Security Center Enterprise Edition supports attack analysis. This feature lists the attacks on your assets and analyzes these attacks. This topic describes the statistics provided by the attack analysis feature, including the total number of attacks, the distribution of attack types, top five attack sources, top five attacked assets, and the attack list.
Based on the protection capabilities of Alibaba Cloud, the attack analysis feature provides basic attack detection and prevention services. We recommend that you develop a more refined and in-depth defense system by optimizing firewalls and enhancing business security.
On the Attack Awareness page of the Security Center console, you can view the details of attacks on your assets.
On the Attack Awareness page, you can specify a time range to view the attack analysis results. You can view data of the current day, the last seven days, or the last 30 days. You can also customize a time range within the last 30 days.
- Attacks: The total number of attacks on your assets within the specified time range.
- Attack Type Distribution: The attack types and the number of attacks of each type.
- Top 5 Attack Sources: The five IP addresses that have launched the most attacks.
- Top 5 Attacked Assets: The five assets that have encountered the most attacks.
- Attack list: The details of all attacks, including the attack time, source IP address, attacked asset, attack type, and attack status.
In Attacks, a graph shows the trend in the number of attacks within the specified time range. You can check the peak and valley values of the metric. You can move your pointer over the graph to view the number of attacks at a specified time.
Attack Type Distribution
In Attack Type Distribution, you can view the number of attacks of each type.
Top 5 Attack Sources
In Top 5 Attack Sources, you can view the five IP addresses that have launched the most attacks and the number of attacks launched by each of them.
Top 5 attacked assets
You can go to top 5 attacked assets area to view the public IP addresses of the five assets that have encountered the most attacks and the number of attacks on each of them.
In the attack list, you can view the details of each attack, including the attack time, source IP address, attacked asset, attack type, HTTP request method, and attack status.
Parameters in the attack list
|Attack time||The time when an attack is detected.|
|Attack source||The source IP address of an attack.|
|Attacked asset||The name, public IP address, and private IP address of an attacked asset.|
|Attack method||The HTTP request method that is used to launch an attack. Valid values: POST and GET.|
|Attack type||The type of an attack, such as an SSH brute-force attack or a remote code execution attack.|
|Attack status||The status of an attack. Security Center uses the protection capabilities of Alibaba Cloud to block common attacks. The status of a blocked attack is Blocked. The intrusion events are displayed on the Events page.|
- Search for attacks
To view the details of a specific attack, specify filter conditions above the attack list. The conditions include the attack type, attacked asset, and attack source.
- View attacked asset information
Move your pointer over the name of an attacked asset to view the basic information about the asset.
- Export the attack list
Click the icon in the upper-left corner of the attack list to export and save the list of all attacks detected by Security Center. The attack list is exported to an Excel file.