The application analysis feature provides statistics on application behavior, application access, attacked servers, and attack prevention trends. The application analysis feature also provides data reference for application system hardening, which helps you quickly understand the security protection level of applications and simplifies application security management. This topic describes how to view the statistics provided by the application analysis feature.
View the attack protection effects
After application processes are added to the application protection feature, you can view the total number of attacks, the distribution of attack types, and the trend of attack protection in the previous seven days on the Application Analysis tab.
If attack data does not exist, the application runs as expected. The application protection feature blocks or monitors only actual attacks.
The Application Analysis tab displays only the attack data of the previous seven days. You can view attack data within a specific time range on the Attack Alerts tab.
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
On the Application Analysis tab, the Application Behavior Analysis, Distribution by Attack Type, and Attack Prevention Trend sections display the total number of attacks on your applications, the types of attacks, and the severity of attacks.
Total Requests: indicates the total number of requests sent by applications for which the application protection feature is enabled. If the total number of requests is recorded, the application protection feature runs as expected, even if no alert is displayed on the Attack Alerts page.
The total number of attacks on an application is calculated by using the following formula: Total Blocks + Total Monitored Attacks
View the servers that receive the most attacks
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
In the Top 10 Attacked Servers section of the Application Analysis tab, view the servers that receive the most attacks.
The following items are security hardening suggestions for the servers:
View and fix the known vulnerabilities in the servers to narrow the attack surface that attackers can exploit. For more information, see View and handle vulnerabilities.
Enable the Malicious Host Behavior Prevention, Webshell Connection Prevention, Malicious Network Behavior Prevention, and Webshell Detection and Removal features for the servers. For more information, see Enable features on the Host Protection Settings tab.
View major attack sources
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
In the Top 10 Attack IP Addresses section of the Application Analysis tab, view the IP addresses from which the most attacks are initiated.
The following items are security hardening suggestions to help you defend against attack sources:
You can add security group rules for Elastic Compute Service (ECS) instances to deny access from known attack sources. For more information, see Add a security group rule.
If you use other security protection services, you can add the attack source IP addresses to a blacklist to block attacks. For example, if you use Web Application Firewall (WAF), you can configure the IP address blacklist to block requests from attack sources. For more information, see Configure IP address blacklist rules to block specific requests.