View the security status of assets - Security Center - Alibaba Cloud Documentation Center

The Security Center provides an overview of your cloud assets’ security operations, including asset status, assessment results, and real-time monitoring alerts.

Data overview

The Overview page of the Security Center console presents security data for cloud assets across China and global data centers, covering multiple aspects such as security score, risks, operational trends, and asset information. It also offers quick access to product upgrades, renewals, and asset expansion for unified security management.

Section		Description	Supported operations
① Security Score		Displays your asset security score and management statistics, including fixed vulnerabilities, baseline risks, and resolved alerts.	Click the security score value to handle related risks or security alerts in the Security Score Details panel. Custom Security Score: Default deduction values are set for each scoring item. You can customize these based on your business priorities. Click Security Score Description to view detailed information about the security score.
② Asset Overview		Displays details about your subscription or pay-as-you-go Security Center instance, including configuration settings, expiration date, and statistics for protected assets. Note The information shown may vary by Security Center edition.	Asset Overview In the Total Assets area, click the asset count to view details on the Host page. For more information, see Server assets. In the Agent Not Installed area, click Install to install the Security Center client for unprotected assets, or click Scan to go to the Agentless Detection page to create a scan task. Subscription Security Center supports operations such as Try Now, Buy Now, Upgrade Now, and Renew. Choose the appropriate operation based on your needs: Apply for a 7-day free trial Purchase Security Center Upgrade and downgrade Security Center Renew the subscription to Security Center After purchasing a subscription of Anti-virus, Advanced, Enterprise, or Ultimate edition, click Manage in the Protected Servers area to bind Security Center edition to specific servers. For more information, see Manage quotas. When Anti-ransomware or Log Analysis capacity is less than 20%, an alert will be triggered. You can hover over the icon and click Scale Out to purchase additional anti-ransomware or log storage. Pay-as-you-go Click Activate or Deactivate to enable or disable all pay-as-you-go items. Click View Bills to check your bill details in the Billing and Cost Management console. Click Learn More to understand pay-as-you-go billing details. Shows the current status of each pay-as-you-go item. Click the icon to quickly enable or disable the services. For more details about the services, see: Host and container security Vulnerability fixing Cloud Security Posture Management (CSPM) Cloud Threat Detection and Response (CTDR) Agentless detection Serverless security


③ Security Operations	Risk Governance	Provides statistics on security risks for cloud assets, including urgent vulnerabilities, application and system vulnerabilities, weak passwords, cloud and host baseline risks, API security risks, and data security risks. It also highlights unconfigured security services, reminders for key configuration functions, and services nearing expiration. Note The displayed risks may vary by Security Center edition, as different editions support different detection features.	Click Quick Check, and select Detect Now in the dialog box to perform a comprehensive risk detection. Click the number of Unhandled Urgent Vulnerability to view and handle vulnerabilities. Click the number of Unhandled Weak Password to view and handle baseline risks. Click the statistics for Unhandled Cloud Service Baseline Risks, Unhandled Application Vulnerability, Core Feature Configurations, Unhandled Weak Password, select specific risk items in the corresponding panel, and click Handle Now to go to the risk handling page, view the specific risk list, and fix the issues based on the provided risk details or fixing solutions. Note Please refer to the relevant Security Center documentation for different risk alerts and handle the alerts promptly.
	Security Protection	Displays real-time blocked attacks, including counts for DDoS traffic scrubbing attacks, Web Application Firewall attacks, Cloud Firewall attacks, host defenses from Security Center, and security risk interceptions from ID Verification.	Click the statistics in each area, select specific risk items, and Handle Now.
	Security Response	Displays security alert-related risks that require prompt attention to minimize potential losses, including unhandled emergency alerts, reminder alerts, and suspicious alerts.	Click the statistics in the Pending Alerts area, select specific risk items, and Handle Now. For more information, see View and handle alerts.
④ Security Operations Trend		Displays security operation trends, including the trends in hosts, containers, total cloud services, and risky assets.	In the upper-right corner of Security Operations Trend, click Create Report or View Report to view specific information on the security report page.
⑤ Quick Help		Offers convenient links for quick access to key information and resources related to Security Center.	What is Security Center Getting started Data overview Features
⑥ Release Notes		Displays recent optimizations and feature releases.	Click View More for additional product updates.

Security score

The Security Center's security score employs a comprehensive assessment mechanism utilizing data from China and global data centers. It calculates a dynamic deduction based on the real-time security status of cloud assets (including alert events and configuration defects), resulting in a health index ranging from 0 to 100. Higher scores indicate better security, reflecting existing vulnerabilities and the extent of remediation efforts.

Improve security score

The risk levels of cloud assets are classified as high risk (below 69), medium risk (70-84), at risk (85-94), and secure (95-100). To enhance the security of cloud assets, we recommend that you handle risk alerts promptly to improve your security score.

In the Security Score module, click the security score value.
In the Security Score Details panel, view specific deduction items, click Handle Now next to any deduction item to access the corresponding risk handling page. Here, you can view the specific risk list and resolve issues using the provided risk details or solutions.

Note

The risks displayed in the panel may differ depending on your Security Center edition, as various editions support different risk detection features.
The Security Score Details panel integrates all pending items from Risk Governance, Security Response, and Security Protection. You can also combine the classification in the Security Operations section with priorities for handling events in the security score to handle alerts effectively.

Custom security score

Security Center provides default deduction values for each scoring item, which you can customize based on your business priorities.

In the upper-right corner of the Security Score section, click Custom Security Score.
In the Custom Security Score panel, set the deduction value for each configuration item, and then click OK.
- The security score deduction module includes Core Feature Configurations, Unhandled Alerts, Unfixed Vulnerabilities. The deduction threshold for each module ranges from 0 to 100 points, and the total of all module deduction thresholds cannot exceed 100 points.
- Each deduction module contains various deduction items, with values ranging from 0 to the module's deduction threshold. The sum of all item values within a module must not exceed that module's threshold.
Note
If you have previously modified and saved security score settings, the Custom Security Score panel will display the Restore to Default Settings option. Click this option to restore the deduction values to the system default settings.

FAQ

What are the priorities for handling events in the Security Score section?

The table below outlines the priorities for handling security events in the Security Score section, with lower numbers indicating higher priority:

Priority	Event
1	Configure or enable core features. Enable web tamper proofing. Configure rules to protect against brute-force attacks. Authorize one-click installation of the Security Center client. Authorize CSPM. Enable log analysis. Enable malicious host behavior defense. Create an anti-ransomware policy. Enable periodic virus detection. Specify the container images that can be scanned. Enable Kubernetes threat detection.
2	Handle AccessKey pair leaks.
3	Handle configuration risks in cloud services.
4	Handle baseline risks.
5	Handle security alerts.
6	Fix vulnerabilities.

What is the relation between modifying vulnerability level and improving security score?

If your focus is on addressing high and medium-risk vulnerabilities while disregarding low-risk ones, you can adjust the vulnerability level to exclude low-risk vulnerabilities from the scoring range, potentially enhancing your security score.

You can go to the Risk Governance > Vulnerabilities page, click Vulnerability Settings in the upper-right corner and set the Vulnerability Scan Level in the panel. For more information, see Scan for vulnerabilities.

What is the relation between modifying baseline level and improving security score?

If your focus is on addressing high and medium-risk baselines while disregarding low-risk ones, you can adjust the baseline level to exclude low-risk baselines from the scoring range.

You can click Policy Management in the upper-right corner of the Risk Governance > CSPM page, and select Baseline Check Policy > Baseline Check Level. For specific operations, see Baseline check.