You are here: Webhelp 5.5R7 > iCenter

iCenter

This feature may not be available on all platforms. Please check actual page in system to see whether your device delivers this feature.

The multi-dimensional features show all the critical assets, risk computers, and threats to the whole network in depth. threats of the whole network.

Critical Assets

The Critical Assets page displays the detailed information of the critical assets and the related threat information. Click iCenter and the Critical Assets page will display then.

Click the link of the critical name in the list to view the following information of this critical asset:

  • Detailed information: Display the name of the critical asset, the ComputerName/IP (If the computername cannot be identified, IP will be displayed), operating system, status, zone, risk level (the white line points to the risk level of this critical assets), and certainty.
  • Threat information: Displays the kill chain, threats, and mitigation.
    • In the Kill Chain tab, view the attacks and threats to this critical asset that exist in each stage of the kill chain. A highlighted stage means there are attacks and threats in this stage. Click this stage to display all threat information in this stage. Click the threat name in the list to view the threat information.
    • In the Threats tab, view all attacks and threats from or to the critical asset.
    • In the Mitigation tab, view the mitigation actions and the mitigation rules.
  • Statistical information: The statistics about the applications, traffic, and connections related to the critical asset, including the statistic that the critical asset is the source IP of the sessions, the statistic that the critical asset is the destination IP of the sessions, and the statistic that the critical asset is source IP or destination IP.
  • Internal connection: The Risk Computers tab displays the computer information that interacts with the critical asset, the Address tab displays traffic and new sessions of IPs that interact with the critical asset, the Application tab displays traffic and new sessions of applications that interact with the critical asset.

Risk Computers

Computer risk refers to the attacker computer and the victim computer. Based on the threat level, the Risk Computers tab displays the statistics of all risk computers and threat information of the whole network. Select iCenter > Risk Computers.

Click a computer name link on the list to view detailed information about the risks, kill chain, and threat details.

  • Detailed information: Displays the computer name/IP (if the computer name cannot be identified, the IP will be displayed), operating system, status, zone, risk level (the white line points to the risk level of this critical assets), and certainty.
  • Kill Chain: View the threat about the risk computer in each phase of the kill chain.
  • Threats: View all the threats about the risk computer.
  • Mitigation: View all of the mitigation rules and the mitigation action results details of mitigation rules.

    For a Mitigation function introduction, see Mitigation.

Click a threat name link in the list to view the detailed information, source/destination, knowledge base and history about threat. For a detailed description , see the next section Threat .

Threat

Threats tab statistics and displays the all threats information of the whole network within the Specified Period. Click iCenter, and click Threat tab.

Click a threat name link in the list to view the detailed information , source/destination, knowledge base and history about the threat.

  • Threat Analysis: Depending on the threats of the different detection engine , the content of Threat Analysis tab is also different.
    • Anti Virus/IPS: Display the detailed threat information and view or download the evidence packets.

      For the Anti Virus/IPS function introduction, see Anti-Virus/ Intrusion Prevention System.
    • Attack Defense/Perimeter Traffic Filtering: Display the threat detailed information.

      For the Attack Defense/Perimeter Traffic Filtering function introduction, see Attack-Defense/Perimeter Traffic Filtering.
    • Sandbox Threat Detection: Display the detailed threat information of the suspicious file.

      For the Sandbox function, see Sandbox.
    • Abnormal Behavior Detection: Display the abnormal behavior detection information.

      For the Abnormal Behavior Detection function introduction, seeAbnormal Behavior Detection.
    • Advanced Threat Detection: Display the advanced threat detection information, malware reliability information etc.

      For the Advanced Threat Detection function introduction, see Advanced Threat Detection.
    • Anti-Spam:Display the spam filter information, such as sender and subject of spam.

      For the Anti-Spam information, see Antispam.

  • Knowledge Base: Display the specified threat description, solution, etc. of the threats detected by IPS , Abnormal Behavior Detection and Advanced Threat Detection.
  • Threat History: Display the selected threat historical information of the whole network .
  • Admin Action: Click to modify the threat state(Ignore, Confirmed, False Positive, Fixed)


White List Management

With the complexity of the network environment, the threat of the device will generate more and more warning. The generated threat events can be processed by changing the state of threat (refer to Admin Action), in order to make users more convenient to deal with the occurrence of future threats, the system provides a global threat white list function. The threat white list consists of a threat name, source address, and destination address, and when a subsequent threat event matches the threat white list, the system will record the count of hits and no longer report the threat.

Creating a White List

To create a threat white list, take the following steps:

  1. Click iCenter, and select Threat tab.
  2. Select the threat entries that need to be added to the white list, and click the threat name link in the list to open the Threat dialog.
  3. Clickto open the Admin Analysis dialog.
  4. Click Create White List button.
  5. Click OK.

Viewing the White List

To view the threat white list entries, take the following steps:

  1. Click iCenter.
  2. Click Whitelist Management tab.

Mitigation

For the Mitigation function introduction, see Mitigation.