After you add servers to Security Center, manage them on the Server tab of the Host page. From there, sync asset information, view server details, organize servers into groups, set asset importance, assign tags, and change protection status.
Prerequisites
Before you begin, ensure that you have:
Logged on to the Security Center console
At least one server added to Security Center
Synchronize latest assets
Security Center automatically syncs asset information every minute for servers where the client is installed. If you just installed the client, trigger a manual sync so that your new servers appear in the list immediately.
In the navigation pane, choose Assets > Host. In the upper-left corner, select China or Outside China.
On the Host page, click the Server tab, then click Synchronize Assets.
Security Center pulls the latest server information and refreshes the list.
The sync takes about one minute to complete.
Add multi-cloud assets
Security Center can protect servers not deployed on Alibaba Cloud, including third-party cloud servers and servers in data centers (IDCs). The steps vary by server type.
| Server type | Steps |
|---|---|
| Third-party cloud servers (e.g., Tencent Cloud, Amazon Web Services) | 1. In the navigation pane, choose Assets > Host. Select Chinese Mainland or Outside Chinese Mainland. <br>2. In the Add Multi-cloud Asset area, hover over the vendor icon and click Add. <br>3. In the Add Assets Outside Cloud panel, complete the configuration. For details, see Add cloud assets using the AccessKey pair of a third-party account. |
| IDC servers | 1. In the navigation pane, choose Assets > Host. Select Chinese Mainland or Outside Chinese Mainland. <br>2. In the Add Multi-cloud Asset area, hover over the  icon and click Add. <br>3. In the Add Assets Outside Cloud panel, complete the configuration. For details, see Add third-party cloud assets. |
| Servers outside Alibaba Cloud | 1. In the navigation pane, choose Assets > Host. Select Chinese Mainland or Outside Chinese Mainland. <br>2. In the Add Multi-cloud Asset area, hover over the  icon and click Install Agent. <br>3. On the Feature Settings page, install the client. For details, see Install the client. |
View server information
In the navigation pane, choose Assets > Host. Select Chinese Mainland or Outside Chinese Mainland.
On the Host page, click the Server tab.
Find a specific server
Use the search bar above the server list to search by Instance Name, Public IP Address, or Private IP Address. The Risk Status column shows whether each server has security risks. Click View in the Actions column to open a server's details page.
The details page contains the following tabs:
| Tab | Contents |
|---|---|
| Basic information | Server ID, region, group, and operating system. Also shows protection status (client self-protection, malicious network behavior defense, web shell connection defense, and malicious host behavior defense), vulnerability scan types, brute-force attack protection rules, and logon security settings. To change the server's group or run a quick diagnostic on an abnormal client, use this tab. |
| Vulnerability Details | Vulnerability scan results for the server. |
| Alert | Security alert information for the server. |
| Asset Fingerprints | Detailed server fingerprint data. Available only on Enterprise or Ultimate subscription editions (with the protection edition set to Enterprise or Ultimate), or with pay-as-you-go Host and Container Security enabled (at the Host Protection or Host and Container Protection level). |
| Agentless Detection | Vulnerability risks, baseline configurations, and security alerts detected without an installed client. |
| CSPM | Cloud service configuration risk checks and system baseline risk check results. Available only when the baseline check feature is enabled. To enable the feature, see Enable the baseline check feature. |
| O&M and Monitoring | Remote O&M via Cloud Assistant (command history, execution results, file transfers) and performance metrics (CPU utilization, memory usage, system load, network traffic, TCP connections). |
If a server's basic information (such as MAC address or kernel version) is missing, go back to the asset list, select the server, and choose More Operations > Asset Collection.
Browse servers by status or category
The left panel groups servers by status and attribute. Click any category to filter the list.
| Category | Servers shown |
|---|---|
| All Servers | All Alibaba Cloud servers and non-Alibaba Cloud servers with the client installed. |
| At Risk | Servers with active security risks: vulnerabilities, CSPM risks, or security alerts. |
| Unprotected | Servers with a client status of Offline or Paused, and a power state of Running or Unknown. Security Center cannot protect these servers. |
| Unauthorized | Servers on the Free Edition (subscription) or Unprotected (pay-as-you-go Host and Container Security). |
| Shutdown | Servers that are shut down. |
| Exposed | Servers that can communicate with the Internet. Requires Enterprise or Ultimate subscription (with the protection edition set to Enterprise or Ultimate), or pay-as-you-go Host and Container Security at the Host Protection or Host and Container Protection level. If these conditions are not met, Unknown is displayed. For details, see Asset exposure analysis. |
| Add | Alibaba Cloud ECS servers purchased in the last 15 days. |
| Server Group | Servers organized by group. Click a group name to see its servers. |
| Server Region | Servers organized by region. |
| VPC | Servers organized by Virtual Private Cloud (VPC). |
| Importance | Servers organized by importance level: Important , Normal, or Test. |
| Tag | Servers organized by tag. |
Filter servers with multiple conditions
Under any category, combine search conditions to narrow the list. The following example filters for Linux servers in the China (Hangzhou) region that have active security alerts:
Click Unprotected in the left panel.
From the search condition drop-down list, set:
OS Type: Linux
Whether Alert Exists: Yes
Region: China (Hangzhou)
For conditions that don't have a drop-down list, select the filter and type the value directly.
Click AND or OR to the left of each condition to set the logical relationship between conditions.
(Optional) Click Save to the right of the conditions to reuse this filter later.
Server not showing up?
If a server doesn't appear in the list:
Verify the console region selector matches where the server is deployed.
If the client was just installed, trigger a manual sync — see Synchronize latest assets.
For non-Alibaba Cloud servers, confirm the client installation completed successfully.
Manage server groups, importance, and tags
Use groups, importance levels, and tags to organize servers for batch operations. When applying features like anti-ransomware, web tamper proofing, baseline checks, and vulnerability scans, target a server group instead of selecting servers one by one.
In the navigation pane, choose Assets > Host. Select Chinese Mainland or Outside Chinese Mainland.
On the Host page, click the Server tab. The Attribute panel on the left contains the Server Group, Importance, and Tag sections.
Manage server groups
Edit or delete a group
Hover over the group name, click the 
icon, and update the name or membership in the Group Management dialog box.
To delete a group, hover over it, click the 
icon, and confirm.
The default group Ungrouped cannot be deleted.
Move servers to a different group
In the Server Group section, click a group name.
Select the servers to move, then click Change Group below the list.
In the Change Group dialog box:
To move to an existing group: set Mode to Move to Existing Group and select a group from the New Group drop-down list.
To create a new group: set Mode to Create Group and enter a name in the New Group field.
Click OK.
You can also select servers directly from the main server list and click Change Group below the list to change their group without first entering a group view.
Manage server importance
Importance levels determine the asset importance factor used when calculating vulnerability fix priority scores. Set core servers to Important so Security Center prioritizes their vulnerability alerts.
| Importance level | Asset importance factor | When to use |
|---|---|---|
| Important | 1.5 | Servers running core services or storing critical data. A compromise has major business impact. |
| Normal | 1 | General-purpose servers that are highly replaceable. Limited impact if compromised. |
| Test | 0.5 | Servers used for testing or with minimal business impact. |
For more details on how importance factors affect scoring, see Vulnerability fix priorities.
Set importance for multiple servers
In the Importance section, click Manage. In the Asset Importance Management dialog box, select an importance level, choose the servers to include, and click OK.
Adjust importance for an existing level
Hover over an importance level (e.g., Important), click the icon, and add or remove servers in the Asset Importance Management dialog box.
Set importance for a single server
In the server list, click the 
icon in the Server Information column, select an importance level, and click OK.
Manage server tags
Tags let you label servers with custom properties and filter the list by those properties.
Create a tag
In the Tag section, click Manage in the upper-right corner. In the Tag Management dialog box, enter a tag name, select the servers to tag, and click OK.
Edit or delete a tag
Hover over the tag, click the icon, and update the name or server membership in the Tag Management dialog box.
To delete a tag, hover over it, click the icon, and confirm in the Message dialog box.
Tag a single server
In the server list, click the icon in the Server Information column, select a tag, and click OK.
A server can have multiple tags. To remove a specific tag from a server, click the
Change the protection status of servers
After the Security Center client is installed on a server, protection is automatically enabled. The Agent column shows the current status:
— The agent is online and the server is protected.
— The agent is offline. Security Center cannot protect this server. Troubleshoot the issue as soon as possible — see Troubleshoot why the Security Center agent is offline.
Disable protection
While protection is disabled, Security Center stops performing vulnerability scans and generating security alerts for the server. Proceed with caution.
Select one or more servers showing the icon, click More Operations, and select Disable Protection. The icon in the Agent column changes to .
Enable protection
Select one or more servers showing the icon, click More Operations, and select Enable Protection.
After enabling protection, the offline icon may still appear if:
The Security Center client is not installed. Install the client — see Install the client. Once installed, Security Center enables protection automatically.
The client is installed but offline. Resolve the offline issue — see Troubleshoot offline clients.
Detach servers not deployed on Alibaba Cloud
If a non-Alibaba Cloud server is shut down and has pending vulnerabilities or alert events, detaching it prevents those unresolved risks from affecting your account's overall security score.
Only non-Alibaba Cloud servers need to be detached. Alibaba Cloud ECS servers remain in the asset list with an offline status even after the client is uninstalled — they are not removed automatically.
After detaching, the server no longer consumes an authorization quota. The released quota can be used for other servers.
If the server was added using an AccessKey pair from a third-party account, detaching it triggers client uninstallation and removes it from Security Center. However, the server is re-synchronized to Security Center at the next sync cycle. The client is not reinstalled automatically.
In the navigation pane, choose Assets > Host. Select Chinese Mainland or Outside Chinese Mainland.
On the Host page, click the Server tab, select the non-Alibaba Cloud server to detach, and choose More Operations > Unbind.
In the Note dialog box, click OK.
After the server is detached, Security Center sends a command to uninstall the client, removes the server from the asset list, and stops protection.
If you prefer to uninstall the client directly without detaching through the console, all client processes and files are removed from the server. To protect the server again in the future, reinstall the client — see Install the client.
Clean up off-cloud host assets
Scheduled cleanup automatically removes offline hosts from the server list after a specified number of idle days, reclaiming authorization quotas and preventing resource waste.
In the navigation pane, choose Assets > Host. Select Chinese Mainland or Outside Chinese Mainland.
In the Add Multi-cloud Asset section, hover over the
icon and click Scheduled Cleanup.In the Scheduled Cleanup dialog box, click the
icon to enable the feature.Under Cleanup Rule, click the
icon and set the number of offline days. Enter an integer from 1 to 30.
Hosts that remain offline longer than the specified period are automatically removed and their authorization quotas reclaimed.