This topic provides a brief introduction to the Overview tab of the Security Center console. The Overview tab is a security operations center for Alibaba Cloud services. The tab dynamically displays the security score, risks that threaten your assets, and the features that you have enabled. The tab also provides you with entry points to upgrade and renew Security Center, and increase related quotas.

On the Overview tab of the Security Center console, you can view the overall security information of your assets and perform operations based on your business requirements. You can view the security information in the following sections on the Overview tab:

Security score

The Secure Score section displays the security score of your assets and the number of risks that are detected on your assets. For more information about the security score, see Security scores. For more information about how to improve the security score, see Improve the security score of your assets. Secure Score
Click Fix Now to go to the Security Risk panel. In the panel, you can click Help to go to the specific help documentation to handle risks. You can also click Process Now to handle risks. The Security Risk panel displays the following types of risks that you must handle at the earliest opportunity:
  • Configurations of core features
  • Unhandled alerts
  • Unfixed vulnerabilities
  • Baseline risks
  • AccessKey pair leaks
  • Configuration risks in cloud services
  • Attacks and other types of risks

Edition and protection details

The section in the upper-right corner of the Overview tab displays the Security Center edition that you use, the date on which Security Center expires, and the statistics on your assets. The statistics include the numbers of websites, containers, and unprotected Elastic Compute Service (ECS) instances within your Alibaba Cloud account. The statistics also include the cores of servers within your Alibaba Cloud account and the purchased quota for cores of servers that you want to protect. Edition and protection details
You can perform the following operations in this section:
  • Try Security Center Ultimate: If you use Security Center Basic and meet the requirements to apply for a free trial, click Try Now to start the free trial of Security Center Ultimate. For more information, see Apply for a free trial of the Security Center Ultimate edition.
  • Purchase Security Center: If you use Security Center Basic, click Improve Defense Capabilities to purchase Security Center. For more information about the features that each edition supports, see Features. For more information about how to purchase Security Center, see Purchase Security Center.
  • Upgrade Security Center: If you use the Anti-virus, Advanced, Enterprise, or Ultimate edition of Security Center and want to upgrade Security Center or increase the number of protected servers, the quota for cores of servers that you want to protect, or the purchased quota of a value-added feature, click Upgrade Now. You can also click Upgrade Now to separately enable value-added features. For more information, see Upgrade and downgrade Security Center.
  • Renew Security Center: If you use the Anti-virus, Advanced, Enterprise, Ultimate, or Value-added Plan edition of Security Center and want to renew Security Center before it expires, click Renewal. For more information, see Renew the subscription to Security Center.
  • Enable auto-renewal by month: If you want to use Security Center for a long period of time, select Automatic Renewal to enable auto-renewal by month. After you enable auto-renewal by month, the system automatically renews your subscription before Security Center expires. You do not need to manually renew the subscription. If Security Center expires, attacks can pose threats to your business. We recommend that you enable auto-renewal by month to protect your business.
  • Install the Security Center agent on unprotected servers: Click Install now below Unprotected assets (ECS) to go to the Agent tab of the Settings page. On the tab, you can install the Security Center agent on unprotected servers. This allows Security Center to protect the servers. For more information, see Install the Security Center agent.

Security defense

The Security defense section displays the numbers of blocked viruses, detected AccessKey pair leaks, fixed vulnerabilities, and blocked web tampering attempts. The Security capability enabled section displays the engines that are enabled to scan assets, the version of the virus library, and the time when the system scans for vulnerabilities. The Anti-ransomware section displays the purchased anti-ransomware capacity and its usage information. The Log analysis section displays the purchased log storage capacity and its usage information. You can monitor the defense and security status of your assets in real time in these sections. Security defense
Note Anti-Virus Version indicates the version of the virus library. The version is also the update time of the virus library. Security Center dynamically updates the virus library and the characteristics of viruses in the virus library based on the analysis results of specific engines. The engines include lexical analysis engines, virus detection engines, machine learning engines, deep learning engines, big data-based threat detection engines, threat intelligence engines, and abnormal behavior analysis engines. We recommend that you use Security Center to detect vulnerabilities and viruses on a regular basis to protect your servers from the latest viruses. For more information, see Use the quick scan feature and Scan for viruses.

If you want to perform in-depth virus detection on your servers, click Scan Now to go to the Virus Defense page. For more information about how to scan for viruses, see Scan for viruses.

Security risks

The Security risk section displays the statistics on unhandled alerts, unfixed vulnerabilities, baseline risks, and attacks. The following table describes the statistics. Threat statistics
Type Description
Unhandled Alerts This section displays the total number of alerts that are generated for your assets and the numbers of alerts at different risk levels.
The alerts generated by Security Center are classified into the following risk levels:
  • Urgent: high-risk alerts. If high-risk alerts are generated, intrusion events such as reverse shells are detected on your server. We recommend that you view the details of the alerts and handle the alerts at the earliest opportunity.
  • Warning: medium-risk alerts. If medium-risk alerts are generated, exceptions such as suspicious command sequences are detected on your server. We recommend that you view the details of the alerts, check whether your server is at risk, and handle the alerts.
  • Notice: low-risk alerts. If low-risk alerts are generated, low-risk exceptions such as suspicious port listening are detected on your server. We recommend that you view the details of the alerts at the earliest opportunity.

You can click the total number below Unhandled Alerts to go to the Alerts page to view and handle alerts. For more information, see Handle alerts.

Unfixed Vul This section displays the total number of unfixed vulnerabilities and the numbers of vulnerabilities with different priorities.

You can click the total number below Unfixed Vul to go to the Vulnerabilities page to view and handle vulnerabilities. For more information, see Vulnerability fixes.

Baseline Risks This section displays the total number of baseline risks in your assets and the numbers of baseline risks at different risk levels.

You can click the total number below Baseline Risks to go to the Baseline Check page to view and handle baseline risks. For more information, see Baseline checks.

Attacks This section displays the total number of attacks against your assets.

You can click the number below Attacks to go to the Attack Awareness page to view attack analysis. For more information, see Attack analysis.

Configuration assessment

The Cloud platform configuration check section displays the risks detected in the baseline configurations of cloud services. Configuration risks in cloud services

You can click See All to go to the Cloud Platform Configuration Assessment page to view the check results of configuration assessment for your cloud services and handle the detected configuration risks. For more information, see View and manage configuration risks.

Security operations

The Issue Resolved (Last 15 days) section displays the trends in the numbers of alerts, vulnerabilities, and baseline risks that have been handled in the last 15 days. The statistics are displayed in a column and line chart.

Issue Resolved (Last 15 days)