Security Center sends you notifications by using text messages, emails, internal messages, or DingTalk chatbots. You can configure notification settings for items such as vulnerabilities, baseline risks, and tampered web pages. This topic describes how to configure notification settings and add DingTalk chatbots.

Background information

By default, the alert contact is the contact of your Alibaba Cloud account. To add more alert contacts, go to Message Center. Navigate to the Common Settings page. In the Product Message section, find Security Notice. Click Modify in the Contact column. For more information, see How do I modify the alert contacts that receive notifications?

Only Security Center Enterprise supports the notification method of DingTalk chatbots. If you use the Basic, Basic Anti-Virus, or Advanced edition, you must upgrade Security Center to the Enterprise edition before you can receive notifications from DingTalk chatbots.

Notification items

Item Notification frequency Notify at Notification method Description
Vulnerabilities Every seven days. 08:00 to 20:00 Email Security Center sends you a report on unhandled vulnerabilities of your servers every seven days. The report includes the number of unhandled vulnerabilities on your assets and suggestions to fix the vulnerabilities.
Baseline risks Every seven days. 08:00 to 20:00

Text message

Email

Internal message

Security Center sends you a report on unhandled baseline risks every seven days. The report includes the number of unhandled baseline risks on your assets.
Alerts Real-time notification. Notifications can be sent in one of the following periods:
  • All day
  • 08:00 to 20:00

Text message

Email

Internal message

Security Center sends you notifications when an alert is generated. A maximum of five notifications can be sent per day. Up to one notification can be sent for each server per day.
Alerts generated for precisely blocked threats Real-time notification. Notifications can be sent in one of the following periods:
  • All day
  • 08:00 to 20:00

Text message

Email

Internal message

Security Center sends you notifications when an alert is generated for the threat that is precisely blocked. No limits are imposed on the number of notifications.
AccessKey pair leaks Real-time notification. Notifications can be sent in one of the following periods:
  • All day
  • 08:00 to 20:00

Text message

Email

Internal message

Security Center sends you notifications when an AccessKey pair leak is detected. No limits are imposed on the number of notifications.
Configuration risks of Alibaba Cloud services Real-time notification. 08:00 to 20:00

Text message

Email

Internal message

Security Center sends you notifications when a configuration risk is detected. No limits are imposed on the number of notifications.
Urgent vulnerabilities Real-time notification. 08:00 to 20:00

Text message

Email

Internal message

Security Center sends you notifications when an unhandled urgent vulnerability is detected. No limits are imposed on the number of notifications.
Tampered web pages Real-time notification. Notifications can be sent in one of the following periods:
  • All day
  • 08:00 to 20:00

Text message

Email

Internal message

Security Center sends you notifications when a web page is tampered with. A maximum of five notifications can be sent per day.
Alerts generated by the container firewall feature Real-time notification. Notifications can be sent in one of the following periods:
  • All day
  • 08:00 to 20:00
Email If you set the protection mode of the container firewall feature to Alert, Security Center sends you notifications when unauthorized network behavior is detected. A maximum of 100 notifications can be sent per day.
Proactive defense implemented by the container firewall feature Real-time notification. Notifications can be sent in one of the following periods:
  • All day
  • 08:00 to 20:00
Email If you set the protection mode of the container firewall feature to Intercept, Security Center intercepts unauthorized network behavior and sends you notifications. A maximum of 100 notifications can be sent per day.
Blocked brute-force attacks initiated by malicious IP addresses Real-time notification. Notifications can be sent in one of the following periods:
  • All day
  • 08:00 to 20:00
Email Security Center sends you notifications by email when brute-force attacks initiated by malicious IP addresses are blocked. No limits are imposed on the number of notifications.
Virus scan The notification frequency is based on the scan cycle of viruses. Notifications can be sent in one of the following periods:
  • All day
  • 08:00 to 20:00

Text message

Email

Internal message

Security Center sends you notifications about virus scan results after the virus scan is complete. Security Center scans for viruses based on the scan cycle that you specify on the Virus Defense page.
Excess logs Every two days. Notifications can be sent in one of the following periods:
  • All day
  • 08:00 to 20:00

Text message

Email

Internal message

Security Center sends you notifications when the log size exceeds 90% of the purchased log storage capacity. The notifications are sent every two days.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. On the Settings page, click the Notifications tab.
  4. On the Notifications tab, configure the following parameters for the required items based on your business requirements: Notify At, Severity, and Notify By.
    To modify the alert contact, click You can click configure security message recipients to go to the Common Settings page. Find Security Notice and click Modify in the Contact column. For more information, see How do I modify the alert contacts that receive notifications?
    Note
    • The new settings on the Common Settings page immediately take effect.
    • If you select multiple notification methods, Security Center sends you notifications by using all the methods you selected at the same time.
  5. Optional:Add a DingTalk chatbot.
    Note
    • Only Security Center Enterprise supports the notification method of DingTalk chatbots. If you use the Basic, Basic Anti-Virus, or Advanced edition, you must upgrade Security Center to the Enterprise edition before you can receive notifications from DingTalk chatbots.
    • Before you add a DingTalk chatbot, make sure that you have installed DingTalk and created a DingTalk group.

    If you have installed DingTalk and created a DingTalk group, you can perform the following operations to add a DingTalk chatbot to send alert notifications:

    1. Find the DingTalk group to which you want to add a chatbot and click Group Settings in the upper-right corner. In the Group Settings panel, click Group Assistant. Then, click Add Robot. In the ChatBot dialog box, click Custom. In the Robot details dialog box, click Add. Add a DingTalk chatbot
    2. Configure the DingTalk chatbot.
      Note When you add the chatbot, select Custom Keywords for Security Settings, and enter Security Center in the Custom Keywords field. Do not select Additional Signature or IP Address.
      Configure the parameters
    3. Copy the URL in the Webhook field and click Finished.
    4. Log on to the Security Center console. In the left-side navigation pane, click Settings. In the DingTalk Chatbot Notification Settings section of the Notifications tab, click Add Chatbot.
    5. In the Add DingTalk Chatbot panel, configure the parameters. 4
      Parameter Description Configuration
      Chatbot Name The name of the chatbot. We recommend that you enter an informative name.
      Webhook URL The webhook URL of the chatbot. Find the webhook URL of the chatbot in the required DingTalk group, copy the webhook URL, and then paste the URL in the Webhook URL field.
      Notice Keep the webhook URL confidential. If the webhook URL is leaked, risks may arise.
      Asset Groups The asset group for which you want to send notifications. You can select an asset group that is created on the Assets page. After you specify the asset group, the DingTalk chatbot sends you notifications that are related to the assets in the asset group. Select an asset group from the drop-down list.
      Notify On The types of alerts of which you want to receive notifications. Select the alert types from the drop-down list.
      Note Supported alert types include vulnerabilities, baseline risks, alerts, and AccessKey pair leaks.
      Notification Interval The time interval at which the DingTalk chatbot sends notifications. Valid values are 1 Minute, 5 Minutes, 10 Minutes, 30 Minutes, and No Limit. If you select No Limit, a notification is sent each time an alert is detected.
      Note If you select No Limit, a maximum of 20 notifications can be sent to the webhook URL in one minute.
      Select a time interval from the drop-down list.
      Language The language of the notification. Valid values: English and Chinese. Select a language from the drop-down list.
    6. Click Add.
      By default, a newly added DingTalk chatbot is in the enabled state.
      Note
      • After you add the DingTalk chatbot, click Test in the Actions column to check whether the chatbot is associated with the DingTalk group.
      • You can modify or delete the DingTalk chatbot. After you delete the chatbot, you can no longer receive notifications from the DingTalk group. However, you can still receive notifications by using other methods that you specify, such as text messages, emails, or internal messages.
      After you complete the preceding steps, Security Center sends you notifications based on your configuration.