Updated on 2025-08-11 GMT+08:00

Threat Situation Screen

Scenarios

There are always such scenarios as presentation, reporting, or real-time monitoring where you need to present the analysis results of SecMaster on big screens to achieve better demonstration effect. It is not ideal to just zoom in the console. Now, SecMaster Large Screen is a good choice for you to display the service console on bigger screens for a better visual effect.

By default, SecMaster provides a threat situation screen, which shows how many network attacks, application-layer attacks, and server-layer attacks against your assets over the last seven days.

Prerequisites

You have enabled Large Screen. For details, see Buying Value-Added Packages.

Viewing the Threat Situation Screen

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  5. In the navigation pane on the left, choose Situation Awareness > Large Screen.

    Figure 2 Large Screen

  6. Click Play in the lower right corner of the Threat Situation image to access the screen.

    This screen includes many graphs. More details are provided below.

Threat Situation screen

This area displays the number of attacks by types, including network, application, and server attacks, as shown in Figure 3.

Table 1 Threat Situation screen

Parameter

Statistical Period

Update Frequency

Description

Network Threats and Attacks

Occurrences

Last 7 days

Hourly

The number of attacks against EIPs in the last seven days.

Last Week

Difference between the number of attacks against EIPs for the current 7-day statistical cycle and that for the previous 7-day statistical cycle.

Application Threats and Attacks

Occurrences

Last 7 days

Hourly

The number of attacks against protected websites in the last seven days.

Last Week

Difference between the number of attacks against websites for the current 7-day statistical cycle and that for the previous 7-day statistical cycle.

Server Threats and Attacks

Occurrences

Last 7 days

Hourly

The number of attacks against protected ECSs in the last seven days.

Last Week

Difference between the number of attacks against ECSs for the current 7-day statistical cycle and that for the previous 7-day statistical cycle.

Figure 3 Threat Situation screen

Attack Source Distribution

This graph displays the five attack sources who launched the most attacks against the network and application layers. You will see attacked asset details, including IP addresses, departments, and quantity. Figure 4 shows an example.

Table 2 Attack source distribution

Parameter

Statistical Period

Update Frequency

Description

Top 5 Source IP Addresses by Network Alerts

Last 7 days

Hourly

The five sources that have launched the most attacks against EIPs for the last seven days, displayed in a descending order by attack quantity.

Top 5 Source IP Addresses by Application Alerts

Last 7 days

Hourly

The five sources that have launched the most attacks against websites for the last seven days, displayed in a descending order by attack quantity.

Figure 4 Attack source distribution

Attacks by Type

This graph shows top 5 network attack types, top 5 application attack types, and server attack types, as shown in Figure 5.

Table 3 Attacks by Type

Parameter

Statistical Period

Update Frequency

Description

Top 5 Network Alert Types

Last 7 days

Hourly

The five attack types with the most attacks against EIPs detected for the last seven days, displayed in a descending order by attack quantity.

If there is no network attack or no corresponding data table, the default types with zero attacks are displayed.

Top 5 Application Alert Types

Last 7 days

Hourly

The five attack types with the most attacks against websites detected for the last seven days, displayed in a descending order by attack quantity.

If there is no application attack or no corresponding data table, the default types with zero attacks are displayed.

Top 5 Server Alert Types

Last 7 days

Hourly

The top 5 ECS attack types by attack quantity in the last 7 days.

If there is no ECS attack or no corresponding data table, the default types with zero attacks are displayed.

The asset statistics come from the Threats > Alerts page in SecMaster.

Figure 5 Attack type distribution

Threat Situation Statistics

This graph shows the statistics about alerts, logs, and threat detection models in the current account, as shown in Figure 6.

Table 4 Threat Situation Statistics

Parameter

Statistical Period

Update Frequency

Description

Alert Statistics

Logs

Last 7 days

Hourly

Total number of network, application, and server access logs for the last seven days.

Threats

Total number of threats identified for protected networks, applications, and servers for the last seven days.

Alerts

The number of alerts generated from attack logs during the last seven days. The data comes from the Threats > Alerts page.

Incidents

The number of incidents that are converted from alerts during the last seven days. The data comes from the Threats > Alerts page.

Log Analysis

Log volume

Last 7 days

Hourly

Total volume of network, application, and server access logs for the last seven days, in MB.

PoP

Difference between the total volume of network, application, and server access logs for the current 7-day statistical cycle and that for the previous 7-day statistical cycle.

Calculation method: [(Number of logs for the current statistical cycle – Number of logs for the previous statistical cycle)/Number of logs for the previous statistical cycle] x 100%.

Statistical trend chart

Total volume of network, application, and server access logs for the last seven days, in MB.

Threats by Model

Models

Real-time

Hourly

The number of existing models in Threats > Intelligent Modeling.

Statistical table

Last 7 days

Hourly

The number of threats detected by each type of threat detection model.

If there is no threat detection model, four default types with zero threats detected are displayed.

Figure 6 Threat situation statistics