Security Center Enterprise Edition supports attack analysis. This feature lists the attacks on your assets and analyzes these attacks. This topic describes the statistics provided by the attack analysis feature, including the total number of attacks, the distribution of attack types, top five attack sources, top five attacked assets, and the attack list.

Background information

Based on the protection capabilities of Alibaba Cloud, the attack analysis feature provides basic attack detection and prevention services. We recommend that you develop a more refined and in-depth defense system by optimizing firewalls and enhancing business security.

On the Attack Awareness page of the Security Center console, you can view the details of attacks on your assets.

Attack Awareness page
Note After you purchase a cloud service instance, you must wait until the data of the instance is synchronized to Security Center to view the attacks on this instance.

On the Attack Awareness page, you can specify a time range to view the attack analysis results. You can view data of the current day, the last seven days, or the last 30 days. You can also customize a time range within the last 30 days.

Note The attack analysis data is collected from Security Center, the Alibaba Cloud platform, and Web Application Firewall (WAF). To collect data from WAF, you must activate WAF first.
  • Attacks: The total number of attacks on your assets within the specified time range.
  • Attack Type Distribution: The attack types and the number of attacks of each type.
  • Top 5 Attack Sources: The five IP addresses that have launched the most attacks.
  • Top 5 Attacked Assets: The five assets that have encountered the most attacks.
  • Attack list: The details of all attacks, including the attack time, source IP address, attacked asset, attack type, and attack status.

Attacks

In Attacks, a graph shows the trend in the number of attacks within the specified time range. You can check the peak and valley values of the metric. You can move your pointer over the graph to view the number of attacks at a specified time.

Attacks

Attack Type Distribution

In Attack Type Distribution, you can view the number of attacks of each type.

Attack Type Distribution

Top 5 Attack Sources

In Top 5 Attack Sources, you can view the five IP addresses that have launched the most attacks and the number of attacks launched by each of them.

Top 5 Attack Sources

Top 5 attacked assets

You can go to top 5 attacked assets area to view the public IP addresses of the five assets that have encountered the most attacks and the number of attacks on each of them.

Top 5 Attacked Assets

Attack list

In the attack list, you can view the details of each attack, including the attack time, source IP address, attacked asset, attack type, HTTP request method, and attack status.

Attack list
Note The attack list displays a maximum of 10,000 entries. You can specify another time range to view more data.

Parameters in the attack list

Parameter Description
Attack time The time when an attack is detected.
Attack source The source IP address of an attack.
Attacked asset The name, public IP address, and private IP address of an attacked asset.
Attack method The HTTP request method that is used to launch an attack. Valid values: POST and GET.
Attack type The type of an attack, such as an SSH brute-force attack or a remote code execution attack.
Attack status The status of an attack. Security Center uses the protection capabilities of Alibaba Cloud to block common attacks. The status of a blocked attack is Blocked. The intrusion events are displayed on the Events page.
  • Search for attacks

    To view the details of a specific attack, specify filter conditions above the attack list. The conditions include the attack type, attacked asset, and attack source.

    Search for an attack
  • View attacked asset information

    Move your pointer over the name of an attacked asset to view the basic information about the asset.

    Asset information
  • Export the attack list

    Click the Export icon in the upper-left corner of the attack list to export and save the list of all attacks detected by Security Center. The attack list is exported to an Excel file.

    Export the attack list