Updated on 2022-10-28 GMT+08:00

Viewing Events

The Events page gives you a full view of your asset security status, helping you determine the priority of handling the events in a timely manner and analyze the security trends.

On the Events page, you can:

  • View information about threat alarms, vulnerabilities, risks, compliance check, violations, and public opinions.
  • View real-time detection data from other security products.
  • Filter events by time range or filter. The events of the last seven days are displayed by default.
  • View detailed events on the console or view them in JSON format.
  • Customize the event list.
  • Mark the processing status of events

Constraints

  • When you search for events by filter, a maximum of 10,000 events can be displayed.
  • Only the events of the last 180 days can be displayed.

Prerequisites

  • SA has received the detection results or events from other security products.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Situation Awareness.
  3. In the navigation pane on the left, choose Events.

    Figure 1 Viewing the event list

  4. Filter and view events.

    • Select a filter, click , and view the event displayed.
    • If there are still a large number of events after filtering, add one or more filter criteria and/or select a time range to quickly search for events you want.
      • To add one or more filter criteria, configure the corresponding categories in the filter box and then click .
      • To specify a time range, configure a time period in the time filter box and click OK.

  5. View the event list.

    In the displayed list, only the events matching the filter criteria are displayed, as well as their statistics.

  6. View the details of an event.

    1. Locate the row of the event you want to view, click the subject in the Subject column. The Details pane is displayed on the right.
      Figure 2 Details
    2. On this pane, the Basic Information, Description, Resource Information, Attack Information, and Tenant Information are listed. For more details, see Table 1.
      Table 1 Parameters on the event details page

      Parameter

      Description

      Basic Information

      Basic information about an event, including the subject, severity, status, discovery time, category, company name, product name, and type.

      Description

      Brief description of an event.

      Resource Information

      Information about affected resources, including the resource name, resource ID, resource type, and the region where the affected resource locates.

      Tenant Information

      Information about affected users, including the tenant ID, project name, project ID, and region where the user account is registered.

      Attack Source Information

      Attack source information, including the IP address, port, and longitude from where an attack originates.

      Attacked Resource Details

      Information about the attacked resource, including the attacked IP address and port.

      Check Results

      Information about the associated detection results, including the associated resource name and result source.

      Vulnerability Information

      Vulnerability result information, including the vulnerability ID, CVSS score, CVSS version, and provider.

      Affected Products

      Vulnerability impact scope information, including affected resource versions and security product versions.

      Compliance Information

      Basic information about compliance check, including check items and check results.

      Involved CVE

      CVE ID of the vulnerability.

      References:

      Related reference links.

      Repair/Handling Suggestion

      Details of risk repair or handling suggestions.

    3. On the Details pane, Click View JSON File in the upper right corner to view the event details in a JSON file.