You can modify notification and contact settings in the Cloud Firewall console. If
Cloud Firewall detects exception events in your assets, it notifies you by email.
The exception events include unusual traffic, compromised hosts, suspicious outbound
connections, vulnerabilities, unprotected public IP addresses, and disabled intrusion
prevention.
Background information
Cloud Firewall can send notifications for the following types of events:
- Excess Traffic: If Cloud Firewall detects that the volume of peak traffic that passes through Cloud
Firewall exceeds the purchased bandwidth, it sends a notification.
- Excess Traffic Alerting: If Cloud Firewall detects that the volume of peak traffic that passes through Cloud
Firewall reaches 70%, 80%, or 90% of the purchased bandwidth, it sends a notification.
- Infected Host: If Cloud Firewall detects compromised hosts, it sends a notification. To avoid false
positives, some notifications are sent one day later.
- Suspicious Outbound Connection: If Cloud Firewall detects that a host communicates with a risky IP address or domain
name, it sends a notification.
- Protection Against Vulnerabilities: If Cloud Firewall detects that the vulnerabilities in your assets are exploited
to launch attacks, it sends a notification.
- Asset Protection: If Cloud Firewall detects unprotected public IP addresses or virtual private clouds
(VPCs) within your account, it sends a notification.
- Intrusion Prevention: If Cloud Firewall detects that the intrusion prevention feature is disabled, it
sends a notification. If the intrusion prevention feature is disabled, attacks are
not automatically blocked.
- New Public IP Address: If Cloud Firewall detects new public IP addresses within your account, it sends
a notification.
- Intelligent Policy: Cloud Firewall automatically learns traffic and recommends intelligent protection
policies to you.
You can modify the notification and contact settings based on your business requirements.
This way, Cloud Firewall can send the notifications of specific events to specified
contacts by email within the specified period of time. The notification settings include
the periods, event levels, and methods to send notifications.
Modify notification settings
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- On the Alert Notifications page, click the Alert Notifications tab. In the Notification Settings section, modify notification settings.
Notice The notification settings immediately take effect.
Cloud Firewall can send different types of notifications. You can modify the settings
of Time, Concerned Levels, and Method based on your business requirements. The following list describes the parameters:
- Time: You can select 8:00~20:00 or 24 Hours.
By default, 8:00~20:00 is selected for Time. This indicates that Cloud Firewall sends notifications only within this time range.
If Cloud Firewall detects exception events out of this time range, it does not send
notifications until the time range arrives.
Notice If you want Cloud Firewall to immediately send notifications when it detects an exception
event, select 24 Hours for Time.
- Concerned Levels: You can select the levels for specific types of events on which you want to receive
notifications. For example, if you select High for a specific type of event, Cloud
Firewall sends notifications only when it detects high-risk events. You can select
the levels for the following types of events:
- Infected Host: You can select High, Low, or both.
- Suspicious Outbound Connection: You can select Risk, Non-Whitelist Alert, or both.
Note If you select
Non-Whitelist Alert, Cloud Firewall sends notifications if it detects that a host communicates with an
IP address or domain name that is not in the whitelist. You can configure the whitelist
based on your business requirements. For more information, see
Outbound connections.
- Protection Against Vulnerabilities: You can select High, Medium, Low, or a combination.
- Method: You can select only Email.
By default,
Email is selected. In this case, Cloud Firewall sends notifications to specified contacts
by email.
Note You can add contacts or modify contact information on the Recipient Settings tab.
For more information, see
Add a contact.
Add a contact
By default, Cloud Firewall sends notifications to the contact specified for your Alibaba
Cloud account. If you want multiple contacts to receive notifications from Cloud Firewall,
you can add the contacts on the Recipient Settings tab. You can specify up to 10 contacts
to receive notifications.
- Log on to the Cloud Firewall console.
- In the left-side navigation pane, choose .
- On the Alert Notifications page, click the Recipient Settings tab. In the Recipient Settings section, click Add Recipient.
- Enter the name and email address of the contact.Then, click Save.
After you add a contact, the contact is enabled by default. Cloud Firewall sends notifications
to both the contact specified for your Alibaba Cloud account and the contacts that
you add to the contact list.
If you do not want an enabled contact to receive notifications, you can turn off the
switch in the Enabled column. You can also click Edit or Delete in the Actions column to modify contact information or remove a contact based on
your business requirements.