Managing security attack alarms, Attack alarm list overview, Browsing the attack alarms list – H3C Technologies H3C Intelligent Management Center User Manual
Page 943
929
Managing security attack alarms
SCC provides you with two views for alarms, the Attack Alarm List and the Realtime Attack Alarm List.
The Attack Alarm List provides operators with visibility into all attack alarms, allowing you to view all
alarms and drill down into the details for the attack alarm. From the Attack Alarm List, you can also
perform basic and advanced queries to filter the Attack Alarm List for those attack alarms that meet their
search criteria and initiate actions including shutting down interfaces and notifying the appropriate staff
of a security event. From this list, operators can also view the results of the actions they have executed
against a security attack with a topology map of the attach path. For actions that support it, operators
can also restore an action.
The Realtime Attack Alarm List provides operators with a view of the Attack Alarm List filtered for the
most recent attack alarms. The Realtime Attack Alarm List offers operators the same functionality as the
Attack Alarm List for browsing attack alarms and attack alarm details, taking actions, viewing the results
an action, restoring an action, and viewing the topology of an attack path.
Attack alarm list overview
You can view all security threats detected by IMC from the Attack Alarm List, providing visibility into the
type of attack, its source, destination, and date and time stamp. From the Attack Alarm List, you can
navigate to the Alarm Details page to view more information for the associated attack alarm and use a
topology view of the attack using the Attack Path option. You can also execute an action for attack
alarms from the Attack Alarm List.
Browsing the attack alarms list
To browse all attack alarms:
1.
Navigate to Alarm > Browse Attack Alarm:
a.
Click the Alarm tab from the tabular navigation system on the top.
b.
Click the Security Control Center on the navigation tree on the left.
c.
Click the Browse Attack Alarm link located under Security Control Center on the navigation
tree on the left.
The Attack Alarm List displays in the main pane of the Browse Attack Alarm page.
Attack alarm list
•
Name: Contains the type of attack that was detected by IMC. The contents of this field serve as a
link to the Attack Alarm Details page. The Attack Alarm Details page provides more detailed
information on the attack. For more information about this feature, see "
•
Source: Contains the IP address of the device that initiated the attack, if known.
•
Destination: Contains the destination IP address of the attack, or rather the device that the attack
was intended for, if known.
•
Time: Contains a date and time stamp for IMC detection of the attack.
•
Correlated Policy: Contains the security control policy in IMC that is associated with the attack
identified in this attack alarm. If there is no security policy associated with the attack alarm, this field
contains the value "Undefined."
•
Result: Contains a status or summary of the result of any action IMC has taken to address the attack.