Viewing attack alarm details, Querying the attack alarm list, Attack alarm basic query – H3C Technologies H3C Intelligent Management Center User Manual

Page 945: Viewing attack alarm, Details

Advertising
background image

931

Viewing attack alarm details

You can view more detailed information for every attack alarm in the Attack Alarm Details page.
To view the details of an attack alarm:

1.

Navigate to Alarm > Browse Attack Alarm:

a.

Click the Alarm tab from the tabular navigation system on the top.

b.

Click the Security Control Center on the navigation tree on the left.

c.

Click the Browse Attack Alarm link located under Security Control Center on the navigation
tree on the left.
The Attack Alarm List displays in the main pane of the Browse Attack Alarm page.

2.

Click the link in the Name field of the attack alarm for which you want to view details.
The Attack Alarm Details page appears.

Attack alarm detail

Event Name: Contains the name or type of the attack.

Description: Contains detailed information about the event. For attack alarms generated by Syslog
events, this field contains the actual Syslog entry. For attack alarms generated by Traps, this field

contains trap details.

Generated at: Contains a date and timestamp for IMC detection of the security attack.

Access Device IP of the Attack Source: Contains the IP address of the access device that the attack
source connects to, if known.

Access Device Port of the Attack Source: Contains the interface description of the access device that
the attack source connects to, if known.

Source MAC: If displayed, contains the MAC address of the attack source that originated the attack.

Source IP: If displayed, contains the IP address of the attack source that originated the attack.

Destination IP: If displayed, contains the IP address of the attack destination, if known.

For example, as shown in

Figure 92

, if an attack arises from IP address 192.168.1.1 to IP

address 192.168.2.1, the Source IP field is 192.168.1.1, the Destination IP field is

192.168.2.1, the Access Device IP of the Attack Source field is 10.8.1.1, and the Access

Device Port of the Attack Source field is GE 0/0/1.

Figure 92 Schematic diagram for the attack source and attack destination

Event Description: If displayed, contains additional information about the attack event. Devices
must be configured to include event descriptions in order for this field to be populated.

Attack Initiator: Contains the userid or name of the user who initiated the attack.

Querying the attack alarm list

SCC provides you with two methods for searching the Attack Alarm List, a basic query method and an
advanced query method.

Attack alarm basic query

Advertising
Popular Brands
Popular manuals