Auditing events
As a security officer, auditor, or manager, you can use the Activity Tracker service to track how users and applications interact with the IBM Cloud Monitoring service in IBM Cloud®.
IBM Cloud Activity Tracker records user-initiated activities that change the state of a service in IBM Cloud. You can use this service to investigate abnormal activity and critical actions and to comply with regulatory audit requirements. In addition, you can be alerted about actions as they happen. The events that are collected comply with the Cloud Auditing Data Federation (CADF) standard. For more information, see the getting started tutorial for IBM Cloud Activity Tracker.
IBM Cloud Monitoring automatically generates events so that you can track activity on your service instance.
Alerts: List of management events
| Action | Description |
|---|---|
sysdig-monitor.alert.create |
An event is created when you create an alert definition |
sysdig-monitor.alert.read |
An event is created when you read an alert definition |
sysdig-monitor.alert.update |
An event is created when you update an alert definition |
sysdig-monitor.alert.delete |
An event is created when you delete an alert definition |
sysdig-monitor.alert.list |
An event is created when you view the alerts in the monitoring instance |
Captures: List of management events
| Action | Description |
|---|---|
sysdig-monitor.capture.create |
An event is created when you create a Monitoring capture |
sysdig-monitor.capture.read |
An event is created when you load a Monitoring capture in the dashboard |
sysdig-monitor.capture.update |
An event is created when you update a Monitoring capture |
sysdig-monitor.capture.delete |
An event is created when you delete a Monitoring capture |
Dashboards: List of management events
| Action | Description |
|---|---|
sysdig-monitor.dashboard.create |
An event is created when you create a dashboard |
sysdig-monitor.dashboard.read |
An event is created when you load a dashboard |
sysdig-monitor.dashboard.update |
An event is created when you update a dashboard |
sysdig-monitor.dashboard.delete |
An event is created when you delete a dashboard |
sysdig-monitor.dashboard.list |
An event is created when you view the dashboards in the monitoring instance |
Teams: List of management events
| Action | Description |
|---|---|
sysdig-monitor.team.create |
An event is created when you create a Monitoring team |
sysdig-monitor.team.read |
An event is created when you view a Monitoring team definition |
sysdig-monitor.team.update |
An event is created when you update a Monitoring team definition |
sysdig-monitor.team.delete |
An event is created when you delete a Monitoring team |
sysdig-monitor.team.list |
An event is created when you view the Monitoring teams |
Where to view the events
Events that are generated by an instance of the IBM Cloud Monitoring service are automatically forwarded to the IBM Cloud Activity Tracker service instance that is available in the same location.
IBM Cloud Activity Tracker can have only one instance per location. To view events, you must access the web UI of the IBM Cloud Activity Tracker service in the same location where your service instance is available. For more information, see Launching the web UI through the IBM Cloud UI.
The following table lists the IBM Cloud® locations and the IBM Cloud Activity Tracker instance location where you can find these events:
| Monitoring instance location | Location of events |
|---|---|
Dallas (us-south) |
Dallas (us-south) |
Washington (us-east) |
Washington (us-east) |
Tokyo (jp-tok) |
Tokyo (jp-tok) |
Sydney (au-syd) |
Sydney (au-syd) |
Frankfurt (eu-de) |
Frankfurt (eu-de) |
London (eu-gb) |
London (eu-gb) |
Osaka (jp-osa) |
Osaka (jp-osa) |
Toronto (ca-tor) |
Toronto (ca-tor) |
Sao Paulo (br-sao) |
Sao Paulo (br-sao) |