On the Settings page, you can enable or disable automatic detection of vulnerabilities
of different types and enable vulnerability detection for a specific server. In addition,
you can configure the scan cycle and scan method, set the retention period for invalid
vulnerabilities, and remove vulnerabilities from the whitelist. This topic describes
how to perform these operations.
Background information
You can select multiple vulnerabilities from the list of Linux software vulnerabilities,
Windows vulnerabilities, Web-CMS vulnerabilities, and application vulnerabilities.
Then, you can add the selected vulnerabilities to the whitelist. After you add vulnerabilities
to the whitelist, Security Center no longer detects these vulnerabilities. You can
remove vulnerabilities from the whitelist in the Settings pane.
Procedure
- Log on to the Security Center console.
- In the left-side navigation pane, choose .
- In the upper-right corner of the Vulnerabilities page, click Settings.
- In the Settings pane, configure the parameters based on your requirements.

You can perform the following operations:
- Turn on or turn off the switch of a vulnerability type to enable or disable detection
for this type of vulnerability.
- Click Manage to add servers for vulnerability detection.

- Specify Emergency vul(s) Scan Cycle: By default, the time period for a vulnerability detection task is 00:00:00 to 07:00:00. You can set the detection interval to three days, one week, or two weeks. You can
also stop the scanning task.
Note If your servers are deployed in a private network or emergency vulnerability detection
is not required, you can set Emergency vul(s) Scan Cycle to Stop. Your servers may be attacked in various ways. We recommend that you enable the Emergency
vul(s) Scan Cycle feature. This way, Security Center detects emergency vulnerabilities
on your servers in a timely manner.
- Specify the detection interval for application vulnerabilities. The default time period for a vulnerability detection task is 00:00:00 to 07:00:00. You can set the detection interval to three days, one week, or two weeks.
- Select YUM/APT Source Configuration. You must configure a valid YUM or APT source before you fix a Linux software vulnerability.
If the YUM or APT source is invalid, you may fail to fix the vulnerability. Security
Center automatically selects a YUM or APT source of Alibaba Cloud. This improves the efficiency of vulnerability fixing. We
recommend that you select YUM/APT Source Configuration.
- Select a mode from Scanning Modes. You can select one of the following scanning modes:
- Real risk model: In this mode, Security Center automatically detects, analyzes, and displays only
vulnerabilities that can be exploited by attackers. If you select this mode, the Vulnerabilities page displays only vulnerabilities whose priority scores are at least 13.5. If you
want to view vulnerabilities only with high priorities, we recommend that you select
this mode.
Note
- The priority score of a vulnerability helps you determine whether to fix the vulnerability
immediately. If the priority score of a vulnerability is 13.5 or higher, the vulnerability
is critical and must be immediately fixed. For more information, see Vulnerability priorities.
- The Real risk model or Full role scan mode requires one to five minutes to complete a vulnerability detection task.
- Full rule scan mode: Security Center detects all types of vulnerabilities, including vulnerabilities
that do not meet security regulations. If you select this mode, the Vulnerabilities page displays all the vulnerabilities in your server.
- Set the retention period for invalid vulnerabilities to 7 days, 30 days, or 90 days.
Note If you do not handle a vulnerability or a fixed vulnerability is not detected again
within the specified period, Security Center removes this vulnerability from the vulnerability
list on the page. Security Center generates alerts if vulnerabilities of the same type are detected
again.
- Specify Vul scan level. Valid values: High, Medium, and Low.
Security Center only detects and displays vulnerabilities of the priorities specified
by the Vul scan level parameter. If you select High and Medium, Security Center only detects vulnerabilities of High and Medium priorities. On the Vulnerabilities page, only vulnerabilities of High and Medium priorities are displayed.
- In Vul Whitelist, you can view vulnerabilities that are added to the whitelist. If you want to remove
a vulnerability from the whitelist, select the vulnerability and click Remove. After the vulnerability is removed from the whitelist, Security Center detects the
vulnerability and generates alerts on this vulnerability.