The application analysis feature provides statistics on application behavior, application access, attacked servers, and attack prevention trends. The application analysis feature also provides data reference for application system hardening, which helps you quickly understand the security protection level of applications and simplifies application security management. This topic describes how to view the statistics provided by the application analysis feature.
View resources added to application protection feature
Since application processes constantly change, you can follow these steps to view the processes added to application protection feature after purchasing the quota:
Log on to the Security Center console. In the upper-left corner, select the region of your assets: China or Outside China.
In the left-side navigation pane, choose .
On the Application Analysis tab, within the Application Access Statistics section, click Resource Statistics to the right of Remaining Quota.
In the Application Processes panel, click Immediate Scan. Once the last detection time updates, you can review the processes that have been added to application protection.
NoteThe Security Center agent can collect the information only once per day in the Basic, Value-added Plan, Anti-virus, or Advanced edition of Security Center.
View the attack protection effects
After application processes are added to the application protection feature, you can view the total number of attacks, the distribution of attack types, and the trend of attack protection in the previous seven days on the Application Analysis tab.
If attack data does not exist, the application runs as expected. The application protection feature blocks or monitors only actual attacks.
The Application Analysis tab displays only the attack data of the previous seven days. You can view attack data within a specific time range on the Attack Alerts tab.
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
On the Application Analysis tab, the Application Behavior Analysis, Distribution by Attack Type, and Attack Prevention Trend sections display the total number of attacks on your applications, the types of attacks, and the severity of attacks.
Total Requests: indicates the total number of requests sent by applications for which the application protection feature is enabled. If the total number of requests is recorded, the application protection feature runs as expected, even if no alert is displayed on the Attack Alerts page.
The total number of attacks on an application is calculated by using the following formula: Total Blocks + Total Monitored Attacks
View most attacked servers
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
In the Top 10 Attacked Servers section of the Application Analysis tab, view the servers that receive the most attacks.
The following items are security hardening suggestions for the servers:
View and fix the known vulnerabilities in the servers to narrow the attack surface that attackers can exploit. For more information, see View and handle vulnerabilities.
Enable the Malicious Host Behavior Prevention, Webshell Prevention, Malicious Network Behavior Prevention, and Webshell Detection and Removal features for the servers. For more information, see Enable features on the Host Protection Settings tab
View major attack sources
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
In the Top 10 Attack IP Addresses section of the Application Analysis tab, view the IP addresses from which the most attacks are initiated.
The following items are security hardening suggestions to help you defend against attack sources:
You can add security group rules for Elastic Compute Service (ECS) instances to deny access from known attack sources. For more information, see Add a security group rule.
If you use other security protection services, you can add the attack source IP addresses to a blacklist to block attacks. For example, if you use Web Application Firewall (WAF), you can configure the IP address blacklist to block requests from attack sources. For more information, see Configure IP address blacklist rules to block specific requests.
View vulnerability prevention effects
Log on to the Security Center console. In the upper-left corner, select the region of your assets: China or Outside China.
In the left-side navigation pane, choose .
On the Application Analysis tab, in the Vulnerability Prevention section, assess the effectiveness of your vulnerability prevention.
Item
Description
Protected Applications
The count of application processes that have been added to application protection feature for vulnerability prevention.
Defended Application Vulnerabilities
The tally of vulnerabilities shielded by the application protection feature. Each occurrence of a vulnerability across different assets is counted separately.
All Supported Vulnerabilities
Click the corresponding number to view vulnerabilities for which application protection feature is available.
Total Vulnerability Attacks
The tally of attacks conducted through vulnerabilities, as monitored or intercepted by the application protection feature.
Top 5 Vulnerabilities
The top five vulnerabilities with the highest number of protection sessions, including both monitoring and interception activities.
Vulnerability Trend
This metric tracks the frequency of attacks conducted through vulnerabilities that are monitored or intercepted. Alerts that include vulnerability names in their details are counted in this metric.