Monitoring ips devices, Configuration guide, Event analysis – H3C Technologies H3C SecCenter IPS Manager User Manual
Page 49: Displaying, Attack/virus/ddos attack event analysis reports
43
Field Description
Protocol
Name of the protocol used by the DDoS attack
Attack name
Attack name of a DDOS attack
Threshold
Threshold of the DDoS attack
Max Avg Rate
Maximum average rate of the DDoS attack event
Monitoring IPS devices
In addition to the IPS event information of the entire network, the IPS management component also allows
you to view the IPS event and snapshot information of every IPS device.
Configuration guide
From the navigation tree of the IPS management component, select Device Monitoring under Realtime
Monitoring to enter the device monitoring page, as shown in
. This page lists the attack
protection, virus protection, and DDoS attack protection information in the last hour, including the total
number of events, number of blocked events, number of source/destination IP addresses, and number of
source/destination ports.
Figure 43 Device monitoring
On the page, you can perform the following operations:
•
Click the
icon in the Snapshot column of a device to enter the event snapshot page of the
device. For more information, see “
•
Click the
icon in the Details column of a device to enter the event details page of the device. For
more information, see “
Displaying attack event details
,” “
Displaying virus event details
,” or
Event analysis
The IPS management component features comprehensive analysis and statistics reports, through which
you can evaluate the network security status in real time, and take prevention measures accordingly.
Displaying attack/virus/DDoS attack event analysis reports
The system supports comprehensive analysis of attacks, viruses, and DDoS attacks, including: