Security Center:Approved logon management

Manage approved logon

You can specify approved logon locations, IP addresses, time ranges, and accounts. Security Center monitors logons based on your settings. If unapproved logons are detected, Security Center generates alerts. To configure approved logon settings, follow these steps:

1. Log on to the Security Center console. In the upper-left corner of the console, select the region where your assets are located: China or Outside China.

2. In the left-side navigation pane, select Protection Configuration > Host Protection > Host-specific Rule Management.

3. On the Host-specific Rule Management page, click the Common Logon Management tab.

4. Under the Common Logon Management tab, configure Approved Logon Location, Approved Logon IP Address, Approved Logon Time, and Approved Logon Account.

   The configuration of Approved Logon Location, Approved Logon IP Address, Approved Logon Time, and Approved Logon Account involves similar steps. The following example demonstrates how to manage Approved Logon Location, and you can apply the same process to other configurations.

   1. On the Approved Logon Location tab, click Create Policy.

   2. In the Approved Logon Location panel, select one or more locations as approved logon locations based on your business requirements, select the servers on which the settings take effect, and then click OK.

   Security Center allows you to change the servers that allow logons from selected logon locations and delete selected logon locations.

   • To change the servers that allow logons from the logon location, find the location and click Edit on the right side.

   • To delete an approved logon location, find the location and click Delete in the Actions column.

   Security Center allows you to add remarks to approved logon IP addresses. To add remarks to an IP address, find the IP address and click the icon in the Note column on the Approved Logon IP Address tab.

View unusual logon alerts