This topic introduces common solutions on how to manage alerts.
Unusual process activities
View the alert and check whether the process activity is a normal service operation. If it is a normal service operation, click Processing in the Actions column, and add the event to the Whitelist. If it is not a normal service operation, check and manage other relevant alerts. After the alerts are managed, click Processing in the Actions column, and select Ignore.
Check whether the source file is a normal service file. If it is a normal service file, click Processing and add the event to the Whitelist. If it is not a normal service file, click Processing and select Isolation.
View the alert. If the logon record is generated by a usual logon event, you can ignore the alert or add approved locations, IP addresses, time, and accounts to the security settings. If the logon record is generated by an unusual logon event, the password may have been leaked. We recommend that you change the password at the earliest opportunity, and select to Block requests from this IP address.
We recommend that you use the virus detection feature to terminate malicious processes and quarantine the source files. Alternatively, you can log on to the server and manually manage malicious processes. Malicious processes may be automatically deleted, or disguise as system processes to pass detections. If no source file exists, check for unusual processes, scheduled tasks, and startup programs.
Unusual network connections
If network connections are established by normal workload traffic, click Processing and add the event to the Whitelist. If network connections are not established by normal workload traffic, use Cloud Firewall or Web Application Firewall (WAF) to block requests based on the alert. After the alert is managed, select Ignore to add the event to the Handled list.