Security Events
View threat events that have a real security impact on user services, including abnormal login behavior, Trojans, DDoS attacks, and application-layer web traffic attacks.
Trojan Invasion
Supports viewing:
Total Trojans: Total number of historical Trojans
Remediated Trojans: Number of historical Trojans that have been resolved
Trojan Parameters Description:
- Trojan Type
- Resource Name
- Resource ID
- Trojan Path
- Intrusion Time
- Remediation Suggestion
Login Security
Supports viewing:
Remote Login Events: Number of remote login events
Brute Force Events: Number of brute force attack events
Parameters Description:
- Type: divided into successful remote login and brute force attacks
- Source IP
- Project Name
- Availability Zone
- Login Location
- Host IP
- Time
- Risk Level
- Login Type
- Login Username
Network Attacks
Supports viewing:
Attack Overview: The attack overview of the user’s IP
Attack Details: The specific details of each attack on the user’s IP
Allows users to select any desired time range for viewing.
Attack Overview Parameters Description:
- IP
- Region
- Current Status
- Default Blocking Threshold (G)
- Attack Times
- Recent Attack Time
- Actions
Attack Details Parameters Description:
- IP
- Region
- Peak Attack (Mbps)
- Attack Type
- Start Time
- Duration (seconds)
- Actions
Web Attacks
Supports viewing: Attack details and analysis on the user-selected domain name
Attack Details Parameters Description:
- Recent Attack Time
- IP Details
- Request Path
- Region
- Attack Type
- Attack Times
- Work Mode
- Match Action
- Risk Level
Attack Analysis:
Protection Timeline: Statistics on the number of allowed or blocked attacks over a period of time. If the selected work mode is “Record but do not block,” the protection actions are all “allowed,” and if the work mode is “Enable protection rules,” the actions are “blocked.” Configure work mode as referred to here.