Auditing events for context-based restrictions
As a security officer, auditor, or manager, you can use the IBM Cloud Activity Tracker to track how users and applications interact with the Context-based restrictions rules and network zones in IBM Cloud.
As of 28 March 2024 the IBM Log Analysis and IBM Cloud Activity Tracker services are deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs, which replaces these two services, prior to 30 March 2025. For information about IBM Cloud Logs, see the IBM Cloud Logs documentation.
The IBM Cloud Activity Tracker service records user-initiated activities that change the state of these resources in IBM Cloud.
To get started monitoring your user's actions, see IBM Cloud Activity Tracker. An initiator can be a user, a service, or an application.
Network zone events
The following table lists the actions that generate nerwork zone events:
| Action | Description |
|---|---|
| context-based-restrictions.zone.create | An event is generated when an initiator creates a CBR zone. |
| context-based-restrictions.zone.list | An event is generated when an initiator lists CBR zones. |
| context-based-restrictions.zone.read | An event is generated when an initiator looks at information that is related with a CBR zone. |
| context-based-restrictions.zone.update | An event is generated when an initiator modifies a CBR zone. Users can identify system initiated updates (vs. user initiated updates) by the initiator name "IBM". |
| context-based-restrictions.zone.delete | An event is generated when an initiator deletes a CBR zone. |
Context-based restrictions rules events
The following table lists the actions that generate context-based restricitons rule events:
| Action | Description |
|---|---|
| context-based-restrictions.policy.create | An event is generated when an initiator creates a CBR rule. |
| context-based-restrictions.policy.list | An event is generated when an initiator lists CBR rules. |
| context-based-restrictions.policy.read | An event is generated when an initiator looks at information that is related with a CBR rule. |
| context-based-restrictions.policy.update | An event is generated when an initiator modifies a CBR rule. |
| context-based-restrictions.policy.delete | An event is generated when an initiator deletes a CBR rule. |
Account settings events
The following table lists the actions that generate account settings events:
| Action | Description |
|---|---|
| context-based-restrictions.account-settings.read | An event is generated when an initiator looks at information that is related with account settings. |
Viewing events
Events are available in the Frankfurt (eu-de) region. To view these events, complete the following steps:
- Provision an instance of the IBM Cloud Activity Tracker service in the Frankfurt (eu-de) region.
- Open the IBM Cloud Activity Tracker UI.