You can quickly create an automatic vulnerability fixing task by using an existing policy on the My Policy tab of the Playbook page. After you create a task, the task automatically fixes the vulnerabilities that are detected on the selected servers from the specified start time. This helps you reinforce the security of your system. This topic describes how to create a task.

Prerequisites

  • The Enterprise or Ultimate edition of Security Center is purchased, or Security Center is upgraded to the Enterprise or Ultimate edition. For more information, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Feature.
  • The policy that is used to create a task is added to the My Policy tab.

Background information

The tasks that are created on the Playbook page can fix Linux software vulnerabilities, Windows system vulnerabilities, and Web-CMS vulnerabilities.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Operation > Playbook.
  3. On the Playbook page, click the My Policy tab.
  4. On the My Policy tab, find the required policy and click Create in the Actions column.
  5. On the Create page, configure the following parameters.
    Create a task
    Parameter Description
    Task Name The name of the task.
    Asset List The assets on which you want to run the task. You can select an asset, asset groups, or multiple assets from asset groups. You can use one of the following methods to select the assets:
    • Select asset groups from the Asset Groups list. All assets in the selected groups are automatically selected. You can clear one or more selected assets in the Assets list on the right.
    • Enter an asset name in the search box above the Assets list to search for specific assets. Fuzzy match is supported. Select the assets on which you want to run the automatic vulnerability fixing task from the search results.
    Note The task runs only on the assets that you selected in the Assets list.
    Vulnerabilities on the Linux software, Windows, and Web-CMS tabs The vulnerabilities that are detected on the assets you selected. You can perform the following operations to select the vulnerabilities that you want to fix: Click the Linux software, Windows, or Web-CMS tab and select the vulnerabilities.
    Note You can select up to 200 vulnerabilities to fix.
    Notification The notification method. Valid values: DingTalk robots and Email. After the system runs the task, the system sends you notifications by using the notification method that you specify.
    • DingTalk robots: Select the DingTalk chatbots that are used to send notifications. You can also click Add DingTalk Chatbot to add a new DingTalk chatbot. For more information about how to add a DingTalk chatbot, see Add a DingTalk chatbot.
    • Email: Enter the email addresses that are used to receive notifications. Separate multiple email addresses with commas (,).
    Execution Time The time when the task automatically runs. Valid values:
    • Execute: After you create the task, the system immediately delivers the task to the Security Center agent. Then, the agent automatically runs the task.
    • Custom Time: You must specify StartTime and EndTime to define a maintenance window. After you create the task, the system delivers the task to the Security Center agent and the agent automatically runs the task during the maintenance window. Vulnerabilities are fixed by using patches.
  6. Click Create.
    If you set Execution Time to Execute , the status of the task is Progressing after the task is created. If you set Execution Time to Custom Time, the status of the task is Waiting after the task is created.
    Note You can cancel the tasks that are in the Waiting state on the Playbook page. To cancel a task, you must find the task and click Cancel in the Actions column.

Result

After you create a task, a Created message appears, and you are redirected to the Task Management tab.

What to do next

After the task runs, you can view the task details on the Task Management tab. For more information about how to view task details, see View task details.