In the Settings panel, you can enable or disable automatic detection of vulnerabilities of different types, and enable vulnerability detection for specific servers. In addition, you can configure the scan cycle and scan mode, set the retention period for invalid vulnerabilities, and remove vulnerabilities from the whitelist. This topic describes how to perform these operations.

Background information

You can select multiple vulnerabilities from the list of Linux software vulnerabilities, Windows system vulnerabilities, Web-CMS vulnerabilities, and application vulnerabilities. Then, you can add the selected vulnerabilities to the whitelist. After you add vulnerabilities to the whitelist, Security Center no longer detects these vulnerabilities. You can remove vulnerabilities from the whitelist in the Settings panel.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. In the upper-right corner of the Vulnerabilities page, click Settings.
  4. In the Settings panel, configure the parameters based on your requirements.

    You can perform the following operations in the panel:

    • Turn on or turn off the switch of a vulnerability type to enable or disable detection for vulnerabilities of this type.
    • Find a vulnerability type and click Manage to add servers on which vulnerabilities of this type can be detected. Add servers
    • Turn on or turn off YUM/APT Source Configuration to use or not use YUM or APT sources of Alibaba Cloud for vulnerability fixing. You must configure a valid YUM or APT source before you fix a Linux software vulnerability. If the YUM or APT source is invalid, the vulnerability fix may fail. After you turn on YUM/APT Source Configuration, Security Center automatically selects a YUM or APT source of Alibaba Cloud. This makes vulnerability fixing more efficient. We recommend that you turn on YUM/APT Source Configuration.
    • Specify Scanning Modes. You can select one of the following scan modes:
      • Real risk model: In this mode, Security Center automatically detects, analyzes, and displays only vulnerabilities that can be exploited by attackers. If you select this mode, the Vulnerabilities page displays only vulnerabilities whose priority scores are higher than or equal to 13.5. If you want to view only vulnerabilities that have high priority, we recommend that you select this mode.
        Note
        • The priority score of a vulnerability helps you determine whether to immediately fix the vulnerability. If the priority score of a vulnerability is 13.5 or higher, the vulnerability is critical and must be immediately fixed. For more information, see Vulnerability priorities.
        • Whether you select Real risk model or Full rule scan mode, it takes 1 to 5 minutes to complete a vulnerability scan task.
      • Full rule scan mode: Security Center detects vulnerabilities of all types, including vulnerabilities that do not meet security regulations. If you select this mode, the Vulnerabilities page displays all vulnerabilities that are detected on your servers.
    • Specify Emergency vul(s) Scan Cycle. Only users of the Advanced, Enterprise, or Ultimate edition can specify the Emergency vul(s) Scan Cycle parameter. By default, the detection period for urgent vulnerabilities is 00:00:00 to 07:00:00. You can set Emergency vul(s) Scan Cycle to 3 Days, One week, Two weeks, or Stop.
      Note If your servers are deployed in a private network or urgent vulnerability detection is not required, you can set Emergency vul(s) Scan Cycle to Stop. Your servers may be attacked in various ways. We recommend that you set Emergency vul(s) Scan Cycle to a value other than Stop. This way, Security Center detects urgent vulnerabilities on your servers in a timely manner.
    • Specify Application Vul(s) Scan Cycle. Only users of the Enterprise or Ultimate edition can specify the Application Vul(s) Scan Cycle parameter. By default, the detection period for application vulnerabilities is 00:00:00 to 07:00:00. You can set Application Vul(s) Scan Cycle to 3 Days, One week, or Two weeks.
    • Specify Retain Invalid Vul for. Valid values: 7Day(s), 30Day(s), and 90Day(s).
      Note If you do not handle a vulnerability or a fixed vulnerability is not detected again within the retention period you specified, Security Center removes this vulnerability from the vulnerability list on the Vulnerabilities page. Security Center generates alerts if vulnerabilities of the same type are detected again.
    • Specify Vul scan level. Valid values: High, Medium, and Low.

      Security Center detects and displays only vulnerabilities that have the priorities specified by the Vul scan level parameter. If you select High and Medium, Security Center detects only vulnerabilities that have High and Medium priorities. On the Vulnerabilities page, only vulnerabilities that have High and Medium priorities are displayed.

    • In the Vul Whitelist section, you can view the vulnerabilities that are added to the whitelist. If you want to remove a vulnerability from the whitelist, find the vulnerability and click Remove in the Actions column. After the vulnerability is removed from the whitelist, Security Center detects the vulnerability and generates alerts for this vulnerability.

References

How often does Security Center detect vulnerabilities?

What are the differences between baselines and vulnerabilities?

What do I do if I cannot enable the vulnerability detection feature for a server on the Assets page?