The Log Report page in Security Center presents data of three dashboards, which are the Logon Center, Process Center, and Network Connection Center.

The Dashboard page is automatically created after the Log Analysis Service has been activated.


日志报表

Logon Center

Security Center presents the Host Logon Center dashboard and provides an overview of the logon information on the host, including the geographic distribution, trends, logon ports, and types of target addresses and logon sources.

A description of the Logon Center dashboard can be found in the following table:

Graph name Data type Default time range Description Example
Logon count Single value comparison Value 1 hour ago/value yesterday The number of total logons and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
Devices logged on Single value comparison Day-to-day ratio The number of dedicated servers that have been logged on to and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
Logon source IP Single value comparison Day-to-day ratio The number of dedicated IPs that logged on to the server and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
Logon username Single value comparison Day-to-day ratio The number of dedicated visitors that logged on to the server and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
Monitor of the client logon trend Histograms and linear graphs Today (a time on the hour) The trend graph of the devices where the logon events occur and the number of logons per hour. -
Logon method trend Stream graph Today (a time on the hour) The trend graph of the logon methods, such as RDP and SSH, with the unit of times per hour. -
Logon method distribution Pie graph Today (a time on the hour) The trend graph of the logon methods, such as RDP and SSH. -
Device distribution Map (global) Today (a time on the hour) Geographic distribution of the number of devices with public network addresses that have logon events. -
Logon source distribution Map (global) Today (a time on the hour) Geographic distribution of the number of devices with public network addresses that are the logon sources. -
Distribution of dedicated logon sources Map (global) Today (a time on the hour) Geographic distribution of the numbers of devices with public network addresses that are dedicated logon sources. -
Top 10 most frequently logged on users. Pie graph Today (a time on the hour) Top 10 most frequently logged on users. -
Top 10 most frequently used ports to logon. Pie graph Today (a time on the hour) Top 10 most frequently used target ports to logon. -
List of activated users Table Today (a time on the hour) Top 30 accounts available on the device. -
Top 30 most frequently logged on users and the source information. Table Today (a time on the hour) Top 30 most frequently logged on users and the source information, including source networks, logon IPs, usernames, logon methods, the number of dedicated devices, and the number of logons. -

Process center

Security Center shows the Process Center dashboard of the host processes and provides you with a global view of the running process on the host, including process starting trends, distribution, process types, and the distribution of the running status of specific Bash and Java programs.

A description of the Logon Center dashboard can be found in the following table:

Graph name Data type Default time range Description Example
Process running times Single value comparison Value 1 hour ago/value yesterday The number of total logon events and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
Number of related devices Single value comparison Day-to-day ratio The number of dedicated servers that have been logged on to and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
Name of independent starting processes Single value comparison Day-to-day ratio The number of independent process names that have started and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
The number of client devices. Histograms and line graphs Today (00:00) A trend graph of devices that start processes and the number of independent process names per hour. -
Process initiation trend Line graph Today (a time on the hour) The average number of started processes on each device per hour. -
Distribution of public network devices Map (global) Today (a time on the hour) Geographic distribution of the number of devices that have started processes (for devices with public network addresses). -
Distribution of process initiations on public network devices. Map (global) Today (a time on the hour) The geographic distribution of the client device locations (for devices that have public network addresses). -
Top 20 most frequently started processes. Table Today (a time on the hour) Top 20 most frequently started processes, including the process name, process path, and the number of times the process has started. -
Top 20 processes that trigger Bash programs. Table Today (a time on the hour) Top 20 processes that trigger Bash programs, including the parent process name and the total count of the triggers. -
Top 30 clients that start processes. Table Today (a time on the hour) Top 30 clients that start the processes, including the client, the total count of starts, the command that is the most started one on this client, the corresponding process name/number of times and proportion. -

Network connection center

Security Center presents the Host Network Center dashboard and provides an overview of the logon information on the host, including the geographic distribution, trends, logon ports, and types of target addresses and logon sources.

A description of the Network Center dashboard can be found in the following table:

Graph name Data type Default time range Description Example
Connection events Single value comparison Value 1 hour ago/value yesterday The total number of connection change events on the device and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
Related devices Single value comparison Day-to-day ratio The number of dedicated servers that have connection change events and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
Independent process Single value comparison Day-to-day ratio The number of independent processes that have connection change events, and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
Dedicated source IP Single value comparison Day-to-day ratio The number of dedicated source IPs that have connection change events, and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
Dedicated target IP Single value comparison Day-to-day ratio The number of dedicated target IPs that have connection change events, and the increase or decrease in percentage compared with yesterday. 10. Increased by 10%.
Network connection trend Two-line diagram Today (00:00) The trend graph of the number of devices and network connection events per hour. The unit is counts per hour. -
Connection type trend Two-line diagram Today (a time on the hour) The trend graph of the connection type distribution (outbound, inbound) of the network connection changes per hour. The unit is counts per hour. -
Connection type distribution Pie graph Today (a time on the hour) The distribution of the connection types (outbound, inbound) for connection change events. -
Protocol type distribution Pie graph Today (a time on the hour) The distribution of connection protocols (TCP, UDP) for connection change events. -
Distribution of public network devices Map (global) Today (a time on the hour) The geographic distribution of the number of devices that have connection change events. -
Distribution of events in public network equipment Map (global) Today (a time on the hour) The geographic distribution of the change event number in public networks. -
Target distribution of outbound connections Map (global) Today (a time on the hour) The geographical distribution of the targets of the outbound connection of connection change events. -
Distribution of inbound connection sources Map (global) Today (a time on the hour) The geographical distribution of the sources that receive connections of connection change events. -
Top 30 devices that have the most outbound connections. Table Today (a time on the hour) Top 30 devices that have connection change events to the public networks, including devices, the number of connection events to the public networks, and samples. -
Top 30 devices that receive most connections Table Today (a time on the hour) Top 30 devices that have the most connection change events of the inbound type, including devices, listening IPs, the number of inbound connection events, the number of listening ports, and samples. -
Top 30 devices that have the most outbound connection targets Table Today (00:00) Top 30 devices that have the most targets in the connection change events with the outbound connection type, including equipment, the number of outbound connection events, the number of dedicated connection targets, and samples. -
Top 30 listening ports that receive the most connections. Table Today (a time on the hour) Top 30 listening ports that have the most connection change events of the inbound connection type, including listening ports, the number of inbound connection events, and samples. -
Top 30 processes that have the most outbound connections Table Today (a time on the hour) Top 30 processes that have the most connection change events of the outbound connection type, including process names, the number of outbound connection events, the number of related devices, and the sample paths. -
Top 30 devices that receive the most connections from the top 30 processes that receive the most connections. Table Today (a time on the hour) Top 30 processes that have connection change events of the inbound connection type, including process names, the number of outbound connection events, the number of related devices, and the sample paths. -