Real-time Security Monitoring Guide

Learn about security monitoring features that detect and respond to threats within servers in real-time through GIIP agents.

📋 Overview

Real-time Security Monitoring collects and analyzes security events occurring across the infrastructure on a second-by-second basis. Based on collected logs, the AI agent immediately reports signs of abnormal access or malicious code execution to administrators.

🛡️ Key Detection Items

1. Anomaly Process Detection

Detects processes that exhibit unusual CPU/Memory usage patterns or perform actions similar to known malicious code.

2. Abnormal Login Attempts

Detects and triggers warnings for repeated login failures within a short period (Brute-force) or access attempts from unauthorized IP ranges.

3. File Integrity Monitoring

Tracks in real-time whether important configuration files, such as

/etc/passwd

or system executables, are changed without user approval.

🔍 Using the Monitoring Screen

• Threat Level: Displays detected threats categorized into

  Critical

  ,

  High

  ,

  Medium

  , and

  Low

  levels.
• Real-time Log Stream: Check system logs related to security currently occurring on the server in real-time.

🛠️ Responsive Actions

• Process Isolation: Immediately terminate or isolate processes where threats are detected by clicking them.
• Alarm Setup: Be promptly notified of security threat situations via email, Slack, or web push.

💡 Important Notes

• To use real-time security features smoothly, the latest version of the [GIIP Agent] must be installed on each server.

---

Version: 1.0 Last Updated: 2026-03-19 Source:

giipv3/public/help/real-time-security.en.md