Auditing events for IBM Cloud Direct Link
As a security officer, auditor, or manager, you can use the Activity Tracker service to track how users and applications interact with the Direct Link service in IBM Cloud®.
IBM Cloud Activity Tracker records user-initiated activities that change the state of a service in IBM Cloud. You can use this service to investigate abnormal activity and critical actions and to comply with regulatory audit requirements. In addition,
you can be alerted about actions as they happen. The events that are collected comply with the Cloud Auditing Data Federation (CADF) standard. For more information, see Getting started for IBM Cloud Activity Tracker.
Events for Direct Link Dedicated
List of management events
Table 1. List of Direct Link Dedicated gateway events
| Action |
Description |
directlink.dedicated.gateway.create |
A Dedicated gateway was created. |
directlink.dedicated.gateway.delete |
A Dedicated gateway was deleted. |
directlink.dedicated.gateway.update |
A Dedicated gateway was updated. |
directlink.dedicated.completion-notice.create |
A Dedicated completion notice was created. |
directlink.gateway.route-report.create |
A route report was created. |
directlink.gateway.route-report.delete |
A route report was deleted. |
Table 2. List of Direct Link Dedicated virtual connection events
| Action |
Description |
directlink.dedicated.virtual-connection.create |
A Dedicated virtual connection was created. |
directlink.dedicated.virtual-connection.delete |
A Dedicated virtual connection was deleted. |
directlink.dedicated.virtual-connection.update |
A Dedicated virtual connection was updated. |
List of data events
Table 3. List of Direct Link Dedicated data events
| Action |
Description |
directlink.dedicated.gateway.read |
A Dedicated gateway was retrieved. |
directlink.gateway.list |
Dedicated and Connect gateways were listed. |
directlink.gateway.route-report.read |
A route report was retrieved. |
directlink.gateway.route-report.list |
A route report was listed. |
Table 4. List of Direct Link Dedicated Data Events
| Action |
Description |
directlink.dedicated.virtual-connection.read |
A Dedicated virtual connection was retrieved. |
directlink.dedicated.completion-notice.read |
A Dedicated completion notice was retrieved. |
Events for Direct Link Connect
List of management events
Table 5. List of Direct Link Connect Gateway Events
| Action |
Description |
directlink.connect.gateway.create |
A Connect gateway was retrieved. |
directlink.connect.gateway.delete |
A Connect gateway was deleted. |
directlink.connect.gateway.update |
A Connect gateway was updated. |
directlink.connect.gateway.action |
A Connect gateway action was applied. |
directlink.gateway.route-report.create |
A route report was created. |
directlink.gateway.route-report.delete |
A route report was deleted. |
Table 6. List of Direct Link Connect Virtual Connection Events
| Action |
Description |
directlink.connect.virtual-connection.create |
A Connect virtual connection was created. |
directlink.connect.virtual-connection.delete |
A Connect virtual connection was deleted. |
directlink.connect.virtual-connection.update |
A Connect virtual connection was updated. |
List of data events
Table 7. List of Direct Link Connect Gateway Events
| Action |
Description |
directlink.connect.gateway.read |
A Connect gateway was retrieved. |
directlink.gateway.list |
Dedicated and Connect gateways were listed. |
directlink.gateway.route-report.read |
A route report was retrieved. |
directlink.gateway.route-report.list |
A route reports were listed. |
Table 8. List of Direct Link Connect Virtual Connection Events
| Action |
Description |
directlink.connect.virtual-connection.list |
A Connect virtual connections were listed. |
directlink.connect.virtual-connection.read |
A Connect virtual connection was retrieved. |
Analyzing events
Refer to the following information when analyzing events:
- Use the search bar to search for
action:directlink.connect.virtual-connection to get the list of events related to Direct Link Connect, or action:directlink.dedicated.virtual-connection to get events that are related
to Direct Link Dedicated.
- The target field identifies the direct link that is associated with an event. When the gateway exists in a different account or there is no gateway that is associated with the request, the target is set as
crn:v1:bluemix:public:directlink:global:a/<your account ID>:::.
Events that do not correspond to a gateway don't have resource group information. For more information about cross-account gateway connections, see Adding a cross-account (VPC only) connection.
- Events that report update actions do not include information about the delta of the change.
- The event's initiator field contains information about who initiated each request. In authorized cross-account scenarios,
IBM is identified as the initiator.
- The name of the service in IBM Cloud is
directlink.connect; therefore, all AT events have an action formatted as <svcname>.<object>.<action>, where svcname can be directlink.connect or directlink.dedicated.