| Functions and Features |
| Big Data Platform |
Supports the Hadoop commercial platform and encrypts HBase and Hive data based on customer requirements. |
| Traffic Collection |
Parses common protocols such as TLS, ICMP, HTTP, mail protocol, DNS, FTP, NFS, and SMB, restores files, and captures packets based on rules. |
| Log Collection |
Collects syslogs from third-party systems and security devices, and NetFlow logs from network devices and security devices. |
| C&C Anomaly Detection |
Detects DGA domain names and malicious C&C flows. |
| Encrypted Communication Analytics (ECA) |
Supports encrypted traffic detection without decryption, such as C&C communication detection and penetration scanning. |
| Event Correlation Analysis |
Provides predefined rules for logs and allows users to define correlation rules and sub-rules. |
| Traffic Baseline Anomaly Detection |
Allows users to configure traffic control rules and supports vertical and horizontal scanning. |
| Traffic Anomaly Detection |
Detects unauthorized access, threshold-exceeding traffic rates, and threshold-exceeding access frequency. |
| Mail Anomaly Detection |
Analyzes mail sending servers, senders, and recipients, allows users to define the mail whitelist and blacklist, and detects mail attachments. |
| Covert Channel Detection |
Performs Ping Tunnel, DNS Tunnel, and file anti-evasion detection. |
| Web Application Attack Detection |
Detects attacks on web applications. |
| Asset Risk Management |
Allows users to add assets, divide asset groups, and query the asset risk list. |
| Security Policy Control Service |
Obtains environment information from the environment awareness service, comprehensively determines risks together with other risk information, and dynamically delivers instructions to the trusted proxy control service based on the decision result. |
| Security Collaboration |
Collaborates with security devices, network devices, and EDRs to handle threats. |
| SOAR |
Orchestrates the manual threat handling actions through the predefined or user-defined playbook to implement automatic investigation and evidence collection as well as attack containment, effectively improving event handling and O&M efficiency. |
| Reputation Management |
Supports local IP reputation query, DNS reputation generation, and file reputation query. |
| Attack Path Visualization |
Displays attack transmission paths, including attacks from the Internet to the intranet, transmission within the intranet, and C&C connections from the intranet to the Internet. |
| Network-Wide Threat Situation |
Displays the comprehensive situation, intranet threat situation, website security situation, asset security situation, vulnerability situation, and threat event situation. |
