All Products
Search

This Product

    Security Center:Configure alert settings

    Document Center

    Security Center:Configure alert settings

    Last Updated:Nov 24, 2023

    In the Security Center console, you can manage your web directories that you want Security Center to scan and alert handling rules that are generated for alerts added to the whitelist in the Settings panel of the Alerts page. This allows you to create finer-grained protection rules and manage the rules in a centralized manner. You can use the rules to identify the security risks in your assets at the earliest opportunity and monitor the security status of your assets in real time. This topic describes how to manage custom web directories and alert handling rules.

    Limits

    All editions of Security Center support this feature. For more information about the features that are supported by each edition, see Functions and features.

    Specify custom web directories to scan

    Security Center automatically scans the web directories of your server and runs dynamic and static scan tasks. You can also specify the web directories to scan. If suspicious connections are established by using known webshells, Security Center intercepts the connections and generates alerts. The alerts are displayed in the alert list of the Alerts page.

    1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.

    2. In the left-side navigation pane, choose Detection and Response > Alerts.

    3. On the Alerts page, click Settings in the upper-right corner. In the panel that appears, click the Web Directory Definition tab.

    4. In the Web Directory Definition section, click Manage in the right corner.

    5. Specify a commonly used web directory and select the servers on which the specified web directory is scanned.

      Note

      To ensure the scan performance and efficiency, we recommend that you do not specify a root directory.

    6. Click OK.

    Manage alert handling rules

    If you add an alert to the whitelist, an alert handling rule is created and displayed on the Alert Handling Rule tab of the Settings panel. You can modify or delete the alert handling rule in the Settings panel.

    1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.

    2. In the left-side navigation pane, choose Detection and Response > Alerts.

    3. On the Alerts page, click Settings in the upper-right corner.

    4. In the Settings panel, click the Alert Handling Rule tab.

    5. In the Alert Handling Rule section, Edit or Delete an alert handling rule.

      • Edit an alert handling rule

        1. Find the rule that you want to modify and click Edit in the Actions column.

        2. In the Edit Rule panel, add or remove the servers on which the alert rule takes effect.

        3. Click OK.

      • Delete an alert handling rule

        1. Find the rule that you want to delete and click Remove in the Actions column.

        2. In the message that appears, click OK.

    Brute-force attacks protection and approved logon management

    Security Center supports features such as brute-force attacks protection, approved logon locations, and logon IP address management. This helps you protect against brute-force attacks and monitor logons. For more information, see Use the host-specific rule management feature.