All Products
Search
Document Center

Security Center:Approved logon management

最終更新日:Dec 03, 2024

Security Center offers a logon management feature to enhance system security and protect user data. This topic outlines how to effectively manage approved logons and view alerts generated for unapproved logons.

Manage approved logon

You can specify approved logon locations, IP addresses, time ranges, and accounts. Security Center monitors logons based on your settings. If unapproved logons are detected, Security Center generates alerts. To configure approved logon settings, follow these steps:

  1. Log on to the Security Center console. In the upper-left corner of the console, select the region where your assets are located: China or Outside China.

  2. In the left-side navigation pane, select Protection Configuration > Host Protection > Host-specific Rule Management.

  3. On the Host-specific Rule Management page, click the Common Logon Management tab.

  4. Under the Common Logon Management tab, configure Approved Logon Location, Approved Logon IP Address, Approved Logon Time, and Approved Logon Account.

    The configuration of Approved Logon Location, Approved Logon IP Address, Approved Logon Time, and Approved Logon Account involves similar steps. The following example demonstrates how to manage Approved Logon Location, and you can apply the same process to other configurations.

    1. On the Approved Logon Location tab, click Create Policy.

    2. In the Approved Logon Location panel, select one or more locations as approved logon locations based on your business requirements, select the servers on which the settings take effect, and then click OK.

    Security Center allows you to change the servers that allow logons from selected logon locations and delete selected logon locations.

    • To change the servers that allow logons from the logon location, find the location and click Edit on the right side.

    • To delete an approved logon location, find the location and click Delete in the Actions column.

    Security Center allows you to add remarks to approved logon IP addresses. To add remarks to an IP address, find the IP address and click the 编辑图标 icon in the Note column on the Approved Logon IP Address tab.

View unusual logon alerts

On the Alerts page, select the Cloud Workload Protection Platform (CWPP) tab and select Unusual Logon for Alert Type to view and handle alerts generated for unapproved logons at the earliest opportunity. For more information, see View and handle alerts.image