Cloud Firewall can alert you by email when it detects security exceptions — traffic spikes exceeding your bandwidth, suspicious outbound connections, compromised hosts, and more. Configure which notifications to receive, set the time window and severity filters for each, and manage who receives them.
Notification items
Cloud Firewall supports 11 notification types. The table below shows the trigger condition and supported editions for each item.
| Notification item | Trigger condition | Supported editions |
|---|---|---|
| Excess Traffic | Peak traffic exceeds purchased bandwidth | Premium, Enterprise, Ultimate |
| Excess Traffic Alerting | Peak traffic reaches a specified percentage of purchased bandwidth (70%, 80%, or 90%, user-configurable) | Premium, Enterprise, Ultimate |
| Weekly Report | Sent on a weekly schedule | Free, Premium, Enterprise, Ultimate, pay-as-you-go |
| Notification of Compromised Hosts | A compromised host is detected. To avoid false positives, some alerts are sent one day later. | Premium, Enterprise, Ultimate, pay-as-you-go |
| Notification of Suspicious Outbound Connections | A host communicates with suspicious IP addresses or domain names in outbound connections | Premium, Enterprise, Ultimate |
| Notification of Real-time Vulnerability Prevention | A vulnerability in your asset is exploited | Premium, Enterprise, Ultimate, pay-as-you-go |
| Notification of Unprotected Assets | An unprotected public IP address or virtual private cloud (VPC) is detected in your account | Premium, Enterprise, Ultimate, pay-as-you-go |
| Notification of Intrusion Events | The intrusion prevention feature is disabled. When disabled, attacks are not automatically blocked. | Premium, Enterprise, Ultimate, pay-as-you-go |
| Notification of New Internet-facing Assets | A new unprotected public IP address is detected in your account | Premium, Enterprise, Ultimate, pay-as-you-go |
| Notification of Recommended Intelligent Policies | An intelligent protection policy is automatically updated based on traffic learning | Premium, Enterprise, Ultimate, pay-as-you-go |
| Log Storage Capacity | Log storage usage reaches a specified percentage of purchased capacity (70%, 80%, or 90%, user-configurable) | Premium, Enterprise, Ultimate |
Configure notification settings
For each notification item, you can set the time window, concerned severity levels, and notification method. Changes take effect immediately.
Cloud Firewall sends notifications only within the configured time window. Exceptions detected outside the window are held and sent when the window opens.
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose System Settings > Alert Notification.
On the Alert Notification tab, configure Time, Concerned Levels, and Method for each notification item.
Configure weekly reports
Cloud Firewall sends a weekly security summary to help you track the overall protection status of your assets. By default, reports are sent at 09:00 every Wednesday.
Weekly report content
Each weekly report covers five areas:
| Section | What's included |
|---|---|
| Overview of asset security status | Attacks blocked and security events that occurred this week |
| Security status of the Internet firewall | Protected and unprotected public IP addresses, inbound and outbound traffic analysis, and Intrusion Prevention System (IPS) events |
| Security status of east-west traffic through VPC firewalls | Total VPCs, number of VPCs with firewalls enabled or disabled, and security events in VPCs |
| Vulnerability and attack prevention | At-risk assets, prevented vulnerabilities, and attacks blocked via vulnerability exploitation |
| Access control policy management | Total access control policies, blocked requests, and newly created policies this week |
Change the weekly report schedule
By default, reports are sent at 09:00 every Wednesday. To change the send time:
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose System Settings > Alert Notification.
On the Alert Notification tab, update the schedule for Weekly Report.
Manage recipients
By default, Cloud Firewall sends notifications to the contact associated with your Alibaba Cloud account.
You can add up to 10 recipients. Added recipients receive only Cloud Firewall notifications.
To add a recipient:
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose System Settings > Alert Notification.
On the Recipient Settings tab, click Add Recipient.
Enter the recipient's name and email address, set Enabling Status to on or off, and click Save.
Cloud Firewall sends notifications to a recipient only when Enabling Status is turned on.