Security Center:Security report

Limits

Only the Advanced, Enterprise, and Ultimate editions of Security Center support this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center.

Limits

• In regions in or outside of China, you can create a maximum of 5 security reports with the Advanced edition of Security Center and up to 10 reports with the Enterprise or Ultimate editions. The limits are cumulative; if you have the Advanced edition, you can create up to 10 security reports in regions in and outside of China combined. For the Enterprise or Ultimate editions, this limit increases to 20 reports.

• You can send a single security report to a maximum of 10 email addresses.

• No Alibaba Cloud account is required for an email address or a recipient to receive a security report.

Create a security report

1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.

2. In the left-side navigation pane, choose System Configuration > Security Report.

3. On the Security Report page, click Create Security Report.

   Note

   If you cannot find the Create Security Report button, you are on the earlier version of the Security Report page. You can click New Version in the upper-right corner of the Security Report page to switch to the new version and perform the following operations.

4. In the Configure Basic Information step, configure the parameters and click Next. The following table describes the parameters.

   Parameter	Description
   Report Name	The name of the security report.
   Report Scope	The assets on which security statistics are collected for the security report. Valid values: Single Account, Multiple Accounts, and Multiple Groups. Single Account: If you want to view statistics only on assets that belong to the current account, select this option. Multiple Accounts: If you want to view statistics on assets that belong to multiple accounts, select this option. If you select this option, you must specify accounts for the Accounts parameter. You can specify up to 30 accounts. The system collects statistics on all assets that belong to the specified accounts. Important The Multiple Accounts option is available only to the administrator for whom the multi-account management feature is enabled and configured. For more information, see Use the multi-account management feature. Multiple Groups: If you want to view statistics on the assets within specified groups, select this option. You can specify up to 30 groups for the Report Group parameter. The system updates the statistics on the assets within the specified groups on the next day after the group configuration takes effect.
   Data Collection Period	The time range during which security statistics are collected for the security report. Valid values: Last 1 Day, Last 1 Week, Last 1 Month, Last 1 Year, Custom Days, and Custom Time Range. If you select Custom Time Range, you do not need to configure the Sent At parameter. You must manually publish the security report for which a custom time range is specified on the Security Report page.
   Language	The language of the content in the security report. Valid values: Simplified Chinese and English.
   Sent At	The point in time at which the security report is sent to the specified email address. The security report is sent within 2 hours after the time that you specify. The actual sending time may vary due to scheduling.
   Recipient	The email address to which the security report is sent. You can enter up to 10 email addresses. Note Only verified email addresses can receive security reports. If the email address that you enter is not verified, Security Center sends a verification email to the email address. The recipient of the email must follow the instructions in the email to complete verification.
   Sticky	Specifies whether to pin the security report on the Security Report page and add an entry point to the security report in the upper-right corner of the Overview page. Note You can pin only one security report on the Security Report page. If you have pinned an existing security report and want to pin another security report, you must change the Sticky parameter to No for the pinned security report.

5. In the Specify Report Data step, select the items whose statistics you want to include in the security report.

   In this step, you can select items to meet your security management requirements and the requirements of different roles in various scenarios. The following list describes the supported items:

   • Multi-Account Ranking Metrics: This item is supported only if you select Multiple Accounts in the Configure Basic Information step. This item provides the comparison data for each account and the ranking of all accounts in a multi-account environment. This item helps you identify the accounts that are at high risk and manage account security in a centralized manner.

     Note

     This metrics is only displayed when Multiple Accounts is selected for Report Scope.

   • Overall Operation Metrics: This item provides an overview of security status, which helps you understand the overall security status and the details of core security features. This item is suitable for senior managers to manage business security.

     Note

     This metrics is only displayed when Single Account and Multiple Groups are selected for Report Scope.

   • Asset Operation Metrics: This item provides an overview of business asset status and the trend of at-risk assets. This item facilitates asset management and priority classification.

   • Security Alert Operation Metrics: This item provides the details of alert handling, which are used to monitor and analyze the trend of alerts as well as evaluate threat detection and response capabilities. This item is suitable for security operations personnel to monitor alerts and improve the process of alert handling.

   • Vulnerability Operation Metrics: This item provides an overview of system vulnerability status, which allows you to monitor vulnerability fixing progress and efficiency and helps you manage vulnerabilities. This item is suitable for IT O&M and security teams to fix vulnerabilities and reduce potential security risks.

   • Baseline Operation Metrics: This item provides the monitoring statistics on the compliance status of your system and the details of baseline configurations. This item helps you maintain the configuration security of your system.

   • Cloud Product Operation Metrics: This item provides the security status of configurations for your cloud services, the monitoring statistics on changes to the configurations, and the handling details of configuration risks.

   • Honeypot Operation Metrics: This item provides the monitoring statistics on your system after the cloud honeypot feature is enabled, and the trend and handling details of attacks. This item facilitates the understanding of threat intelligence.

6. Click Save Report Data. The security report is created.

   By default, a newly created report is enabled.

   • If you specify a value other than Custom Time Range for the Data Collection Period parameter of the security report, Security Center sends the security report to the recipient only once within one day. If you change the Sent At parameter to a point in time on the same day as the day when Security Center sends the security report, the change takes effect on the next day.

   • If you specify Custom Time Range for the Data Collection Period parameter of the security report, you can find the security report on the Security Report page and click Send Now to send the report to the specified recipient.

What to do next

You can perform the following operations on a security report based on your business requirements:

• Stop the automatic sending of a security report

  By default, a newly created security report is enabled. If you no longer want a security report to be sent, you can find the report and click the icon. The security report is no longer sent to the specified email address.

• Modify a security report

  You can find a security report and click Edit to modify the basic information and content of the security report.

• Clone a security report

  You can find a security report, and click Clone or click the icon and click Clone to clone the security report.

• Export a security report

  You can find a security report, click Export, and then select a format to download the report. The security report can be saved as an HTML or PDF file.

• Delete a security report

  You can find a security report, click the icon, and then click Delete to delete the security report.

  Note

  • A deleted security report cannot be restored. Proceed with caution.

  • You cannot delete the default security report.

References

After you receive a security report that notifies you of risks on your assets, we recommend that you check the security status of your assets and handle the risks at the earliest opportunity.

• For more information about the security score and how to improve the security score, see Security score.

• For more information about alerts, see View and handle alerts.

• For more information about how to view and handle Linux software vulnerabilities and Windows system vulnerabilities, see View and handle vulnerabilities.

• For more information about how to view baseline check results and handle baseline risks, see Baseline check.

• For more information about how to create a CSPM policy and handle configuration risks, see Use the CSPM feature.

• For more information about how to view and handle the alerts generated by the cloud honeypot feature, see View and handle alerts.