Displaying ddos event details, Displaying ddos, Event details – H3C Technologies H3C SecCenter UTM Manager User Manual
Page 159
151
Displaying DDoS event details
This function helps you quickly find the desired DDoS event information from history data of months. The
event information can be exported an HTML, Word, or Excel file..
From the navigation tree of the IPS management component, select DDoS Event Details under Event
Analysis to enter the DDoS event details page, as shown in
. This page allows you to query
DDoS events by attack type, source IP address, destination IP address, and protocol to view the DDoS
describes the query options of DDoS event details.
describes the fields
of the DDoS event details.
Figure 143 DDoS event details
Table 127 DDoS event details query options
Option Description
Filter
Select a filter to display specific DDoS events.
Attack type
Select a DDoS attack type
Device
Select a device, a device group, or All devices from the Device dropdown list to display the
relevant event information. All devices and device groups that are under your management
will appear in the dropdown list.
Selecting a device group specifies all devices in the device group. Selecting a device name
specifies a single device.
Src IP
Specify the source IP address.
Dest IP
Specify the destination IP address.
Protocol
Select the protocol. The default is --, which means any protocol.
Duration
Select the statistics duration. You can select Day, Week, or Month, or select Customize to
specify a statistics duration.
Time
Select the statistics time. The value range varies with the statistics duration selected.
Grouping by
Select a grouping mode. The system supports four modes: None, Attack type, Dest IP, and
Protocol.