IBM Security QRadar

Our team has been fully engaged this past quarter and is finishing up strong! 

With great pleasure, we'd like to announce a highly anticipated integration between IBM Security QRadar SIEM and Alibaba ActionTrail.

What is ActionTrail?

ActionTrail is a service that monitors and records the operations of your Alibaba Cloud account. These operations include your access to and use of cloud services with the help of the Alibaba Cloud Management Console, APIs, and SDKs. ActionTrail records these operations as events. ActionTrail can log to LogStores and Object Storage (OSS) buckets, which is highly stable and reliable. Log Service and OSS allow you to encrypt the audit data and manage access permissions on the audit data. This ensures high security of the audit data.

What is Alibaba Cloud Log Service?

It is a complete real-time data logging service that supports collection, consumption, shipping, search, and analysis of logs, and improves the capacity of processing and analyzing large amounts of logs. It can send logs to SIEM over Syslog or HTTPs. Additionally, APIs and SDKs support multiple features and programming languages, to easily manage and serve more than one million devices.

What is the use case?

Alibaba Cloud ActionTrail monitors and records your access and use of cloud products and services as events and ingests these events into QRadar SIEM for security analysis. 

When in the Log Activity tab in QRadar SIEM, you'll be able to get a list of event names and their count, detailing the time, level category, source and destination IP, and other event indicators.