Auditing events
As a security officer, auditor, or manager, you can use the IBM Cloud Activity Tracker service to track how users and applications interact with the Event Notifications service in IBM Cloud.
IBM Cloud Activity Tracker records user-initiated activities that change the state of a service in IBM Cloud. Use this service to investigate abnormal activity and critical actions and to comply with regulatory audit requirements. You are also alerted about actions as they happen. The events that are collected comply with the Cloud Auditing Data Federation (CADF) Standard. For more information, see the getting started tutorial for IBM Cloud Activity Tracker.
List of events
The following list of Event Notifications data events is sent to IBM Cloud Activity Tracker.
| Action | Description |
|---|---|
event-notifications.topics.read |
An event is generated when a topic is retrieved. |
event-notifications.topics.create |
An event is generated when a topic is created. |
event-notifications.topics.list |
An event is generated when you retrieve a list of topics. |
event-notifications.topics.update |
An event is generated when you update a topic. |
event-notifications.topics.delete |
An event is generated when you delete a topic. |
event-notifications.destinations.read |
An event is generated when you retrieve a destination. |
event-notifications.destinations.create |
An event is generated when you create a destination. |
event-notifications.destinations.list |
An event is generated when you retrieve the list of destinations. |
event-notifications.destinations.update |
An event is generated when you update a destination. |
event-notifications.destinations.delete |
An event is generated when you delete a destination. |
event-notifications.sources.read |
An event is generated when you retrieve a source. |
event-notifications.sources.create |
An event is generated when you create a source. |
event-notifications.sources.list |
An event is generated when you retrieve the list of sources. |
event-notifications.sources.update |
An event is generated when you update a source. |
event-notifications.sources.delete |
An event is generated when you delete a source. |
event-notifications.subscriptions.read |
An event is generated when you retrieve a subscription. |
event-notifications.subscriptions.create |
An event is generated when you create a subscription. |
event-notifications.subscriptions.list |
An event is generated when you retrieved the list of subscriptions. |
event-notifications.subscriptions.update |
An event is generated when you update a subscription. |
event-notifications.subscriptions.delete |
An event is generated when you delete a subscription. |
event-notifications.smtp_ibm.invite |
An event is generated when an invite is sent for Email subscription. |
event-notifications.sms_ibm.invite |
An event is generated when an invite is sent for SMS subscription. |
event-notifications.integrations.list |
List all the Key Management Services integrations. |
event-notifications.integrations.read |
Get a single Key Management Services integration. |
event-notifications.integrations.update |
Update an existing Key Management Services integration. |
event-notifications.pre-prod-destination-billing.set |
Set the billing unit for pre-prod destination after crossing the usage in the current unit. |
event-notifications.templates.create |
An event is generated when you create a template. |
event-notifications.templates.list |
An event is generated when you retrieve the list of templates. |
event-notifications.templates.update |
An event is generated when you update a template. |
event-notifications.templates.delete |
An event is generated when you delete a template. |
event-notifications.templates.read |
An event is generated when you get details of a template. |
Viewing events
Events that are generated by Event Notifications are automatically forwarded to the IBM Cloud Activity Tracker service instance available in the same location.
IBM Cloud Activity Tracker can have only one instance per location. To view events, you must access the web UI of the IBM Cloud Activity Tracker service in the same location where your service instance is available.
- Create a service instance of IBM Cloud Activity Tracker.
- Start the IBM Cloud Activity Tracker web console to access your events.
Event Notifications resources that are deleted or updated as a result of user actions
Deleting some Event Notifications resources causes associated resources to get deleted. A list of all such actions is as follows:
| EN-resource | Action | Associated resource | Comments |
|---|---|---|---|
| Source | DELETE | Topics | Topics are updated and filters configured on them deleted. |
| Destination | DELETE | Subscription | All subscriptions that are associated with the deleted destination are deleted |
| Topic | DELETE | Subscription | All subscriptions that are associated with the deleted topic are deleted. |