All Products
Search
Document Center

Security Center:Configure alert settings

Last Updated:Jun 08, 2023

In the Security Center console, you can manage your web directories that you want Security Center to scan and alert handling rules that are generated for alerts added to the whitelist in the Settings panel of the Alerts page. This allows you to create finer-grained protection rules and manage the rules in a centralized manner. You can use the rules to identify the security risks in your assets at the earliest opportunity and monitor the security status of your assets in real time. This topic describes how to manage custom web directories and alert handling rules.

Background information

The entry points to configure logon settings and protection rules are moved to Protection Configuration > Host Protection > Rule Management. The logon settings include approved logon locations, approved logon IP addresses, approved logon time ranges, and approved logon accounts. The protection rules include defense rules against brute-force attacks and IP address blocking policies.

Limits

All editions of Security Center support this feature. For more information about the features that each edition supports, see Functions and features.

Specify custom web directories to scan

Security Center automatically scans the web directories of your server and runs dynamic and static scan tasks. You can also specify the web directories to scan. If suspicious connections are established by using known webshells, Security Center intercepts the connections and generates alerts. The alerts are displayed in the alert list of the Alerts page.

  1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to protect. The following regions are supported: China and Outside China.

  2. In the left-side navigation pane, choose Detection and Response > Alerts.

  3. On the Alerts page, click Settings in the upper-right corner. In the panel that appears, click the Web Directory Definition tab.

  4. Click Management to the right of the Add Scan Targets section.

  5. Specify a commonly used web directory and select the servers on which the specified web directory is scanned.

    Note

    To ensure the scan performance and efficiency, we recommend that you do not specify a root directory.

  6. Click OK.

Manage alert handling rules

If you add an alert to the whitelist, an alert handling rule is created and displayed in the list of alert handling rules of the Settings panel. You can modify or delete the alert handling rule in the Settings panel.

  1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to protect. The following regions are supported: China and Outside China.

  2. In the left-side navigation pane, choose Detection and Response > Alerts.

  3. On the Alerts page, click Settings in the upper-right corner.

  4. In the Settings panel, click the Alert Handling Rule tab.

  5. In the Alert Handling Rule section, modify or delete an alert handling rule.

    • Modify an alert handling rule

      1. Find the rule that you want to modify and click Edit in the Actions column.

      2. In the Edit Rule panel, add or remove the servers on which the alert rule takes effect.

      3. Click OK. The rule is modified.

    • Delete an alert handling rule

      1. Find the rule that you want to delete and click Delete in the Actions column.

      2. In the message that appears, click OK. The rule is deleted.