ambitions as well as life and business choices in great ways. Brought to you by the Executive Search and Integration team at IBM, the Inspiring Voices podcast will showcase great leaders, taking you inside their personal stories about life, career choices and how to make an impact. In this first episode, host David Jones, Executive Search Lead at IBM, brings…

August 18, 2023

IBM watsonx Assistant and NICE CXone combine capabilities for a new chapter in CCaaS

5 min read - In an age of instant everything, ensuring a positive customer experience has become a top priority for enterprises. When one third of customers (32%) say they will walk away from a brand they love after just one bad experience (source: PWC), organizations are now applying massive investments to this experience, particularly with their live agents and contact centers.  For many enterprises, that investment includes modernizing their call centers by moving to cloud-based Contact Center as a Service (CCaaS) platforms. CCaaS solutions…

August 2, 2023

See what’s new in SingleStoreDB with IBM 8.0

3 min read - Despite decades of progress in database systems, builders have compromised on at least one of the following: speed, reliability, or ease. They have two options: one, they could get a document database that is fast and easy, but can’t be relied on for mission-critical transactional applications. Or two, they could rely on a cloud data warehouse that is easy to set up, but only allows lagging analytics. Even then, each solution lacks something, forcing builders to deploy other databases for…