Subscribe to security assessment and security posture reports for cloud assets - Security Center

Security Center offers risk assessment tools that summarize asset risk status, security posture, and remediation progress. Its security report feature lets you customize the data you need and automatically email reports to relevant security personnel for effective real-time monitoring.

Limits on versions

Purchase a subscription instance: This feature is available only for Alibaba Cloud accounts that have purchased the Pro, Enterprise, or Ultimate edition and have attached the Pro, Enterprise, or Ultimate edition authorization to servers.
Enable the pay-as-you-go feature: This feature is available only for servers that have attached the Pro, Enterprise, or Ultimate edition authorization.

Limits

You can manually create up to 10 security reports in each region (China or Outside China). Quotas are calculated separately for China and Outside China, allowing a total of 20 security reports.
Each security report can be sent to up to 10 email addresses.

Procedure

Follow this procedure to easily create and manage security reports.

Step 1: Create a security report

1. Configure basic information

Log on to the Security Center console. In the upper-left corner of the console, select the region where your assets are located: China or Outside China.
In the left navigation bar, select System Configuration > Security Report.
On the Security Report page, click Create Security Report.

On the Configure Basic Information wizard page, configure the basic information for the security report based on the following table. After you complete the configuration, click Next to specify report data.

Parameter	Description
Report Name	The name of the security report.
Report Scope	The assets on which security statistics are collected for the security report. Valid values: Single Account, Multiple Accounts, and Multiple Groups. Single Account: To view statistics only on assets that belong to the current account, select this option. Multiple Accounts: To view statistics for assets across accounts, select this option. You must specify up to 30 accounts in the Accounts parameter. The system will collect statistics for all assets in the specified accounts. Important The Multiple Accounts option is available only to the administrator for whom the multi-account management feature is enabled and configured. Multiple Groups: To view statistics for assets in specific groups, select this option. You can specify up to 30 groups in the Report Group parameter. The system updates asset statistics for these groups the day after the group configuration is applied.
Data Collection Period	Periodic report: Automatically sends security reports based on the specified period. You can select Last Day, Last Week, Last Month, Last Year, or Custom Days. Custom report: Supports only Custom Time Range. You do not need to set a sending time. You need to manually publish security reports with custom periods. Note For periodic reports, Security Center sends a report email to recipients once daily. Even if you modify the Sent At parameter, the change will take effect the next day. For custom reports, click Send Now on the security report card on the Security Report page to manually send the security report to recipients.
Language	The report language. Valid values: Simplified Chinese and English. Note The exported HTML report, PDF report, and email will be displayed in the language you select.
Sent At	The time at which the security report is sent to the specified email address. The report will be sent within 2 hours after the time you set. The actual sending time may vary due to scheduling.
Recipient	The email address to which the security report is sent. You can enter up to 10 email addresses. Note No Alibaba Cloud account is required for an email address or a recipient to receive a security report. Only verified email addresses can receive security reports. Security Center sends a verification email to the email address. The recipient of the email must follow the instructions in the email to complete verification.
Sticky	Specifies whether to stick the current security report to the top of the security report list and prioritize the report in the Security Operations Trend section on the Overview page. Note You can pin only one security report on the Security Report page. To replace a pinned report, you must first change the pin status of the currently pinned security report to No.

2. Specify report data

On the Specify Report Data wizard page, select the data you want to include in the security report.
In this step, choose items that meet your security management needs and the requirements of different roles and scenarios. The supported items are listed below:
- Multi-account ranking metrics: Available only when Multiple Accounts is selected in the Configure Basic Information step. It provides comparison data and rankings for each account in a multi-account environment. This helps you identify risky accounts and manage account security centrally.
  Note
  This metric is displayed only when Report Scope is set to Multiple Accounts.
- Overall operations metrics: Provides an overview of the security status and details of core security functions. It is designed for senior managers to oversee and manage business security.
  Note
  This metric is displayed only when Report Scope is set to Single Account or Multiple Groups.
- Asset operations metrics: Shows an overview of business asset status and trends for at-risk assets. It facilitates asset management and priority classification.
- Security alert operations metrics: Provides details on alert handling, allowing you to monitor and analyze alert trends and evaluate threat detection and response capabilities. It is designed for security operations personnel to oversee alerts and improve alert handling processes.
- Vulnerability operations metrics: Provides an overview of system vulnerability status, allowing you to monitor the progress and efficiency of vulnerability fixes and effectively manage vulnerabilities. It is designed for IT O&M and security teams to address vulnerabilities and reduce potential security risks.
- Baseline operations metrics: Monitors the system's compliance status and adherence to baseline settings, helping maintain the system's configuration security.
- Cloud service operations metrics: Summarizes the security status of cloud platform configurations and tracks changes in configurations and their responses.
- Attack analysis operations metrics: Used to analyze and evaluate potential or actual security attacks to help you effectively identify security risks.
- Application protection operations metrics: Mainly focuses on the protection overview, attack trends, and changes in applications. Understand common methods of application attacks to effectively enhance application protection capabilities.
- Tamper-proofing operations metrics: Provides an overview of web tamper-proofing risks and the trend of monitoring events. Helps users identify and respond to tampering risks in a timely manner.
- Cloud honeypot operations metrics: Monitors the honeypot system to understand attack trends and response effectiveness, enhancing understanding of threat intelligence.
- AccessKey pair leak operations metrics: Detects AccessKey pair usage and potential leak risks.
  Note
  This metric is displayed only when Report Scope is set to Single Account or Multiple Groups.
- LLM operations metrics: Combines large amounts of data analysis to provide LLM-based security recommendations, helping users optimize security policies.
Click Save Report Data to complete this step. After creation, the report is enabled by default.

Step 2: Manage security reports

You can manage security reports as needed. The following operations are available:

Stop automatic sending of security reports
By default, automatic sending is enabled for newly created reports. If you no longer need to receive the security report, you can click the icon on the security report card.
Edit a security report
You can click Edit on the security report card to modify the basic information and data of the security report.
Clone a security report
You can click Clone on the security report card or click the More icon and select Clone to copy a security report.
Export a security report
You can click Export on the security report card and select an export format to export the security report in HTML or PDF format.
Send now
For custom reports, you can click Send Now on the security report card to manually send the security report to Report Email Recipients.
Delete a security report
You can click the More icon on the security report card and select Delete to delete the security report.
Important
- Deleted reports cannot be recovered.
- You cannot delete the default security report.

References

After you receive a security report that notifies you of risks on your assets, we recommend that you check the security status of your assets and handle the risks at the earliest opportunity.

For information about security scores and how to improve them, see Security score.
For information about how to view and handle security alerts, see View and handle security alerts.
For information about how to view and handle Linux, Windows, and other vulnerabilities, see View and handle vulnerabilities.
For information about how to view baseline check results and handle related risks, see Baseline risk check.
For information about how to configure scan policies for cloud security posture management (CSPM) and handle related risks, see Set and apply check policies.
For information about how to view and handle cloud honeypot alerts, see View and handle alert events.
For information about how to view and handle application protection attack alerts, see Handle attack alerts.
For information about how to handle web tamper-proofing alert events, see Web tamper-proofing.
For information about how to view and handle AccessKey pair leak events, see Detection of AccessKey pair leaks.