Security Center sends you notifications by using text messages, emails, internal messages, or DingTalk chatbots. You can specify notification methods and severities of the alerts for which you want to receive notifications. This topic describes how to modify notification settings and add DingTalk chatbots.

Background information

  • By default, the contact of your Alibaba Cloud account is the alert contact. To add more alert contacts, go to Message Center. Navigate to the Common Settings page. In the Product Message section, find Security Notice. Click Modify in the Contact column. For more information, see How do I modify the alert contacts that receive notifications?
  • If you want to receive notifications from DingTalk chatbots, you must upgrade Security Center to the Enterprise edition.

Notification frequencies

Item Notification frequency Notify at Description
Vulnerabilities Every seven days 08:00:00 to 20:00:00 Security Center sends you a report on unhandled vulnerabilities of your servers every seven days. The report includes the number of unhandled vulnerabilities on your assets and suggestions for vulnerability fixes.
Baseline checks Every seven days 08:00:00 to 20:00:00 Security Center sends you a report on unhandled baseline risks every seven days. The report includes the number of unhandled baseline risks on your assets.
Alerts Real-time notification Notifications can be sent in one of the following periods:
  • All day
  • 08:00:00 to 20:00:00
Security Center sends you notifications when an alert is detected. A maximum of five notifications are sent every day. The maximum number of notifications for each server is 1 every day.
Information about AccessKey pair leaks Real-time notification Notifications can be sent in one of the following periods:
  • All day
  • 08:00:00 to 20:00:00
Security Center sends you notifications when an AccessKey pair leak is detected. No limits are imposed on the number of notifications.
Configuration assessment Real-time notification 08:00:00 to 20:00:00 Security Center sends you notifications when a configuration risk is detected. No limits are imposed on the number of notifications.
Intelligence of urgent vulnerabilities Real-time notification 08:00:00 to 20:00:00 Security Center sends you notifications when an unhandled urgent vulnerability is detected. No limits are imposed on the number of notifications.
Web tamper proofing Real-time notification Notifications can be sent in one of the following periods:
  • All day
  • 08:00:00 to 20:00:00
Security Center sends you notifications when a web page is tampered with. A maximum of five notifications are sent every day.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. On the Settings page, click the Notifications tab.
  4. On the Notifications tab, specify Severity, Notify By, and Notify At for the following items: Vulnerabilities, Baseline Risks, Alerts, AccessKey leakage info, Config Assessment, Emergency Vul Intelligence, and Anti-Tampering of web pages.2
    To modify the alert contact, click You can click configure security message recipients to go to the Common Settings page. Find Security Notice and click Modify in the Contact column. For more information, see How do I modify the alert contacts that receive notifications?
    Note
    • The new settings on the Common Settings page take effect immediately.
    • If you select multiple notification methods, Security Center sends you notifications by using all the methods you selected at the same time. For more information about the notification frequencies, see Notification frequencies.
  5. Optional:Add a DingTalk chatbot.

    If you have installed DingTalk and created a DingTalk group, you can add a DingTalk chatbot to send alert notifications.
    Note You must create a DingTalk group before you can add a DingTalk chatbot. Before you create a DingTalk group, make sure that you have installed DingTalk.
    1. Find the DingTalk group to which you want to add a chatbot and click Group Settings in the right-side navigation pane. In the Group Settings panel, click Group Assistant. Then, click Add Robot. In the ChatBot dialog box, click Custom. In the Robot details dialog box, click Add.Add a DingTalk chatbot
    2. Configure the DingTalk chatbot.
      Note When you add the chatbot, select Custom Keywords for Security Settings, and enter Security Center in the Custom Keywords field. Do not select Additional Signature or IP Address.
      Configure the parameters
    3. Copy the URL in the Webhook field and click Finished.Finished
    4. Go to the Security Center console. In the left-side navigation pane, click Settings. In the DingTalk Chatbot Notification Settings section of the Notifications tab, click Add Chatbot.3
    5. In the Add DingTalk Chatbot panel, configure the parameters.4
      Parameter Description Configuration
      Chatbot Name The name of the chatbot. We recommend that you enter a name that is easy to identify.
      Webhook URL The webhook URL of the chatbot. Find the webhook URL of the chatbot in the required DingTalk group, copy the webhook URL, and then paste the URL in the Webhook URL field.
      Notice Keep the webhook URL confidential. If the webhook URL is leaked, risks may arise.
      Asset Groups You can select an asset groups that is created on the Assets page. After you specify the asset group, the DingTalk chatbot sends you notifications that are related to the assets in the asset group. Select an asset group from the drop-down list.
      Notify On The types of alerts of which you want to receive notifications. Select the alert types from the drop-down list.
      Note Supported alert types include vulnerabilities, baseline risks, alerts, and AccessKey pair leaks.
      Notification Interval The time interval at which the DingTalk chatbot sends notifications. Valid values are 1 Minute, 5 Minutes, 10 Minutes, 30 Minutes, and No Limit. If you select No Limit, a notification is sent each time an alert is detected.
      Note If you select No Limit, a maximum of 20 notifications can be sent to the webhook URL in one minute.
      Select a time interval from the drop-down list.
      Language The language of the notification. Valid values: English and Chinese. Select a language from the drop-down list.
    6. Click Add.

      By default, a newly created DingTalk chatbot is enabled.

      8
      Note
      • After you add the DingTalk chatbot, click Test in the Actions column to check whether the chatbot is associated with the DingTalk group.
      • You can modify or delete the DingTalk chatbot. After you delete the chatbot, you can no longer receive notifications from the DingTalk group. However, you can still receive notifications by using other methods that you specify, such as text messages, emails, or internal messages.