Viewing Protection Details

Scenarios

After your services are connected to AAD, you can view the DDoS and CC protection details of different lines in an AAD instance on the dashboard to learn about the current network security state.

On the Dashboard page, you can view the following protection details:

DDoS Attack Protection
The Dashboard page gives an overview of the peak ingress traffic, peak attack traffic, and number of DDoS attacks, and shows the attack type distribution, DDoS attack events, and top 5 attack types scrubbed on two tab pages Traffic and Packet Rate.

CC Attack Protection
The Dashboard page gives an overview of number of requests and attacks, attack type distribution, and top 5 attacked source IP addresses.

Precautions

The protection details cannot be downloaded.
On the Dashboard page, you can view the following protection details of the following time ranges:
- DDoS Attack Protection
  You can select an AAD instance and a line to view the DDoS protection details of last 24 hours, last 3 days, last 7 days, last 30 days, or a custom period (maximum of last 90 days).
- CC Attack Protection
  You can select a specific domain name or all domain names from the domain name drop-down list to view the CC protection details of yesterday, today, last 3 days, last 7 days, or last 30 days.

Prerequisites

You have purchased an AAD instance.

Viewing DDoS Attack Protection Details

Log in to the management console.
Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
In the navigation pane on the left, choose Advanced Anti-DDoS > Dashboard. The Dashboard page is displayed.
Click the DDoS Attack Protection tab.

Select an instance, line, and time range (last 24 hours, last 3 days, last 7 days, last 30 days, or a custom period). Table 1 describes the related parameters.

Figure 1 DDoS attack protection

**Table 1** Parameter description
Parameter	Description
Peak ingress traffic	Maximum traffic accessing the specified IP address of a specified instance per second
Peak attack traffic	Maximum traffic attacking the specified IP address of a specified instance per second
DDoS Attacks	Number of DDoS attacks launched on the specified IP address of a specified instance
Traffic	Trend charts of received traffic and attack traffic
Packet Rate	Trend charts of received packets and attack packets
Attack Type Distribution	Types of attack events You can click Attacks then click any colored section in the displayed circle to see the type, count, and percentage of an attack. You can click Attack traffic then click any colored section in the displayed circle to see the type, traffic, and traffic percentage of an attack.
Top 5 Attack Types Scrubbed (Kbit/s)	Top 5 attack types that have been scrubbed
DDoS Attack Events	Details about DDoS attacks Click Details next to the attack source IP address to view the complete attack source IP address list. For ongoing attack events, you can click View Dynamic Blacklist to view the blacklisted IP addresses that are in attack. NOTE: Note the following points about the attack source field in the DDoS attack event report: The attack sources of ongoing attacks may not be displayed. Some attack events contain only some attack types. Their attack sources are not displayed. Attack sources are sampled randomly. Not all attack source information is displayed.

In the traffic or packet chart on the DDoS Attack Protection page, the display granularity varies according to the query interval. The details are as follows:

Query time < 20 minutes: The display granularity is 1 minute.
20 minutes < Query time < 40 minutes: The display granularity is 2 minutes.
40 minutes < Query time < 60 minutes: The display granularity is 3 minutes.
1 hour < Query time ≤ 6 hours: The display granularity is 5 minutes.
6 hours < Query time ≤ 24 hours: The display granularity is 10 minutes.
1 day < Query time ≤ 7 days: The display granularity is 30 minutes.
7 days < Query time ≤ 15 days: The display granularity is 1 hour.
15 days < Query time ≤ 30 days: The display granularity is 14 hours.

Viewing CC Attack Protection Details

Log in to the management console.
Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
In the navigation pane on the left, choose Advanced Anti-DDoS > Dashboard. The Dashboard page is displayed.
Click the CC Attack Protection tab.

Select a domain name and time range. For details about related parameters, see Table 2.

**Table 2** Parameter description
Parameter	Description
Requests	Total number of requests to a specified domain name If you select All domain names, the total number of requests to all domain names with WAF enabled is collected.
Peak Request Rate	Maximum number of requests to a specified domain name per second If you select All domain names, the maximum number of requests to all domain names with WAF enabled is collected per second.
Attacks	Number of attacks towards a specified domain name
Attacking Sources	Number of sources that attack a specified domain name
Request Statistics	Requests: trend chart for the access requests Attacks: trend chart for attacks
Attack Type Distribution	Types of attack events You can click any colored area in the attack distribution circle under Attack Type Distribution to view the type, count, and proportion of an attack. To stop displaying information about a specific type of attacks, click the legend with the same color to the right of the circle.
Top 5 Attacking Source IP Addresses	Top 5 attacking source IP addresses and their cumulative number of attacks