The access traceability graph in Data Detection and Response visualizes access paths to your OSS objects. It helps you analyze complex data access relationships, track object access events, and build effective data security solutions to strengthen your threat defenses.
View an access traceability graph
You can use the following methods to explore the relationships between entities such as an AK (AccessKey ID), an IP, an OSS bucket, or an OSS object. The resulting graph maps threat activities related to your OSS objects, helping you investigate them more efficiently and accurately.
-
Log on to the Data Security Center console.
-
In the left-side navigation pane, choose . On the search page, you can view the graph based on a search node:
Search node
Description
AK
Enter or select the target AK.
The graph shows the IPs that used this AK, and the OSS buckets and objects they accessed.
Intelligence source
Enter an object name from an intelligence source.
The graph shows the AKs found in the object. It also shows the IPs that used these AKs and the OSS buckets and objects they accessed.
bucket
Enter the target OSS bucket name.
The graph shows which entities, such as IPs or AKs, accessed the objects in this bucket.
IP
Enter the IP address.
The graph shows the OSS buckets and objects accessed from this IP address.
object
Enter the target object name.
The graph shows which entities, such as IPs or AKs, accessed objects with the same name in different buckets.
Access traceability graph
For example, you can enter an IP address to view the OSS buckets and objects accessed from that IP.
-
The graph appears only when Data Detection and Response detects access activity for the target search node.
-
By default, the graph shows only the access paths related to the search node. The search node is highlighted in purple.
-
Each node displays a maximum of five downstream nodes by default. If there are more than five, you can expand the node to show five more.
-
Click the Help icon
in the upper-right corner to view the legend.The legend explains the five node types: intelligence source, AK, IP, bucket, and object.
-
Click the Settings icon
in the upper-right corner to configure the graph layout.In the settings panel, you can configure Line style (straight or curved), Node distance with a slider, and Layout (Horizontal or Vertical).
-
Click the Download icon
to export the graph. You can share the exported graph with other security administrators to collaborate on the analysis. -
Click and drag a blank area of the graph to pan. Click, hold, and drag a node to reposition it.
-
Hover over an IP node to display its region information.
-
Click a node to view its basic information, such as the details of an OSS bucket.
The details panel for an OSS bucket displays its key information, including Bucket name, owning account, Total objects, region, sensitivity level, and the number of sensitive objects. The panel also contains a table that lists details for each object, such as its Object name, Object size, Type, match count, number of Matched models, and Last modified time. You can filter the objects in the list by matched model and sensitivity level.
References
You can view, analyze, and summarize the audit log for OSS object access on the Log Analysis page. For more information, see View audit log.