View information on the Attack Analysis page

After you add your public IP address in the cloud to an Anti-DDoS Origin Enterprise instance, you can query the DDoS attack events that occur on the asset and the event details on the Attack Analysis page. This way, you can view the details of the attack mitigation process. This topic describes how to view information on the Attack Analysis page.

1. Log on to the Traffic Security console.
2. In the left-side navigation pane, choose Network Security > Anti-DDoS Origin > Attack Analysis.
3. On the Attack Analysis page, select a time range to query attack events.
   You can select Last 30 Minutes, Last Day, Last 7 Days, or Last 30 Days. You can also specify a custom time range. A custom time range must be within the last 30 days.
   The Attack Analysis page displays the volumetric DDoS attack events that occur on your public IP addresses that are protected by the Anti-DDoS Origin Enterprise instance. The IP addresses may be from different regions. Each attack event contains the following information:

   • Attack Types: Only Volumetric is supported.
   • Attack Target: the public IP address that is attacked.
   • Start and End Time: the start time and end time of the attack.
   • Peak Attack Throughput: the peak attack bandwidth in bit/s and the peak forwarding rate of attack packets in pps.
4. View event details.
   You can click View Details in the Actions column of an attack event to go to the Event Details page. On this page, you can view the event details and perform the required operations.

   The Event Details page displays the following information:

   • Attack Time, Attack Target, Peak Attack Traffic, and Peak Defense Traffic, which are in the upper part of the page.

     Peak Attack Traffic: displays the peak attack bandwidth and the peak forwarding rate of the attack packets that are detected by the Anti-DDoS Origin Enterprise instance. Peak Defense Traffic: displays the peak attack bandwidth that is scrubbed by the Anti-DDoS Origin Enterprise instance and the peak forwarding rate of the attack packets. The peak attack bandwidth is in bit/s and the peak forwarding rate is in pps.

   • Attack Mitigation Details: displays the trends of bandwidth changes to the inbound traffic and the scrubbed traffic, and the trends of forwarding rate changes to the inbound packets and the traffic scrubbing packets. The bandwidths of the inbound traffic and the scrubbed traffic are in bit/s and the forwarding rates of the inbound packets and the traffic scrubbing packets are in pps.
   • Source IP Addresses (Top 10): displays the source locations and IP addresses of requests. The list displays the top 10 IP addresses from which the most requests are initiated. You can click More to view the top 100 IP addresses.
     Note The requests include attack requests and normal service requests.
   • Source Ports (Top 10): displays the source ports and protocols of the requests. The list displays the top 10 ports from which the most requests are initiated. You can click More to view the top 100 ports.
     Note The requests include attack requests and normal service requests.
   • Attack Target Ports: displays the distribution of destination ports. You can click More to view the distribution of requests destined for different destination ports.
     Note The requests include attack requests and normal service requests.
   • Attack Source Locations: displays the distribution of locations from which attack traffic is originated. You can click More to view the distribution of requests originated from different locations.
   • Attack Types: displays the distribution of attack types. You can click More to view the distribution of different attack types.
   • Attack Source ISPs: displays the distribution of Internet service providers (ISPs) from which attack traffic is originated. You can click More to view the distribution of requests originated from different ISP networks.