In the Settings panel, you can enable or disable automatic detection of vulnerabilities of different types, and enable vulnerability detection for specific servers. In addition, you can configure the scan cycle and scan mode, set the retention period for invalid vulnerabilities, and remove vulnerabilities from the whitelist. This topic describes how to perform these operations.

Background information

You can select multiple vulnerabilities from the list of Linux software vulnerabilities, Windows system vulnerabilities, Web-CMS vulnerabilities, and application vulnerabilities. Then, you can add the selected vulnerabilities to the whitelist. After you add vulnerabilities to the whitelist, Security Center no longer detects these vulnerabilities. You can remove vulnerabilities from the whitelist in the Settings panel.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. In the upper-right corner of the Vulnerabilities page, click Settings.
  4. In the Settings panel, configure the parameters based on your requirements.

    You can perform the following operations:

    • Turn on or turn off the switch of a vulnerability type to enable or disable detection for vulnerabilities of this type.
    • Find a vulnerability type and click Manage to add servers on which the vulnerability of this type can be detected.Add servers
    • Turn on or turn off YUM/APT Source Configuration to use or not use YUM or APT sources of Alibaba Cloud for vulnerability fixing. You must configure a valid YUM or APT source before you fix a Linux software vulnerability. If the YUM or APT source is invalid, you may fail to fix the vulnerability. Security Center automatically selects a YUM or APT source of Alibaba Cloud. This makes vulnerability fixing more efficient. We recommend that you turn on YUM/APT Source Configuration.
    • Specify Scanning Modes. You can select one of the following scan modes:
      • Real risk model: In this mode, Security Center automatically detects, analyzes, and displays only vulnerabilities that can be exploited by attackers. If you select this mode, the Vulnerabilities page displays only vulnerabilities whose priority scores are higher than or equal to 13.5. If you want to view only vulnerabilities that have high priority, we recommend that you select this mode.
        Note
        • The priority score of a vulnerability helps you determine whether to immediately fix the vulnerability. If the priority score of a vulnerability is 13.5 or higher, the vulnerability is critical and must be immediately fixed. For more information, see Vulnerability priorities.
        • Whether you select Real risk model or Full role scan mode, it takes 1 to 5 minutes to complete a vulnerability scan task.
      • Full rule scan mode: Security Center detects vulnerabilities of all types, including vulnerabilities that do not meet security regulations. If you select this mode, the Vulnerabilities page displays all vulnerabilities that are detected on your servers.
    • Specify Emergency vul(s) Scan Cycle. By default, the time period set for detecting urgent vulnerabilities is 00:00:00 to 07:00:00. You can set the detection interval to three days, one week, or two weeks. You can also stop the scan tasks.
      Note If your servers are deployed in a private network or urgent vulnerability detection is not required, you can set Emergency vul(s) Scan Cycle to Stop. Your servers may be attacked in various ways. We recommend that you set Emergency vul(s) Scan Cycle to a value other than Stop. This way, Security Center detects urgent vulnerabilities on your servers in a timely manner.
    • Specify Application Vul(s) Scan Cycle. By default, the time period set for detecting application vulnerabilities is 00:00:00 to 07:00:00. You can set the detection interval to three days, one week, or two weeks.
    • Specify Retain Invalid Vul for. You can set the retention period for invalid vulnerabilities to 7 days, 30 days, or 90 days.
      Note If you do not handle a vulnerability or a fixed vulnerability is not detected again within the retention period you specified, Security Center removes this vulnerability from the vulnerability list on the Vulnerabilities page. Security Center generates alerts if vulnerabilities of the same type are detected again.
    • Specify Vul scan level. Valid values: High, Medium, and Low.

      Security Center only detects and displays vulnerabilities that have the priorities specified by the Vul scan level parameter. If you select High and Medium, Security Center only detects vulnerabilities that have High and Medium priorities. On the Vulnerabilities page, only vulnerabilities that have High and Medium priorities are displayed.

    • In the Vul Whitelist section, you can view the vulnerabilities that are added to the whitelist. If you want to remove a vulnerability from the whitelist, find the vulnerability and click Remove in the Actions column. After the vulnerability is removed from the whitelist, Security Center detects the vulnerability and generates alerts on this vulnerability.

References

Scan cycles

What are the differences between baselines and vulnerabilities?

What can I do if I cannot enable the vulnerability detection feature for a server on the Assets page?