Global security posture monitoring and alert management - Security Center

Cloud Threat Detection and Response (CTDR) provides the Global Alert Situation Awareness predefined dashboard. This allows you to monitor and manage the security posture of your enterprise across different cloud platforms, accounts, and services in a centralized manner. The dashboard displays the results of security operations in multiple data charts. You can use the charts in security reports to visualize security status and the results of risk management measures. You can use the dashboard-provided, real-time monitoring data and data analysis results to create more accurate and efficient security policies. This helps improve security O&M efficiency, ensure the security of enterprise assets, and deliver better support for the continuous development of your business.

View metrics

Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose CTDR > Dashboard.
Optional. In the upper-right corner of the Dashboard page, click Time Range to specify a query time range. If you do not specify a query time range, the system displays data within the previous seven days by default.

View statistics on the dashboard.

The dashboard provides multiple charts. You can click a measured number and select Log Analysis to view details on the Log Search page.

Metric chart	Description
Global Alert Situation Awareness	Provides comprehensive alert information, which helps you evaluate the overall risk. The following metrics are provided: Logs/Events: the total number of logs that are added to CTDR. Alerts: the number of alerts that are added to CTDR. The following alerts are included: Alerts that are collected from Web Application Firewall (WAF), Cloud Firewall, and Security Center. Alerts that are generated based on the predefined rules of CTDR. Alerts that are generated based on the custom rules of CTDR. Threat Analysis Alerts: the number of alerts that are generated based on the predefined rules of CTDR. Custom Rule Alerts: the number of alerts that are generated based on the custom rules of CTDR. Monitored Accounts: the number of accounts that are added to and monitored by CTDR. The accounts include Alibaba Cloud accounts and third-party cloud accounts.
Top 5 Ingestion Logs/Events by Type	Displays the top 5 types of logs that are added to CTDR based on log quantities.
Log Source Trend by Product Name	Displays the volume trends of logs that are added to CTDR from different cloud services.
Alert Source Trend	Displays the trends of attacks on different cloud services.
Distribution of Alert Source	Displays the distribution of alerts by cloud service.
Top 5 Alerts by Type	Displays the top 5 types of alerts based on alert quantities.
Latest Alerts List	Displays information about the most recent alerts. Alerts of the same type are aggregated into one alert.
Defensive Action Trend	Displays the trends of defense status. alert: alert only drop: block

Specify a data refresh time

When you access the Dashboard page, the system displays alert data based on the point in time of the access. By default, the system does not refresh alert data. If you want to view the most recent alert data, you can manually refresh data or specify an interval at which data is automatically refreshed.

Manual refresh: In the upper-right corner of the Dashboard page, click Refresh and select Once to manually refresh data.
Automatic refresh: In the upper-right corner of the Dashboard page, click Refresh and select Automatic Refresh. Then, select an interval at which data is automatically refreshed.
Note
If you re-access or refresh the Dashboard page, the system restores the default setting and does not refresh data.

References

For more information about how to analyze logs and view log fields, see Log management.