The Honeypot events page records the scans and attacks on all probes and honeypots and presents the data in a graph and list so that you can analyze and resolve all blocked events.
Visual representation of honeypot events
1. Log in to the Cloud Firewall console. In the left navigation pane, click Alert Management -> Honeypot events to open the Honeypot events page.
2. You can ① select the probes to analyze, and analyze the data of selected probes based on ②Honeypot attacker IP, ③Probe scan IP, ④ Distribution of honeypot events and ⑤Time (24 hours or 7 days). You can view the number of hit honeypots, the number of intrusion events, the number of network scans, and the number of attacker IPs for the selected or all probes within different periods.
List of honeypot events
1. Log in to the Cloud Firewall console. In the left navigation pane, click Alert Management -> Honeypot events.
2. On the Honeypot events page, honeypot events are divided into Intrusion events and Port detection, depending on whether the honeypots are attacked.
You can perform the following operations in the list:
① Select Block all or Allow all for selected events. (The buttons are available only when one or more events are selected.)
②Filter events based on the event status (whether the events have been resolved).
③Filter events based on the honeypot type.
④Specify custom keywords (4 to 10 keywords are allowed).
Yes
No
Was this page helpful?