beautypg.com

Modifying a general audit task – H3C Technologies H3C Intelligent Management Center User Manual

Page 51

background image

42

The audit result list for a general audit task displays the following contents:

Start Time—Start time of the user behavior.

End Time—End time of the user behavior.

Source—Source IP address of the user behavior.

Destination—Destination IP address of the user behavior.

Source Port—Source port number of the user behavior.

Destination Port—Destination port number of the user behavior.

Protocol—Protocol type of the user behavior: TCP, UDP, ICMP, or IPv6-ICMP.

Application—Applications of the user behavior.

Packets Count—Number of packets.

Flux—Size of the generated traffic.

Device—IP address of the device or probe that generates flow records.

Terminal Type—Type of the endpoint used by the access user.

Operating System—Operating system of the endpoint used by the access user.

The Terminal Type and the Operating System columns are displayed only when UBA works with UAM.

Viewing audit results for a general audit task by group

You can select one of the following group types from the Group list: Not Group, Source, Destination,

Source Port, Destination Port, Protocol, Application, Source-Destination, SPort-DPort, Source-SPort,
Desination-DPort, Source-DPort, Destination-SPort, Terminal Type, and Operating System. The Terminal

Type and the Operating System options are displayed only when UBA works with UAM.
In the audit result list, select a group type from the Group list. The audit result list displays values in the

following columns based on the group type:

Packets Count—Number of packets.

Flux—Total size of the generated traffic.

Count—Count of audit results.

By default, the audit result list displays the grouped results in descending order of the value of the Count

column. This helps you to view the hosts, ports, protocols, applications, or others whose user behaviors
are more active. For example, if you select Source from the Group list, you can quickly view the source IP

addresses whose user behaviors are more active.

Modifying a general audit task

1.

Access the User Behavior Audit Management page.

2.

In the user behavior audit task list, click the Modify icon

for the general audit task you want to

modify.
The Modify Custom General Audit page appears.

3.

Modify parameters for the general audit task as needed.
You cannot modify the Name field. For more information about modifying other general audit
task parameters, see "

Adding a general audit task

."

4.

Click OK to return to the User Behavior Audit Management page.

See also other documents in the category H3C Technologies Safety: