All Products
Search
Document Center

ActionTrail:Terms

Last Updated:Jan 30, 2024

This topic describes the terms that are used in ActionTrail to help you better understand and use the service.

Term

Description

management account

A management account is used to enable a resource directory and serves as the super administrator of the resource directory. The management account has all administrative permissions on the resource directory and the members in the resource directory. You can use only an Alibaba Cloud account that passed enterprise real-name verification as a management account. Each resource directory can have only one management account.

member

A member is a container for resources and is also an organizational unit in a resource directory. A member can be a project or an application. The resources of different members are isolated. You can use a management account to authorize Resource Access Management (RAM) users, user groups, or RAM roles to access the resources of members.

You can use the management account of a resource directory to invite a member to join the resource directory or create a member in the resource directory.

event

An event is a record that is generated when you perform operations in the Alibaba Cloud Management Console, call API operations, or use developer tools to access and manage services in Alibaba Cloud. An event records information about an operation that you perform. The information includes the operation time, username, resource, operation type, operation result, and source IP address. Events can be classified into management events and Insights events based on event sources.

management event

A management event is a record that is generated when you perform a control plane operation to manage resources on Alibaba Cloud. For example, a management event is generated when you create or delete an ApsaraDB RDS instance or an Object Storage Service (OSS) bucket. However, no management events are generated when you perform data plane operations such as operations on tables on an ApsaraDB RDS instance or on objects in an OSS bucket.

Insights event

The Insights feature helps you analyze the stability and security of your Alibaba Cloud account based on the management events that are generated within your Alibaba Cloud account. Insights events are generated when unusual activities are identified. ActionTrail generates Insights events for unusual activities that are associated with API call rates, API error rates, IP addresses, AccessKey pair call rates, permission changes, password changes, and trail concealment.

global service

A global service, such as RAM, applies to all regions of Alibaba Cloud. Global services generate global events.

global event

A global event is a record of a global service. To query all the global events, log on to the ActionTrail console. In the left-side navigation pane, click Query page. On the page that appears, select the specified region to query all the global events. After you create a trail to deliver global events to a specified Object Storage Service (OSS) bucket, the global events are stored in the same directory as the events that occur in the home region of the trail.

Note

Starting from 00:00:00 on December 22, 2022, you can query global events only in the Singapore region.

home region

A home region is the region where a trail is created.

trail

A trail is created to deliver events to an OSS bucket or a Simple Log Service Logstore for storage and further analysis. Trails are divided into the following categories based on the creator, applicable scope, and delivered content: single-account trails, multi-account trails, and trails for the Inner-ActionTrail feature.

single-account trail

A single-account trail is used to track and record the events of the Alibaba Cloud account that is used to create the trail.

multi-account trail

A multi-account trail is created by using a management account to track and record the events of all members. A multi-account trail can deliver the events of all members in a resource directory to an OSS bucket or a Simple Log Service Logstore.

Alibaba Cloud-initiated event

An Alibaba Cloud-initiated event is generated when the Alibaba Cloud O&M team performs maintenance operations on your services. You can create a trail for the Inner-ActionTrail feature to deliver Alibaba Cloud-initiated events to a storage service.

trail for the Inner-ActionTrail feature

A trail for the Inner-ActionTrail feature is created by using an Alibaba Cloud account to deliver Alibaba Cloud-initiated events to a storage service.

shadow trail

A shadow trail is generated after ActionTrail replicates the configurations of a trail that you created to track events in multiple regions. ActionTrail creates a shadow trail in each of the regions to track and record the events in the regions.