tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Tencent Container Security Service
    Documentation
    Download PDF

    Event List

    Last updated: 2024-01-23 15:44:44
    Download PDF
      The file tampering feature provides the lists of monitored events and configured rules. The event list module displays the file tampering check results.

      Filtering and Refreshing Events

      1. Log in to the TCSS console and click Advanced Prevention > File Tampering > Event list on the left sidebar.
      2. On the Event list page, click the search box and search for file tampering check results by keyword such as filename, process path, or hit rule.
      
      
      3. On the Event list page, click
      
      on the right of the Operation column to refresh the event list.

      Exporting the Check Result

      1. Log in to the TCSS console and click Advanced Prevention > File Tampering > Event list on the left sidebar.
      2. On the Event list page, click
      
      to select the target file tampering event and click
      
      to export it.
      Note:
      Click
      
      in the Operation column to select multiple ones.
      

      Changing the Event Status

      Log in to the TCSS console and click Advanced Prevention > File Tampering > Event list on the left sidebar.

      Method 1

      On the Event list page, you can mark a file tampering event as processed or ignore or delete it.
      Mark as processed: Click
      
      to select the target file tampering event and click Mark as processed > OK.
      Note:
      It's recommended to handle the event by following "Solution" in the event details and mark it as processed.
      Ignore: Click
      
      to select the target file tampering event and click Ignore > OK.
      Note:
      Only the selected events are ignored. Alerts will be triggered when the same events occur again.
      Delete: Click
      
      to select the target file tampering event and click Delete > OK.
      Note:
      The selected event record will no longer be displayed in the console and cannot be recovered once deleted. Proceed with caution.

      Method 2

      1. On the Event list page, click Process now to add events in the Pending resolved status to the allowlist, mark them as processed, or ignore them.
      
      
      2. Click OK or Cancel.
      
      
      3. On the Event list page, click Unignore or Delete to unignore or delete events in the Ignored status.
      Note:
      As an event will be in the Pending resolved status once unignored, you need to click OK for confirmation.
      The event record will no longer be displayed in the console and cannot be recovered once deleted. Proceed with caution.
      4. On the Event list page, click Delete to delete events in the Processed status.
      Note:
      The event record will no longer be displayed in the console and cannot be recovered once deleted. Proceed with caution.

      Viewing Event Details

      1. Log in to the TCSS console and click Advanced Prevention > File Tampering > Event list on the left sidebar.
      2. On the Event list page, click
      
      on the left of the Process path to view the event description.
      
      
      3. On the Event list page, click View details.
      
      
      4. The Event details page displays the event details, process information, parent process information, and event description. You can mark the event as processed, ignore it, or add it to the allowlist.
      Note:
      For detailed directions on how to mark an event as processed or ignore or delete it, see Changing the Event Status.
      5. On the Event details page, click Add to allowlist to enter the Copy rule page, where you need to configure the basic information and rules and specify the scope.
      
      
      Basic information: Enter the rule name of the event. Toggle on or off
      
      to enable or disable rule check.
      Note:
      This rule will no longer be executed once disabled.
      
      Configure rules: Enter the process path and accessed file path to be allowed and select the action. Click Add or Delete to add or delete a rule.
      Note:
      You can configure up to 30 rules.
      Actions to be executed include:
      Block: Once a rule is hit, the process will be blocked and the event details will be recorded.
      Alert: Trigger alerts about the event, allow running of the process and log the event details.
      Allow: When a rule is hit, the process will be automatically allowed without being recorded.
      Images: All images or Specified images. Click
      
      or
      
      to select or delete the target specified image.
      Note:
      You can press Shift to select multiple ones.
      
      6. After selecting the target content, click Set or Cancel.

      Custom List Management

      1. Log in to the TCSS console and click Advanced Prevention > File Tampering > Event list on the left sidebar.
      2. On the Event list page, click
      
      to pop up the Custom List Management window.
      3. In the pop-up window, select the target type and click OK.
      
      

      Key fields in the list

      1. First occurred: The time when an alert is first triggered by the file tampering event. By default, the system aggregates the same alert events not processed.
      2. Last occurred: The time when an alert is last triggered by the aggregated alert events. You can click the sort button on the right to sort the events in the list in chronological or reverse chronological order.
      3. Events: Total number of alerts triggered by the file tampering event within the aggregation period.
      4. Execution result: Blocked successfully, Failed to block, Allowed, or Alert. You can quickly filter events in the list by action execution result.
      5. Status: Processed, Ignored, Pending resolved, or Allowed. You can quickly filter events in the list by status.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy