Data overview

Unhandled Events: Displays recent anomalous events detected by Cloud Firewall. Each event type requires a different response.

• Auto-shutdown countdown: The current instance has no assets or traffic. If the instance remains unused for over 30 days, its firewall is automatically shut down. Add resources promptly, or release the instance to avoid unnecessary costs.

• Unprotected public IP addresses: Cloud Firewall has detected public IP addresses that are not protected. We recommend that you enable the firewall for all your public IP addresses.

• Compromised Hosts: Cloud Firewall has detected a compromised host. For more information, see breach awareness.

• Vulnerabilities: Cloud Firewall has detected vulnerabilities that require protection on public-facing assets. For more information, see vulnerability prevention.

• Exposed Ports: Cloud Firewall has detected assets with risky ports exposed to the internet. For more information, see internet exposure.

• Suspicious Outbound: Cloud Firewall has detected anomalous outbound connection activity from your assets. For more information, see outbound connection activity.

Version Information: Displays the current edition of your Cloud Firewall instance. The supported features and actions vary by edition.

Traffic Insights: After you enable the Security Operation Agent feature, the system generates a daily security operation report and displays an overview in the Traffic Insights section.

• View the Full Report: Click Full Report to view detailed content.

• View historical records: Click 30-Day History to view or download reports from the past 30 days.

Security Protection: Displays the total number of attacks successfully blocked by Cloud Firewall recently. The statistics include data from modules such as IPS Configuration, Access Control, Policy Configuration, and Data Loss Prevention Prevention. You can click Show to view the protection details.

Asset Protection: Displays information such as the Firewalls, Peak Bandwidth (Last 30 Days), and Purchased Bandwidth. Click View Details and Bills to go to the Billing Management page for detailed cost information.

Status: Shows the enablement status of Cloud Firewall value-added services such as Log Analysis, Sensitive Data Detection, and Threat Intelligence. Click Upgrade to quickly enable or upgrade the corresponding service.

Traffic Trend: Displays traffic and firewall interception trends for your protected assets. You can perform the following operations:

• Set the query time range: Click the time drop-down list in the upper-right corner to select a time range.

• View traffic trends for the Internet firewall: On the Traffic Trend tab, hover over the trend chart to view inbound and outbound traffic details at a specific time. You can click the icon next to the inbound and outbound peak values and then click View in the pop-up bubble to navigate to the corresponding page (Internet Exposure or Outbound Connection Activity) for detailed peak traffic information.

  Note

  • Inbound traffic = Internet exposure request traffic + Internet exposure response traffic. The inbound peak refers to the peak total traffic for internet exposure. Because Cloud Firewall aggregates traffic data over time, the total peak traffic may be less than the sum of the request and response traffic peaks.

  • Outbound traffic = Outbound connection activity request traffic + Outbound connection activity response traffic. The outbound peak refers to the peak total traffic for outbound connection activity. Because Cloud Firewall aggregates traffic data over time, the total peak traffic may be less than the sum of the request and response traffic peaks.

• View traffic trends for the VPC firewall: On the Handled Traffic Between VPCs tab, hover over the trend chart to view the total VPC traffic count (deduplicated) at a specific time.

  • View Details: Click View Details to view traffic details for that time point in the VPC Traffic Details panel.

  • View Details: In the Actions column for a target VPC, click View Details to go to the VPC Access Activity page.

  For more information, see VPC-to-VPC Traffic.

Scenario Data: Displays risks detected on your protected assets, such as brute-force attacks, attacker scans, crypto mining, and database attacks, along with the corresponding protection information. You can perform the following operations:

• Set the query time range: Click the time drop-down list in the upper-right corner to select a time range.

• Switch scenario data: Click different tabs (Brute-force Attacks, Scan, Mining, Database Attack) to view the corresponding data.

Latest Updates: Shows recent update records for Virtual Patching, Basic Protection, and Feature Updates. You can click the different tabs (Virtual Patching, Basic Protection, Feature Updates) to view the corresponding update records.

The Overview section displays the following statistical information:

• Public IP Address:

  • Total IP Addresses: The total number of public IP addresses for all assets in your Alibaba Cloud account.

  • Unprotected IP Addresses: The total number of IP addresses for which the firewall is not enabled.

    Click Enable Firewall to go to the Internet Firewall tab of the Firewall page, where you can enable the firewall for unprotected cloud assets.

• Protected Network Elements:

  • Total Network Elements: The total number of network elements in your Alibaba Cloud account.

  • Unprotected: The number of network elements that are not protected by the VPC firewall, including VPCs, VBRs, TRs, VPNs, and ECRs (manual mode metering excluded).

    Click Enable Firewall to go to the VPC Firewall tab of the Firewall page, where you can enable the firewall for unprotected VPCs.

• Traffic:

  • Peak Traffic in Last 7 Days: The peak traffic protected by Cloud Firewall within the last 7 days.

  • Peak Outbound Traffic: The peak outbound traffic protected by Cloud Firewall within the last 7 days.

  • Peak Inbound Traffic: The peak inbound traffic protected by Cloud Firewall within the last 7 days.

• Intrusion Prevention Mode:

  This status is synchronized from the threat engine's running mode on the Prevention Configuration page. For more information, see Threat engine running modes.

• Attack:

  • Blocked Attacks: The number of malicious attacks blocked by Cloud Firewall.

  • Total Attacks: The total number of malicious attacks on assets protected by Cloud Firewall.

• ACL: The number of access control policies that have been created.

The Internet Border section displays a traffic topology between all public assets in your Alibaba Cloud account and the internet.

• View asset IPs: Click a cloud asset icon to display the public IP addresses of the asset. In the left panel, you can view the Unprotected IP Address and Protected IP Address lists.

• View traffic details: Click an IP address to view its inbound and outbound traffic details in the left panel:

  • The Inbound tab displays information such as IP, Open Port, Intelligent Policy Recommended, and Access Control Policy.

  • The Outbound tab displays information such as Outbound Domain, Outbound IP Address, Intelligent Policy Recommended, and Access Control Policy.

The VPC Firewall section displays the VPCs connected through VPC peering connections or Cloud Enterprise Network (CEN) and their traffic topology.

• All VPCs: Displays all VPCs connected via VPC peering connections and VPCs within a CEN instance in the current account.

  • View information: Hover over a VPC to view its details.

  • Protection status:

    • The icon indicates that protection is enabled for the VPC.

    • The icon indicates that protection is not enabled for the VPC.

• Connected VPC: Displays details of VPCs connected via VPC peering connections and VPCs in a CEN instance.

  • View topology: Expand the section to view the traffic topology diagram between VPCs.

    • The icon indicates a VPC connected via a VPC peering connection.

    • The icon indicates a VPC within a CEN instance.

  • List management: The left panel shows the total count and list of interconnected VPCs in CEN and VPC peering connections. Click a VPC name to view its specific traffic topology graph.