Security Center can send you notifications by using text messages, emails, internal messages, or DingTalk chatbots. You can configure notification settings for items such as weekly security reports, baseline risks, and web pages that are tampered with. This topic describes how to configure the notification settings of Security Center.
Background Information
By default, the contact that receives notifications is the contact of your Alibaba Cloud account. You can modify the notification contact. For more information, see How do I modify the contacts that receive alert notifications?
Only the Enterprise and Ultimate editions of Security Center support the notification method of DingTalk chatbots.
Supported notification items
Configure notification settings on the Text Message/Email/Internal Message tab
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose .
On the Text Message/Email/Internal Message tab of the Notification Settings page, configure the following parameters for the required items based on your business requirements: Notify At, Severity, and Notify By.
You can modify the notification contact. For more information, see How do I modify the contacts that receive alert notifications?
NoteThe settings that you configure on the Text Message/Email/Internal Message tab immediately take effect.
If you select multiple notification methods, Security Center sends notifications by using all the selected methods at the same time.
Configure notification settings on the DingTalk Robot tab
After you configure the notification method of DingTalk chatbots, you can receive notifications for threats that are identified by Security Center in the specified DingTalk group in real time.
Prerequisites
DingTalk is installed, and a DingTalk group is created to receive notifications.
Procedure
Create a DingTalk chatbot in the DingTalk group.
ImportantThe operations described in this section are only for your reference. When you create a chatbot, follow the instructions that are displayed on your DingTalk.
Find the DingTalk group in which you want to create a chatbot and click Group Settings in the upper-right corner. In the Group Settings panel, click Group Assistant. Then, click Add Robot. In the ChatBot dialog box, click Custom. In the Robot details dialog box, click Add.
Configure the DingTalk chatbot.
Select Custom Keywords for Security Settings, and enter Security Center and Security in the Custom Keywords field.
Copy the URL in the Webhook field and click Finished.
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose .
On the DingTalk Chatbot tab of the Notification Settings page, click Add Chatbot.
In the Add DingTalk Chatbot panel, configure the parameters and click Add.
Parameter
Description
Configuration
Chatbot Name
The name of the chatbot.
We recommend that you enter an informative name.
Webhook URL
The webhook URL of the chatbot.
Find the webhook URL of the chatbot in the DingTalk group, copy the webhook URL, and then paste the URL in the Webhook URL field.
ImportantKeep the webhook URL confidential. If the webhook URL is leaked, risks may arise.
Asset Groups
The asset group for which you want to receive notifications. You can select an asset group that is created on the Assets page. After you select the asset group, the DingTalk chatbot sends you notifications that are related to the assets in the asset group.
Select an asset group from the drop-down list.
Notify On
The items for which you want to receive notifications. The following notification items are supported:
Vulnerabilities
Baseline risks
Alerts
AccessKey pair leaks
Alerts generated by cloud honeypot
Alerts generated by application protection
Anti-ransomware
Select the alert types and risk levels from the drop-down list.
Notification Interval
The time interval at which the DingTalk chatbot sends notifications. Valid values are 1 Minute, 5 Minutes, 10 Minutes, 30 Minutes, and No Limit. If you select No Limit, a notification is sent each time an alert is generated.
NoteIf you select No Limit, a maximum of 20 notifications can be sent to the webhook URL in one minute.
Select a time interval from the drop-down list.
Language
The language of the notifications. Valid values: English and Chinese.
Select a language from the drop-down list.
By default, a newly created DingTalk chatbot is in the enabled state.
NoteAfter you create the DingTalk chatbot, click Test in the Actions column to check whether the chatbot is connected to Security Center.
You can modify or delete the DingTalk chatbot. After you delete the chatbot, you can no longer receive notifications in the DingTalk group. However, you can still receive notifications by using other methods that you specify, such as text messages, emails, or internal messages.
After you complete the preceding steps, Security Center sends you notifications based on your configurations.