Security Center automatically analyzes the exceptions related to an alert. You can click an alert name on the alert list to view and manage all the exceptions related to this alert, and view the results of automatic attack tracing.

Prerequisites

  • Only the Enterprise and Ultimate editions of Security Center support the feature of automatic alert correlation analysis. If you use the Basic, Anti-virus, or Advanced edition of Security Center, you must upgrade Security Center to the Enterprise or Ultimate edition before you can use this feature.
  • Automatic alert correlation analysis is enabled. For more information, see Enable automatic alert correlation analysis.

Background information

  • Security Center automatically associates alerts with exceptions in real time to detect potential threats.
  • Exceptions related to an alert are listed in chronological order. This allows you to analyze and handle the exceptions to improve the emergency response mechanism of your system.
  • An automatically correlated alert is identified by the Alert aggregation icon icon.

Procedure

  1. Log on to the Security center console.
  2. In the left-side navigation pane, click Detection > Alerts.
  3. On the Alerts page, click the name of the required alert in the Event column. The panel that shows alert details appears.
  4. In the panel, view the details and related exceptions of the alert and handle the exceptions.
    • View alert details

      You can view the following details of the alert: Affected Assets, First Occurrence, Latest Occurrence, Alert Reason, and Related Exceptions.

      Details tab
    • View affected assets

      Click the name of an affected asset to view the details of the asset. The details include alerts, vulnerabilities, baseline risks, and asset fingerprints.

    • View alert causes

      To view the causes and handling suggestions of the alert, click Go Now to go to the Vulnerabilities or Baseline Check page. On the Vulnerabilities page, you can view and handle the vulnerabilities. On the Baseline Check page, you can view and manage baseline risks.

    • View and handle related exceptions

      In the Related Exceptions section, you can view the details and recommended suggestions of all exceptions related to this alert. To handle the exceptions, you can perform the following operations:

      • Click Process on the right of an exception. In the dialog box that appears, select a processing method to handle the exception.

        For more information about how to select a processing method, see View and handle alert events.

        Related Exceptions
      • Click Note on the right of an exception to add a note for the exception. Add note

        Click the Delete icon icon on the right of a note to delete the note.

    • View alert tracing results on the Diagnosis tab

      Click the Diagnosis tab to view the tracing results of the alert. For more information about alert tracing, see Use the attack source tracing feature.