Threat Detection Service

Collects 20 types of enterprise logs and network threat information, analyzes previous attacks based on machine learning, and predicts further attacks.

Threat Detection Service (TDS) provides cloud virus scan and removal, unusual logon alerts, zombie detection, data leak detection, Linux software vulnerability detection, weak password detection, and host compliance issue detection. TDS inspects the security configurations of cloud services such as Elastic Compute Service (ECS), Relational Database Service (RDS), and Server Load Balancer (SLB). This allows you to find more information about the system security status and handle security events on your assets in the cloud.


Event Alerts and Log Queries
Monitors security events in real-time and provides resolutions, analyzes alerts, and queries alert details from logs.
Raw Log Storage and Query
The Enterprise Edition allows customized queries and analysis of logs within the last 180 days.
Risk Quantification and Prediction
Provides quantified threat analysis and risk prediction based on machine learning.
Easy-to-use User Interface
The Enterprise Edition provides an easy-to-use user interface, allowing you to understand and react in real-time.


  • Security Monitoring

    Reduces the amount of false alarms, using correlation analysis of networks and hosts. This is one of the biggest concerns of enterprise security personnel.

    Monitors enterprise system vulnerabilities, listener ports, intrusions, web attacks, and DDoS attacks, and learns about new threats affecting enterprise security.

  • Intrusion Detection

    Detects intrusions by modelling and analyzing data such as traffic data, host activity data, and host operation logs. Detects with an accuracy of up to 99.99%.

    Quickly and accurately detects the cause of network security status changes.

  • Vulnerability Analysis

    Detects vulnerabilities in real time, including web vulnerabilities, such as SQL injection and XSS vulnerabilities, third-party open-source software vulnerabilities, ECS instance vulnerabilities, and system configuration vulnerabilities.

    Detects vulnerabilities in real time to enable quick vulnerability fixes.

  • Screens

    Visualizes accesses to your system and attacks from across the globe.

    Allows you to report the overall security situation to colleagues and business visitors.

  • Threat Analysis

    Alibaba Cloud Security engineers analyze all possible threats to your system offline using data models that are built through big data analysis.

    Identifies attackers and sends attack alerts, allowing you to block all attacks.

  • Log Analysis

    Allows you to export a large number of logs for correlation and analysis.

    Provides Petabyte-level data storage and analysis, enabling more intelligent security management in the age of digital technology.

    Detects attacks by analyzing the network logs, automatically responds to security events, and identifies unusual activities.


  • Is my network secure?
  • What are the impacts of DDoS attacks on my system?
  • Who is attacking my system?
  • How do I manage the system security?
Are there any vulnerabilities in my system?

Are there any vulnerabilities in my system?

Many websites have critical vulnerabilities. You can use TDS to detect the vulnerabilities on your ECS instances.

TDS detects common web vulnerabilities, third-party open-source software vulnerabilities, host OS software vulnerabilities, and critical vulnerabilities known only to a small number of attackers, and sends you early-warning alerts and fixes for these vulnerabilities.

Recommended Products and Services

Is my network secure?

Is my network secure?

If large traffic fluctuations have been detected on your network, you can use TDS to detect and analyze threats on your system.

TDS can distinguish attackers from harmless scriptwriters by using big data modelling and analysis, allowing you to identify threats on your system. TDS also assesses protection policies to ensure effective protection.

Recommended Products and Services

What are the impacts of DDoS attacks on my system?

What are the impacts of DDoS attacks on my system?

If your ECS instances have encountered DDoS attacks, you can use TDS to find the affected instances and orders. 

By monitoring all traffic in your business, TDS detects DDoS attacks within seconds, provides detailed information such as the malicious traffic components, scrubbed traffic volume, and attack time, and analyzes the impacts of the attacks. 

Recommended Products and Services

Who is attacking my system?

Who is attacking my system?

You can use TDS to determine whether the attacker is a competitor, a malicious hacker, or an employee.

TDS identifies and traces intrusions, enabling automatic intrusion evidence recording. 

Recommended Products and Services

How do I manage the system security?

How do I manage the system security?

Maintenance engineers can use TDS to maintain the system security, perform baseline checks, and detect the latest vulnerabilities.

You can prevent intrusions only with a thorough understanding of the vulnerabilities that may be exploited by attackers. TDS allows comprehensive protection by managing the system security at the network layer, host layer, and application layer.

Recommended Products and Services