Add and view assets - Web Application Firewall - Alibaba Cloud Documentation Center

You can use the asset center feature of Web Application Firewall (WAF) to identify domain names in and outside Alibaba Cloud and assess risks based on the attack status of the domain names in the cloud. This helps you obtain the overall protection status of your domain names. You can enable protection for high-risk domain names to improve the overall security of your business system.

Step 1: Go to the Asset Center page and authorize WAF to access cloud resources

Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. The region can be Chinese Mainland or Outside Chinese Mainland.
In the left-side navigation pane, click Asset Center.
On the Asset Center page, click Enable for Free. In the Tips message, click OK.
Note
You need to perform this step only once. If you already enabled the asset center feature, skip this step.
- Alibaba Cloud automatically creates the AliyunServiceRoleForWAF service-linked role. You can log on to the Resource Access Management (RAM) console to view the service-linked role. For more information, see View the information about a RAM role.
  After Alibaba Cloud creates the AliyunServiceRoleForWAF service-linked role, your WAF instance can access the resources of the associated cloud services, such as Elastic Compute Service (ECS), Server Load Balancer (SLB), Alibaba Cloud DNS, Alibaba Cloud CDN, Certificate Management Service, and Simple Log Service.
- After you authorize WAF to access cloud resources, WAF automatically identifies domain names within your Alibaba Cloud account and displays the domain names on the Asset Center page.
  Note
  The asset center feature can identify domain names that are hosted on and outside Alibaba Cloud. The domain names that are hosted outside Alibaba Cloud include the domain names mapped to servers that are not deployed on Alibaba Cloud and the domain names of servers that are deployed in data centers.
  By default, the proactive fingerprint detection feature is enabled for accurate identification. The proactive fingerprint detection feature identifies the fingerprints of assets that are added to WAF by using passive traffic learning and proactive detection. Proactive fingerprint detection is performed once every two weeks to obtain comprehensive and accurate detection results. We recommend that you keep the feature enabled.

Step 2: Add a domain name

If your second-level domain name is not in the asset list, you can add the domain name to WAF.

On the Overview tab of the Asset Center page, click the icon in the upper-right corner of the asset list.
In the Add Asset dialog box, enter the domain name of your website and verify the ownership of the domain name.
The first time you add a domain name to WAF, you must verify your ownership of the domain name. You can add the domain name to WAF only after you prove your ownership of the domain name. For more information, see Verify the ownership of a domain name.
Then, click Add.

Step 3: View domain names

On the Asset Center page, view the details of the domain names.

资产中心

Data type

Description

Related operations

Domain name statistics (Figure 1)

The numbers of second-level domain names, subdomains, unprotected subdomains, unprotected high-risk subdomains, unprotected medium-risk subdomains, and unprotected low-risk subdomains within your Alibaba Cloud account. The daily change in the number of subdomains is displayed on the right side of the number of subdomains.

None

Details of domain names (Figure 2)

WAF aggregates the domain names based on the second-level domain names and displays the aggregated domain names in a list. The following list describes the information about each second-level domain name.

Second-level Domain Name: the second-level domain name of the website.
IP Address: the IP address or CNAME of the origin server.
Protected Subdomains: the number of subdomains that are protected by WAF.
Unprotected Subdomains: the number of subdomains that are not protected by WAF, and the numbers of unprotected high-risk subdomains, unprotected medium-risk subdomains, and unprotected low-risk subdomains.

Enter a keyword in the search box above the list of second-level domain names to search for second-level domain names. Fuzzy matching is supported.
In the list of second-level domain names, click the icon to the left of a second-level domain name and filter the subdomains of the second-level domain name by status and risk level. The following list describes the information about each subdomain.
- Subdomain: the subdomain of the website.
- IP Address: the IP address or CNAME of the origin server.
- Fingerprint: the fingerprint information about the origin server, which is obtained based on passive traffic analysis and proactive fingerprint detection.
  After you enable the asset center feature, the proactive fingerprint detection switch is automatically turned on. You can turn on or turn off the switch in the upper-right corner of the domain name list.
- Severity: the risk level of the subdomain. The risk level is obtained based on the attack trend in the cloud within the previous 30 days and threat intelligence data. If the risk level of the subdomain is high, we recommend that you add the subdomain to WAF at the earliest opportunity.
- Status: the protection status of the subdomain. Valid values:
  - Not Added: The subdomain is not added to WAF. You can click Add in the Actions column to add the domain name to WAF. For more information, see Add a domain name to WAF.
  - Added: The subdomain is added to WAF. WAF detects traffic that is destined for the subdomain and protects the subdomain.
You can click Details in the Actions column to view the threat information about the subdomain.
Note
Only subscription WAF instances of the Enterprise or Ultimate edition support this feature.

Step 4: Export domain names

On the Overview tab of the Asset Center page, select the second-level domain names that you want to export and click the icon in the upper-right corner.
On the Export Record tab of the Asset Center page, find the generated file and click Download to download the file.
Before the generated file is automatically deleted, the file is stored on Alibaba Cloud for up to three days.
Note
You can download domain names by using only an Alibaba Cloud account.