All Products
Search
Document Center

Cloud Firewall:Breach awareness

Last Updated:Jan 02, 2024

The Breach Awareness page displays intrusion events that are detected by the intrusion prevention system (IPS) and the details of the intrusion events.

Prerequisites

The Breach Awareness page displays the detected intrusion events only after you enable Internet Firewall. For more information about how to enable Internet Firewall, see Configure Cloud Firewall.

Procedure

  1. Log on to the Cloud Firewall console.

  2. In the left-side navigation pane, choose Attack Prevention > Breach Awareness.

  3. On the Breach Awareness page, view the details of intrusion events.

    On the Breach Awareness page, you can perform the following operations based on your business requirements:

    • View the intrusion event list

      In the intrusion event list, view information such as risk levels, the UIDs and IP addresses of affected assets, and event status.

    • Search for intrusion events

      Specify the filter conditions or enter search conditions in the search box above the intrusion event list, and click Search to search for intrusion events. The filter conditions include risk levels, event types, event status, and detection time ranges. The search conditions include instance IP addresses, instance IDs, instance names, and UIDs. Fuzzy match is supported.

    • Ignore intrusion events

      In the intrusion event list, find an intrusion event that is considered as a normal event and click Ignore in the Actions column to ignore the intrusion event.

      Note

      After you ignore an intrusion event, the intrusion event is removed from the intrusion event list, and Cloud Firewall no longer generates alerts for this event.

    • View the details of an intrusion event

      In the intrusion event list, find an intrusion event whose details you want to view and click View Details in the Actions column. In the Details panel, view the details of the intrusion event and the security suggestions.

    • Enable the block mode for the threat detection engine

      By default, the block mode is enabled for the threat detection engine after Cloud Firewall is activated. If you disable the block mode, the breach awareness feature can only detect risk events and cannot block the risk events. You can click Quick Blocking in the Actions column of an event to enable the block mode of the threat detection engine. The threat detection engine is displayed on the Prevention Configuration page.

    Note

    The Quick Blocking feature does not take effect on a single event. If you click Quick Blocking, the intrusion prevention feature provided by Cloud Firewall is enabled.