After the Security Center agent is installed on your servers, it collaborates with Alibaba Cloud to protect your servers. Security Center provides a wide array of features, including security alerts, vulnerability management, baseline checks, attack analysis, and anti-virus protection.

The following section describes the types of information that can be collected by Security Center. Read the note carefully:
Note Changes of the following information will be posted on the Alibaba Cloud international site. If you do not accept the changes, you can stop using Alibaba Cloud Security Center. In this case, you can uninstall the agent from your servers. For more information, see Uninstall the Security Center agent. If you continue using the Alibaba Cloud Security Center service, you are deemed to have accepted these changes.

Suspicious files

After a suspicious file is detected by Security Center, the information about the file is uploaded to Alibaba Cloud for further verification. The file information includes but is not limited to the file path, MD5 value, and time of creation. If a file is confirmed to be malicious, Security Center sends you an alert.

Suspicious process information

After a suspicious process is detected by Security Center, the information about the process is uploaded to Alibaba Cloud for further verification. The process information includes but is not limited to the process name, parameters required to start the process, process file path, and start time of the process. If a process is confirmed to be malicious, Security Center sends you an alert.

Account information

Security Center provides features such as logon audit, suspicious account alerts, and brute-force attack prevention. Security Center regularly analyzes and uploads account information and logon information about protected servers. The account information includes but is not limited to the usernames and user permissions. The logon logs include but are not limited to logon names and logon IP addresses. If an unusual logon is detected, Security Center sends you an alert.

Suspicious connections

After a suspicious network connection is detected by Security Center, the information about the connection is uploaded to Alibaba Cloud for further verification. The information includes but is not limited to the source IP address, source port, destination IP address, and destination port. If a connection is confirmed to be unusual, Security Center sends you an alert.

Server asset information

Security Center regularly collects information about servers, including but not limited to the software information, port listening information, and information about websites running on the servers. You can view the information on the Security Center consoleAssets page in the Security Center console.

Container image security

To ensure the security of container images, Security Center regularly scans for vulnerabilities in containers. Relevant information is displayed on the Security Center consolePrecaution > VulnerabilitiesContainer Image Vulnerabilities page.

Container runtime security

To ensure the security of the container runtime, Security Center dynamically detects threats, including viruses, malicious programs, intrusions, container escapes, and high-risk operations in running containers. If risks are detected in the container runtime, Security Center sends you an alert.