After you deploy a honeypot on your server, the honeypot feature captures the attacks that are launched within and outside the cloud on the server. The honeypot feature dynamically analyzes the attacks to provide attacker profiles and analysis reports on each source IP address of attacks. This topic describes how to view the source tracing results of attacks.
Prerequisites
The honeypot feature is purchased and a honeypot is configured. For more information, see Purchase the cloud honeypot feature and Configure a honeypot.
Procedure
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose ..
On the Attack Source Analysis page, view the source IP addresses of attacks.
Find a source IP address and click Details in the Actions column to view the basic information, behavior analysis data, and attacker profile of the source IP address.
Basic information: You can view Last Attack Target, Last Attack Time, Intrusion Logs, and Last Attack Details of the source IP address. You can click the number to the right of Intrusion Logs to go to the Event Log page to view the event log details of the source IP address.
Behavior analysis data: You can click the Behavior Analysis tab to view the attack trend chart, column charts of attacked IP addresses and probes, and distribution charts based on intrusion event types and attacked honeypot types.
Attacker profile: You can click the Attacker Profile tab to view the attacker ID, number of attack times, and last attack event. You can click Details in the Actions column to view the identity details of the attacker. The details include the operating system that is used by the attacker and the time zone of the attacker.