All Products
Search
Document Center

Cloud Firewall:Breach Detection

Last Updated:Jun 04, 2026

Breach Detection identifies compromised servers and intrusion events to help prevent business losses.

Prerequisites

Procedure

  1. Log on to the Cloud Firewall console.

  2. In the left-side navigation pane, select Detection and Response > Incidents > Breach Detection.

  3. On the Breach Detection page, view intrusion event details.

    On the Breach Detection page, you can:

    image

    • View the event list

      The event list shows each intrusion event's risk level, affected asset IP, UID, and handling status.

    • Find a specific event

      Filter events by risk level, time type, handling status, or detection time range. You can also perform a fuzzy search by instance IP, instance ID, name, or UID.

    • Enable Block Mode for the threat engine

      Block Mode is enabled by default when the internet firewall is active. If disabled, Breach Detection detects but does not block risk events. In the Actions column, click Quick Blocking to enable Block Mode in IPS Configuration.

      Important

      The Quick Blocking switch controls intrusion prevention for the entire Cloud Firewall, not individual events.

    • Ignore an intrusion event

      If an event is expected activity, click Ignore in the Actions column.

      Note

      Events marked as Ignore are removed from the list and no longer trigger alerts.

    • View event details

      Click Details in the Actions column for event details and security recommendations.

    • Analyze events with AI: Click the image icon in the AI Analysis column to analyze alerts with the Security AI Assistant.

      The analysis includes:

      Payload content analysis: Alert details and AI analysis results.

      image

      Attacker intent: Predicts the attacker's likely next actions.

      Defense recommendations: Suggested Cloud Firewall configurations (ACL policies, IPS Configuration) and investigation steps.

Related documents