Event analysis, Configuration guide – H3C Technologies H3C SecCenter UTM Manager User Manual

142

Figure 134 Device monitoring

On the page, you can perform the following operations:

•

Click the

icon in the Snapshot column of a device to enter the event snapshot page of the

device. For more information, see “

Displaying event snapshots

.”

•

Click the

icon in the Details column of a device to enter the event details page of the device. For

more information, see “

Attack event details

”, “

Displaying virus event details

”, or “

Displaying DDoS

event details

.”

Event analysis

The IPS management component features comprehensive analysis and statistics reports, through which

you can evaluate the network security status in real time, and take prevention measures accordingly.

Displaying attack/virus/DDoS attack event analysis reports

The system supports comprehensive analysis of attacks, viruses, and DDoS attack, including:

•

Event trend analysis during a day, week, month, and a customized period

•

Top N statistics reports by event, destination IP address, source IP address, destination/source port,
and protocol. You can export the reports.

Configuration guide

From the navigation tree of the IPS management component, select Attack Event Analysis under Event

Analysis. The attack event trend page appears by default, as shown in

Figure 135

. On the page, you can

view the attack event trend analysis during a day, week, month, or a customized period of time. This
page shows a trend graph comparing the counts of blocked attack events and the other attack events as

well as a trend graph of attack events by severity level. Under the trend graphs is a list showing the

detailed attack event statistics, including the number of events, number and percentage of blocked events,

and number of events of each severity level.