All Products
Search
Document Center

Cloud Firewall:Configure notifications

Last Updated:Sep 11, 2023

After you configure notifications, Cloud Firewall notifies you of exceptions in your assets at the earliest opportunity. The exceptions include unusual traffic, suspicious outbound connections, and vulnerabilities. This way, you can obtain the security status of your assets and handle exceptions at the earliest opportunity. This helps ensure the security of your assets. This topic describes how to configure notifications.

Notification items

The following table describes the notification items that are supported by Cloud Firewall.

Notification item

Description

Supported Cloud Firewall edition

Excess Traffic

If Cloud Firewall detects that the volume of peak traffic that passes through Cloud Firewall exceeds the purchased bandwidth, it sends a notification.

Premium Edition, Enterprise Edition, and Ultimate Edition

Excess Traffic Alerting

If Cloud Firewall detects that the volume of peak traffic that passes through Cloud Firewall reaches 70%, 80%, or 90% of the purchased bandwidth, it sends a notification. You can specify the percentage based on your business requirements.

Premium Edition, Enterprise Edition, and Ultimate Edition

Weekly Report

Cloud Firewall regularly sends weekly reports to the email addresses of the specified contacts at the specified notification time.

Free Edition, Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method

Infected Host

If Cloud Firewall detects a compromised host, it sends a notification. To avoid false positives, some notifications are sent one day later.

Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method

Suspicious Outbound Connection

If Cloud Firewall detects that a host communicates with suspicious IP addresses or domain names in outbound connections, it sends a notification.

Premium Edition, Enterprise Edition, and Ultimate Edition

Protection Against Vulnerabilities

If Cloud Firewall detects that a vulnerability in your asset is exploited, it sends a notification.

Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method

Asset Protection

If Cloud Firewall detects an unprotected public IP address or virtual private cloud (VPC) within your account, it sends a notification.

Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method

Intrusion Prevention

If Cloud Firewall detects that the intrusion prevention feature is disabled, it sends a notification. If the intrusion prevention feature is disabled, attacks are not automatically blocked.

Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method

New Public IP Address

If Cloud Firewall detects a new public IP address within your account and the IP address is not protected, it sends a notification.

Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method

Intelligent Policy

If Cloud Firewall automatically updates a recommended intelligent protection policy based on traffic learning results, it sends a notification.

Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method

Log Storage Capacity

If Cloud Firewall detects that your log storage usage reaches 70%, 80%, or 90% of the purchased log storage capacity, it sends a notification. You can specify the percentage based on your business requirements.

Premium Edition, Enterprise Edition, and Ultimate Edition

Configure notifications

You can configure notification settings, such as time periods and severities, based on your business requirements. This way, Cloud Firewall can send notifications to the specified contacts by email at the specified time period.

  1. Log on to the Cloud Firewall console.

  2. In the left-side navigation pane, choose Settings > Alert Notifications.

  3. On the Alert Notifications tab, modify the following notification settings for different notification items: Time, Concerned Levels, and Method.

    • The new notification settings immediately take effect.

    • If Cloud Firewall detects exceptions within the specified time period, it sends notifications within the time period. If Cloud Firewall detects exceptions outside of the specified time period, it does not send notifications until the time period arrives.

Configure weekly reports

Cloud Firewall can send weekly reports to you by email. A weekly report includes the following information: protection data of web assets, status of firewalls, analysis data of vulnerabilities, and data of security policies. This helps you obtain the overall security status of your assets. You can specify the notification time and the email addresses of contacts to whom the weekly reports are sent.

Weekly report content

Title

Details

Overview of asset security status

The number of attacks that are blocked by Cloud Firewall and number of security events that occurred this week.

Security status of the Internet firewall

The number of protected public IP addresses, number of unprotected public IP addresses, analysis results of inbound and outbound Internet traffic, and analysis results of Intrusion Prevention System (IPS) events.

Security status of east-west traffic that passes through VPC firewalls

The total number of VPCs, number of VPCs for which firewalls are enabled, number of VPCs for which firewalls are disabled, and number of security events in VPCs.

Vulnerability and attack prevention

The number of at-risk assets on which vulnerabilities are detected, number of prevented vulnerabilities, and number of blocked attacks that are initiated by exploiting vulnerabilities.

Access control policy management

The number of access control policies, number of blocked requests, and number of newly created access control policies this week.

Configure notification settings for weekly reports

By default, Cloud Firewall automatically sends a weekly report at 09:00 every Wednesday to the email addresses that you specify. If you want Cloud Firewall to send weekly reports at a different point in time, you can change the time on the Settings > Alert Notifications page.

Configure contacts

By default, Cloud Firewall notifies the contact that is specified for your Alibaba Cloud account. If you want Cloud Firewall to notify multiple contacts, you can manually add contacts. The added contacts receive only Cloud Firewall-related notifications.

Note

You can add up to 10 contacts.

  1. Log on to the Cloud Firewall console.

  2. In the left-side navigation pane, choose Settings > Alert Notifications.

  3. On the Recipient Settings tab, click Add Recipient.

  4. Enter the name and email address of the contact, turn on or turn off the switch in the Enabled column, and then click Save.

    Cloud Firewall sends notifications to a contact only if the switch in the Enabled column of the contact is turned on.