How to activate Audit Trail preconfigured alerts
Audit Trail Alerting Management allows you to proactively monitor the actions performed on your Scaleway resources. You can enable or disable a set of preconfigured alerts based on your security and monitoring needs, and Audit Trail will notify you of abnormal or sensitive behavior.
Before you start
To complete the actions presented below, you must have:
-
A Scaleway account logged in to the console
-
Owner status or IAM permissions allowing you to view and manage Audit Trail
Enable or disable preconfigured alerts
- Click Audit Trail in the Monitoring section of the Scaleway console side menu.
- Click the Region drop-down and select a region for which you want to manage alerts.
- Click the Alerting Management tab. A list of preconfigured alerts appears.
- Toggle specific alerts to control which behaviors should trigger a notification.
- Locate the alert you wish to enable/disable.
- Alert name: The technical identifier of the alert (e.g., ApiKeyCreated).
- Description: A brief explanation of what activity triggers the alert.
- Check or uncheck the box in the Active column:
- Checked: The alert is active and will trigger notifications.
- Unchecked: The alert is disabled.
- Locate the alert you wish to enable/disable.
- Click Save changes at the bottom of the page to apply your configuration.
Understand preconfigured alerts
The following alerts are available for Audit Trail.
| Alert | Description |
|---|---|
| ApiKeyCreated | Triggered when a new API key is created within the Project. |
| ApiKeyCreationUnauthorized | Triggered when an unauthorized attempt to create an API key is detected. |
| ApiKeyDeleted | Triggered when an existing API key is deleted. |
| ApiKeyDeletionUnauthorized | Triggered when an unauthorized attempt to delete an API key is detected. |
| HttpForbiddenErrorRateHigh | Triggered when a high volume (>20) of HTTP 403 Forbidden errors is detected within the last 5 minutes, which may indicate a brute-force attempt or misconfiguration. |
Configure email address to receive notifications
The Alerting Management feature is linked to the notification manager. The email address set in the notification manager is where you will receive notifications when alerts are triggered.
For details on how to configure email addresses and notifications, see the related notification manager documentation.
Email notifications contain:
- details of the alert, such as:
- time when the alert was triggered
- behavior detected
- severity
- recommended actions to help you with investigation and mitigation steps
- a link to check the Audit Trail page in the console with filters helping you to see what happened around the affected timeframe
Related documents
- Learn more about how to view your Audit Trail events.