Breach awareness

The Breach Awareness page displays intrusion events that are detected by the intrusion prevention system (IPS) and the details of the intrusion events.

1. Log on to the Cloud Firewall console.
2. In the left-side navigation pane, choose Intrusion Prevention > Breach Awareness.
3. On the Breach Awareness page, view the details of intrusion events.
   
   On the Breach Awareness page, you can perform the following operations based on your business requirements:

   • View the intrusion event list

     In the intrusion event list, view the information such as risk levels, the UIDs and IP addresses of affected assets, and event status.

   • Search for intrusion events

     Specify the filter conditions or enter search conditions in the search box above the intrusion event list, and click Search to search for intrusion events. The filter conditions include risk levels, event types, event status, and detection time range. The search conditions include instance IP addresses, instance IDs, instance names, and UIDs. Fuzzy match is supported.

   • Ignore intrusion events

     In the intrusion event list, find an intrusion event that is considered as a normal event and click Ignore in the Actions column to ignore the intrusion event.

     Note After you ignore an intrusion event, the intrusion event is removed from the intrusion event list, and Cloud Firewall no longer generates alerts for this event.
   • View the details of an intrusion event

     In the intrusion event list, find an intrusion event whose details you want to view and click View Details in the Actions column. In the Details panel, view the details of the intrusion event and the security suggestions.

   Note The Block feature does not take effect on a single event. If you click Block, the intrusion prevention feature provided by Cloud Firewall is enabled.