Activity tracking events for context-based restrictions
IBM Cloud context-based restrictions generate activity tracking events.
Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.
You can use IBM Cloud Activity Tracker Event Routing, a platform service, to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
As of 28 March 2024, the IBM Cloud Activity Tracker service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Cloud Activity Tracker along with IBM Cloud Logs. Activity tracking events are the same for both services. For information about migrating from IBM Cloud Activity Tracker to IBM Cloud Logs and running the services in parallel, see migration planning.
Locations where activity tracking events are sent to IBM Cloud Activity Tracker hosted event search
Deprecated
Context-based restrictions sends activity tracking events to IBM Cloud Activity Tracker hosted event search in the regions that are indicated in the following table.
Dallas (us-south) |
Washington (us-east) |
Toronto (ca-tor) |
Sao Paulo (br-sao) |
|---|---|---|---|
| No | No | No | No |
Tokyo (jp-tok) |
Sydney (au-syd) |
Osaka (jp-osa) |
Chennai (in-che) |
|---|---|---|---|
| No | No | No | No |
Frankfurt (eu-de) |
London (eu-gb) |
Madrid (eu-es) |
|---|---|---|
| Yes | No | No |
Events are available in the Frankfurt (eu-de) region.
To view these events, you must provision an instance of the IBM Cloud Activity Tracker service Deprecated in the Frankfurt (eu-de) region. Then, you must open the IBM Cloud Activity Tracker UI.
Locations where activity tracking events are sent by IBM Cloud Activity Tracker Event Routing
The context-based restrictions service sends activity tracking events by IBM Cloud Activity Tracker Event Routing in the regions that are indicated in the following table.
Dallas (us-south) |
Washington (us-east) |
Toronto (ca-tor) |
Sao Paulo (br-sao) |
|---|---|---|---|
| No | No | No | No |
Tokyo (jp-tok) |
Sydney (au-syd) |
Osaka (jp-osa) |
Chennai (in-che) |
|---|---|---|---|
| No | No | No | No |
Frankfurt (eu-de) |
London (eu-gb) |
Madrid (eu-es) |
|---|---|---|
| Yes | No | No |
Launching IBM Cloud Logs from the Observability page
For information on launching the IBM Cloud Logs UI, see Launching the UI in the IBM Cloud Logs.
Viewing activity tracking events for context-based restrictions
You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.
The context-based restrictions service generates global activity tracking events for the actions that are listed in this document. Select Platform events (global) as the location to send audit events from when you configure an Activity Tracker route.
To view context-based restrictions events in the IBM Cloud Logs dashboard, go to the Subsystems filter and select the value context-based restrictions.
Network zone events
The following table lists the actions that generate nerwork zone events:
| Action | Description |
|---|---|
| context-based-restrictions.zone.create | An event is generated when an initiator creates a CBR zone. |
| context-based-restrictions.zone.list | An event is generated when an initiator lists CBR zones. |
| context-based-restrictions.zone.read | An event is generated when an initiator looks at information that is related with a CBR zone. |
| context-based-restrictions.zone.update | An event is generated when an initiator modifies a CBR zone. Users can identify system initiated updates (vs. user initiated updates) by the initiator name "IBM". |
| context-based-restrictions.zone.delete | An event is generated when an initiator deletes a CBR zone. |
Context-based restrictions rules events
The following table lists the actions that generate context-based restricitons rule events:
| Action | Description |
|---|---|
| context-based-restrictions.policy.create | An event is generated when an initiator creates a CBR rule. |
| context-based-restrictions.policy.list | An event is generated when an initiator lists CBR rules. |
| context-based-restrictions.policy.read | An event is generated when an initiator looks at information that is related with a CBR rule. |
| context-based-restrictions.policy.update | An event is generated when an initiator modifies a CBR rule. |
| context-based-restrictions.policy.delete | An event is generated when an initiator deletes a CBR rule. |
Account settings events
The following table lists the actions that generate account settings events:
| Action | Description |
|---|---|
| context-based-restrictions.account-settings.read | An event is generated when an initiator looks at information that is related with account settings. |
Analyzing context-based restrictions activity tracking events
For more informatino, see Monitoring context-based restrictions.