Activity Tracker events for IBM Cloud Transit Gateway
As a security officer, auditor, or manager, you can use the Activity Tracker service to track how users and applications interact with the IBM Cloud® Transit Gateway service in IBM Cloud.
IBM Cloud Activity Tracker records user-initiated activities that change the state of a service in IBM Cloud. You can use this service to investigate abnormal activity and critical actions and to comply with regulatory audit requirements. In addition, you can be alerted about actions as they happen. The events that are collected comply with the Cloud Auditing Data Federation (CADF) standard. For more information, see the getting started tutorial for IBM Cloud Activity Tracker.
On 23 August 2021, some Activity Tracker events for IBM Cloud Transit Gateway changed. For details and required actions, see the IBM Cloud announcement.
List of events: Gateway resources
List of management events
Action | Description |
---|---|
transit.gateway.create |
Create a transit gateway |
transit.gateway.delete |
Delete a transit gateway |
transit.gateway.update |
Update a transit gateway |
transit.connection.create |
Create a transit gateway connection |
transit.connection.delete |
Delete a transit gateway connection |
transit.connection-request.delete |
Delete a transit gateway cross account connection |
transit.connection.update |
Update a transit gateway connection |
transit.connection-request.create |
Create a request for a cross account transit gateway connection |
transit.connection-request.approve |
Approve request for a cross account transit gateway connection |
transit.connection-request.reject |
Reject request for a cross account transit gateway connection |
List of data events
Action | Description |
---|---|
transit.gateway.read |
Retrieve a transit gateway |
transit.gateway.list |
List transit gateways |
transit.connection.list |
List transit gateway connections |
transit.location.read |
Retrieve a transit gateway location |
transit.location.list |
List transit gateway locations |
Viewing events
Events are available in the Frankfurt location (eu-de
region) only. IBM Cloud Activity Tracker can have only one instance per location.
You can view events by accessing the web UI of the IBM Cloud Activity Tracker service in the eu-de
region. For more information, see Launching the UI through the IBM Cloud UI.
Analyzing events
Refer to the following information when analyzing events:
-
Filter for the
transit
action to see all transit gateway events in your account. Filter fortransit.connection
to see events related to your transit gateway connections. -
Each event's target field identifies which transit gateway is associated with the event.
When the gateway exists in a different account or there is no associated gateway, the target is set as
crn:v1:bluemix:public:transit:global:a/<your account ID>:::
. Events that don't correspond to a gateway will not have resource group information. -
Events that are associated with a specific connection will include the connection's id in
target.connectionId
. -
Events that report update actions do not include information about the delta of the change.
-
The event's initiator field contains information about who initiated each request. In authorized cross account scenarios,
IBM
will be identified as the initiator.