All Products
Search
Document Center

Security Center:Configure notification settings

Last Updated:Nov 15, 2023

Security Center can send you notifications by using text messages, emails, internal messages, or DingTalk chatbots. You can configure notification settings for items such as weekly security reports, baseline risks, and web pages that are tampered with. This topic describes how to configure the notification settings of Security Center.

Background Information

By default, the contact that receives notifications is the contact of your Alibaba Cloud account. You can modify the notification contact. For more information, see How do I modify the contacts that receive alert notifications?

Only the Enterprise and Ultimate editions of Security Center support the notification method of DingTalk chatbots.

Supported notification items

Item

Notification frequency

Notification time

Notification method

Description

Weekly security reports

Every seven days.

08:00 to 20:00

Email

Security Center sends you a weekly security report of your servers every seven days. The report includes the number of baseline risks, number of unhandled vulnerabilities, suggestions to fix the vulnerabilities, and information about alerts on your assets.

Task execution result in anti-ransomware

Real-time notification.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Text message, email, and internal message

Security Center sends you a notification when an anti-ransomware backup task or restoration task is complete. The notification is sent based on the specified result to notify you of whether the task is successful or fails. The notification is sent in the notification period that you specify.

Baseline risks

Every seven days.

08:00 to 20:00

Text message, email, internal message, and DingTalk chatbot

Security Center sends you a report on unhandled baseline risks every seven days. The report includes the number of unhandled baseline risks on your assets.

Insufficient anti-ransomware capacity

Real-time notification.

08:00 to 20:00

Text message, email, and internal message

Security Center sends you a notification when your anti-ransomware capacity is insufficient.

  • If the usage of your anti-ransomware capacity reaches 100%, a notification is sent in real time.

  • Security Center runs scheduled tasks on a daily basis to check the usage of the anti-ransomware capacity. If the usage of the anti-ransomware capacity reaches the specified threshold, a notification is sent. You can click the image.png icon in the Insufficient Anti-ransomware Capacity section to adjust the threshold.

Insufficient threat analysis log capacity

Real-time notification.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Text message, email, and internal message

Security Center sends you a notification when the size of threat analysis logs exceeds 80% of the purchased storage capacity for threat analysis logs. The notification is sent in the notification period that you specify.

Alerts

Real-time notification.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Text message, email, internal message, and DingTalk chatbot

Note

Security Center Basic supports only internal messages.

Security Center sends you a notification when an alert is generated. A maximum of five notifications can be sent per day. A maximum of one notification can be sent for each server per day.

Alerts generated by the precision defense feature

Real-time notification.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Text message, email, and internal message

Security Center sends you a notification when an alert is generated based on the precise defense feature. A maximum of 2 text messages, 5 internal messages, and 20 emails can be sent per day.

AccessKey pair leaks

Real-time notification.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Text message, email, internal message, and DingTalk chatbot

Security Center sends you a notification when an AccessKey pair leak is detected. A maximum of five notifications can be sent per day.

Configuration risks of Alibaba Cloud services

Every seven days.

08:00 to 20:00

Text message, email, and internal message

Security Center sends you a notification when configuration risks are detected. The notifications are sent every seven days.

Urgent vulnerabilities

Real-time notification.

08:00 to 20:00

Text message, email, and internal message

Security Center sends you a notification when an unfixed urgent vulnerability is detected. A maximum of 10 notifications can be sent per day.

Web pages that are tampered with

Real-time notification.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Text message, email, and internal message

Security Center sends you a notification when it detects that a web page is tampered with. A maximum of five notifications can be sent per day.

Alerts generated by the container firewall feature

Real-time notification.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Email

If you set the protection mode of the container firewall feature to Alert, Security Center sends you a notification when unauthorized network behavior is detected. A maximum of 100 notifications can be sent per day.

Proactive defense activities implemented by the container firewall feature

Real-time notification.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Email

If you set the protection mode of the container firewall feature to Intercept, Security Center intercepts unauthorized network behavior and sends you a notification. A maximum of 100 notifications can be sent per day.

Blocked brute-force attacks initiated from malicious IP addresses

Real-time notification.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Text message, email, and internal message

Security Center sends you a notification when it blocks brute-force attacks initiated from malicious IP addresses. A maximum of 10 notifications can be sent per day.

Virus scan results

The notification frequency is based on the scan cycle of viruses.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Text message, email, and internal message

Security Center sends you a notification for virus scan results after a virus scan is complete. Security Center scans for viruses based on the scan cycle that you specify.

Excess logs

Every two days.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Text message, email, and internal message

Security Center sends you a notification when the log size exceeds the specified threshold based on the purchased log storage capacity. The notification is sent every two days.

You can click the image.png icon in the Log excess section to adjust the threshold.

Alerts generated by the cloud honeypot feature

Real-time notification.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Text message, email, internal message, and DingTalk chatbot

Security Center sends you a notification when an alert is generated by the cloud honeypot feature. A maximum of five notifications can be sent per day.

Alerts generated by the application protection feature

Real-time notification.

Notifications can be sent in one of the following periods:

  • All day

  • 08:00 to 20:00

Text message, email, internal message, and DingTalk chatbot

Security Center sends you a notification when an alert is generated by the application protection feature. A maximum of 10 emails, 10 internal messages, or 5 text messages can be sent per day.

Configure notification settings on the Text Message/Email/Internal Message tab

  1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.

  2. In the left-side navigation pane, choose System Configuration > Notification Settings.

  3. On the Text Message/Email/Internal Message tab of the Notification Settings page, configure the following parameters for the required items based on your business requirements: Notify At, Severity, and Notify By.

    You can modify the notification contact. For more information, see How do I modify the contacts that receive alert notifications?

    Note
    • The settings that you configure on the Text Message/Email/Internal Message tab immediately take effect.

    • If you select multiple notification methods, Security Center sends notifications by using all the selected methods at the same time.

Configure notification settings on the DingTalk Robot tab

After you configure the notification method of DingTalk chatbots, you can receive notifications for threats that are identified by Security Center in the specified DingTalk group in real time.

Prerequisites

DingTalk is installed, and a DingTalk group is created to receive notifications.

Procedure

  1. Create a DingTalk chatbot in the DingTalk group.

    Important

    The operations described in this section are only for your reference. When you create a chatbot, follow the instructions that are displayed on your DingTalk.

    1. Find the DingTalk group in which you want to create a chatbot and click Group Settings in the upper-right corner. In the Group Settings panel, click Group Assistant. Then, click Add Robot. In the ChatBot dialog box, click Custom. In the Robot details dialog box, click Add.

    2. Configure the DingTalk chatbot.

      Select Custom Keywords for Security Settings, and enter Security Center and Security in the Custom Keywords field. 设置云安全钟通知机器人参数

    3. Copy the URL in the Webhook field and click Finished. 完成添加云安全中心钉钉群机器人

  2. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.

  3. In the left-side navigation pane, choose System Configuration > Notification Settings.

  4. On the DingTalk Chatbot tab of the Notification Settings page, click Add Chatbot.

  5. In the Add DingTalk Chatbot panel, configure the parameters and click Add.

    Parameter

    Description

    Configuration

    Chatbot Name

    The name of the chatbot.

    We recommend that you enter an informative name.

    Webhook URL

    The webhook URL of the chatbot.

    Find the webhook URL of the chatbot in the DingTalk group, copy the webhook URL, and then paste the URL in the Webhook URL field.

    Important

    Keep the webhook URL confidential. If the webhook URL is leaked, risks may arise.

    Asset Groups

    The asset group for which you want to receive notifications. You can select an asset group that is created on the Assets page. After you select the asset group, the DingTalk chatbot sends you notifications that are related to the assets in the asset group.

    Select an asset group from the drop-down list.

    Notify On

    The items for which you want to receive notifications. The following notification items are supported:

    • Vulnerabilities

    • Baseline risks

    • Alerts

    • AccessKey pair leaks

    • Alerts generated by cloud honeypot

    • Alerts generated by application protection

    • Anti-ransomware

    Select the alert types and risk levels from the drop-down list.

    Notification Interval

    The time interval at which the DingTalk chatbot sends notifications. Valid values are 1 Minute, 5 Minutes, 10 Minutes, 30 Minutes, and No Limit. If you select No Limit, a notification is sent each time an alert is generated.

    Note

    If you select No Limit, a maximum of 20 notifications can be sent to the webhook URL in one minute.

    Select a time interval from the drop-down list.

    Language

    The language of the notifications. Valid values: English and Chinese.

    Select a language from the drop-down list.

    By default, a newly created DingTalk chatbot is in the enabled state.

    Note
    • After you create the DingTalk chatbot, click Test in the Actions column to check whether the chatbot is connected to Security Center.

    • You can modify or delete the DingTalk chatbot. After you delete the chatbot, you can no longer receive notifications in the DingTalk group. However, you can still receive notifications by using other methods that you specify, such as text messages, emails, or internal messages.

    After you complete the preceding steps, Security Center sends you notifications based on your configurations.