Event analysis, Configuration guide – H3C Technologies H3C SecCenter UTM Manager User Manual
Page 150
142
Figure 134 Device monitoring
On the page, you can perform the following operations:
•
Click the
icon in the Snapshot column of a device to enter the event snapshot page of the
device. For more information, see “
•
Click the
icon in the Details column of a device to enter the event details page of the device. For
more information, see “
Displaying virus event details
”, or “
.”
Event analysis
The IPS management component features comprehensive analysis and statistics reports, through which
you can evaluate the network security status in real time, and take prevention measures accordingly.
Displaying attack/virus/DDoS attack event analysis reports
The system supports comprehensive analysis of attacks, viruses, and DDoS attack, including:
•
Event trend analysis during a day, week, month, and a customized period
•
Top N statistics reports by event, destination IP address, source IP address, destination/source port,
and protocol. You can export the reports.
Configuration guide
From the navigation tree of the IPS management component, select Attack Event Analysis under Event
Analysis. The attack event trend page appears by default, as shown in
. On the page, you can
view the attack event trend analysis during a day, week, month, or a customized period of time. This
page shows a trend graph comparing the counts of blocked attack events and the other attack events as
well as a trend graph of attack events by severity level. Under the trend graphs is a list showing the
detailed attack event statistics, including the number of events, number and percentage of blocked events,
and number of events of each severity level.