Alibaba Cloud Security Center provides Elastic Compute Service (ECS) with basic security services such as suspicious logon detection, vulnerability scan, and baseline check. You can check the security status of your ECS instances in the ECS console or the Security Center console.
Background information
Alibaba Cloud Security Center collects and virtualizes security logs and fingerprints of ECS assets. Basic security services such as vulnerability detection, security alerts, and baseline check are provided free of charge. You can view security information about ECS assets on the Overview page of the ECS console or in the Security Center console. For more information, see What is Security Center?.
- If you use the Security Center Basic Edition, basic security services for ECS are provided free of charge.
- If you want to upgrade to Security Center Advanced or Enterprise Edition, log on to the Security Center console for a free trial or purchase of Security Center Advanced or Enterprise Edition. For more information about the billing methods of Security Center Advanced Edition and Enterprise Edition, see Billing in Security Center documentation.
Use the Security Center agent
The Security Center agent is a lightweight security control that can be installed on ECS instances. If the Security Center agent is not installed on your ECS instance, your ECS instance is not protected by the Security Center. The security data of the instance, such as vulnerabilities, alerts, baseline vulnerabilities, and asset fingerprints, is not displayed in the ECS console. For more information about the installation paths of the Security Center agent, see Overview of the Security Center agent.
- Have the Security Center agent automatically installed when you create an ECS instance.
- Log on to the ECS console.
- In the left-side navigation pane, choose .
- In the top navigation bar, select a region.
- When you create an ECS instance, select Security Hardening in the Image section. The system installs the Security Center agent on the ECS instance. For more
information, see Create an instance by using the wizard.
Note If you call the RunInstances operation to create an ECS instance, you can also have the Security Center agent automatically installed on the instance by settingSecurityEnhancementStrategy
to Active. - Manually install the Security Center agent on an existing ECS instance.
- Log on to the ECS console.
- On the Overview page, click Handle in the Security Status section to go to the Security Center console.
- Install the Security Center agent. For more information, see Install the Security Center agent in Security Center documentation.
- Uninstall the Security Center agent
- Log on to the ECS console.
- On the Overview page, click Handle in the Security Status section to go to the Security Center console.
- Uninstall the Security Center agent. For more information, see Uninstall the Security Center agent in Security Center documentation.
Check the security status of your ECS instance
Perform the following steps to check the security status of your ECS instance.
Set alert notifications
Basic security services allow you to configure alert notifications for security alert items. The alert notifications can be sent by text messages, emails, or internal messages. Perform the following steps to configure alert notifications.