On the Settings page, you can enable or disable automatic detection of vulnerabilities of different types and enable vulnerability detection for a specific server. In addition, you can configure the scan cycle and scan method, set the retention period for invalid vulnerabilities, and remove vulnerabilities from the whitelist. This topic describes how to perform these operations.

Background information

You can select multiple vulnerabilities from the list of Linux software vulnerabilities, Windows vulnerabilities, Web-CMS vulnerabilities, and application vulnerabilities. Then, you can add the selected vulnerabilities to the whitelist. After you add vulnerabilities to the whitelist, Security Center no longer detects these vulnerabilities. You can remove vulnerabilities from the whitelist in the Settings pane.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. In the upper-right corner of the Vulnerabilities page, click Settings.
  4. In the Settings pane, configure the parameters based on your requirements.

    You can perform the following operations:

    • Turn on or turn off the switch of a vulnerability type to enable or disable detection for this type of vulnerability.
    • Click Manage to add servers for vulnerability detection.Add servers
    • Specify Emergency vul(s) Scan Cycle: By default, the time period for a vulnerability detection task is 00:00:00 to 07:00:00. You can set the detection interval to three days, one week, or two weeks. You can also stop the scanning task.
      Note If your servers are deployed in a private network or emergency vulnerability detection is not required, you can set Emergency vul(s) Scan Cycle to Stop. Your servers may be attacked in various ways. We recommend that you enable the Emergency vul(s) Scan Cycle feature. This way, Security Center detects emergency vulnerabilities on your servers in a timely manner.
    • Specify the detection interval for application vulnerabilities. The default time period for a vulnerability detection task is 00:00:00 to 07:00:00. You can set the detection interval to three days, one week, or two weeks.
    • Select YUM/APT Source Configuration. You must configure a valid YUM or APT source before you fix a Linux software vulnerability. If the YUM or APT source is invalid, you may fail to fix the vulnerability. Security Center automatically selects a YUM or APT source of Alibaba Cloud. This improves the efficiency of vulnerability fixing. We recommend that you select YUM/APT Source Configuration.
    • Select a mode from Scanning Modes. You can select one of the following scanning modes:
      • Real risk model: In this mode, Security Center automatically detects, analyzes, and displays only vulnerabilities that can be exploited by attackers. If you select this mode, the Vulnerabilities page displays only vulnerabilities whose priority scores are at least 13.5. If you want to view vulnerabilities only with high priorities, we recommend that you select this mode.
        Note
        • The priority score of a vulnerability helps you determine whether to fix the vulnerability immediately. If the priority score of a vulnerability is 13.5 or higher, the vulnerability is critical and must be immediately fixed. For more information, see Vulnerability priorities.
        • The Real risk model or Full role scan mode requires one to five minutes to complete a vulnerability detection task.
      • Full rule scan mode: Security Center detects all types of vulnerabilities, including vulnerabilities that do not meet security regulations. If you select this mode, the Vulnerabilities page displays all the vulnerabilities in your server.
    • Set the retention period for invalid vulnerabilities to 7 days, 30 days, or 90 days.
      Note If you do not handle a vulnerability or a fixed vulnerability is not detected again within the specified period, Security Center removes this vulnerability from the vulnerability list on the Precaution > Vulnerabilities page. Security Center generates alerts if vulnerabilities of the same type are detected again.
    • Specify Vul scan level. Valid values: High, Medium, and Low.

      Security Center only detects and displays vulnerabilities of the priorities specified by the Vul scan level parameter. If you select High and Medium, Security Center only detects vulnerabilities of High and Medium priorities. On the Vulnerabilities page, only vulnerabilities of High and Medium priorities are displayed.

    • In Vul Whitelist, you can view vulnerabilities that are added to the whitelist. If you want to remove a vulnerability from the whitelist, select the vulnerability and click Remove. After the vulnerability is removed from the whitelist, Security Center detects the vulnerability and generates alerts on this vulnerability.

References

How often does Security Center detect vulnerabilities?

What are the differences between baselines and vulnerabilities?

What do I do if I cannot enable the vulnerability detection feature for a server on the Assets page?