Security Center Advanced Edition and Enterprise Edition support automatic analysis of exceptions related to an alert. You can click an alert name on the alert list to view and manage all exceptions related to this alert and view the results of automatic attack tracing.

Background information

  • Security Center automatically associates alerts with exceptions in real time to detect potential threats.
  • The related exceptions of an alert are listed by time. This allows you to easily analyze and manage the exceptions to improve the emergency response mechanism.

Procedure

  1. Log on to the Security center console.
  2. In the left-side navigation pane, click Detection > Alerts.
  3. On the Alerts page, click the target alert name. The alert details page appears.
    Related exceptions
  4. On the alert details page, view the details and related exceptions of the alert and manage the exceptions.
    • View alert details

      You can view the assets affected by this alert, the start time and end time of the alert, and the details of the related exceptions.

      Details
    • View affected assets

      Click the name of an affected asset to view the details of the asset, including alerts, vulnerabilities, baseline risks, and asset fingerprints.

      Affected assets
    • View and manage related exceptions

      In the Related Exceptions section, you can view the details and recommended solutions of all exceptions related to this alert.

      • Click Processing on the right of an exception name to manage the exception.

        For more information about how to select a method to manage an exception, see View and handle alert events.

        Manage exceptions
      • Click Note on the right of an exception name to add notes for the exception.Add notes

        Click the Delete notes icon on the right of a note to delete the note.

    • View event tracing results on the Diagnosis tab

      Click the Diagnosis tab to view the event tracing results. For more information, see Trace attack sources.