Event Analyses

Overview

• HSS analysis

  Host Security Service (HSS) helps you identify and manage the assets on your servers; manage programs, file integrity, security operations, and vulnerabilities; check for unsafe settings; and defend against intrusions and web page tampering. There are also advanced protection and security operations functions available to help you easily detect and handle threats.

  On the HSS page of SA, you can learn about the security status of your ECSs in real time, including the protection status, risk statistics for the last 24 hours, risks for the last 7 or 30 days, and intrusion statistics of protected ECSs.

• WAF analysis

  Web Application Firewall (WAF) keeps your web applications and websites secure and stable. Powered by machine learning, WAF intelligently examines website traffic and defends against malicious requests and unknown threats.

  On the WAF page of SA, you can view the protection logs of all protected websites or instances for a specified time range, including yesterday, today, past 3 days, past 7 days, or past 30 days. On this page, event logs are displayed by different dimensions, including the number of requests and attack types, QPS, response code, event distribution, top 10 attacked domain names, top 10 attack source IP addresses, top 10 attacked URLs, top 10 attack source locations, and top 10 error pages.

  Statistics on this page are updated every two minutes.

• DBSS analysis

  Database Security Service (DBSS) is an intelligent database security service powered by the machine learning and big data analytics technologies. It can audit your databases, detect SQL injection attacks, and identify high-risk operations.

  On the DBSS page of SA, you can view the overall audit status, risk distribution, session statistics, and SQL distribution of your databases for the last 30 minutes, last hour, last 24 hours, last 7 days, or last 30 days.

Prerequisites

You have enabled linked services in the required region. For example, if you want to view the analyses of ECSs in the CN-Hong Kong region, then enable HSS in this region.

Procedure

1. Log in to the management console.
2. Click in the upper left corner of the page and choose Security & Compliance > Situation Awareness.
3. Select a security service.
   • HSS

     In the navigation pane on the left, choose Event Analyses > HSS to go to the HSS analysis page.

     Figure 1 HSS analysis
     
   • WAF

     In the navigation pane on the left, choose Event Analyses > WAF to go to the WAF analysis page.

     Figure 2 WAF analysis
     
   • DBSS

     In the navigation pane on the left, choose Event Analyses > DBSS to go to the DBSS analysis page.

     Figure 3 DBSS analysis
     

4. View the analysis results.
   • HSS dashboard

     On the HSS page in SA, you can learn about the security status of your ECSs in real time, including the protection status, risk statistics for the last 24 hours, risks for the last 7 or 30 days, and intrusion statistics of protected ECSs.

     For details, see HSS Analysis.

   • WAF dashboard

     On the WAF page in SA, you can view the protection logs of all protected websites or instances for a specified time range, including yesterday, today, the past 3 days, past 7 days, or past 30 days. On this page, different aspects of event logs are displayed. You can view the number of requests and attack types, QPS, response code, event distribution, top 10 attacked domain names, top 10 attack source IP addresses, top 10 attacked URLs, top 10 attack source locations, and top 10 error pages.

     For details, see WAF Analysis.

   • DBSS dashboard

     On the DBSS page in SA, you can view the overall audit status, risk distribution, session statistics, and SQL distribution of your databases for the last 30 minutes, last hour, last 24 hours, last 7 days, or last 30 days.

     For details, see DBSS Analysis.