This topic provides a brief introduction of the Overview page in the Security Center console. The Overview page in the Security Center console is a security operations center for Alibaba Cloud services. The Overview page dynamically displays the security score, risks that threat your assets, status of all your assets, and the features that you have enabled. You can upgrade Security Center, renew the subscription, increase the asset quota, and modify notification settings on this page.

In the Security Center console, you can view and manage your assets on the Overview page.The Overview page

The Overview page displays the following sections:

  • Upgrade and Renew: This section displays the edition of Security Center. You can upgrade Security Center to the Basic Anti-Virus, Advanced, or Enterprise edition, increase the asset quota, and renew the subscription. For more information, see Upgrade Security Center, increase asset quota, and renew subscription.Upgrade and renewal

    You can click Check Now to scan for vulnerabilities, baseline risks, and configuration risks in the assets.

  • Secure Score: displays the security score of your assets and the number of risks detected on your assets. For more information, see Security score. For more information about how to improve the security score, see Improve the security score.Security Score

    Click Fix Now and the Security Risk page appears. You can then follow the instructions to view related topics or manage risks.

    The Security Risk page displays the following types of risks that need to be managed at the earliest opportunity:

    • Configurations of core features
    • Unhandled alerts
    • Unfixed vulnerabilities
    • Baseline risks
    • Cloud service configuration risks
    • Attacks and other types of risks
  • Status: This section displays the numbers of assets that have installed the Security Center agent and those that have not, which respectively indicates the number of assets that have been protected by Security Center and those that have not. The risk statistics are also displayed.Asset status

    Move the pointer over the number below Unprotected and click Install Agent to go to the Agent tab. On this tab, you can install the Security Center agent on the unprotected assets. For more information about how to install the Security Center agent, see Install the Security Center agent.

  • Security Detection and Defense Capabilities: This section displays the engines used to scan assets, log capacity, anti-virus database update time, system vulnerability scan time, number of precise defense events, and number of tamper protection events. This information allows you to monitor the defense and security status of your assets in real time.Detection and defense capabilities
  • Threat Statistics: You can view threat statistics, as shown in the following table.Threat statistics
    Threat type Description
    Unhandled alerts This section displays the total number of alerts in your assets and the numbers of alerts at different risk levels.
    Security Center classifies alerts into the following severity levels:
    • Urgent: high severity risks. This level of risk indicates that intrusion events have been detected on your servers, such as reverse shells. We recommend that you view the details of the alert events and handle the events in a timely manner.
    • Warning: medium severity risks. This level of risk indicates that suspicious events have been detected on your servers, such as suspicious CMD command sequences. We recommend that you view the details of the alert events, assess whether your servers are at risk, and handle the events as needed.
    • Notice: low severity risks. This level of risk indicates that low-risk events have been detected on your servers, such as suspicious port listening behaviors. We recommend that you view the details of the alert events.

    You can click the number below Unhandled Alerts to go to the Alerts page where you can view and manage alert events. For more information, see Manage alert events.

    Unfixed vulnerabilities This section displays the total number of unfixed vulnerabilities and the numbers of vulnerabilities at different risk levels.

    You can click the number below Unfixed Vul to go to the Vulnerabilities page where you can view and manage vulnerabilities. For more information, see Vulnerability priorities.

    Baseline risks This section displays the total number of baseline risks in your assets and the numbers of baseline risks at different risk levels.

    You can click the total number below Baseline Risks to go to the Baseline Check page where you can view and manage baseline risks. For more information, see Baseline checks.

    Attack Type Distribution This section displays the total number of attacks against your assets.

    You can click the number below Attacks to go to the Attack Awareness page where you can view attack analysis. For more information, see Attack awareness.

  • Config Assessment Risks: This section displays the risks detected in the baseline configurations of cloud services.Cloud service configuration risks

    You can click See All to go to the Cloud Platform Configuration Assessment page where you can view and manage configuration risks in your cloud services. For more information, see Cloud service configuration assessment.

  • Issue Resolved: This section displays the number of alerts, vulnerabilities, and baseline risks that have been managed in the last 15 days. The statistics are displayed in a bar and trend chart.Operations security

Upgrade Security Center, increase asset quota, and renew subscription

Security Center supports Basic, Basic Anti-Virus, Advanced, and Enterprise editions. On the Overview page, you can view the edition of Security Center in the upper-right corner. For more information about features supported by each edition, see Features.
  • Basic Edition: The current edition and the Upgrade button are displayed in the upper-right corner. The Basic Anti-Virus, Advanced, and Enterprise editions support advanced features such as baseline checks, asset fingerprints, malicious process detection, and log analysis.
  • Basic Anti-Virus, Advanced, or Enterprise Edition: displays the expiration date and total number of assets in the upper-right corner of the Overview page. You can also click Upgrade and Renew in the upper-right corner. Advanced or Enterprise edition
    Note The Asset Scaling button is displayed in the upper-right corner if the current number of assets exceeds the asset quota that you have specified when you purchased Security Center.

Security score

Security score Description Font color
95-100 Your assets are secure. Green
85-94 Your assets are exposed to a few security risks. We recommend that you reinforce protection at the earliest opportunity. Yellow
70-84 Your assets are exposed to a large number of security risks. We recommend that you reinforce protection at the earliest opportunity. Yellow
69 or lower Your assets are at high risk. We recommend that you reinforce protection at the earliest opportunity. Red

Penalty points

Type Required edition Item Penalty point
Configurations of core features Basic Tamper protection is not enabled. 5
Basic Anti-brute-force attack policies are not configured. 2
Basic Quick installation of the Security Center agent is unauthorized. 2
Basic Anti-Virus, Advanced, and Enterprise Security Center is unauthorized to run configuration checks on cloud services. 2
Basic Anti-Virus, Advanced, and Enterprise The Anti-virus feature is disabled. 2
Basic Anti-Virus, Advanced, and Enterprise AccessKey leak detection is disabled. 2
Basic Anti-Virus, Advanced, and Enterprise Log analysis is disabled. 2
Basic Anti-Virus, Advanced, and Enterprise Anti-ransomware is not enabled. 2
Unhandled alerts Basic Anti-Virus, Advanced, and Enterprise Unhandled high-risk alerts are detected. 20
Basic Anti-Virus, Advanced, and Enterprise Unhandled medium-risk alerts are detected. 20
Basic Anti-Virus, Advanced, and Enterprise Unhandled low-risk alerts are detected. 20
Unfixed vulnerabilities are detected. Advanced and Enterprise Unfixed CMS vulnerabilities are detected. 2
Advanced and Enterprise Unfixed Windows system vulnerabilities are detected. 2
Advanced and Enterprise Unfixed Linux software vulnerabilities are detected. 2
Advanced and Enterprise Unfixed emergency vulnerabilities are detected. 5
Advanced and Enterprise Undetected emergency vulnerabilities exist. 3
Baseline risks Advanced and Enterprise Baseline risks are detected. 1
Cloud service configuration risks Advanced and Enterprise The edition of Security Center is the Basic edition. 5
Advanced and Enterprise Anti-DDoS fails the back-to-origin configuration check.
  • High risk: 2
  • Low risk: 1
Advanced and Enterprise Two-factor authentication is disabled for your Alibaba Cloud account.
  • High risk: 2
  • Low risk: 1
Advanced and Enterprise ApsaraDB for RDS fails the security policy check.
  • High risk: 2
  • Low risk: 1
Advanced and Enterprise High severity risks are detected in cloud service configurations. 2
Advanced and Enterprise Medium and low severity risks are detected in cloud service configurations. 1
AccessKey leaks Enterprise Risks of potential AccessKey leakage are detected. 30
Other types Enterprise Attack events are detected. 5
Note
  • The highest security score is 100 and the lowest is 10.
  • After penalty points are endorsed, if the security score is higher than 60 but alerts are not managed, the final score is 60.
  • After penalty points are endorsed, if the security score is higher than 80 but vulnerabilities are not fixed or an unhandled alert causes penalty points, the final score is 80.
  • After penalty points are endorsed, if the security score is higher than 90 but baseline risks are not managed, the final score is 90.