Threat Situation Screen
There are always such scenarios as presentation, reporting, or real-time monitoring where you need to present the analysis results of SecMaster on big screens to achieve better demonstration effect. It is not ideal to just zoom in the console. Now, SecMaster Large Screen is a good choice for you to display the service console on bigger screens for a better visual effect.
By default, SecMaster provides a threat situation screen, which shows how many network attacks, application-layer attacks, and server-layer attacks against your assets over the last seven days.
Prerequisites
You have enabled large screen.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster. - In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose Security Situation > Large Screen.
Figure 2 Large Screen
- Click the Threat Situation image to go to the information page.
This screen includes many graphs.Figure 3 Threat Situation screen
Threat Situation screen
This area displays the number of attacks by types, including network, application, and server attacks.
Parameter |
Statistical Period |
Update Frequency |
Description |
|
|---|---|---|---|---|
Network Attacks |
Occurrences |
Last 7 days |
Hourly |
The number of attacks against EIPs in the last seven days. |
Last Week |
Difference between the number of attacks against EIPs for the current 7-day statistical cycle and that for the previous 7-day statistical cycle. |
|||
Application Attacks |
Occurrences |
Last 7 days |
Hourly |
The number of attacks against protected websites in the last seven days. |
Last Week |
Difference between the number of attacks against websites for the current 7-day statistical cycle and that for the previous 7-day statistical cycle. |
|||
Server Attacks |
Occurrences |
Last 7 days |
Hourly |
The number of attacks against protected ECSs in the last seven days. |
Last Week |
Difference between the number of attacks against ECSs for the current 7-day statistical cycle and that for the previous 7-day statistical cycle. |
|||
Attack Source Distribution
This graph displays the five attack sources who launched the most attacks against the network and application layers. You will see attacked asset details, including IP addresses, departments, and quantity.
Parameter |
Statistical Period |
Update Frequency |
Description |
|---|---|---|---|
Top 5 Network Attack Source Distribution |
Last 7 days |
Hourly |
The five sources that have launched the most attacks against EIPs for the last seven days, displayed in a descending order by attack quantity. |
Top 5 Application Attack Source Types |
Last 7 days |
Hourly |
The five sources that have launched the most attacks against websites for the last seven days, displayed in a descending order by attack quantity. |
Attacks by Type
This graph shows top 5 network attack types, top 5 application attack types, and server attack types.
Parameter |
Statistical Period |
Update Frequency |
Description |
|---|---|---|---|
Top 5 Network Attack Types |
Last 7 days |
Hourly |
The five attack types with the most attacks against EIPs detected for the last seven days, displayed in a descending order by attack quantity. If there is no network attack or no corresponding data table, the default types with zero attacks are displayed. |
Top 5 Application Attack Types |
Last 7 days |
Hourly |
The five attack types with the most attacks against websites detected for the last seven days, displayed in a descending order by attack quantity. If there is no application attack or no corresponding data table, the default types with zero attacks are displayed. |
Top 5 Server Attack Types |
Last 7 days |
Hourly |
The five attack types with the most attacks against ECSs detected for the last seven days, displayed in a descending order by attack quantity. If there is no ECS attack or no corresponding data table, the default types with zero attacks are displayed. The asset statistics come from the Alerts page under Threat Operations in the current workspace. |
Threat Situation Statistics
This graph shows the statistics about alerts, logs, and threat detection models in the current account.
Parameter |
Statistical Period |
Update Frequency |
Description |
|
|---|---|---|---|---|
Alert Statistics |
Logs |
Last 7 days |
Hourly |
Total number of network, application, and server access logs for the last seven days. |
Threats |
Total number of threats identified for protected networks, applications, and servers for the last seven days. |
|||
Alerts |
This number reflects alerts collected in Threat Operations > Alerts for the last seven days. |
|||
Incidents |
This number reflects incidents collected in Threat Operations > Incidents for the last seven days. |
|||
Log Analysis |
Log volume |
Last 7 days |
Hourly |
Total volume network, application, and server access logs for the last seven days, in MB. |
PoP |
Difference between the total volume of network, application, and server access logs for the current 7-day statistical cycle and that for the previous 7-day statistical cycle. Calculation method: [(Number of logs for the current statistical cycle – Number of logs for the previous statistical cycle)/Number of logs for the previous statistical cycle] x 100%. |
|||
Statistical trend chart |
Total volume of network, application, and server access logs for the last seven days, in MB. |
|||
Threats by Model |
Models |
Real-time |
Hourly |
The number includes the models in Threat Operations > Intelligent Modeling. |
Statistical table |
Last 7 days |
Hourly |
Number of threats detected by each type of threat detection model. If there is no threat detection model, four default types with zero threats detected are displayed. |
|
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
