beautypg.com

Deleting attack alarms from the attack alarm list, Real-time attack alarm overview, Browsing the real-time attack alarm list – H3C Technologies H3C Intelligent Management Center User Manual

Page 948

background image

934

Deleting attack alarms from the attack alarm list

You can delete one or more attack alarms from the Attack Alarm List. Once an alarm is deleted, it is

removed immediately from the IMC database and it cannot be recovered. Use this feature with caution.
To delete one or more attack alarms:

1.

Navigate to Alarm > Browse Attack Alarm:

a.

Click the Alarm tab from the tabular navigation system on the top.

b.

Click the Security Control Center on the navigation tree on the left.

c.

Click the Browse Attack Alarm link located under Security Control Center on the navigation
tree on the left.
The Attack Alarm List displayed in the main pane of the Browse Attack Alarm page.

2.

Click the checkbox to the left of the attack alarms you want to delete.

3.

Click Delete.

4.

Click OK to confirm the deletion of the selected attack alarms.

Real-time attack alarm overview

You can view the most recent security threats detected by IMC from the Realtime Attack Alarm List. This

list filters the Attack Alarm List for the most recent alarms only. From this list, you can navigate to the
Alarm Details page. You can also navigate to a topology view of the attack using the Attack Path link.

You can also execute an action from the Results link available in the Realtime Attack Alarm List.

Browsing the real-time attack alarm list

To browse real-time attack alarms:

1.

Navigate to Alarm > Realtime Attack Alarm:

a.

Click the Alarm tab from the tabular navigation system on the top.

b.

Click the Security Control Center on the navigation tree on the left.

c.

Click the Realtime Attack Alarm link located under Security Control Center on the navigation
tree on the left.
The Realtime Attack Alarm List displays in the main pane of the Realtime Attack Alarm page.

Realtime attack alarm list

Name: Contains the type of attack that was detected by IMC. The contents of this field serve as a
link to the Attack Alarm Details page. The Attack Alarm Details page provides more detailed

information on the attack. For more information about this feature, see "

Viewing attack alarm

details

."

Source: Contains the IP address of the device that initiated the attack, if known.

Destination: Contains the destination IP address of the attack, or rather the device that the attack
was intended for, if known.

Time: Contains a date and time stamp for IMC detection of the attack.

Correlated Policy: Contains the security control policy in IMC that is associated with the attack
found in this attack alarm. If there is no security policy associated with the attack alarm, this field

contains the value "Undefined."

Result: Contains a status or summary of the result of any action IMC has taken to address the attack.