Viewing Application Protection
Scenario
After application protection is enabled, you can view the protection status and events on the Application Protection page. You can analyze the events and harden your applications accordingly.
Viewing the Protection Status
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > Host Security Service.
- Choose Server Protection > Application Protection. Click the Protected Servers tab.
Figure 1 Viewing protection settings
- (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
- View the service protection status. For details, see Table 1.
Table 1 Parameters for protection settings Parameter
Description
Server Name/ID
Server name and ID
IP Address
Private IP address and EIP of the server
OS
Server OS
Server Group
Group that the server belongs to
Policy
Detection policies bound to the target server.
RASP Status
Web application protection status.
- Unprotected: The server has been added for protection but RASP is not enabled.
- Protected: RASP is enabled.
- Protection failed: RASP fails to be enabled due to an exception.
- Partially protected: RASP fails to be enabled for some middleware.
RASP Port
Port protected by RASP on a server.
RASP Attacks
Application protection events that occurred on the server.
- In the Operation column of the server, click View Details to view web protection details.
On the protection details page, you can check the RASP protection status of web applications.Figure 2 Application protection details
Viewing Events
- Log in to the management console and go to the HSS page.
- Choose Server Protection > Application Protection and click the Events tab. For more information, see Table 2.
To view the protection events of a server, click the number in the Attacks column of the server on the Protected Servers tab page.
Table 2 Event parameters Parameter
Description
Severity
Alarm severity. You can search for servers by alarm severities.
- Critical
- High
- Medium
- Low
Server Name
Server that triggers an alarm
Alarm Name
Alarm name
Alarm Time
Time when an alarm is reported
Attack Source IP Address
IP address of the server that triggers the alarm
Attack Source URL
URL of the server that triggers the alarm
- You can click an alarm name to view the attack information (such as the request information and attack source IP address) and extended information (such as detection rule ID and description), and troubleshoot the problem accordingly.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot