Viewing Events

You can search for security events, such as XSS attacks, SQL injection, CC attacks, and user-defined precise protection events in the event list to quickly locate attack sources or analyze attack events.

You can view event data of all protected domain names in the last 30 days.

If you switch the working mode for a website to Suspended, EdgeSec only forwards all requests to the website without inspection. It does not log any attack events neither.

Prerequisites

A protected website has been added. For details, see Adding a Website to EdgeSec.

Procedure

Log in to the management console.
Click in the upper left corner of the page and choose Security & Compliance > Edge Security.
In the navigation pane on the left, choose Dashboard under Security Protection.
In the navigation pane on the left, choose Events.
Select a website from the Website drop-down list. You can view protection logs of yesterday, today, past 3 days, past 7 days, past 30 days, or a user-defined time range.
- Events over Time: Displays the protection status of the selected website within the selected time range.
- Top Tens: Displays a summary of top tens about protected domain names you select for a time range.
  Figure 1 Events

In the Events area, view the event details.

Configure a filter by combining several conditions. Click Add and select filter conditions displayed. Then, click OK. Table 1 lists parameters for filter conditions.
Click to select fields you want to display in the event lists.
To view event details, locate the row containing the event and click Details in the Operation column.

Figure 2 Events

**Table 1** Description of the conditions
Parameter	Description
Event ID	ID of the event
Incident Type	Type of the attack. By default, All is selected. You can view logs of all attack types or select an attack type to view corresponding attack logs.
Rule ID	ID of a built-in protection rule in basic web protection
Protective Action	The options are Block, Log only, and Verification code.
Source IP	Public IP address of the web visitor/attacker By default, All is selected. You can view logs of all attack source IP addresses, select an attack source IP address, or enter an attack source IP address to view corresponding attack logs.
URL	Attacked URL

**Table 2** Parameters in the event list
Parameter	Description	Example Value
Time	When the attack occurred	2023/03/04 13:20:04
Source IP Address	Public IP address of the web visitor/attacker	-
Domain Name	Attacked domain name	www.example.com
Geolocation	Location where the IP address of the attack originates from	-
URL	Attacked URL	/admin
Incident Type	Type of the attack.	Precise Defense
Protective Action	The options are Block, Log only, and Verification code. NOTE: If an access request matches a data masking rule, the protective action is marked as Mismatch.	Block

Parent topic: Managing Events

Previous topic: Managing Events

Next topic: Handling False Alarms

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot