|
Data Collection and Analysis
|
Standard data collection, standard protocol analysis, customized data collection, customized protocol analysis
|
|
Threat Detection
|
Event detection with pre-defined feature
|
|
|
Event detection with customized feature
|
|
|
Threat detection basing on threat intelligence database
|
|
|
SQL injection and XXS attack detection
|
|
|
APT static detection of malicious samples
|
|
|
Virus detection basing on virus database
|
|
|
Detection basing on secondary event
|
|
Threat Display
|
Display the total amount of all attacks in latest 24hours
|
|
|
Display the total amount of the denial of service attack in latest 24hours
|
|
|
Display the total amount of port scanning attack in latest 24hours
|
|
|
Display the total amount of worms attack in latest 24hours
|
|
|
Display the total amount of Trojan horse attack in latest 24hours
|
|
|
Display the Top5 attack type whose attack amount are the most among all the attacks in latest 24hours
|
|
|
Display the amount of each attack type in latest 24hours
|
|
|
Display the traffic trend in latest 24hours
|
|
|
Display the detailed information of the attack, including source ID, destination IP, source port, destination port, the time when the attack take place, illustration of the attack, the parameter that returns
|
|
|
Using the attack event as clues is supported, it can show the distribution of historical event and the threat intelligence of the IP which is related to the attack event in the form of asset portraits
|
|
|
Support attack event tracing basing on the source IP or the destination IP of the attack
|
|
Traffic Accounting
|
Support macro traffic monitoring in network, including total flow, web flow, email flow, database flow, P2P flow and other flow
|
|
|
Support micro traffic recording in network, including the recording of P2P flow, DNS flow, IP/port flow, the flow of important protocol, the flow of key operating and maintenance and the flow of key web behavior
|
|
Threat Response
|
Support web alarm of attack event
|
|
|
Support to send out the attack event
|
|
|
Support local record of the attack event
|
|
|
Support the original message record of the attack event
|
|
|
Support the RST blocking of the attack
|
|
|
Support the cooperation with firewall
|
|
|
Support the cooperation with ATP
|
|
Asset Configuration
|
Support to configure the monitoring of key web server
|
|
|
Support to configure the binding of IP-MAC
|
|
Report Management
|
Support to create analysis report
|
|
|
Support to create basic report
|
|
|
Support to create advanced accounting report
|
|
|
Support to create detailed event report
|
|
|
Support to create the report in various format, including PDF, Word, HTML, Excel
|
|
System Management
|
Support to configure the syslog server to send out the event
|
|
|
Support SNMP configuration
|
|
|
Support email notification
|
|
|
Support to configure the cooperation with firewall
|
|
|
Support manual updates of database via web, including the event database and the threat intelligence database etc.
|
|
|
Support the maintenance and alarm of disk
|
|
|
Support proxy configuration
|
|
|
Support the configuration of the attention degree of an event
|
|
Resource Monitoring
|
Support to monitor the usage rate of the CPU of device
|
|
|
Support to monitor the usage rate of the RAM of device
|
|
|
Support to monitor the usage rate of the disk of device
|
