Realtime monitoring, Displaying event snapshots, Configuration guide – H3C Technologies H3C SecCenter UTM Manager User Manual
Page 143
135
Figure 127 Device statistics
2.
In the Analysis column of the attack protection list or virus protection list, you can click the
icon
of a device to enter the attack/virus event analysis page of the device. For more information, see
“
Displaying attack/virus/DDoS attack event analysis reports
Realtime monitoring
The realtime monitoring function supports centralized monitoring of security events. It can collect and
report attack events, virus events, and specially, DDoS attack events in real time, and provide the
snapshot information based on UTM devices and events.
Displaying event snapshots
The event snapshot presents the attack protection, virus protection, and DDoS attack protection
information in the last hour, including the time, total number of events, blocked events count, source
addresses, destination addresses, as well as event types. In addition, it provides the Top N lists of attack
events, virus events, DDoS attack events, targets, sources, ports, and protocols, helping you track the
latest security status of the network in an intuitive way.
Configuration guide
From the navigation tree of the IPS management component, select Event Snapshot under Realtime
Monitoring. The Snapshot page appears, as shown in
.
describes the event
snapshot query options.
describes the fields of the event snapshot lists in snapshot, attack
protection, and virus protection tabs.