IBM Cloud Activity Tracker with LogDNA offers enhanced features
Cloud environments are growing at a phenomenal rate, with workloads and applications that are increasingly critical and complex. The depth and breadth of Cloud Services offered are growing too, enabling developers to integrate advanced features into their applications, enhancing their value. As a result, there is increased attention being paid to security, trackability, and auditability.
IBM Cloud Activity Tracker with LogDNA, available now, enables users to automatically collect, visualize, and manage their growing stream of cloud activity event data. This offering is an evolution from the existing IBM Cloud Activity Tracker service and offers new and enhanced abilities.
This service collects and stores audit records for API calls made to IBM Cloud services. Collected events comply with the Cloud Auditing Data Federation (CADF) standard.
How it works
First of all, API calls made by users, applications, or services are recorded as events by the IBM Cloud Services. IBM Cloud Services share these events with Activity Tracker, and the events are aggregated and made available to you in your Activity Tracker with LogDNA instance.
Each event contains fields of data that inform you of who made the request and the requested action. Events also give you the Cloud resource on which the action was requested, the outcome of the request, and its criticality.
In the following event, we see evidence of where the initiator performed a read action on an access group named Heroes. You can drill into the event for more interesting data, including the user’s IBMid and the location where it was performed.
Further into the event record, we can see the action was successfully performed and we can track details of information shared with the initiator.
Launching with global IAM security events
Activity Tracker with LogDNA is launching with IAM security events, and events from many more IBM Cloud Services will be arriving soon. IAM security events help you to monitor the following set of actions in the IBM Cloud:
Access group creation, read, update, and deletion
Member and rule management for access groups
API key events for users and service IDs
Logging in events
Service ID events
IAM security events are special because they are global events that report IAM activities regardless of which multi-zone region they originated in. Activity Tracker uses the US-South region as the global region to host global events.
From raw data to great insights
This service is built on the same LogDNA environment as Log Analysis with LogDNA. LogDNA features help you gain insights quickly from volumes of data, including the following:
Alerts on events for quick notification of issues
Intuitive search that supports Boolean operators
Filtering to narrow your search
Graphs to visualize your data into meaningful insights
Activity Tracker with LogDNA can be found in the IBM Cloud Catalog under the Developer Tools category. Alternatively, you may access the service through the Observability menu.
You can provision one service instance per account and region. Global events are published to the US-South location. The service is launching in US-South now, and it will be arriving soon to other data center locations.
Activity Tracker with LogDNA is available with different service plans. Select the one to best meet your needs:
Lite plan enables you to view a temporary cache of live events as they happen
Premium plans build upon Lite features, including retention to search 7, 14, or 30 days of event activity, alerting, and archiving to Cloud Object Storage
Provisioning a service instance is as easy—just follow these steps:
Select the service plan to fit your requirements
Provision the instance
You’re ready to go! Event data will automatically flow into the system.
Try it now
With IBM Cloud Activity Tracker with LogDNA, you can improve the security monitoring of your application by setting alerts for user access patterns and gain greater trackability for how your Cloud Service and Cloud Account is being used, configured, and accessed for security, problem determination, and auditability.