< Home

detection-engine enable

Function

The detection-engine enable command enables the AIE.

The undo detection-engine enable command disables the AIE.

Format

detection-engine { all | engine-name } enable

undo detection-engine { all | engine-name } enable

Parameters

Parameter Description Value

all

Specifies all detection engines of the AIE.

-

engine-name

Specifies the name of a detection engine of the AIE.
Currently, the following detection engines are supported:
  • bruteforce: brute-force cracking detection engine
  • cc: malicious C&C flow detection engine
  • dga: DGA domain name request detection engine
  • eca: malicious encrypted C&C flow detection engine
  • sql: malicious SQL injection detection engine

V600R007C20SPC300 and later versions support the malicious SQL injection detection engine.

Views

Artificial intelligence engine profile view

Default Level

2: Configuration level

Usage Guidelines

By default, all detection engines in an AIE profile are disabled.

The brute-force cracking detection engine can detect only brute-force cracking through MySQL, SQL server, RDP, and SSH.

Example

# Enable the malicious C&C flow detection engine in the AIE profile profile1.

<sysname> system-view
[sysname] profile type aie name profile1
[sysname-profile-aie-profile1] detection-engine cc enable
Parent Topic: Artificial Intelligence Engine Configuration Command
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >