Checks whether an active trail exists in ActionTrail and the events of all types that are generated in all regions are tracked.
Scenarios
The rules in the ClassifiedProtectionPreCheck, CISComplianceCheck, and BestPracticesForOSS compliance packages require that you retain operation logs generated within your Alibaba Cloud account for at least 180 days. If your system faces malicious network attacks or operations, or unexpected failures occur in the system, the operation logs serve as evidence and help you troubleshoot issues in a quick manner.
Risk level
Default risk level: high.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If an active trail exists in ActionTrail and the events of all types that are generated in all regions are tracked, the evaluation result is compliant.
- If no trail exists in ActionTrail, a trail is disabled, or an active trail records only specific types of events in some regions, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | actiontrail-trail-intact-enabled |
| Rule ID | actiontrail-trail-intact-enabled |
| Tag | Actiontrail |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Time interval | 24 hours |
| Input parameter | None |
Non-compliance remediation
For more information about how to specify that a trail records the events of all types that are generated in all regions, see Update a single-account trail.