Security Center sends alert notifications to you through text messages, emails, internal messages, or a DingTalk chatbot. You can specify the notification method and the risk severity for which you want to receive notifications. This topic describes how to modify notification settings and add a DingTalk chatbot.

Background information

By default, the contact of your Alibaba Cloud account is the recipient for alert notifications. To add more recipients, you can log on to the Message Center, choose Common Settings > Security message > Security Notice > Add Message Recipient.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. On the Settings page, click the Notifications tab.
  4. On the Notifications tab, you can specify the notification method (Notify By), time (Notify At), and the severity of security events (Severity) for Vulnerabilities, Baseline Risks, Alerts, AccessKey leakage info, Config Assessment,Emergency Vul Intelligence, and Anti-Tampering of web pages.2
    Note
    • The new settings specified on this page take effect immediately.
    • If you select multiple notification methods, Security Center sends you notifications by using all the methods you selected at the same time. For more information about the notification interval, see Notification interval.
  5. Optional:Add a DingTalk chatbot.

    If you have installed DingTalk and created a DingTalk group, you can add a DingTalk chatbot to receive notifications from Security Center.
    Note You must create a DingTalk group before you can add a DingTalk chatbot. Before you create a DingTalk group, ensure that you have installed DingTalk.
    1. Find the DingTalk group to which you want to add a chatbot, and choose Group Settings > Group Assistant > Add Robot > Custom > Add in the upper-right corner.Add a DingTalk chatbot
    2. Configure the DingTalk chatbot.
      Note When you add the chatbot, select Custom Keywords in the Security Settings section, and enter Security Center in the Custom Keywords field. Do not select Additional Signature or IP Address.
      Set the parameters
    3. Copy the Webhook URL and click Finished.Finished
    4. In the Security Center console, choose Settings > Notifications and click Add Chatbot in the DingTalk Chatbot Notification Settings section.3
    5. On the Add DingTalk Chatbot page, set the following parameters.4
      Parameter Description Configuration method
      Chatbot Name The chatbot name. We recommend that you enter an identifiable name.
      Webhook URL The webhook URL of the chatbot. Find the webhook URL of the chatbot in the corresponding DingTalk group, copy the webhook URL, and then paste it in the Webhook URL field.
      Notice Keep the webhook URL confidential and do not disclose it on external websites. If the webhook URL is leaked, security risks may arise.
      Asset Groups You can select one or more asset groups that are created on the Assets page. After you specify the asset groups, the DingTalk chatbot will send you alert notifications that are related to the assets in the asset group. Select one or more asset groups from the drop-down list.
      Notify On The types of alerts for which you want to receive notifications. Select the alert types from the drop-down list.
      Note Supported alert types include vulnerabilities, baseline risks, security alerts, and AccessKey pair leakage.
      Notification Interval The time interval at which the DingTalk chatbot sends notifications. Valid values: 1 Minute, 5 Minutes, 10 Minutes, 30 Minutes, and No Limit. If you select No Limit, each alert notification is sent in real time.
      Note If you select No Limit, a webhook can send a maximum of 20 notifications in one minute.
      Select the time interval from the drop-down list.
      Language The language of the notifications. Supported languages include English and Chinese. Select a language from the drop-down list.
    6. Click Add to complete the process.

      By default, the status of a newly created DingTalk chatbot is Enabled.

      8
      Note
      • After you add the DingTalk chatbot, you can click Test in the Actions column to test whether the chatbot is associated with the DingTalk group.
      • You can Edit or Delete the DingTalk chatbot. If you delete the chatbot, you can no longer receive notifications from the DingTalk group. However, you can still receive notification by other methods that you specify, such as text messages, emails, or internal messages.

Notification interval

Item Notification interval
Vulnerabilities Security Center sends you weekly reports on unhandled vulnerabilities of Alibaba Cloud servers once every seven days. The reports include the number of unhandled vulnerabilities of your assets and suggestions on how to fix them.
Baseline Risks Security Center sends weekly reports on unhandled baseline risks once every seven days. The reports include the number of unhandled baseline risks of your assets.
Alerts Security Center sends notifications when alerts are detected. Security Center sends a maximum of five notifications on the same alert event per day. Security Center sends a maximum of one notification for the same alert event on the same server per day.
AccessKey leakage info Security Center sends notifications when the AccessKey is leaked. The number of notifications is not limited.
Config Assessment Security Center sends notifications when cloud service configuration risks are detected. The number of notifications is not limited.
Emergency Vul Intelligence Security Center sends notifications when unhandled emergency vulnerabilities are detected.
Anti-Tampering of webpages Security Center sends notifications when the protected webpage is tampered. Security Center sends a maximum of five notifications on the same alert event per day. Security Center sends a maximum of one notification for the same alert event on the same server per day.