Configure attack alarm threshold

Last updated: 2020-02-17 10:59:49

PDF

Use Cases

When the DDoS high defense IP you use is attacked, terminated, blocked or unblocked, the system will push the attack warning message to you in the form of internal message, SMS, email or Wechat. In order to push the attack alarm information more reasonably and accurately and reduce the disturbance, the configuration function of attack alarm threshold is added. If the detected Metric exceeds the threshold set by you, an alarm will be triggered and the attack alarm message will be pushed to you. If normal business operations (such as synchronized data, etc.) cause a sudden increase in Traffic, but are determined to be attacks, this feature can better filter such situations and help you more accurately and clearly grasp the current attacks on your business. How to receive alarm messages, see Setting Security Event Notifications .

Configure DDoS attack alarm threshold

This configuration example can achieve the following features: the attack on "bgpip-0000021y" of DDoS high defense IP instance Traffic triggers DDoS attack cleaning when the cleaning threshold is exceeded. When the cumulative cleaning Traffic (value) exceeds 1000Mbps, an DDoS attack alarm will be sent to the specified user group.

You need to enable DDoS defense status before you can set the attack alarm threshold.

  1. Login DDoS Protection console In Left sidebar, select "DDoS High Defense IP"-> "Asset list" to enter the high defense IP page, find the high defense IP instance "bgpip-0000021y", and click the action item "Defense configuration" in the row of the instance.
  1. Go to the DDoS defense configuration page, select Drop-down list to the right of the DDoS attack alarm threshold, select alarm Metric [Clean Traffic], and set the threshold to 1000Mbps.

The alarm threshold for DDoS attacks is [not set] by default, and the optional alarms Metric are supported: "enter Traffic bandwidth" and "clean Traffic".

Configure CC attack alarm threshold

This configuration example can achieve the following features: when CC defense is triggered by "bgpip-0000021y" of DDoS high defense IP instance, when the peak value of HTTP CC defense exceeds 2000QPS, CC attack alarm information will be sent to the specified user group.

You need to enable HTTP CC defense status before you can set the attack alarm threshold.

  1. Login DDoS Protection console In Left sidebar, select * * DDoS High Defense IP * *-> * * Defense configuration * * to enter the defense configuration page, and click * * CC Defense * *.
  2. In the CC protection page, navigate to the "HTTP CC Protection" area at the bottom of the page, and set the threshold to 2000QPS at the "HTTP CC attack alarm threshold".