The host-specific rule management feature allows you to manage defense and detection rules that are configured for your servers by using the following modules: malicious behavior defense, defense against brute-force attacks, and approved logon management. You can create rules based on your business requirements to improve the security of your system. This topic describes how to manage the rules that are configured for your servers by using malicious behavior defense, defense against brute-force attacks, and approved logon management.
Modules and supported editions
Module | Supported edition | Description | |
Malicious behavior defense | Anti-virus, Advanced, Enterprise, and Ultimate Note The Antivirus edition only supports adding whitelisted process hashes using custom rules. The Advanced edition supports process defense under system defense rules but does not support network defense. | Security Center provides system defense rules to defend against common attacks, such as execution of commands that contain malicious scripts and insertion of malicious files. You can also create custom defense rules based on your business scenarios. Malicious behavior defense allows you to manage system defense rules and custom defense rules to build a finer-grained security system. | |
Defense against brute-force attacks | Advanced, Enterprise, and Ultimate | You can configure a defense rule against brute-force attacks. If the number of logon failures to the same server exceeds the specified limit during the specified statistical period, the IP address is blocked. | |
Approved logon management | Approved logon location | All editions | Approved logon management allows you to specify approved logon locations, IP addresses, time ranges, and accounts. You can identify unusual logons that may be initiated by attackers. |
Approved logon IP address | Advanced, Enterprise, and Ultimate | ||
Approved logon time range | Advanced, Enterprise, and Ultimate | ||
Approved logon account | Advanced, Enterprise, and Ultimate |