Cyscale
Back to controls

Ensure that ActionTrail is configured to export copies of all Log entries

### Description

Category

Controls

Medium

Applies to

Alibaba Cloud

Coverage

1 queries

Asset types

1 covered

Overview

Description

ActionTrail is a web service that records API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the Alibaba Cloud service. ActionTrail provides a history of API calls for an account, including API calls made via the Management Console, SDKs, command line tools.

Rationale

The API call history produced by ActionTrail enables security analysis, resource change tracking, and compliance auditing. Moreover, ensuring that a multi-regions trail exists will ensure that any unexpected activities occurring in otherwise unused regions are detected. Global Service Logging should be enabled by default to capture recording of events generated on Alibaba Cloud global services for a multi-regions trail, therefore, ensuring the recording of management operations that are performed on all resources in an Alibaba Cloud account.

Impact

OSS lifecycle features can be used to manage the accumulation and management of logs over time. See the following resource for more information on these features: http://help.aliyun.com/document_detail/31863.html

Default Value

By default, there are no trails configured. Once the trail is enabled, it applies to all regions by default.

References

  1. https://www.alibabacloud.com/help/doc-detail/28829.html

Remediation guidance

Perform the following to enable global (Multi-region) ActionTrail logging:

Via the management console

  1. Login to the ActionTrail Console
  2. Click on Trails on the left navigation pane
  3. Click Add new trail
  4. Enter a trail name in the Trail name box
  5. Set Yes to `Apply Trail to All Regions
  6. Specify an OSS bucket name in the OSS bucket box
  7. Specify an SLS project name in the SLS project box
  8. Click Create

Via CLI

aliyuncli actiontrail CreateTrail --Name <trailName> --OssBucketName  --RoleName aliyunactiontraildefaultrole
--SlsProjectArn  --SlsWriteRoleArn  --EventRW 

aliyuncli actiontrail UpdateTrail --Name <trailName> --OssBucketName  --RoleName aliyunactiontraildefaultrole
--SlsProjectArn  --SlsWriteRoleArn  --EventRW

Service-wide remediation

Recommended when many resources are affected: fix the platform baseline first so new resources inherit the secure setting, then remediate the existing flagged resources in batches.

Alibaba Cloud

Use Resource Directory guardrails, account baselines, and IaC modules so the secure setting is applied consistently across environments.

Operational rollout

  1. Fix the baseline first at the account, subscription, project, cluster, or tenant scope that owns this control.
  2. Remediate the currently affected resources in batches, starting with internet-exposed and production assets.
  3. Re-scan and track approved exceptions with an owner and expiry date.

Query logic

These are the stored checks tied to this control.

Alibaba ActionTrails that export copies of all log entries

Connectors

Alibaba Cloud

Covered asset types

Connector

Expected check: eq []

{
  AlibabaLogging1 {...AssetFragment}
}
Cyscale Logo
Cyscale is an agentless cloud-native application protection platform (CNAPP) that automates the contextual analysis of cloud misconfigurations, vulnerabilities, access, and data, to provide an accurate and actionable assessment of risk.

Stay connected

Receive new blog posts and product updates from Cyscale

By clicking Subscribe, I agree to Cyscale’s Privacy Policy

© 2026 Cyscale Limited

© 2026 Cyscale Limited

Terms of useSecurity PolicyPrivacy PolicyStatusSitemap
Terms of useSecurity PolicyPrivacy Policy
StatusSitemap
LinkedIn icon
Twitter icon
Facebook icon
crunch base icon
angel icon