Security Center provides dashboards for network logs, host logs, and security logs on the Log Reports tab of the Log Analysis page.
After you enable the log analysis feature, Security Center automatically creates the dashboards of reports. You can view the dashboards on the Log Reports tab. To go to this tab, log on to the Security Center console and choose .
Log type | Log report |
Network logs | DNS Access Center |
Network Session Center | |
Web Access Center | |
Host logs | Login Center |
Process Center | |
Connection Center | |
Security logs | Baseline Center |
Vulnerability Center | |
Alarm Center |
Network logs
The following log reports are provided for network logs:
DNS Access Center
Security Center provides an overview of domain name system (DNS) queries on the server. The overview includes the success rate of external DNS queries, and the distribution and trends of both local and external DNS queries.
Widget
Display method
Default time range
Description
Example
External DNS Traffic
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of external DNS traffic packets in a period on the current day and the change compared with the same period on the last day.
10.0, 0.01%
External DNS Successful Query Ratio
Single value comparison
Today (Time Frame) and Compare with Yesterday
The success rate of external DNS queries the current day and the change compared with the last day.
100%, 0.01%
Unique DNS Queried Site
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of domain names that a unique DNS queries the current day and the change compared with the last day.
10.0, 0.01%
Local DNS Traffic
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of local DNS traffic packets on the current day and the change compared with the last day.
1,000, 0.01%
External Query Device Distribution
World map
Today (Time Frame)
The geographical distribution of public network devices that are used to initiate external DNS queries.
None
External DNS Traffic Trend
Column chart and line chart
Today (Time Frame)
The trends in the number of requests and the success rate of external DNS queries per hour.
None
Local DNS Traffic Trend
Column chart
Today (Time Frame)
The trend in the number of requests for local DNS queries per hour.
None
External DNS Most Queried Site Top 20
Pie chart
Today (Time Frame)
Top 20 domain names that initiate the most external DNS queries.
None
Local DNS Device with Most Query Top 20
Pie chart
Today (Time Frame)
Top 20 devices that initiate the most local DNS queries.
None
Local DNS Most Queried Site Top 20
Pie chart
Today (Time Frame)
Top 20 domain names that initiate the most local DNS queries.
None
Network Session Center
Security Center provides an overview of asset-related network sessions. The overview includes connection trends, connection distributions, connection destinations, access trends, and access distributions.
Widget
Display method
Default time range
Description
Example
Network Session
Single value comparison
1 Hour (Relative) and Compare with Yesterday
The number of network sessions in a period on the current day and the change compared with the same period on the last day.
10.0, -0.01%
Unique Destination IP
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique destination IP addresses for network sessions the current day and the change compared with the last day.
10.0, -0.01%
Unique Source IP
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique source IP addresses for network sessions the current day and the change compared with the last day.
10.0, 0.01%
Unique Destination Port
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique destination ports for network sessions the current day and the change compared with the last day.
10.0, -0.01%
Network Connection Trend (Protocol)
Flow diagram
Today (Time Frame)
The trend in the number of network sessions by protocol, such as TCP and UDP, per hour.
None
Network Connection Trend (Asset Type)
Double line graph
Today (Time Frame)
The trend in the number of assets, such as Elastic Compute Service (ECS) instances or Server Load Balancer (SLB) instances, used by network sessions per hour.
None
Session Protocol Distribution
Pie chart
Today (Time Frame)
The distribution of network sessions by protocol, such as TCP and UDP.
None
Destination Port Top 10
Pie chart
Today (Time Frame)
The distribution of the top 10 destination ports with the most network sessions.
None
Related Asset Type Distribution
Pie chart
This Month (Time Frame)
The distribution of the types of assets associated with a network session. The assets include ECS and SLB instances.
None
Destination Distribution (World)
World map
Today (Time Frame)
The geographical distribution of destination IP addresses for outbound sessions around the world.
None
Source Distribution (World)
World map
Today (Time Frame)
The geographical distribution of source IP addresses for inbound sessions around the world.
None
Destination Distribution (China)
China map
Today (Time Frame)
The geographical distribution of destination IP addresses for outbound sessions in China.
None
Source Destination (China)
China map
Today (Time Frame)
The geographical distribution of source IP addresses for inbound sessions in China.
None
Web Access Center
Security Center provides an overview of outbound HTTP requests and access to the web services of a host. The overview includes the request success rate, access trends, success efficiency, distribution of accessed domain names, and other related distributions.
Widget
Display method
Default time range
Description
Example
Valid Request Ratio
Single value comparison
Today (Time Frame) and Compare with Yesterday
The success rate of HTTP requests the current day and the change compared with the last day. The success rate is calculated as the percentage of returned status codes that are less than 400.
0.01%, 10.00
Web Access Count
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of HTTP requests in a period on the current day and the change compared with the same period on the last day.
1,000, -0.01%
Unique Destination
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique destination IP addresses for HTTP requests the current day and the change compared with the last day.
10.0, -0.01%
Unique Source
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique source IP addresses for HTTP requests the current day and the change compared with the last day.
1,000, 0.01%
Web Access Trend and Valid Ratio
Column chart and line chart
Today (Time Frame)
The trends in the number of HTTP requests and the success rate per hour. The success rate is calculated as the percentage of returned status codes that are less than 400.
None
Unique Source/Destination Trend
Double line graph
Today (Time Frame)
The trends in the numbers of unique source IP addresses and destination IP addresses per hour.
None
Access Status Distribution
Flow diagram
Today (Time Frame)
The distribution of returned status codes, such as 2xx and 3xx, per hour.
None
Accessed Site Top 10
Histogram
Today (Time Frame)
The distribution of top 10 domain names that are accessed the most.
None
Content Type Distribution Top 10
Pie chart
Today (Time Frame)
Top 10 content types, such as text and plain, that are requested the most.
None
Referer
Table
Today (Time Frame)
Top 20 referers that are referred the most. The table contains the following fields: URL, Host, and Total Count.
None
Host logs
The following log reports are provided for host logs:
Login Center
Security Center provides an overview of logons to hosts. The overview includes the geographical distributions of source and destination IP addresses, trends, logon ports, and logon types.
Widget
Display method
Default time range
Description
Example
Login Count
Single value comparison
1 Hour (Relative) and Compare with Yesterday
The number of logons in a period on the current day and the change compared with the same period on the last day.
10.0, 10%
Logged In Device Count
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique hosts to which are logged on the current day and the change compared with the last day.
10, -10%
Unique Login Source IP
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique source IP addresses that are used to log on to hosts the current day and the change compared with the last day.
10, 10%
Unique Login User Name
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique usernames that are used to log on to hosts the current day and the change compared with the last day.
10, 10%
Login on Device Trend
Column chart and line chart
Today (Time Frame)
The trends in the number of hosts to which are logged on and the number of logons per hour.
None
Login Method Trend
Flow diagram
Today (Time Frame)
The trend in the number of logons that use different methods, such as RDP and SSH, per hour.
None
Login Method Distribution
Pie chart
4 Hours (Relative)
The distribution of different logon methods, such as RDP and SSH.
None
Device Distribution
World map
4 Hours (Relative)
The geographical distribution of logged on hosts that are assigned public IP addresses around the world.
None
Login Source Distribution
World map
4 Hours (Relative)
The geographical distribution of the source IP addresses used to log on to the hosts that are assigned public IP addresses around the world.
None
Unique Source IP Distribution
World map
4 Hours (Relative)
The geographical distribution of the unique source IP addresses used to log on to the hosts that are assigned public IP addresses around the world.
None
User with Most Login Top 10
Pie chart
4 Hours (Relative)
Top 10 usernames that are most frequently used.
None
Port with Most Login Top 10
Pie chart
4 Hours (Relative)
Top 10 destination ports that are most frequently used.
None
Activated User List
Table
4 Hours (Relative)
The first 30 accounts available on the host.
None
Source IP and User with Most Login Top 30
Table
4 Hours (Relative)
Top 30 usernames that are most frequently used to log on to the host and the logon source information. The table contains the following fields: Source Network, Source IP, Login User, Login Method, Login Destination Count, and Login Count.
None
Process Center
Security Center provides an overview of processes on hosts. The overview includes process startup trends, process distribution, process types, and the distribution of specific Bash and Java program startups.
Widget
Display method
Default time range
Description
Example
Process Start Count
Single value comparison
1 Hour (Relative) and Compare with Yesterday
The number of process startups in a period on the current day and the change compared with the same period on the last day.
10,000, 0.01%
Related Device Count
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique hosts on which processes are started the current day and the change compared with the last day.
10.0, 0.01%
Unique Process Name Count
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of started processes that have unique names the current day and the change compared with the last day.
10.0, 0.01%
Device Count
Column chart and line chart
Today (Time Frame)
The trends in the number of hosts on which processes are started and the number of unique processes per hour.
None
Process Start Trend
Line graph
Today (Time Frame)
The average number of processes started on each host per hour.
None
Device Distribution
World map
Today (Time Frame)
The geographical distribution of hosts on which processes are started around the world. The hosts must be assigned public IP addresses.
None
Process Start Count Distribution on Device
World map
Today (Time Frame)
The geographical distribution of the process events on hosts that are assigned public IP addresses around the world.
None
Most Started Process Top 20
Table
Today (Time Frame)
Top 20 processes that are most frequently started. The table contains the following fields: Process Name, Process Path, and Start Count.
None
Process that Started Most Bash Top 20
Table
Today (Time Frame)
Top 20 processes that initiate Bash the most. The table contains the Parent Process and Start Count fields.
None
Java File with Most Start Count Top 30
Table
Today (Time Frame)
Top 30 Java files that initiate the most processes. The table contains the following fields: Jar File Name, Jar File Path, and Start Count.
None
Device with Most Process Started Top 30
Table
Today (Time Frame)
Top 30 clients that initiate the most processes. The table contains the following fields: Device, Total Started Process Count, Most Started Command Line, Related Process, Start Count, and Ratio.
None
Connection Center
Security Center provides an overview of the connection changes for hosts. The overview includes the connection distributions, connection trends, destinations, access trends, and access distributions.
Widget
Display method
Default time range
Description
Example
Connection Event
Single value comparison
1 Hour (Relative) and Compare with Yesterday
The number of connection changes in a period on the current day and the change compared with the same period on the last day.
10.0, -0.01%
Related Device
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique hosts that have connection changes the current day and the change compared with the last day.
10.0, 0.01%
Unique Process
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique processes that have connection changes the current day and the change compared with the last day.
10.0, 0.01%
Unique Source IP
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique source IP addresses that have connection changes the current day and the change compared with the last day.
10.0, 0.01%
Unique Destination IP
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique destination IP addresses that have connection changes the current day and the change compared with the last day.
1,000, 0.01%
Network Connection Trend
Double line graph
1 Hour (Relative)
The trends in the numbers of hosts on which network connection events occur and events per hour.
None
Connection Type Trend
Double line graph
1 Hour (Relative)
The trend in the distribution of connection types, such as inbound and outbound connections, involved in connection changes per hour.
None
Connection Type Distribution
Pie chart
1 Hour (Relative)
The distribution of connection types, such as inbound and outbound connections, involved in connection changes.
None
Protocol Distribution
Pie chart
1 Hour (Relative)
The distribution of connection changes by protocol, such as TCP and UDP.
None
Device Distribution
World map
1 Hour (Relative)
The geographical distribution of hosts that have connection changes around the world.
None
Device Event Distribution
World map
1 Hour (Relative)
The geographical distribution of connection changes on hosts that are assigned public IP addresses around the world.
None
Connection Out Destination Distribution
World map
1 Hour (Relative)
The geographical distribution of the destination IP addresses for outbound connections involved in connection changes around the world.
None
Connection In Source Distribution
World map
1 Hour (Relative)
The geographical distribution of the source IP addresses for inbound connections involved in connection changes around the world.
None
Device with Most Connection Out Top 30
Table
1 Hour (Relative)
Top 30 devices that have the most changes in outbound connections. The table contains the following fields: Device, Connection Out Count, Connection Destination Count, Related Remote Destination Port Count, and Destination Port Sample.
None
Device with Most Connection In Top 30
Table
1 Hour (Relative)
Top 30 devices that have the most changes in inbound connections. The table contains the following fields: Device, Listen IP, Connection In Count, Listen Port Count, and Port Sample.
None
Device with Most Connection Out Target Top 30
Table
1 Hour (Relative)
Top 30 devices that have the most destinations of outbound connection changes. The table includes the following fields: Device, Connection Out Count, Connection Destination Count, Connection Destination Sample, and Destination Port Sample.
None
Ports with Most Connection In Top 30
Table
1 Hour (Relative)
Top 30 listener ports that have the most changes in inbound connections. The table includes the following fields: Listen Port, Connection In Count, and Process Sample.
None
Process with Most Connection Out Top 30
Table
1 Hour (Relative)
Top 30 processes that have the most changes in outbound connections. The table contains the following fields: Process Name, Connection Event Count, Related Device Count, and Path Sample.
None
Process with Most Connection In Top 30
Table
1 Hour (Relative)
Top 30 processes that have the most inbound connection changes. The table contains the following fields: Process Name, Connection Event Count, Related Device Count, and Path Sample.
None
Security logs
The following log reports are provided for security logs:
Baseline Center
Security Center provides an overview of baseline issues. The overview includes the distribution of baseline issues, the trend of newly occurred issues, the trend of handled issues, and issue states.
Widget
Display method
Default time range
Description
Example
Related Device
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique hosts that have baseline issues the current day and the change compared with the last day.
10.0, 0.01%
New Baseline
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of new baseline issues the current day and the change compared with the last day.
10.0, -0.01%
Verify Baseline
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of verified baseline issues the current day and the change compared with the last day.
10.0, -0.01%
High Level Baseline
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of high-priority baseline issues the current day and the change compared with the last day.
10.0, 0.01%
Baseline Operation Trend
Flow diagram
Today (Time Frame)
The trend in the number of operations on baseline issues, such as operations on new issues and issue verification, per hour.
None
Baseline Subtype Trend
Flow diagram
Today (Time Frame)
The trend in the number of baseline subtypes, such as system account security and registries, per hour.
None
Baseline Status Trend
Flow diagram
Today (Time Frame)
The trend in the number of baseline issues in each state, such as unfixed and fixed, per hour.
None
Baseline Operation Distribution
Doughnut chart
Today (Time Frame)
The distribution of operations on baseline issues, such as operations on new issues and issue verification.
None
Baseline Subtype Distribution
Doughnut chart
Today (Time Frame)
The distribution of baseline subtypes, such as system account security and registries.
None
Baseline Status Distribution
Doughnut chart
Today (Time Frame)
The distribution of the latest states of baselines issues, such as unfixed, fixed, and fix failed.
ImportantIf a baseline issue has multiple states, the latest state is used.
None
New Baseline Top10
Doughnut chart
Today (Time Frame)
Top 10 baselines for which the most new issues are detected on each host.
None
Verify Baseline Top10
Doughnut chart
Today (Time Frame)
Top 10 baselines for which the most issues are verified on each host.
None
Baseline Client Distribution Top20
Table
Today (Time Frame)
Top 10 hosts that have the most baseline issues. The table contains the following fields: Client, Baseline Event, New, Verify, High Level, and Medium Level.
None
Vulnerability Center
Security Center provides an overview of vulnerabilities. The overview includes the vulnerability distributions, trends of new, verified, and fixed vulnerabilities, and states of vulnerabilities.
Widget
Display method
Default time range
Description
Example
Related Device
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique hosts that have vulnerabilities the current day and the change compared with the last day.
10.0, 0.01%
New Vulnerability
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of new vulnerabilities the current day and the change compared with the last day.
10.0, 0.01%
Verify Vulnerability
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of verified vulnerabilities the current day and the change compared with the last day.
10.0, -0.01%
Fix Vulnerability
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of fixed vulnerabilities the current day and the change compared with the last day.
10.0, -0.01%
Vulnerability Operation Trend
Flow diagram
Today (Time Frame)
The trend in the number of operations on vulnerabilities, such as operations on new vulnerabilities and vulnerability verification, per hour.
None
Vulnerability Type Trend
Flow diagram
Today (Time Frame)
The trend in the number of vulnerabilities of different types, such as Windows vulnerabilities, Linux vulnerabilities, and Web-CMS vulnerabilities, per hour.
None
Vulnerability Status Trend
Flow diagram
Today (Time Frame)
The trend in the number of vulnerabilities in different states, such as unfixed and fixed, per hour.
None
Vulnerability Operation Distribution
Doughnut chart
Today (Time Frame)
The distribution of operations on vulnerabilities, such as operations on new vulnerabilities and vulnerability verification.
None
Vulnerability Type Distribution
Doughnut chart
Today (Time Frame)
The distribution of vulnerabilities of different types, such as Windows vulnerabilities, Linux vulnerabilities, and Web-CMS vulnerabilities.
None
Vulnerability Status Distribution
Doughnut chart
Today (Time Frame)
The distribution of the latest states of vulnerabilities, such as unfixed, fixed, and fix failed.
ImportantIf a vulnerability has multiple states, the latest state is used.
None
New Vulnerability Top10
Doughnut chart
Today (Time Frame)
Top 10 vulnerabilities that are detected the most on each host.
None
Verify Vulnerability Top10
Doughnut chart
Today (Time Frame)
Top 10 vulnerabilities that are verified the most on each host.
None
Fix Vulnerability Top10
Doughnut chart
Today (Time Frame)
Top 10 vulnerabilities that are fixed the most on each host.
None
Vulnerability Client Distribution Top20
Table
Today (Time Frame)
Top 20 hosts that have the most vulnerabilities. The table contains the following fields: Client, Vulnerability Event, New, Verify, Fix, Windows Vulnerability, Linux Vulnerability, and Web Vulnerability.
None
Alarm Center
Security Center provides an overview of security alerts. The overview includes the trends, distributions, and states of new and handled alerts.
Widget
Display method
Default time range
Description
Example
Related Device
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of unique hosts for which security alerts are generated the current day and the change compared with the last day.
10.0, 0.01%
New Alarm
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of new alerts the current day and the change compared with the last day.
10.0, -0.01%
Fix Alarm
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of handled alerts the current day and the change compared with the last day.
10.0, 0.01%
High Level Alarm
Single value comparison
Today (Time Frame) and Compare with Yesterday
The number of critical alerts the current day and the change compared with the last day.
10.0, -0.01%
Alarm Operation Trend
Flow diagram
Today (Time Frame)
The trend in the number of operations on alerts, such as operations on new alerts and alert handling, per hour.
None
Alarm Level Trend
Flow diagram
Today (Time Frame)
The trend in the number of alerts at different priorities, such as critical, suspicious, and warning, per hour.
None
Alarm Status Trend
Flow diagram
Today (Time Frame)
The trend in the number of alerts in different states, such as unfixed and fixed, per hour.
None
Alarm Operation Distribution
Doughnut chart
Today (Time Frame)
The distribution of operations on alerts, such as operations on new alerts and alert handling.
None
Alarm Level Distribution
Doughnut chart
Today (Time Frame)
The distribution of alerts at different priorities, such as critical, suspicious, and warning.
None
Alarm Status Distribution
Doughnut chart
Today (Time Frame)
The distribution of the latest states of alerts, such as unfixed, fixed, and fix failed.
ImportantIf an alert has multiple states, the latest state is used.
None
New Alarm Top10
Doughnut chart
Today (Time Frame)
Top 10 alerts that are generated the most on each host.
None
Fix Alarm Top10
Doughnut chart
Today (Time Frame)
Top 10 alerts that are handled the most on each host.
None
Alarm Client Distribution Top20
Table
Today (Time Frame)
Top 20 hosts for which the most alerts are generated. The table contains the following fields: Client, Alarm Event, New, Dealing, Serious, Suspicious, and Alarm Type.
None