This topic provides a brief introduction of the Overview page in the Security Center console. The Overview page in the Security Center console is a security operations center for Alibaba Cloud services. The Overview page dynamically displays the security score, risks that threat your assets, status of all your assets, and the features that you have enabled. You can upgrade Security Center, renew the subscription, increase the asset quota, and modify notification settings on this page.

In the Security Center console, you can view and manage your assets on the Overview page.The Overview page

The Overview page consists of the following sections:

  • Upgrade and Renew: This section displays the edition of Security Center. You can upgrade Security Center to the Advanced or Enterprise edition, increase the asset quota, and renew the subscription. For more information, see Upgrade Security Center, increase asset quota, and renew subscription.Upgrade and renewal

    Click Check Now to scan for vulnerabilities, baseline risks, and configuration risks in the assets.

  • Secure Score: This section displays the security score of your assets and the number of risks detected on your assets. For more information, see Security score. For more information about how to improve the security score, see Improve the security score.Security score

    Click Fix Now and the Security Risk page appears. You can then follow the instructions to view related topics or manage risks.

    The Security Risk page shows the following types of risks that need to be managed as soon as possible:

    • Unhandled alerts
    • Unfixed vulnerabilities
    • Baseline risks
    • Cloud service configuration risks
    • Attacks and other types of risks
  • Status: This section displays the numbers of assets that have installed the Security Center agent and those that have not, which respectively indicates the number of assets that have been protected by Security Center and those that have not. The risk statistics are also displayed.Asset status

    Place the pointer over the number under Unprotected and click Install Agent to go to the Agent tab. On this tab, you can install the Security Center agent on the unprotected assets. For more information about how to install the Security Center agent, see Install the Security Center agent.

  • Security Detection and Defense Capabilities: This section displays the engines used to scan assets, log capacity, anti-virus database update time, system vulnerability scan time, number of precise defense events, and number of tamper protection events. This information helps you monitor the defense and security status of your assets in real time.Detection and defense capabilities
  • Threat Statistics: You can view threat statistics, as shown in the following table.Threat statistics
    Threat type Description
    Unhandled alerts This section displays the total number of alerts in your assets and the numbers of alerts at different risk levels.
    Security Center classifies alerts into the following severity levels.
    • Urgent: high severity risks. This level of risk indicates that intrusion events have been detected on your servers, such as reverse shells. We recommend that you view the details of the alert events and handle the events in a timely manner.
    • Warning: medium severity risks. This level of risk indicates that suspicious events have been detected on you servers, such as suspicious CMD command sequences. We recommend that you view the details of the alert events, determine whether your servers are at risk, and handle the events as needed.
    • Notice: low severity risks. This level of risk indicates that low-risk events have been detected on you servers, such as suspicious port listening behaviors. We recommend that you view the details of the alert events.

    You can click the total number under Unhandled Alerts to go to the Alerts page to view and manage alert events. For more information, see Manage alert events.

    Unfixed vulnerabilities This section displays the total number of unfixed vulnerabilities and the numbers of vulnerabilities at different risk levels.

    You can click the total number under Unfixed Vul to go to the Vulnerabilities page to view and manage vulnerabilities. For more information, see Vulnerability fix prioritization.

    Baseline risks This section displays the total number of baseline risks in your assets and the numbers of baseline risks at different risk levels.

    You can click the total number under Baseline Risks to go to the Baseline Check page to view and manage baseline risks. For more information, see Baseline check overview.

    Attacks This section displays the total number of attacks launched against your assets.

    You can click the total number under Attacks to go to the Attack Awareness page to view attack analysis. For more information, see Attack awareness.

  • Config Assessment Risks: This section displays the risks detected in the baseline configurations of cloud services.Configuration risks

    You can click See All to go to the Cloud Platform Configuration Assessment page to view and manage configuration risks in your cloud services. For more information, see Cloud service configuration assessment.

  • Issue Resolved: This section displays the number of alerts, vulnerabilities, and baseline risks that have been managed in the last 15 days. The statistics are displayed in a bar and trend chart.Operations security

Upgrade Security Center, increase asset quota, and renew subscription

Security Center supports Basic, Advanced, and Enterprise editions. On the Overview page, you can view the edition of Security Center in the upper-right corner. For more information about features supported by each edition, see Features.
  • Basic Edition: The current edition and the Upgrade button are displayed in the upper-right corner. The Advanced and Enterprise editions support advanced features such as baseline check, asset fingerprints, malicious process detection, and log analysis.
  • Advanced Edition or Enterprise Edition: shows the expiration date and total number of assets in the upper-right corner of the Overview page. You can also click Upgrade and Renew in the upper-right corner. Advanced or Enterprise edition
    Note The Asset Scaling button is displayed in the upper-right corner if the current number of assets exceeds the asset quota that you have specified when you purchased Security Center.

Security score

Security score Description Font color
95-100 Your assets are secure. Green
85-94 Your assets are at low risk. We recommend that you reinforce protection as soon as possible. Yellow
70-84 Your assets are at medium risk. We recommend that you reinforce protection as soon as possible. Yellow
69 or lower Your assets are at high risk. We recommend that you reinforce protection as soon as possible. Red

Penalty points

Type Edition Item Penalty point
Configurations of key features Basic Whether anti-brute force attack policies are configured 2
Basic Whether quick installation of the Security Center agent is authorized 2
Advanced and Enterprise Whether Security Center has the permission to run configuration checks on cloud services 2
Advanced and Enterprise Whether anti-virus protection is enabled 2
Advanced and Enterprise Whether AccessKey leak detection is enabled 2
Advanced and Enterprise Whether log analysis is enabled 2
Unhandled alerts Advanced and Enterprise Whether unhandled high-risk alerts are detected 20
Advanced and Enterprise Whether unhandled medium-risk alerts are detected 20
Advanced and Enterprise Whether unhandled low-risk alerts are detected 20
Whether unfixed vulnerabilities are detected Advanced and Enterprise Whether unfixed CMS vulnerabilities are detected 2
Advanced and Enterprise Whether unfixed Windows host vulnerabilities are detected 2
Advanced and Enterprise Whether unfixed Linux host vulnerabilities are detected 2
Advanced and Enterprise Whether unfixed urgent vulnerabilities are detected 5
Advanced and Enterprise Whether your assets contain undetected urgent vulnerabilities 3
Baseline risks Enterprise Whether baseline risks are detected 1
Cloud service configuration risks Advanced and Enterprise Whether the edition of Security Center is the Advanced or Enterprise edition 5
Advanced and Enterprise Results of back-to-origin configuration checks
  • High risk: 2
  • Low risk: 1
Advanced and Enterprise Whether the Alibaba Cloud account has enabled two-factor authentication
  • High risk: 2
  • Low risk: 1
Advanced and Enterprise Whether checks on ApsaraDB for RDS security policies have failed
  • High risk: 2
  • Low risk: 1
Advanced and Enterprise Whether high risks in cloud service configurations are detected 2
Advanced and Enterprise Whether high and medium risks in cloud service configurations are detected 1
AccessKey leaks Enterprise Whether AccessKey leaks are detected 30
Other types Enterprise Whether attacks are detected 5
Note
  • The highest security score is 100 and the lowest is 10.
  • After penalty points are endorsed, if the security score is higher than 60 but alerts are not managed, the final score is 60.
  • After penalty points are endorsed, if the security score is higher than 80 but vulnerabilities are not fixed or an alert causes penalty points, the final score is 80.
  • After penalty points are endorsed, if the security score is higher than 90 but baseline risks are not managed, the final score is 90.