Security Center supports detecting high-risk emergency vulnerabilities that have been exposed on the Internet recently. You can check whether your assets are exposed to these vulnerabilities in a timely manner. This topic describes how to view and handle emergency vulnerabilities.
- You can enable or disable emergency vulnerability detection and set the check interval as needed.
- You can customize the severity of the vulnerabilities that need to be detected.
- You can sort the vulnerabilities by disclosure time.
- Supports emergency vulnerability detection and displays the detection progress in real time.
- Supports emergency vulnerability alerts and displays the detailed information about affected assets and the vulnerabilities.
- Displays the vulnerability priorities and provides fix suggestions.
- You can check whether a vulnerability has been fixed after you perform a fix operation.
The emergency vulnerability detection feature only supports Alibaba Cloud Elastic Compute Service (ECS) instances. External servers or instances in on-premises data centers are not supported.
- Log on to the Security Center console.
- In the left-side navigation pane, choose .
- On the Vulnerabilities page, click the Emergency tab.
- On the Emergency tab, you can view the latest emergency vulnerabilities and the records of all emergency
vulnerabilities. You can also check whether your assets are affected by these vulnerabilities.
- Detect vulnerabilities
Find the target vulnerability in the vulnerability list and click Check Now in the Actions column to check for emergency vulnerabilities on your assets.If a risk is detected, the number of affected assets is displayed and highlighted in red in the Risks column. You can click the name of a target vulnerability to go to the details page. You can view the details and manage the vulnerability on the details page.Note Vulnerabilities that have never been detected are displayed as Uninspected in the Risks column.The detection progress is displayed in real time after you start a detection.
- Filter vulnerabilities
On the Emergency tab, you can filter vulnerabilities by risk status (Risk or No risk), or vulnerability name.
- View detailed vulnerability statuses of affected assets
Status Sub-status Description Handled Handled The vulnerability has been fixed. Fix failed Security Center failed to fix the vulnerability. The vulnerability file may have been modified or removed. Ignored Ignored: The vulnerability has been Ignored. Security Center no longer generates alerts when this vulnerability is detected. Invalid The vulnerability has not been detected in the last seven days. Rollback failed Security Center failed to roll back to the specified snapshot to undo the fix. The vulnerability file may have been removed. Unhandled Unfixed The vulnerability has not been fixed.Note You can perform the Undo Fix operation on the Handled vulnerabilities. After the operation, the status of the vulnerability changes toUnhandled.
- View the priorities of emergency vulnerabilities
Priorities of vulnerabilities are classified into high, medium, and low levels based on comprehensive analysis of factors such as the vulnerability level, the time when the vulnerability is detected, and actual server environment.Note We recommend that you immediately fix High priority vulnerabilities.
- Manage emergency vulnerabilities
- You can view the Suggestions on the vulnerability details page and fix the vulnerabilities in the affected servers.
- Verify: You can check whether the target vulnerability has been fixed.
- Ignore: The vulnerability has been ignored. Security Center no longer generates alerts when
this vulnerability is detected.
Note After you Ignore a vulnerability, the status of the vulnerability is changed to Ignored. If you want Security Center to alert you of an ignored vulnerability again, select the vulnerability in the Handled vulnerability list and click Cancel ignore.
- Detect vulnerabilities