This topic provides answers to some frequently asked questions about the threat analysis and response feature.
Does the threat analysis and response feature support devices in a data center?
No,
the threat analysis and response feature supports only cloud devices. For more information about the cloud services supported by the threat analysis and response feature, see Supported services and log types.
Is the quantity of alerts reduced after the threat analysis and response feature is enabled?
Yes,
the threat analysis and response feature analyzes alerts, identifies and builds complete attack chains, and generates security events. This effectively reduces the quantity and frequency of alerts.
Am I charged for enabling the log analysis feature on the Hot Data tab in the Threat Analysis and Response module?
No,
you are not charged for enabling the log analysis feature on the Hot Data tab. You are charged based on the log storage duration and log storage capacity that you purchased for the threat analysis and response feature. When you purchase the threat analysis and response feature, you must purchase log storage capacity. After you purchase log storage capacity or increase the current log storage capacity, no fees are generated when you query and export logs in the Security Center console.
After the threat analysis and response feature delivers logs to the specified Logstore, you may be charged for the operations that you perform in the Simple Log Service console, such as transforming and shipping logs. For more information, see Billing overview of Simple Log Service (SLS).