After you configure notifications, Cloud Firewall notifies you of exceptions in your assets at the earliest opportunity. The exceptions include unusual traffic, suspicious outbound connections, and vulnerabilities. This way, you can obtain the security status of your assets and handle exceptions at the earliest opportunity. This helps ensure the security of your assets. This topic describes how to configure notifications.
Notification items
The following table describes the notification items that are supported by Cloud Firewall.
Notification item | Description | Supported Cloud Firewall edition |
Excess Traffic | If Cloud Firewall detects that the volume of peak traffic that passes through Cloud Firewall exceeds the purchased bandwidth, it sends a notification. | Premium Edition, Enterprise Edition, and Ultimate Edition |
Excess Traffic Alerting | If Cloud Firewall detects that the volume of peak traffic that passes through Cloud Firewall reaches 70%, 80%, or 90% of the purchased bandwidth, it sends a notification. You can specify the percentage based on your business requirements. | Premium Edition, Enterprise Edition, and Ultimate Edition |
Weekly Report | Cloud Firewall regularly sends weekly reports to the email addresses of the specified contacts at the specified notification time. | Free Edition, Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method |
Notification of Compromised Hosts | If Cloud Firewall detects a compromised host, it sends a notification. To avoid false positives, some notifications are sent one day later. | Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method |
Notification of Suspicious Outbound Connections | If Cloud Firewall detects that a host communicates with suspicious IP addresses or domain names in outbound connections, it sends a notification. | Premium Edition, Enterprise Edition, and Ultimate Edition |
Notification of Real-time Vulnerability Prevention | If Cloud Firewall detects that a vulnerability in your asset is exploited, it sends a notification. | Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method |
Notification of Unprotected Assets | If Cloud Firewall detects an unprotected public IP address or virtual private cloud (VPC) within your account, it sends a notification. | Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method |
Notification of Intrusion Events | If Cloud Firewall detects that the intrusion prevention feature is disabled, it sends a notification. If the intrusion prevention feature is disabled, attacks are not automatically blocked. | Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method |
Notification of New Internet-facing Assets | If Cloud Firewall detects a new public IP address within your account and the IP address is not protected, it sends a notification. | Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method |
Notification of Recommended Intelligent Policies | If Cloud Firewall automatically updates a recommended intelligent protection policy based on traffic learning results, it sends a notification. | Premium Edition, Enterprise Edition, Ultimate Edition, and Cloud Firewall that uses the pay-as-you-go billing method |
Log Storage Capacity | If Cloud Firewall detects that your log storage usage reaches 70%, 80%, or 90% of the purchased log storage capacity, it sends a notification. You can specify the percentage based on your business requirements. | Premium Edition, Enterprise Edition, and Ultimate Edition |
Configure notifications
You can configure notification settings, such as time periods and severities, based on your business requirements. This way, Cloud Firewall can send notifications to the specified contacts by email at the specified time period.
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose .
On the Alert Notification tab, modify the following notification settings for different notification items: Time, Concerned Levels, and Method.
The new notification settings immediately take effect.
If Cloud Firewall detects exceptions within the specified time period, it sends notifications within the time period. If Cloud Firewall detects exceptions outside of the specified time period, it does not send notifications until the time period arrives.
Configure weekly reports
Cloud Firewall can send weekly reports to you by email. A weekly report includes the following information: protection data of web assets, status of firewalls, analysis data of vulnerabilities, and data of security policies. This helps you obtain the overall security status of your assets. You can specify the notification time and the email addresses of contacts to whom the weekly reports are sent.
Weekly report content
Title | Details |
Overview of asset security status | The number of attacks that are blocked by Cloud Firewall and number of security events that occurred this week. |
Security status of the Internet firewall | The number of protected public IP addresses, number of unprotected public IP addresses, analysis results of inbound and outbound Internet traffic, and analysis results of Intrusion Prevention System (IPS) events. |
Security status of east-west traffic that passes through VPC firewalls | The total number of VPCs, number of VPCs for which firewalls are enabled, number of VPCs for which firewalls are disabled, and number of security events in VPCs. |
Vulnerability and attack prevention | The number of at-risk assets on which vulnerabilities are detected, number of prevented vulnerabilities, and number of blocked attacks that are initiated by exploiting vulnerabilities. |
Access control policy management | The number of access control policies, number of blocked requests, and number of newly created access control policies this week. |
Configure notification settings for weekly reports
By default, Cloud Firewall automatically sends a weekly report at 09:00 every Wednesday to the email addresses that you specify. If you want Cloud Firewall to send weekly reports at a different point in time, you can change the time on the page.
Configure contacts
By default, Cloud Firewall notifies the contact that is specified for your Alibaba Cloud account. If you want Cloud Firewall to notify multiple contacts, you can manually add contacts. The added contacts receive only Cloud Firewall-related notifications.
You can add up to 10 contacts.
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose .
On the Recipient Settings tab, click Add Recipient.
Enter the name and email address of the contact, turn on or turn off the switch in the Status column, and then click Save.
Cloud Firewall sends notifications to a contact only if the switch in the Status column of the contact is turned on.