IBM Cloud Docs
Auditing events for account, IAM, catalog management

Auditing events for account, IAM, catalog management

As of 28 March 2024, the IBM Cloud Activity Tracker service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Cloud Activity Tracker along with IBM Cloud Logs. Activity tracking events are the same for both services. For information about migrating from IBM Cloud Activity Tracker to IBM Cloud Logs and running the services in parallel, see migration planning.

As a security officer, auditor, or manager, you can use the IBM Cloud® Activity Tracker service to track how users and applications interact with an IBM Cloud® account, the IBM Cloud catalog, private catalogs, and with IBM Cloud Identity and Access Management (IAM).

To get started with monitoring your user's actions, see Activity Tracker.

Account management events

You can track the following events:

  • Managing an account by creating an account, updating information, activating an account, or creating a Subscription account
  • Adding or removing users
  • Creating organizations

IAM events

You must create an instance of the Activity Tracker service in the Frankfurt (eu-de) region to start tracking IAM events. When you create the instance, you can track the following events:

  • Managing access groups by creating and deleting groups or adding and removing users
  • Creating, updating, or deleting service IDs
  • Creating, updating, or deleting API keys
  • Creating, updating, or deleting access policies
  • Creating, updating, or deleting trusted profiles
  • Logging in to IBM Cloud by using an API key, authorization code, passcode, password, or an API key associated with a service ID
  • Logging in to IBM Cloud by using a trusted profile. For more information, see Monitoring login sessions for trusted profiles.

For more information, see IAM events.

Enterprise IAM events

In addition, you can track the following events in an enterprise account:

  • Creating, updating, or deleting enterprise-managed IAM templates
  • Assigning enterprise-managed IAM templates to child accounts

You can track the following enterprise events in an child account:

  • Enterprise-managed IAM templates assigned to your account

For more information, see IAM events.

Catalog management events

You can track the following events:

  • Viewing or updating account settings
  • Viewing or updating a catalog
  • Listing all products in a catalog
  • Listing all products in an account
  • Creating, updating, viewing, or deleting a product

unavailable indicates when an update is made, but specific details about the update aren't included.

For more information, see Account management events.

Context-based restrictions events

You can track the following events:

  • Creating, updating, or deleting rules
  • Creating, updating, or deleting network zones

For more information, see Context-based restrictions events.