Viewing Anomaly or Attack Events

For a packet capture file of Zone Attack Matched or Zone Anomaly Matched, you can view related anomaly or attack events for further analysis.

Prerequisites

The packet capture task of Zone Attack Matched or Zone Anomaly Matched has been created and enabled.

Procedure

  1. Choose Defense > Policy Settings > Packet Capture.
  2. Click the Packet Capture File tab.
  3. Click of a packet capture file in the Operation column.
  4. On the View Correlated Events page, view related anomaly or attack events. For parameter settings, see Table 1.

    Table 1 Viewing attack events

    Parameter

    Description

    IP Address

    Indicates the destination IP address under attack.

    Zone Name

    Indicates the name of the Zone to which the destination IP address under attack belongs.

    Start Time of an Anomaly

    Indicates the start time of an anomaly.

    Attack Start Time

    Indicates the start time of an attack.

    End Time

    Indicates the end time of an abnormal one if the associated event is an abnormal event. Otherwise, this field indicates the end time of an attack.

    State

    Indicates the current state of an attack.

    Type

    Indicates the attack type.

    Number of Attack Packets

    Indicates the number of packets sent during attacks.

  5. Click Close. Return to the Packet Capture File page.
Parent topic: Managing Packet Capture Files
Copyright © Huawei Technologies Co., Ltd.