Anomaly/attack situation

In the anomaly/attack situation chart, you can view the proportions of various anomaly/attack situations.

**Table 1** Query parameters of anomaly/attack situation
Parameter	Description
Direction	Select Inbound or Outbound the drop-down list.
Device	Select a device from the drop-down list.
Zone	Click , select a Zone on the Zone page that is displayed, and then click OK.
Type	Select Attack or Abnormal the drop-down list.
IP Address	Enter the destination IP address. Both IPv4 and IPv6 addresses are applicable. The anomaly/attack traffic destined for the IP address is queried.
Time	Click to select the start time and end time of statistics. Or you can change the time values in corresponding text boxes. The end time should be later than the start time and the interval cannot be longer than one year.

If the device is set to DDoS-Cleaning and the Zone to test, Figure 1 shows anomaly/attack situation within a period of time.

Figure 1 Anomaly/attack situation (for cleaning devices)

Choose Report > Report > Anomaly/Attack Analysis.
Click the Anomaly/attack situation tab.
Set query parameters.
Click Search.
The situation of anomalies/attacks that meet the query conditions is displayed.
Optional: Open or save the query results as files, or send queried reports to the specified email address.
- Click to open or save the query results as PDF files. A maximum of 10,000 entries can be displayed.
- Click to open or save the query results as EXCEL files. A maximum of 10,000 entries can be displayed.
- Click to open or save the query results as CSV files. All data except figures can be displayed.
- Click to enter a recipient mail address and select an attachment format. Then click OK.