Security Center supports the attack awareness feature. This feature lists and analyzes the attacks against your assets. This topic describes the statistics that are provided by the attack awareness feature. The statistics include the total number of attacks, distribution of attack types, top 5 attack sources, top 5 attacked assets, and the attack list.

Limits

Only the Enterprise and Ultimate editions of Security Center support this feature. If you do not use these editions, you must upgrade Security Center to the Enterprise or Ultimate edition before you can use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.

Background information

The attack awareness feature provides basic attack detection and prevention based on the protection capabilities of Alibaba Cloud. We recommend that you develop a more refined and precise defense system to optimize your firewalls and enhance your business security.

You can log on to the Security Center console and choose Runtime Detection > Attack Awareness to view the details about the attacks against your assets in the specified time range.

  • Attacks: the total number of attacks against your assets.
  • Attack Type Distribution: the attack types and the number of attacks of each type.
  • Top 5 Attack Sources: the top 5 IP addresses from which the most attacks are initiated.
  • Top 5 Attacked Assets: the top 5 assets that encountered the most attacks.
  • Attack list: the details about all attacks. The details include the attack time, source IP address, attacked asset, attack type, and attack status.

On the Attack Awareness page, you can specify a time range to view the attack details. You can view the attack analysis statistics of the current day, last 7 days, or last 30 days. You can also set Time Range to Custom to view the statistics of a time range within the last 30 days.

Note
  • After you purchase an Alibaba Cloud service, you must wait until the data of the Alibaba Cloud service is synchronized to Security Center before you can view the attack analysis statistics.
  • The data that is analyzed by the attack awareness feature is collected by Security Center, Alibaba Cloud, and Web Application Firewall (WAF). You must activate WAF before WAF can collect data.

Attacks

In the Attacks section, a graph displays the attack trend within the specified time range. You can view the peak and valley values of the graph. You can move the pointer over the graph to view the attack date, attack time, and number of attacks.

Attack Type Distribution

Attack Type Distribution

In the Attack Type Distribution section, you can view the names of attack types and the number of attacks of each type.

Attack Type Distribution

Top 5 Attack Sources

In the Top 5 Attack Sources section, you can view the top 5 IP addresses from which the most attacks are initiated and the number of attacks that are initiated from each IP address.

Top 5 Attack Sources

Top 5 Attacked Assets

In the Top 5 Attacked Assets section, you can view the public IP addresses of the top 5 assets that encountered the most attacks and the number of attacks against each asset.

Top 5 Attacked Assets

Attack list

In the attack list, you can view the attack details including the attack time, source IP address, attacked asset, attack type, attack method, and attack status.

Attack list
Note The list can display details about a maximum of 10,000 attacks. You can specify Time Range to view the attack details within the specified time range.

Parameters of the attack details

Parameter Description
Attacked At The time when the attack is detected.
Attack Source The source IP address and region from which the attack is initiated.
Attacked Asset The name, public IP address, and private IP address of the attacked asset.
Attack Method The HTTP request method that is used to initiate the attack, including POST and GET.
Port The port that the attacked asset uses. This parameter is displayed only when the type of the attack is SSH brute-force attack.
Attack Type The type of the attack, such as SSH brute-force attack or code running.
Attack Status The status of the attack. Security Center uses the protection capabilities of Alibaba Cloud to block common attacks. The status of a blocked attack is Blocked. The intrusion events are displayed on the Alerts page.

In the attack list, you can perform the following operations:

  • Search for an attack event

    To view the details about a specific attack, specify search conditions in the search box above the attack list. Search conditions include the attack type, attacked asset, and source IP address.

    Search for an attack event
  • View the details about an attacked asset

    To view the details about an attacked asset, move the pointer over the name of the attacked asset.

    Asset details
  • Export the attack list

    To export and save the attack list to your computer, click the Export icon icon in the upper-left corner of the attack list. The attack list is exported to an Excel file.