Security Center provides dashboards for network logs, host logs, and security logs on the Log Reports tab of the Log Analysis page.

After you enable the log analysis feature, Security Center automatically creates the dashboards of reports. You can view the dashboards on the Log Reports tab. To go to this tab, log on to the Security Center console and choose Investigation > Log Analysis.

Log type Log report
Network logs DNS Access Center
Network Session Center
Web Access Center
Host logs Login Center
Process Center
Connection Center
Security logs Baseline Center
Vulnerability Center
Alarm Center
Log reports

Network logs

The following log reports are provided for network logs:

  • DNS Access Center

    Security Center provides an overview of domain name system (DNS) queries on the server. The overview includes the success rate of external DNS queries, and the distribution and trends of both local and external DNS queries.

    Widget Display method Default time range Description Example
    External DNS Traffic Single value comparison Today (Time Frame) and Compare with Yesterday The number of external DNS traffic packets in a period on the current day and the change compared with the same period on the last day. 10.0, 0.01%
    External DNS Successful Query Ratio Single value comparison Today (Time Frame) and Compare with Yesterday The success rate of external DNS queries the current day and the change compared with the last day. 100%, 0.01%
    Unique DNS Queried Site Single value comparison Today (Time Frame) and Compare with Yesterday The number of domain names that a unique DNS queries the current day and the change compared with the last day. 10.0, 0.01%
    Local DNS Traffic Single value comparison Today (Time Frame) and Compare with Yesterday The number of local DNS traffic packets the current day and the change compared with the last day. 1,000, 0.01%
    External Query Device Distribution World map Today (Time Frame) The geographical distribution of public network devices that are used to initiate external DNS queries. None
    External DNS Traffic Trend Column chart and line chart Today (Time Frame) The trends in the number of requests and the success rate of external DNS queries per hour. None
    Local DNS Traffic Trend Column chart Today (Time Frame) The trend in the number of requests for local DNS queries per hour. None
    External DNS Most Queried Site Top 20 Pie chart Today (Time Frame) Top 20 domain names that initiate the most external DNS queries. None
    Local DNS Device with Most Query Top 20 Pie chart Today (Time Frame) Top 20 devices that initiate the most local DNS queries. None
    Local DNS Most Queried Site Top 20 Pie chart Today (Time Frame) Top 20 domain names that initiate the most local DNS queries. None
  • Network Session Center

    Security Center provides an overview of asset-related network sessions. The overview includes connection trends, connection distributions, connection destinations, access trends, and access distributions.

    Widget Display method Default time range Description Example
    Network Session Single value comparison 1 Hour (Relative) and Compare with Yesterday The number of network sessions in a period on the current day and the change compared with the same period on the last day. 10.0, -0.01%
    Unique Destination IP Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique destination IP addresses for network sessions the current day and the change compared with the last day. 10.0, -0.01%
    Unique Source IP Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique source IP addresses for network sessions the current day and the change compared with the last day. 10.0, 0.01%
    Unique Destination Port Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique destination ports for network sessions the current day and the change compared with the last day. 10.0, -0.01%
    Network Connection Trend (Protocol) Flow diagram Today (Time Frame) The trend in the number of network sessions by protocol, such as TCP and UDP, per hour. None
    Network Connection Trend (Asset Type) Double line graph Today (Time Frame) The trend in the number of assets, such as Elastic Compute Service (ECS) instances or Server Load Balancer (SLB) instances, used by network sessions per hour. None
    Session Protocol Distribution Pie chart Today (Time Frame) The distribution of network sessions by protocol, such as TCP and UDP. None
    Destination Port Top 10 Pie chart Today (Time Frame) The distribution of the top 10 destination ports with the most network sessions. None
    Related Asset Type Distribution Pie chart This Month (Time Frame) The distribution of the types of assets associated with a network session. The assets include ECS and SLB instances. None
    Destination Distribution (World) World map Today (Time Frame) The geographical distribution of destination IP addresses for outbound sessions around the world. None
    Source Distribution (World) World map Today (Time Frame) The geographical distribution of source IP addresses for inbound sessions around the world. None
    Destination Distribution (China) China map Today (Time Frame) The geographical distribution of destination IP addresses for outbound sessions in China. None
    Source Destination (China) China map Today (Time Frame) The geographical distribution of source IP addresses for inbound sessions in China. None
  • Web Access Center

    Security Center provides an overview of outbound HTTP requests and access to the web services of a host. The overview includes the request success rate, access trends, success efficiency, distribution of accessed domain names, and other related distributions.

    Widget Display method Default time range Description Example
    Valid Request Ratio Single value comparison Today (Time Frame) and Compare with Yesterday The success rate of HTTP requests the current day and the change compared with the last day. The success rate is calculated as the percentage of returned status codes that are less than 400. 0.01%, 10.00
    Web Access Count Single value comparison Today (Time Frame) and Compare with Yesterday The number of HTTP requests in a period on the current day and the change compared with the same period on the last day. 1,000, -0.01%
    Unique Destination Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique destination IP addresses for HTTP requests the current day and the change compared with the last day. 10.0, -0.01%
    Unique Source Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique source IP addresses for HTTP requests the current day and the change compared with the last day. 1,000, 0.01%
    Web Access Trend and Valid Ratio Column chart and line chart Today (Time Frame) The trends in the number of HTTP requests and the success rate per hour. The success rate is calculated as the percentage of returned status codes that are less than 400. None
    Unique Source/Destination Trend Double line graph Today (Time Frame) The trends in the numbers of unique source IP addresses and destination IP addresses per hour. None
    Access Status Distribution Flow diagram Today (Time Frame) The distribution of returned status codes, such as 2xx and 3xx, per hour. None
    Accessed Site Top 10 Histogram Today (Time Frame) The distribution of top 10 domain names that are accessed the most. None
    Content Type Distribution Top 10 Pie chart Today (Time Frame) Top 10 content types, such as text and plain, that are requested the most. None
    Referer Table Today (Time Frame) Top 20 referers that are referred the most. The table contains the following fields: URL, Host, and Total Count. None

Host logs

The following log reports are provided for host logs:

  • Login Center

    Security Center provides an overview of logons to hosts. The overview includes the geographical distributions of source and destination IP addresses, trends, logon ports, and logon types.

    Widget Display method Default time range Description Example
    Login Count Single value comparison 1 Hour (Relative) and Compare with Yesterday The number of logons in a period on the current day and the change compared with the same period on the last day. 10.0, 10%
    Logged In Device Count Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique hosts to which are logged on the current day and the change compared with the last day. 10, -10%
    Unique Login Source IP Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique source IP addresses that are used to log on to hosts the current day and the change compared with the last day. 10, 10%
    Unique Login User Name Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique usernames that are used to log on to hosts the current day and the change compared with the last day. 10, 10%
    Login on Device Trend Column chart and line chart Today (Time Frame) The trends in the number of hosts to which are logged on and the number of logons per hour. None
    Login Method Trend Flow diagram Today (Time Frame) The trend in the number of logons that use different methods, such as RDP and SSH, per hour. None
    Login Method Distribution Pie chart 4 Hours (Relative) The distribution of different logon methods, such as RDP and SSH. None
    Device Distribution World map 4 Hours (Relative) The geographical distribution of logged on hosts that are assigned public IP addresses around the world. None
    Login Source Distribution World map 4 Hours (Relative) The geographical distribution of the source IP addresses used to log on to the hosts that are assigned public IP addresses around the world. None
    Unique Source IP Distribution World map 4 Hours (Relative) The geographical distribution of the unique source IP addresses used to log on to the hosts that are assigned public IP addresses around the world. None
    User with Most Login Top 10 Pie chart 4 Hours (Relative) Top 10 usernames that are most frequently used. None
    Port with Most Login Top 10 Pie chart 4 Hours (Relative) Top 10 destination ports that are most frequently used. None
    Activated User List Table 4 Hours (Relative) The first 30 accounts available on the host. None
    Source IP and User with Most Login Top 30 Table 4 Hours (Relative) Top 30 usernames that are most frequently used to log on to the host and the logon source information. The table contains the following fields: Source Network, Source IP, Login User, Login Method, Login Destination Count, and Login Count. None
  • Process Center

    Security Center provides an overview of processes on hosts. The overview includes process startup trends, process distribution, process types, and the distribution of specific Bash and Java program startups.

    Widget Display method Default time range Description Example
    Process Start Count Single value comparison 1 Hour (Relative) and Compare with Yesterday The number of process startups in a period on the current day and the change compared with the same period on the last day. 10,000, 0.01%
    Related Device Count Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique hosts on which processes are started the current day and the change compared with the last day. 10.0, 0.01%
    Unique Process Name Count Single value comparison Today (Time Frame) and Compare with Yesterday The number of started processes that have unique names the current day and the change compared with the last day. 10.0, 0.01%
    Device Count Column chart and line chart Today (Time Frame) The trends in the number of hosts on which processes are started and the number of unique processes per hour. None
    Process Start Trend Line graph Today (Time Frame) The average number of processes started on each host per hour. None
    Device Distribution World map Today (Time Frame) The geographical distribution of hosts on which processes are started around the world. The hosts must be assigned public IP addresses. None
    Process Start Count Distribution on Device World map Today (Time Frame) The geographical distribution of the process events on hosts that are assigned public IP addresses around the world. None
    Most Started Process Top 20 Table Today (Time Frame) Top 20 processes that are most frequently started. The table contains the following fields: Process Name, Process Path, and Start Count. None
    Process that Started Most Bash Top 20 Table Today (Time Frame) Top 20 processes that initiate Bash the most. The table contains the Parent Process and Start Count fields. None
    Java File with Most Start Count Top 30 Table Today (Time Frame) Top 30 Java files that initiate the most processes. The table contains the following fields: Jar File Name, Jar File Path, and Start Count. None
    Device with Most Process Started Top 30 Table Today (Time Frame) Top 30 clients that initiate the most processes. The table contains the following fields: Device, Total Started Process Count, Most Started Command Line, Related Process, Start Count, and Ratio. None
  • Connection Center

    Security Center provides an overview of the connection changes for hosts. The overview includes the connection distributions, connection trends, destinations, access trends, and access distributions.

    Widget Display method Default time range Description Example
    Connection Event Single value comparison 1 Hour (Relative) and Compare with Yesterday The number of connection changes in a period on the current day and the change compared with the same period on the last day. 10.0, -0.01%
    Related Device Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique hosts that have connection changes the current day and the change compared with the last day. 10.0, 0.01%
    Unique Process Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique processes that have connection changes the current day and the change compared with the last day. 10.0, 0.01%
    Unique Source IP Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique source IP addresses that have connection changes the current day and the change compared with the last day. 10.0, 0.01%
    Unique Destination IP Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique destination IP addresses that have connection changes the current day and the change compared with the last day. 1,000, 0.01%
    Network Connection Trend Double line graph 1 Hour (Relative) The trends in the numbers of hosts on which network connection events occur and events per hour. None
    Connection Type Trend Double line graph 1 Hour (Relative) The trend in the distribution of connection types, such as inbound and outbound connections, involved in connection changes per hour. None
    Connection Type Distribution Pie chart 1 Hour (Relative) The distribution of connection types, such as inbound and outbound connections, involved in connection changes. None
    Protocol Distribution Pie chart 1 Hour (Relative) The distribution of connection changes by protocol, such as TCP and UDP. None
    Device Distribution World map 1 Hour (Relative) The geographical distribution of hosts that have connection changes around the world. None
    Device Event Distribution World map 1 Hour (Relative) The geographical distribution of connection changes on hosts that are assigned public IP addresses around the world. None
    Connection Out Destination Distribution World map 1 Hour (Relative) The geographical distribution of the destination IP addresses for outbound connections involved in connection changes around the world. None
    Connection In Source Distribution World map 1 Hour (Relative) The geographical distribution of the source IP addresses for inbound connections involved in connection changes around the world. None
    Device with Most Connection Out Top 30 Table 1 Hour (Relative) Top 30 devices that have the most changes in outbound connections. The table contains the following fields: Device, Connection Out Count, Connection Destination Count, Related Remote Destination Port Count, and Destination Port Sample. None
    Device with Most Connection In Top 30 Table 1 Hour (Relative) Top 30 devices that have the most changes in inbound connections. The table contains the following fields: Device, Listen IP, Connection In Count, Listen Port Count, and Port Sample. None
    Device with Most Connection Out Target Top 30 Table 1 Hour (Relative) Top 30 devices that have the most destinations of outbound connection changes. The table includes the following fields: Device, Connection Out Count, Connection Destination Count, Connection Destination Sample, and Destination Port Sample. None
    Ports with Most Connection In Top 30 Table 1 Hour (Relative) Top 30 listener ports that have the most changes in inbound connections. The table includes the following fields: Listen Port, Connection In Count, and Process Sample. None
    Process with Most Connection Out Top 30 Table 1 Hour (Relative) Top 30 processes that have the most changes in outbound connections. The table contains the following fields: Process Name, Connection Event Count, Related Device Count, and Path Sample. None
    Process with Most Connection In Top 30 Table 1 Hour (Relative) Top 30 processes that have the most inbound connection changes. The table contains the following fields: Process Name, Connection Event Count, Related Device Count, and Path Sample. None

Security logs

The following log reports are provided for security logs:

  • Baseline Center

    Security Center provides an overview of baseline issues. The overview includes the distribution of baseline issues, the trend of newly occurred issues, the trend of handled issues, and issue states.

    Widget Display method Default time range Description Example
    Related Device Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique hosts that have baseline issues the current day and the change compared with the last day. 10.0, 0.01%
    New Baseline Single value comparison Today (Time Frame) and Compare with Yesterday The number of new baseline issues the current day and the change compared with the last day. 10.0, -0.01%
    Verify Baseline Single value comparison Today (Time Frame) and Compare with Yesterday The number of verified baseline issues the current day and the change compared with the last day. 10.0, -0.01%
    High Level Baseline Single value comparison Today (Time Frame) and Compare with Yesterday The number of high-priority baseline issues the current day and the change compared with the last day. 10.0, 0.01%
    Baseline Operation Trend Flow diagram Today (Time Frame) The trend in the number of operations on baseline issues, such as operations on new issues and issue verification, per hour. None
    Baseline Subtype Trend Flow diagram Today (Time Frame) The trend in the number of baseline subtypes, such as system account security and registries, per hour. None
    Baseline Status Trend Flow diagram Today (Time Frame) The trend in the number of baseline issues in each state, such as unfixed and fixed, per hour. None
    Baseline Operation Distribution Doughnut chart Today (Time Frame) The distribution of operations on baseline issues, such as operations on new issues and issue verification. None
    Baseline Subtype Distribution Doughnut chart Today (Time Frame) The distribution of baseline subtypes, such as system account security and registries. None
    Baseline Status Distribution Doughnut chart Today (Time Frame) The distribution of the latest states of baselines issues, such as unfixed, fixed, and fix failed.
    Notice If a baseline issue has multiple states, the latest state is used.
    None
    New Baseline Top10 Doughnut chart Today (Time Frame) Top 10 baselines for which the most new issues are detected on each host. None
    Verify Baseline Top10 Doughnut chart Today (Time Frame) Top 10 baselines for which the most issues are verified on each host. None
    Baseline Client Distribution Top20 Table Today (Time Frame) Top 10 hosts that have the most baseline issues. The table contains the following fields: Client, Baseline Event, New, Verify, High Level, and Medium Level. None
  • Vulnerability Center

    Security Center provides an overview of vulnerabilities. The overview includes the vulnerability distributions, trends of new, verified, and fixed vulnerabilities, and states of vulnerabilities.

    Widget Display method Default time range Description Example
    Related Device Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique hosts that have vulnerabilities the current day and the change compared with the last day. 10.0, 0.01%
    New Vulnerability Single value comparison Today (Time Frame) and Compare with Yesterday The number of new vulnerabilities the current day and the change compared with the last day. 10.0, 0.01%
    Verify Vulnerability Single value comparison Today (Time Frame) and Compare with Yesterday The number of verified vulnerabilities the current day and the change compared with the last day. 10.0, -0.01%
    Fix Vulnerability Single value comparison Today (Time Frame) and Compare with Yesterday The number of fixed vulnerabilities the current day and the change compared with the last day. 10.0, -0.01%
    Vulnerability Operation Trend Flow diagram Today (Time Frame) The trend in the number of operations on vulnerabilities, such as operations on new vulnerabilities and vulnerability verification, per hour. None
    Vulnerability Type Trend Flow diagram Today (Time Frame) The trend in the number of vulnerabilities of different types, such as Windows vulnerabilities, Linux vulnerabilities, and Web-CMS vulnerabilities, per hour. None
    Vulnerability Status Trend Flow diagram Today (Time Frame) The trend in the number of vulnerabilities in different states, such as unfixed and fixed, per hour. None
    Vulnerability Operation Distribution Doughnut chart Today (Time Frame) The distribution of operations on vulnerabilities, such as operations on new vulnerabilities and vulnerability verification. None
    Vulnerability Type Distribution Doughnut chart Today (Time Frame) The distribution of vulnerabilities of different types, such as Windows vulnerabilities, Linux vulnerabilities, and Web-CMS vulnerabilities. None
    Vulnerability Status Distribution Doughnut chart Today (Time Frame) The distribution of the latest states of vulnerabilities, such as unfixed, fixed, and fix failed.
    Notice If a vulnerability has multiple states, the latest state is used.
    None
    New Vulnerability Top10 Doughnut chart Today (Time Frame) Top 10 vulnerabilities that are detected the most on each host. None
    Verify Vulnerability Top10 Doughnut chart Today (Time Frame) Top 10 vulnerabilities that are verified the most on each host. None
    Fix Vulnerability Top10 Doughnut chart Today (Time Frame) Top 10 vulnerabilities that are fixed the most on each host. None
    Vulnerability Client Distribution Top20 Table Today (Time Frame) Top 20 hosts that have the most vulnerabilities. The table contains the following fields: Client, Vulnerability Event, New, Verify, Fix, Windows Vulnerability, Linux Vulnerability, and Web Vulnerability. None
  • Alarm Center

    Security Center provides an overview of security alerts. The overview includes the trends, distributions, and states of new and handled alerts.

    Widget Display method Default time range Description Example
    Related Device Single value comparison Today (Time Frame) and Compare with Yesterday The number of unique hosts for which security alerts are generated the current day and the change compared with the last day. 10.0, 0.01%
    New Alarm Single value comparison Today (Time Frame) and Compare with Yesterday The number of new alerts the current day and the change compared with the last day. 10.0, -0.01%
    Fix Alarm Single value comparison Today (Time Frame) and Compare with Yesterday The number of handled alerts the current day and the change compared with the last day. 10.0, 0.01%
    High Level Alarm Single value comparison Today (Time Frame) and Compare with Yesterday The number of critical alerts the current day and the change compared with the last day. 10.0, -0.01%
    Alarm Operation Trend Flow diagram Today (Time Frame) The trend in the number of operations on alerts, such as operations on new alerts and alert handling, per hour. None
    Alarm Level Trend Flow diagram Today (Time Frame) The trend in the number of alerts at different priorities, such as critical, suspicious, and warning, per hour. None
    Alarm Status Trend Flow diagram Today (Time Frame) The trend in the number of alerts in different states, such as unfixed and fixed, per hour. None
    Alarm Operation Distribution Doughnut chart Today (Time Frame) The distribution of operations on alerts, such as operations on new alerts and alert handling. None
    Alarm Level Distribution Doughnut chart Today (Time Frame) The distribution of alerts at different priorities, such as critical, suspicious, and warning. None
    Alarm Status Distribution Doughnut chart Today (Time Frame) The distribution of the latest states of alerts, such as unfixed, fixed, and fix failed.
    Notice If an alert has multiple states, the latest state is used.
    None
    New Alarm Top10 Doughnut chart Today (Time Frame) Top 10 alerts that are generated the most on each host. None
    Fix Alarm Top10 Doughnut chart Today (Time Frame) Top 10 alerts that are handled the most on each host. None
    Alarm Client Distribution Top20 Table Today (Time Frame) Top 20 hosts for which the most alerts are generated. The table contains the following fields: Client, Alarm Event, New, Dealing, Serious, Suspicious, and Alarm Type. None