Handling Events
- Ignore: If the event does not cause any harm, ignore the result. After click Ignore, record the Handler and Reason in the Ignore Risk dialog box.
- Mark as Offline: If the event has been handled offline, click Mark as Offline in the Operation column. In the displayed dialog box, fill in Processor, Processing Time, and Processing Result, and click OK.
On the Events page, SA also aggregates alarm data reported by other security services, such as Host Security Service (HSS), and Web Application Firewall (WAF). When you handle these alarms, follow the sequence below:
- View the Product Name column to locate the source service that reports an alarm to SA.
- Go to the source service to handle the alarm.
- Mark the alarm in SA after it is handled in the source service.
For example, if an event is reported by HSS, it is recommended that you handle the alarm on the HSS console first and then mark the alarm in SA.
Prerequisites
SA has received events from other security products.
Procedure
- Log in to the management console.
- Click
in the upper left corner of the page and choose . - Filter events.
- Mark events in batches.
Select one or more events in the Unhandled status and click Ignore or Mark as Offline above the result list to handle all selected events at a time.
- Mark an event.
- In the Operation column of the event you want to mark, click Ignore or Mark as Offline.
- Alternatively, you can mark a single event on its Result Details page by clicking Ignore or Mark as Offline at the lower right corner.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
