Report center

更新时间:
复制 MD 格式

Log Audit Service (New Version) visualizes key performance indicators and analysis results for Cloud Service Audit, Runtime Security, and AccessKey Pair Security Audit.

Access the feature

  1. Log on to the Simple Log Service console. In the Log Application section, choose Audit & Security > Log Audit Service (New Version).

    image

  2. Click the target project. On the project page, click Report center.

Cloud Service Audit

Prerequisites

Log collection is enabled for the corresponding cloud service. For more information, see Enable the collection of cloud service logs.

Overview

For an overview of Cloud Service Audit in the report center, see Cloud Service Audit.

Runtime Security

Prerequisites

Log collection is enabled for the corresponding runtime. For more information, see Configure runtime log collection.

Falco

The runtime alert overview summarizes alert events by dimensions such as alert level, type, rule category, and pod, using charts such as Alert Level Statistics, Event Type Statistics, and Rule Classification.

In the left navigation pane, select Runtime Security to open the Falco alert overview page. At the top of the page, you can use the Alert Level, Alert Type, Rule Category, and Pod filters to filter alert events by the corresponding dimensions. The charts below, such as Alert Level Statistics, Event Type Statistics, and Rule Classification, show the distribution of alert events across various dimensions.

Tetragon

Runtime event overview

The runtime event overview displays events categorized by file, network, and process. It includes charts for the total number of events, file events, network events, and more.

In the left navigation pane, select Runtime Security to open the Tetragon runtime event overview page. At the top of the page, you can filter events by ExecId (exec_id), Pod Namespace (pod.namespace), and Pod (pod.name). The overview also includes the CallName Classification chart, which shows the distribution of various system calls.

Runtime event trace

Runtime event trace details the call relationships of container runtime events.

In the left navigation pane, choose Report center > Runtime Security. Select Tetragon from the drop-down list at the top and click the Runtime event trace tab. You can filter events by Execution ID (exec_id), Pod Namespace (pod.namespace), and Pod (pod.name). Expand the process_exec section to view the event trace details in a table. The table includes fields such as start_time, PodName, exec_id, cost_s, pid, Binary, and arguments, and parent process fields such as parent_process_exec_id, parent_process_binary, parent_process_arguments, and parent_process_pid.

AccessKey Pair Security Audit

The AccessKey Pair Security Audit report uses ActionTrail logs, OSS access logs, and Simple Log Service detailed logs as data sources. It presents audit and statistical information for AccessKey-related events and activities across three main categories: cloud services/global services, OSS, and SLS. The report lets you view information from the perspective of user identities, such as a root account, a RAM user, or an assumed RAM role, and use filters to display key information for specific identities.

In the left navigation pane, select AccessKey Pair Security Audit to open the dashboard. The AK Operation Audit tab provides four filter fields: User Principal ID (principalId), User Identity Type (type), Assumed Role (userName), and RAM User AccessKey ID (accessKeyId). Charts below the filters display the Event Source Service Distribution, Event Type Distribution, and an Overview of Top 100 Non-Read-Only Events.