Skip to main content

Configure security alerts

This topic describes how to configure security alerts, which allows you to specify approved logon locations and custom web directories to scan.

Context

Server Guard supports advanced logon settings. You can configure more fine-grained logon detection rules. For example, you can specify approved logon IP addresses, logon time, and logon accounts to block unauthorized requests sent to your assets.

Operation Steps

  1. In the product management page, choose "Server Guard". fg-dc-sg-3.3.1.5-1

  2. In the left-side navigation pane, click " Intrusion Prevention "> " Intrusions". fg-dc-sg-3.3.1.5-2

  3. In the upper-right corner, click Settings to configure parameters on different tabs. fg-dc-sg-3.3.1.5-3

  • Add an approved logon location.
    • In the Login Location section, click Management on the right.
    • Select the logon location that you want to add and select the servers that allow logons from the added location.
    • Click OK.
  • Server Guard allows you to edit or delete approved logon locations.
    • Find a specific logon location and click Edit on the right to change the servers that allow logons from this location.
    • Find a specific logon location and click Delete on the right to delete the logon location.
  • Configure advanced logon settings
    • When you configure advanced logon settings, you can specify the IP addresses, accounts, and time ranges that are allowed for logons to your assets. After the advanced logon settings are configured, Server Guard sends you alerts if your assets receive unauthorized logon requests. Theprocedure of configuring advanced logon settings is similar to that of configuring Login Location. You can add, edit, or delete advanced logon settings in a similar way.
    • Turn on or turn off Uncommon IP Alert to the right of Common Login IPs. If you turn on Uncommon IP Alert and your assets receive logon requests from unauthorized IP addresses, alerts are triggered.
    • Turn on or turn off Uncommon Time Alert to the right of Common Login Time. If you turn on Uncommon Time Alert and your assets receive logon requests in unauthorized time ranges, alerts are triggered.
    • Turn on or turn off Uncommon Account Alert to the right of Common Login Accounts. If you turn on Uncommon Account Alert and your assets receive logon requests from unauthorized accounts, alerts are triggered.
  • Add web directories to scan.
    • Server Guard automatically scans web directories of data assets in your servers and runs dynamic and static scan tasks. You can also manually add other web directories.
    • In the Add Scan Targets section, click Management on the right.
    • Specify a valid web directory and select the servers on which the specified web directory is scanned.
    • To ensure the scan performance and efficiency, we recommend that you do not specify a root directory.
    • Click OK.