Viewing Anomaly or Attack Events

For a packet capture file of Zone Attack Matched or Zone Anomaly Matched, you can view related anomaly or attack events for further analysis.

Prerequisites

The packet capture task of Zone Attack Matched or Zone Anomaly Matched has been created and enabled.

Procedure

  1. Choose Defense > Policy Settings > Packet Capture.
  2. Click the Packet Capture File tab.
  3. Click of a packet capture file in the Operation column.
  4. On the View Correlated Events page, view related anomaly or attack events. For parameter settings, see Table 1.

    Table 1 Viewing attack events
    Parameter Description
    IP Address Indicates the destination IP address under attack.
    Zone Name Indicates the name of the Zone to which the destination IP address under attack belongs.
    Anomaly Start Time Indicates the start time of an anomaly.
    Attack Start Time Indicates the start time of an attack.
    Anomaly/Attack End Time Indicates the end time of an abnormal one if the associated event is an abnormal event. Otherwise, this field indicates the end time of an attack.
    Attack Status Indicates the current state of an attack.
    Type Indicates the attack type.
    Number of Attack Packets Indicates the number of packets sent during attacks.

  5. Click Close. Return to the Packet Capture File page.
Parent topic: Managing Packet Capture File
Copyright © Huawei Technologies Co., Ltd.