You can modify notification and contact settings in the Cloud Firewall console. If Cloud Firewall detects exception events in your assets, it notifies you by email. The exception events include unusual traffic, compromised hosts, suspicious outbound connections, vulnerabilities, unprotected public IP addresses, and disabled intrusion prevention.

Background information

Cloud Firewall can send notifications for the following types of events:
  • Excess Traffic: If Cloud Firewall detects that the volume of peak traffic that passes through Cloud Firewall exceeds the purchased bandwidth, it sends a notification.
  • Excess Traffic Alerting: If Cloud Firewall detects that the volume of peak traffic that passes through Cloud Firewall reaches 70%, 80%, or 90% of the purchased bandwidth, it sends a notification.
  • Infected Host: If Cloud Firewall detects compromised hosts, it sends a notification. To avoid false positives, some notifications are sent one day later.
  • Suspicious Outbound Connection: If Cloud Firewall detects that a host communicates with a risky IP address or domain name, it sends a notification.
  • Protection Against Vulnerabilities: If Cloud Firewall detects that the vulnerabilities in your assets are exploited to launch attacks, it sends a notification.
  • Asset Protection: If Cloud Firewall detects unprotected public IP addresses or virtual private clouds (VPCs) within your account, it sends a notification.
  • Intrusion Prevention: If Cloud Firewall detects that the intrusion prevention feature is disabled, it sends a notification. If the intrusion prevention feature is disabled, attacks are not automatically blocked.
  • New Public IP Address: If Cloud Firewall detects new public IP addresses within your account, it sends a notification.
  • Intelligent Policy: Cloud Firewall automatically learns traffic and recommends intelligent protection policies to you.

You can modify the notification and contact settings based on your business requirements. This way, Cloud Firewall can send the notifications of specific events to specified contacts by email within the specified period of time. The notification settings include the periods, event levels, and methods to send notifications.

Modify notification settings

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Settings > Alert Notifications.
  3. On the Alert Notifications page, click the Alert Notifications tab. In the Notification Settings section, modify notification settings.
    Notice The notification settings immediately take effect.

    Cloud Firewall can send different types of notifications. You can modify the settings of Time, Concerned Levels, and Method based on your business requirements. The following list describes the parameters:

    • Time: You can select 8:00~20:00 or 24 Hours.

      By default, 8:00~20:00 is selected for Time. This indicates that Cloud Firewall sends notifications only within this time range. If Cloud Firewall detects exception events out of this time range, it does not send notifications until the time range arrives.

      Notice If you want Cloud Firewall to immediately send notifications when it detects an exception event, select 24 Hours for Time.
    • Concerned Levels: You can select the levels for specific types of events on which you want to receive notifications. For example, if you select High for a specific type of event, Cloud Firewall sends notifications only when it detects high-risk events. You can select the levels for the following types of events:
      • Infected Host: You can select High, Low, or both.
      • Suspicious Outbound Connection: You can select Risk, Non-Whitelist Alert, or both.
        Note If you select Non-Whitelist Alert, Cloud Firewall sends notifications if it detects that a host communicates with an IP address or domain name that is not in the whitelist. You can configure the whitelist based on your business requirements. For more information, see Outbound connections.
      • Protection Against Vulnerabilities: You can select High, Medium, Low, or a combination.
    • Method: You can select only Email.
      By default, Email is selected. In this case, Cloud Firewall sends notifications to specified contacts by email.
      Note You can add contacts or modify contact information on the Recipient Settings tab. For more information, see Add a contact.

Add a contact

By default, Cloud Firewall sends notifications to the contact specified for your Alibaba Cloud account. If you want multiple contacts to receive notifications from Cloud Firewall, you can add the contacts on the Recipient Settings tab. You can specify up to 10 contacts to receive notifications.

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Settings > Alert Notifications.
  3. On the Alert Notifications page, click the Recipient Settings tab. In the Recipient Settings section, click Add Recipient.
  4. Enter the name and email address of the contact.Then, click Save.
    After you add a contact, the contact is enabled by default. Cloud Firewall sends notifications to both the contact specified for your Alibaba Cloud account and the contacts that you add to the contact list.

    If you do not want an enabled contact to receive notifications, you can turn off the switch in the Enabled column. You can also click Edit or Delete in the Actions column to modify contact information or remove a contact based on your business requirements.