Security Center automatically analyzes the exceptions related to an alert. You can click an alert name on the alert list to view and manage all the exceptions related to this alert, and view the results of automatic attack tracing.

Background information

  • Security Center automatically associates alerts with exceptions in real time to detect potential threats.
  • Exceptions related to an alert are listed in chronological order. This allows you to analyze and handle the exceptions to improve the emergency response mechanism of your system.
  • You can view the exceptions related to alerts only in the Security Center Advanced and Enterprise editions. If you use the Security Center Basic or Basic Anti-Virus edition, you must upgrade Security Center to the Advanced or Enterprise edition to perform this operation.

Procedure

  1. Log on to the Security center console.
  2. In the left-side navigation pane, click Detection > Alerts.
  3. On the Alerts page, click the name of the required alert in the Event column. The alert details page appears.
  4. On the alert details page, view the details and related exceptions of the alert and handle the exceptions.
    • View alert details

      You can view the following details of the alert: Affected Assets, First Occurrence, Latest Occurrence, Alert Reason, and Related Exceptions.

      Detail
    • View affected assets

      Click the name of an affected asset to view the details of the asset. The details include alerts, vulnerabilities, baseline risks, and asset fingerprints.

    • View alert causes

      To view the causes and handling suggestions of the alert, click Go Now to go to the Vulnerabilities or Baseline Check page. On the Vulnerabilities page, you can view and handle the vulnerabilities. On the Baseline Check page, you can view and manage baseline risks.

    • View and handle related exceptions

      In the Related Exceptions section, you can view the details and recommended solutions of all exceptions related to this alert. To handle the exceptions, you can perform the following operations:

      • Click Processing on the right of an exception. In the dialog box that appears, select a processing method to handle the exception.

        For more information about how to select a processing method, see View and handle alert events.

        Related exceptions
      • Click Note on the right of an exception to add a note for the exception.Add notes

        Click the Remove icon icon on the right of a note to delete the note.

    • View alert tracing results on the Diagnosis tab

      Click the Diagnosis tab to view the tracing results of the alert. For more information about alert tracing, see Use the attack source tracing feature.