Security Center sends you notifications by using text messages, emails, internal messages, or DingTalk chatbots. You can specify notification methods and severities of the alerts for which you want to receive notifications. This topic describes how to modify notification settings and add DingTalk chatbots.
Background information
Note
- By default, the contact of your Alibaba Cloud account is the alert contact. To add more alert contacts, go to Message Center. Navigate to the Common Settings page. In the Product Message section, find Security Notice. Click Modify in the Contact column. For more information, see How do I modify the alert contacts that receive notifications?
- Only Security Center Enterprise supports the notification method of DingTalk chatbots. If you use the Basic, Basic Anti-Virus, or Advanced edition, you must upgrade Security Center to the Enterprise edition before you can receive notifications from DingTalk chatbots.
Notification frequencies
| Item | Notification frequency | Notify at | Description |
|---|---|---|---|
| Vulnerabilities | Every seven days | 08:00 to 20:00 | Security Center sends you a report on unhandled vulnerabilities of your servers every seven days. The report includes the number of unhandled vulnerabilities on your assets and suggestions to fix vulnerabilities. |
| Baseline risks | Every seven days | 08:00 to 20:00 | Security Center sends you a report on unhandled baseline risks every seven days. The report includes the number of unhandled baseline risks on your assets. |
| Alerts | Real-time notification | Notifications can be sent in one of the following periods:
|
Security Center sends you notifications when an alert is generated. A maximum of five notifications can be sent every day. The maximum number of notifications for each server is 1 every day. |
| AccessKey pair leaks | Real-time notification | Notifications can be sent in one of the following periods:
|
Security Center sends you notifications when an AccessKey pair leak is detected. No limits are imposed on the number of notifications. |
| Configuration risks of Alibaba Cloud services | Real-time notification | 08:00 to 20:00 | Security Center sends you notifications when a configuration risk is detected. No limits are imposed on the number of notifications. |
| Urgent vulnerabilities | Real-time notification | 08:00 to 20:00 | Security Center sends you notifications when an unhandled urgent vulnerability is detected. No limits are imposed on the number of notifications. |
| Tampered web pages | Real-time notification | Notifications can be sent in one of the following periods:
|
Security Center sends you notifications when a web page is tampered with. A maximum of five notifications can be sent every day. |
| Alerts generated by the container firewall feature | Real-time notification | Notifications can be sent in one of the following periods:
|
If you set the protection mode of the container firewall feature to Alert, Security Center sends you notifications when unauthorized network behavior is detected. A maximum of 100 notifications can be sent every day. |
| Proactive defense implemented by the container firewall feature | Real-time notification | Notifications can be sent in one of the following periods:
|
If you set the protection mode of the container firewall feature to Intercept, Security Center intercepts unauthorized network behavior and sends you notifications. A maximum of 100 notifications can be sent every day. |
Procedure
- On the Notifications tab, configure Notify At, Notify By, and Severity for the following items: Vulnerabilities, Baseline Risks, Alerts, AccessKey leakage info, Config Assessment, Emergency Vul Intelligence, Anti-Tampering of web pages, Container firewall exception alert notification, and Container firewall proactive defense notification.
To modify the alert contact, click You can click configure security message recipients to go to the Common Settings page. Find Security Notice and click Modify in the Contact column. For more information, see How do I modify the alert contacts that receive notifications?Note- The new settings on the Common Settings page immediately take effect.
- If you select multiple notification methods, Security Center sends you notifications by using all the methods you selected at the same time. For more information about the notification frequencies, see Notification frequencies.
- Optional:Add a DingTalk chatbot.
Only Security Center Enterprise supports the notification method of DingTalk chatbots. If you use the Basic, Basic Anti-Virus, or Advanced edition, you must upgrade Security Center to the Enterprise edition before you can receive notifications from DingTalk chatbots.
If you have installed DingTalk and created a DingTalk group, you can add a DingTalk chatbot to send alert notifications.Note You must create a DingTalk group before you can add a DingTalk chatbot. Before you create a DingTalk group, make sure that you have installed DingTalk.- Find the DingTalk group to which you want to add a chatbot and click Group Settings in the upper-right corner. In the Group Settings panel, click Group Assistant. Then, click Add Robot. In the ChatBot dialog box, click Custom. In the Robot details dialog box, click Add.
- Configure the DingTalk chatbot.
Note When you add the chatbot, select Custom Keywords for Security Settings, and enter Security Center in the Custom Keywords field. Do not select Additional Signature or IP Address.
- Copy the URL in the Webhook field and click Finished.
- Log on to the Security Center console. In the left-side navigation pane, click Settings. In the DingTalk Chatbot Notification Settings section of the Notifications tab, click Add Chatbot.
- In the Add DingTalk Chatbot panel, configure the parameters.
Parameter Description Configuration Chatbot Name The name of the chatbot. We recommend that you enter an informative name. Webhook URL The webhook URL of the chatbot. Find the webhook URL of the chatbot in the required DingTalk group, copy the webhook URL, and then paste the URL in the Webhook URL field. Notice Keep the webhook URL confidential. If the webhook URL is leaked, risks may arise.Asset Groups The asset group for which you want to send notifications. You can select an asset group that is created on the Assets page. After you specify the asset group, the DingTalk chatbot sends you notifications that are related to the assets in the asset group. Select an asset group from the drop-down list. Notify On The types of alerts of which you want to receive notifications. Select the alert types from the drop-down list. Note Supported alert types include vulnerabilities, baseline risks, alerts, and AccessKey pair leaks.Notification Interval The time interval at which the DingTalk chatbot sends notifications. Valid values are 1 Minute, 5 Minutes, 10 Minutes, 30 Minutes, and No Limit. If you select No Limit, a notification is sent each time an alert is detected. Note If you select No Limit, a maximum of 20 notifications can be sent to the webhook URL in one minute.Select a time interval from the drop-down list. Language The language of the notification. Valid values: English and Chinese. Select a language from the drop-down list. - Click Add.
By default, a newly added DingTalk chatbot is enabled.
Note- After you add the DingTalk chatbot, click Test in the Actions column to check whether the chatbot is associated with the DingTalk group.
- You can modify or delete the DingTalk chatbot. After you delete the chatbot, you can no longer receive notifications from the DingTalk group. However, you can still receive notifications by using other methods that you specify, such as text messages, emails, or internal messages.
- Find the DingTalk group to which you want to add a chatbot and click Group Settings in the upper-right corner. In the Group Settings panel, click Group Assistant. Then, click Add Robot. In the ChatBot dialog box, click Custom. In the Robot details dialog box, click Add.