You can configure alert notifications for abnormal AccessKey pair-based access. If an unhandled event of abnormal AccessKey pair-based access is detected, Data Security Center (DSC) sends an alert notification to the required recipients to provide real-time threat intelligence. This helps the recipients identify object leaks at the earliest opportunity. Notifications can be sent only by email.
Prerequisites
The data detection and response feature is activated. For more information, see Enable data detection and response.
Background
For more information about how AccessKey pair leaks are detected and how alert events are generated, see Overview.
Procedure
Log on to the DSC console.
In the left-side navigation pane, click System Settings.
On the System Settings page, click the Alert notification tab.
On the Alert notification tab, click Create Alert Configuration.
In the Add Alert Rule panel, select an alert method and configure the recipients.
Select Mailbox for Alert Method.
Verify the recipients.
To prevent data leaks caused by alert notifications that are sent to unauthorized email addresses, you must enter a verification code to verify the ownership of an email address before you add the email address to the recipient list. Verified email addresses are automatically added to the list of optional recipients. Performs the following steps to complete verification:
In the Email address verification or Mobile Number Verification field, enter the required information and click Get Verification Code.
Enter the verification code in the verification code field and click Verification.
In the Recipients section, add recipients from the Optional Recipients list to the Selected Recipients list.
Set Alert Type and Maximum Alerts, and then click OK.
Parameter
Description
Alert Configurations
Select Unusual AccessKey Pair Usage.
Maximum Alerts
The maximum number of notifications that can be sent for the alerts triggered by a single rule within 24 hours.
Valid values: 0 to 10. Default value: 10. The accumulated number of notifications is cleared at 00:00 each day. If you set the parameter to 0, no alert notification is sent.
What to do next
View the leaked AccessKey pairs and the alert events generated for access to authorized OSS buckets by using leaked or specified AccessKey pairs. Identify the risks and take proper measures to mitigate the risks. For more information, see View leaked AccessKey pairs and alerts for abnormal AccessKey pair-based access.
Based on the leaked AccessKey pairs and abnormal access behavior, take appropriate measures to handle the leaked AccessKey pairs and manage the access control policies of OSS buckets and objects. For more information, see Handle AccessKey pair leaks and alerts for abnormal access.