All Products
Search
Document Center

Data Security Center:Manage a whitelist

Last Updated:Dec 11, 2024

Data Security Center (DSC) provides the whitelist feature, which allows you to add trusted accounts and IP addresses in your data assets to a whitelist. DSC does not generate audit alerts for data assets whose accounts or IP addresses are added to the whitelist. This helps reduce invalid alerts. This topic describes how to create, modify, and delete a whitelist.

Prerequisites

Authorization of data assets that are supported by the whitelist feature is complete.

Background information

DSC generates audit alerts for risk activities on authorized data assets. By default, built-in audit alert rules for data assets are enabled.

Built-in audit alert rules are classified into the following types: abnormal operation rules, data leak rules, vulnerability attack rules, SQL injection rules, and risk operation rules. You can also create and enable a custom audit alert rule. For more information, see Configure and enable audit alert rules.

If you confirm that the database operations performed by using an IP address or account are normal, you can create a whitelist and add the IP address or account to the whitelist. If an audit alert hits the whitelist in subsequent detections, DSC no longer generates alerts for the operations or events that trigger the audit alert rule in databases or OSS.

If you add an audit alert to a whitelist, content such as accounts and IP addresses in the audit alert is displayed in the list of whitelists. The name of the whitelist is in the Alert generation time + Name of the audit alert rule format. Example: 2024-05-21 20:58:09 OSS rule test. For more information, see View and handle audit alerts.

Limits

When you create a whitelist, take note of the following items:

  • You can select only one asset type.

  • You must specify at least an account, IP address, or CIDR block.

  • The total number of IP addresses and CIDR blocks cannot exceed 10. The total number of accounts cannot exceed 10.

  • If you specify multiple instances and accounts, the logical relationship among the instances or accounts is OR, and the logical relationship between the instances and accounts is AND. For example, you add Instance A, Instance B, Account A, and Account B to a whitelist. The system performs matching based on the following rule: Instance A or Instance B, and Account A or Account B.

Description

After you create, modify, or delete a whitelist, the operation takes effect on audit and exception alerts within 1 minute.

Create a whitelist

If you do not need to audit or check asset-related information such as specific accounts, IP addresses, or CIDR blocks, you can add the information to a whitelist.

  1. Log on to the DSC console.

  2. On the System Settings page, click the Whitelist tab.

  3. On the Whitelist page, click Add Entry.

  4. In the Add Entry panel, configure the parameters and click OK.

    image

    Parameter

    Description

    Rule Name

    Enter a whitelist name. We recommend that you enter a name that can help you identify the whitelist. The value can be up to 100 characters in length.

    IP

    Enter the IP addresses or CIDR blocks that you want to add to the whitelist.

    The total number of IP addresses or CIDR blocks cannot exceed 10. Separate multiple IP addresses or CIDR blocks with line feeds or commas (,).

    Data Assets

    Select an asset type and then select asset-related information such as ApsaraDB RDS instances, databases, table names, and accounts.

    You can select multiple instances and accounts. You can click the Account drop-down list and click Add Account at the end of the list to add custom accounts.

    Action Type

    By default, all action types are displayed. You can select one or more action types for the specified data assets based on your business requirements.

  5. After you create the whitelist, you can search for and view the whitelist by asset type, account, IP address, or instance name in the list of whitelists.

    image

Modify or delete a whitelist

If you want the system to monitor data assets that use specific IP addresses or accounts in a whitelist, you can modify or delete the whitelist.

Note

You cannot change the asset type when you modify an existing whitelist.

  1. Log on to the DSC console.

  2. On the System Settings page, click the Whitelist tab.

  3. Find the whitelist that you want to manage and click Modify or Delete in the Actions column.

References

You can use Alibaba Cloud SDKs to call the following API operations to query information about authorized data assets. For more information about the supported programming languages and the required dependencies, see Data Security Center SDK. For more information about how to integrate Alibaba Cloud SDKs, see Alibaba Cloud SDKs.

  • You can query data assets such as instances, databases, and OSS buckets that DSC is authorized to scan. For more information, see DescribeDataLimits.

  • You can query data assets, such as instances, databases, and OSS buckets, that DSC is authorized to scan in a specific service. For more information, see DescribeDataLimitSet.

FAQ

  • Can I add a custom account to a whitelist? How many custom accounts can I add?

    Yes, you can add a custom account to a whitelist. You can add up to 10 accounts to a whitelist.

  • Why am I unable to select the databases and tables of an authorized data asset when I create a whitelist?

    The scan task on the data asset is not complete. Wait until the task is complete. For more information, see Identify sensitive data by using identification tasks.

  • Why does the system continue to generate audit alerts for an instance of a data asset after I add the instance to the whitelist?

    If you do not specify accounts, IP addresses, or CIDR blocks in the whitelist, the whitelist is invalid.