This topic describes the alert rules for the security events of threat detection and identification (TDI). You can configure and enable alert rules in the Simple Log Service console. This allows you to monitor the security events of TDI. If an alert is triggered, you can identify the cause and fix the error at the earliest opportunity.
Alert rules
The following alert rules are supported. For information about how to set alert parameters, configure whitelists, and perform other related operations, see Configure alerts.
Cloud Security Center Request Success Rate Too Low
ID | sls_app_audit_secure_at_sas_dns_rate |
Name | Cloud Security Center Request Success Rate Too Low |
Version | 1 |
Type | Cloud Platform, Alicloud, Security Event, TDI Security Event |
Usage | Monitors the success rate of DNS requests sent to Security Center If the success rate of DNS requests sent to Security Center is lower than this threshold, an alert is triggered. |
Check Frequency | Fixed interval: 1 minute. |
Time Range | The data of the last 2 minutes is checked. |
Parameter Settings | The following rules describe the parameter settings of the alert:
|
External Configurations | None |
Solution | Check whether exceptions have occurred on DNS requests that are sent to Security Center. |
Prerequisites | The switch next to Security Center(SAS) is turned on. To turn on the switch, go to the Log Audit Service page, and then choose . |
Cloud Security Center Valid Request Rate Too Low Alert
ID | sls_app_audit_secure_at_sas_rate |
Name | Cloud Security Center Valid Request Rate Too Low Alert |
Version | 1 |
Type | Cloud Platform, Alicloud, Security Event, TDI Security Event |
Usage | Monitors the rate of valid requests sent to Security Center. If the rate of valid requests sent to the website is lower than the specified threshold after all requests are filtered by Security Center, an alert is triggered. |
Check Frequency | Fixed interval: 1 minute. |
Time Range | The data of the last 2 minutes is checked. |
Parameter Settings | The following rules describe the parameter settings of the alert:
|
External Configurations | None |
Solution | Check whether exceptions have occurred on the request events that are sent to Security Center. You can also check whether a large number of attack events have occurred. |
Prerequisites | The switch next to Security Center(SAS) is turned on. To turn on the switch, go to the Log Audit Service page, and then choose . |
Too Many New Alarms In Cloud Security Center
ID | sls_app_audit_secure_at_sas_new_alert |
Name | Too Many New Alarms In Cloud Security Center |
Version | 1 |
Type | Cloud Platform, Alicloud, Security Event, TDI Security Event |
Usage | Monitors the number of new alerts in Security Center. If the number of new alerts in Security Center exceeds the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 4 minutes. |
Time Range | The data of the last 5 minutes is checked. |
Parameter Settings | The following rules describe the parameter settings of the alert:
|
External Configurations | None |
Solution | Check the new alerts in Security Center. |
Prerequisites | The switch next to Security Center(SAS) is turned on. To turn on the switch, go to the Log Audit Service page, and then choose . |
Too Many New Vulnerabilities In Cloud Security Centers
ID | sls_app_audit_secure_at_sas_new_vul |
Name | Too Many New Vulnerabilities In Cloud Security Centers |
Version | 1 |
Type | Cloud Platform, Alicloud, Security Event, TDI Security Event |
Usage | Monitors the number of new vulnerabilities in Security Center. If the number of new vulnerabilities in Security Center exceeds the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 4 minutes. |
Time Range | The data of the last 5 minutes is checked. |
Parameter Settings | The following rules describe the parameter settings of the alert:
|
External Configurations | None |
Solution | Check the new vulnerabilities in Security Center. |
Prerequisites | The switch next to Security Center(SAS) is turned on. To turn on the switch, go to the Log Audit Service page, and then choose . |
Too Many High-Priority Alarms In Cloud Security Center
ID | sls_app_audit_secure_at_sas_ser_alert |
Name | Too Many High-Priority Alarms In Cloud Security Center |
Version | 1 |
Type | Cloud Platform, Alicloud, Security Event, TDI Security Event |
Usage | Monitors the number of high-priority alerts in Security Center. If the number of high-priority alerts in Security Center exceeds the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 4 minutes. |
Time Range | The data of the last 5 minutes is checked. |
Parameter Settings | The following rules describe the parameter settings of the alert:
|
External Configurations | None |
Solution | You can monitor the high-priority alert in Security Center. |
Prerequisites | The switch next to Security Center(SAS) is turned on. To turn on the switch, go to the Log Audit Service page, and then choose . |