Threat analysis and response provides the Global Alert Situation Awareness predefined dashboard. This allows you to monitor and manage the security posture of your enterprise across different cloud platforms, accounts, and services in a centralized manner. The dashboard displays the results of security operations in multiple data charts. You can use the charts in security reports to visualize security status and the results of risk management measures. You can use the dashboard-provided, real-time monitoring data and data analysis results to create more accurate and efficient security policies. This helps improve security O&M efficiency, ensure the security of enterprise assets, and deliver better support for the continuous development of your business.
View metrics
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
Optional. In the upper-right corner of the Dashboard page, click Time Range to specify a query time range. If you do not specify a query time range, the system displays data within the previous seven days by default.
View statistics on the dashboard.
The dashboard provides multiple charts. You can click a measured number and select Log Analysis to view details on the Log Search page.
Metric chart
Description
Global Alert Situation Awareness
Provides comprehensive alert information, which helps you evaluate the overall risk. The following metrics are provided:
Logs/Events: the total number of logs that are added to threat analysis and response.
Alerts: the number of alerts that are added to threat analysis and response. The following alerts are included:
Alerts that are collected from Web Application Firewall (WAF), Cloud Firewall, and Security Center.
Alerts that are generated based on the predefined rules of threat analysis and response.
Alerts that are generated based on the custom rules of threat analysis and response.
Threat Analysis Alerts: the number of alerts that are generated based on the predefined rules of threat analysis and response.
Custom Rule Alerts: the number of alerts that are generated based on the custom rules of threat analysis and response.
Monitored Accounts: the number of accounts that are added to and monitored by threat analysis and response. The accounts include Alibaba Cloud accounts and third-party cloud accounts.
Top 5 Ingestion Logs/Events by Type
Displays the top 5 types of logs that are added to threat analysis and response based on log quantities.
Log Source Trend by Product Name
Displays the volume trends of logs that are added to threat analysis and response from different cloud services.
Alert Source Trend
Displays the trends of attacks on different cloud services.
Distribution of Alert Source
Displays the distribution of alerts by cloud service.
Top 5 Alerts by Type
Displays the top 5 types of alerts based on alert quantities.
Latest Alerts List
Displays information about the most recent alerts. Alerts of the same type are aggregated into one alert.
Defensive Action Trend
Displays the trends of defense status.
alert: alert only
drop: block
Specify a data refresh time
When you access the Dashboard page, the system displays alert data based on the point in time of the access. By default, the system does not refresh alert data. If you want to view the most recent alert data, you can manually refresh data or specify an interval at which data is automatically refreshed.
Manual refresh: In the upper-right corner of the Dashboard page, click Refresh and select Once to manually refresh data.
Automatic refresh: In the upper-right corner of the Dashboard page, click Refresh and select Automatic Refresh. Then, select an interval at which data is automatically refreshed.
NoteIf you re-access or refresh the Dashboard page, the system restores the default setting and does not refresh data.
References
For more information about how to analyze logs and view log fields, see Log management.