IPS Alert Event Analysis

Skill Scope Notes:

This skill is designed to use Aliyun CLI cloudfw commands as its primary data source.

It does not depend on local log files, SIEM exports, or direct host access.

It does not require SSH or direct connections to server IPs.

For IP-focused investigations, prefer DescribeRiskEventGroup with --SrcIP or --DstIP.

Scenario Description

Query and analyze IPS (Intrusion Prevention System) security events and alerts detected by Alibaba Cloud Firewall, helping quickly locate threats and provide remediation recommendations.

Architecture: Cloud Firewall Service → IPS Engine → Event Detection + Attack Analysis + Protection Configuration

Capability Level: Query (read-only)

Data Source: All data is obtained exclusively through Aliyun CLI commands (aliyun cloudfw ...). No log files, no databases, no server access, no SIEM — just CLI commands. Do NOT search the workspace for files. Do NOT ask the user for anything. Just run the commands.

Core Capabilities:

alibabacloud-cfw-ips-event

IPS Alert Event Analysis

Scenario Description

More from aliyun/alibabacloud-aiops-skills

alibabacloud-find-skills

alibabacloud-ecs-diagnose

alibabacloud-odps-project-manage

alibabacloud-dataworks-datastudio-develop

alibabacloud-rds-copilot

alibabacloud-ram-permission-diagnose