After you deploy a honeypot on your server, the honeypot captures the attacks on the server that are launched within and outside the cloud. The attack statistics are displayed as alert events on the Cloud Honeypot page. To ensure the security of your server, we recommend that you view and handle the alert events at the earliest opportunity. This topic describes how to view and handle the alert events.
View alert events
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
On the Cloud Honeypot page, view alert events.
The Cloud Honeypot page displays an overview and an alert event list.
Alert event overview
In the overview section, you can view information such as Manage Node Status, Authorized Probes, Available Probes, and Deployed Host Probes.
If you do not have sufficient probes for your cloud honeypot, you can click Upgrade Configuration to purchase probes.
Alert events
In the alert event list, you can view the details about the alert events generated for attacks. The attacks are captured by honeypots. The alert event list displays the information such as Risk Level, Risk Overview, and Attack Source.
You can find an alert event and click View Logs in the Actions column. On the Event log page, you can view the list of logs that are related to the alert event. You can find a log and click Details in the Actions column. On the page that appears, you can view the log details in the Basic Information and Attack Timeline sections. The log details for the attack that triggers the alert event are provided.
Handle alert events
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
On the Cloud Honeypot page, handle alert events.
You can handle an alert event by using one of the following methods based on the details of the alert event:
Add an alert event to the whitelist
ImportantAfter you add an alert event to the whitelist, other alert events with the same attack information as the alert event are no longer displayed on the alert event list, and the attack no longer triggers alert events. To ensure the security of your asset, we recommend that you do not add alert events to the whitelist unless necessary.
If you confirm that an alert event is generated for normal workloads after you view the details of the alert event, you can add the alert event to the whitelist. To add the alert event to the whitelist, perform the following operations: Find the alert event and click Handle in the Actions column. In the dialog box that appears, set Solution to Add to Whitelist and click OK.
NoteAfter the alert event is added to the whitelist, you can enable Security Center to report the alert event in subsequent detection. To enable Security Center to report the alert event, perform the following operations: In the handled alert event list, find the alert event and click Handle in the Actions column. In the dialog box that appears, set Solution to Remove from Whitelist and click OK.
Mark an alert event as handled
If you confirm that an alert event is generated for attacks in the details of the alert event, you must handle the attacks that are detected on your server or virtual private cloud (VPC). After you handle the attacks, you can mark the alert event as handled. To mark the alert event as handled, perform the following operations: Find the alert event and click Handle in the Actions column. In the dialog box that appears, set Solution to Mark as Handled and click OK.