Skip to main content

Configure security alerts

This topic describes how to configure security alerts, which allow you to specify approved logon locations and custom web directories to scan.

Context

Server Guard supports advanced logon settings. You can configure more fine-grained logon detection rules. For example, you can specify approved logon IP addresses, logon time, and logon accounts to block unauthorized requests sent to your assets.

Procedure

  1. On the product management page, select the Server Guard button. fg-dc-sg-3.3.1.5-1

  2. On the Server Guard page, click the Intrusions tab. fg-dc-sg-3.3.1.5-2

  3. On the Alerts page, click the Settings button. fg-dc-sg-3.3.1.5-3

  4. On the Settings section, configure the parameters.

  • Add an approved login location.

    • In the Login Location section, click the Management button.
    • Select the login location that you want to add and select the servers that allow logins from the added location.
    • Click the OK button.

  • Edit approved login locations.

    • Find a specific logon location and click the Edit button on the right to change the servers that allow logins from this location.

  • Delete approved login locations.

    • Find a specific login location and click the Delete button on the right to delete the login location.

  • Configure advanced login settings

    • When you configure advanced logon settings, you can specify the IP addresses, accounts, and time ranges that are allowed for logons to your assets. After the advanced login settings are configured, Server Guard sends you alerts if your assets receive unauthorized login requests. The procedure of configuring advanced logon settings is similar to that of configuring Login Location. You can add, edit, or similarly delete advanced logon settings.
    • Turn on or turn off Uncommon IP Alert to the right of Common Login IPs. If you turn on Uncommon IP Alert and your assets receive login requests from unauthorized IP addresses, alerts are triggered
    • Turn on or turn off Uncommon Time Alert to the right of Common Login Time. If you turn on Uncommon Time Alert and your assets receive logon requests in unauthorized time ranges, alerts are triggered
    • Turn on or turn off Uncommon Account Alert to the right of Common Login Accounts. If you turn on Uncommon Account Alert and your assets receive login requests from unauthorized accounts, alerts are triggered

  • Add web directories to scan.

    Server Guard automatically scans web directories of data assets in your servers and runs dynamic and static scan tasks. You can also manually add other web directories.

    • In the Add Scan Targets section, click the Management button.
    • Specify a valid web directory and select the servers on which the specified web directory is scanned.
    • To ensure the scan performance and efficiency, we recommend that you do not specify a root directory.
    • Click the OK button.