Login
      Contents x
      Dashboard
        • Print
        • PDF
        Contents

        Dashboard

          • Print
          • PDF
          Article Summary

          Available in VPC

          In Dashboard, you can check the results of detections and actions taken by the security services of Security Monitoring during the search period. In addition, it delivers weekly and monthly reports via email that summarize detection and action results to help users monitor effectively.

          Caution
          • You can only see the dashboard for the security services you've subscribed to.

          Dashboard screen

          The basics of using Dashboard are as follows:

          securitymonitoring-dashboard-vpc_ko

          FieldDescription
          ① Menu nameName of the menu currently being viewed
          ② Basic featuresCloud Log Analytics service integration/Logging, Inquire about using Security Monitoring/Check details, Refresh Dashboard page
          ③ Security servicesTab menu for each security service
          ④ DashboardArea to view detection and action results by security service

          Save security logs

          The security log storage feature allows you to send security event logs for each service to Cloud Log Analytics (CLA) for storage.

          1. From the NAVER Cloud Platform console's Region menu, click and select the region you're using.
          2. From the Platform menu, click and select VPC.
          3. Click Services > Security > Security Monitoring one by one in order.
          4. Click the Dashboard menu.
          5. Click the +Save security logs menu.
          6. Click OK in the Save security logs pop-up.
          • Security Monitoring in a VPC environment does not provide separate extraction of security event logs. If you need to extract logs, you must use the security log storage feature.
          • CLA storage space and pricing information can be found on the Cloud Log Analytics service introduction page.
          • The CLA data retention period is 30 days, and if you want to keep security event logs permanently, you can store them in Object Storage using the periodic Automatic Export Setting.
          • To use the security log storage feature, you must complete the CLA Request in advance. If you cancel CLA service in the middle, the additional logs will not be collected.

          securitymonitoring-vpc_cla_pub_ids_ko

          securitymonitoring-vpc_cla_dashboard

          Note

          To integrate the Cloud Log Analytics service with the Security Monitoring service, you must apply for the Cloud Log Analytics service in advance.

          View Dashboard

          You can view the results of detections and actions taken by security services during the search period in tables and graphs. The following describes how to view the information.

          1. From the NAVER Cloud Platform console's Region menu, click and select the region you're using.
          2. From the Platform menu, click and select VPC.
          3. Click Services > Security > Security Monitoring one by one in order.
          4. Click the Dashboard menu.
          5. Click the tab menu of the security service for which you want to view the detection and action results.

          IDS

          When you click the IDS tab menu, you can view the detected attacks within the search period. To check the detection results of IDS follow these steps:

          1. When the IDS page appears, click and select the period you want to search from Select period.
            • You can select in 31-day increments when typing directly, and you can view logs going back up to one year.
          2. To add search conditions, set the necessary items from Zone, Attack type, Attacker IP, and Target IP.
          3. Click the [Search] button.
          4. Check the search results.
            • Registered time: time the detected security event was registered on the console
              • You can check the actual detection time of the security event in View details.
            • Zone: the zone where the security event was detected
            • Attack type: the attack type of the detected security event
            • Report type: information according to the analysis result of the detected security event
              • Analysis report: when the report finds that the user's service is affected, the user needs to check the issue.
              • Vulnerability action recommendation: a vulnerability has been detected in the user's service, and actions need to be taken.
              • Intrusion analysis: it is determined to be an intrusion, and emergency actions need to be taken.
            • Attacker IP: detected attacker IP address
            • Target IP: IP address targeted for the attack
            • View: for more information on detection information and load balancer information (when the target of the attack is LB IP) of the security event, click View details.
            • Exceptions: to request an exception to exclude the same security event from being detected as an attack, click Exceptions, enter the exception request details in up to 500 characters, and then click the OK button.
          5. Click View graph to see the statistical figures for the search result in a graph.
            securitymonitoring-dashboard-vpc_02_ko
          6. Check the graph.
            • Number of detected attacks by attack type: you can check the number of detected attacks by attack type by hovering the mouse over it.
            • Rate of detected attacks by attack type: you can check the rate of detected attacks by attack type by hovering the mouse over it. You can click attack types to select only the items you want to see in the graph.
            • Number of detected attacks by attacker IP: you can check the number of detected attacks by attacker IP by hovering the mouse over it.
            • Rate of detected attacks by attacking country: you can check the rate of detected attacks by attacking country by hovering the mouse over it. You can click attacking countries to select only the items you want to see in the graph.
          Note
          • To close the graph you checked from Step 6, click Hide graph.
          • In Step 6, the attacking country is determined through the attacker IP, and the country name is indicated by the country code. For country codes, see ISO 3166-1 alpha-2.

          Anti-Virus

          When you click the Anti-virus tab menu, you can view the information of detected malware within the search period. In addition, you can check the method that was used to handle the detected malware. To check the detection and action results of Anti-virus follow these steps:

          1. When the Anti-virus page appears, click and select the period you want to search from Select period.
            • You can select in 31-day increments when typing directly, and you can view logs going back up to one year.
          2. To add search conditions, set the necessary items from Zone, Detection name/Detection path, and Detected IP.
          3. Click the [Search] button.
          4. Check the search results.
            • Detection time: the time when the security event was detected
            • Zone: the zone where the security event was detected
            • VPC: name of VPC where the security event was detected
            • Subnet: name of subnet where the security event was detected
            • Detection name: name of the detected malicious file
            • Detected IP: the IP address where the malware was detected
            • Detection path: the location where the malware was detected
            • Action status: it refers to the method used to handle the detected malicious file. It is categorized as follows: Quarantine, Pass, and Delete.
            • Exceptions: to request an exception to exclude the same security event from being detected as malware, click Exceptions, enter the exception request in up to 500 characters, and then click the [OK] button.
          5. Click View graph to see the statistical figures for the search result in a graph.
          6. Check the graph.
            • Number of detections by detection name: you can check the number of detections by detection name by hovering the mouse over it.
            • Number of detections by detection IP: you can check the number of detections by detection IP by hovering the mouse over it.
          Note

          To close the graph you checked from Step 6, click Hide graph.

          Anti-DDoS

          When you click the Anti-DDoS tab menu, you can view the detected attacks within the search period. To check the detection results of Anti-DDoS follow these steps:

          1. When the Anti-DDoS page appears, click and select the period you want to search from Select period.
            • You can select in 31-day increments when typing directly, and you can view logs going back up to one year.
          2. To add search conditions, set the necessary items from Zone, Attacker IP, and Target IP.
          3. Click the [Search] button.
          4. Check the search results.
            • Registered time: the time when the security event was detected
            • Zone: the zone where the security event was detected
            • VPC: name of VPC where the security event was detected
            • Attacker IP: detected attacker IP address
            • Target IP: IP address targeted for the attack
            • Attack type: the attack type of the detected security event
            • View: for more information on detection information, analysis information, and load balancer information (when the target of the attack is LB IP) of the security event, click View details.
            • Exceptions: to request an exception to exclude the same security event from being detected as an attack, click Exceptions, enter the exception request details in up to 500 characters, and then click the OK button.
          5. Click View graph to see the statistical figures for the search result in a graph.
          6. Check the graph.
            • Number of detected attacks by attack type: you can check the number of detected attacks by attack type by hovering the mouse over it.
            • Rate of detected attacks by attack type: you can check the rate of detected attacks by attack type by hovering the mouse over it. You can click attack types to select only the items you want to see in the graph.
            • Number of detected attacks by attacker IP: you can check the number of detected attacks by attacker IP by hovering the mouse over it.
            • Rate of detected attacks by attacking country: you can check the rate of detected attacks by attacking country by hovering the mouse over it. You can click attacking countries to select only the items you want to see in the graph.
          Note
          • To close the graph you checked from Step 6, click Hide graph.
          • In Step 6, the attacking country is determined through the attacker IP, and the country name is indicated by the country code. For country codes, see ISO 3166-1 alpha-2.

          WAF

          When you click the WAF tab menu, you can view the attacks detected and then blocked within the search period. To check the blocking results of WAF follow these steps:

          1. When the WAF page appears, click and select the period you want to search from Select period.
            • You can select in 31-day increments when typing directly, and you can view logs going back up to one year.
          2. To add search conditions, set the necessary items from Zone, Blocked event/Attack type, Attacker IP, and Target IP.
          3. Click the [Search] button.
          4. Check the search results.
            • Blocked time: the time when the security event was blocked
            • Zone: the zone where the security event was detected and blocked
            • Blocked URL: information of the blocked service domain
            • Blocked event: name of the Security Monitoring rule that blocked the attack
            • Attack type: the attack type of the detected security event
            • Attacker IP: detected attacker IP address
            • Target IP: IP address targeted for the attack
            • Risk level: it categorizes and displays the risk level of the detected security event. <example> Very high, High, Medium, Low, Info
            • View: for more information on detection information and blocking information of the security event, click View details.
            • Exceptions: to request an exception to exclude the same security event from being blocked, click Exceptions, enter the exception request details in up to 500 characters, and then click the [OK] button.
          5. Click View graph to see the statistical figures for the search result in a graph.
          6. Check the graph.
            • Number of detected attacks by attack type: you can check the number of detected attacks by attack type by hovering the mouse over it.
            • Number of detected attacks by attacker IP: you can check the number of detected attacks by attacker IP by hovering the mouse over it.
          Note

          To close the graph you checked from Step 6, click Hide graph.

          IPS

          When you click the IPS tab menu, you can view the detected attacks within the search period. To check the blocking results of IPS follow these steps:

          1. When the IPS page appears, click and select the period you want to search from Select period.
            • You can select in 31-day increments when typing directly, and you can view logs going back up to one year.
          2. To add search conditions, set the necessary items from Zone, Blocked event/Attack type, Attacker IP, and Target IP.
          3. Click the [Search] button.
          4. Check the search results.
            • Blocked time: the time when the security event was blocked
            • Zone: the zone where the security event was detected and blocked
            • Service domain: information about user's service domain to be protected from attacks
            • Blocked event: name of the Security Monitoring rule that blocked the attack
            • Attack type: the attack type of the detected security event
            • Attacker IP: detected attacker IP address
            • Attacker port: detected attacker port number
            • Target IP: IP address targeted for the attack
            • Target port: port number targeted for the attack
            • Number of attacks: number of detections for the same security event
            • Exceptions: to request an exception to exclude the same security event from being blocked, click Exceptions, enter the exception request details in up to 500 characters, and then click the [OK] button.
          5. Click View graph to see the statistical figures for the search result in a graph.
          6. Check the graph.
            • Number of detected attacks by blocked event: you can check the number of detected attacks by blocked event by hovering the mouse over it.
            • Number of detected attacks by attacker IP: you can check the number of detected attacks by attacker IP by hovering the mouse over it.
          Note

          To close the graph you checked from Step 6, click Hide graph.

          Caution

          To withdraw exception requests or exception handling results, make a request from the Customer support > Support center > Contact us in NAVER Cloud Platform portal.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout