After you configure notification settings in the Security Center console, Security Center sends notifications to the contacts that you specified when risks are detected. This way, you can handle security events at the earliest opportunity to ensure asset security. Security Center can send notifications of items such as weekly security reports, baseline risks, alerts, and insufficient storage capacity. Security Center can send notifications by using emails, internal messages, or DingTalk chatbots. You can specify notification items, notification time ranges, and notification methods based on your business requirements to obtain asset security information at the earliest opportunity.
Specify notification contacts
Specify at least one notification contact. By default, the contact is the one you specified when you created your Alibaba Cloud account.
Log on to the Message Center console.
In the left-side navigation pane, choose
.Find Security Notice and click Modify in the Contact column.
In the Modify Contact dialog box, add a contact or modify an existing contact, select one or more contacts to receive notifications from Security Center, and then click Save.
Perform the following operations based on your business requirements:
To add a contact, click Add Receiver, enter the name and email address of the new contact, and then click OK.
To modify an existing contact, click Manage Contacts in the upper-right corner of the Common Settings page.
After you click Save, the new settings immediately take effect.
NoteBefore a contact can receive notifications, you must verify the email address of the contact. The system automatically sends a verification message to the specified email address. Follow the instructions in the email to complete the verification.
Configure notification settings on the Email/Internal Message tab
Security Center can send notifications by email or internal message. You can configure specific notification methods for different notification items.
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
On the Email/Internal Message tab, find the notification item for which you want to configure the notification methods, and configure the Notification Time, Concerned Level, and Notification Method parameters.
NoteThe configurations immediately take effect.
If you select multiple notification methods for an item, Security Center sends notifications by using all selected methods at the same time.
Configure notification settings on the DingTalk Chatbot tab
After you configure the notification method of DingTalk chatbots, you can receive notifications for threats that are identified by Security Center in the specified DingTalk group in real time.
Only the Enterprise and Ultimate editions of Security Center support the notification method of DingTalk chatbots.
Prerequisites
A DingTalk chatbot is created in the DingTalk group that is used to receive notifications, and the webhook URL of the chatbot is obtained. When creating the DingTalk chatbot, you should configure the keywords based on the notification language in the Security Settings.
Chinese: 云安全中心
English: Security
Procedure
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
On the Notification Settings page, click the DingTalk Chatbot tab and click Add Chatbot.
In the Add DingTalk Chatbot panel, configure the parameters and click Add. The following table describes the parameters.
Parameter
Description
Chatbot Name
The name of the chatbot. We recommend that you enter an informative name.
Webhook URL
The webhook URL of the chatbot. You can obtain the webhook URL in the corresponding DingTalk group.
ImportantKeep the webhook URL confidential. If the webhook URL is leaked, risks may arise.
Asset Groups
The asset group for which you want to send notifications. You can select an asset group that is created on the Assets page. After you select the asset group, the DingTalk chatbot sends notifications that are related to the assets in the asset group.
Notify On
The types and the severity levels of alerts for which you want to send notifications. The types are Vulnerability, Baseline Check, Alert, AccessKey Pair Leak Detection, Cloud Honeypot, Application Protection, Anti-ransomware, Core File Monitoring, and Malicious File Detection.
Notification Interval
The time interval at which the DingTalk chatbot sends notifications. Valid values: 1 Minute, 5 Minutes, 10 Minutes, 30 Minutes, and No Limit. If you select No Limit, a notification is sent each time an alert is generated.
If you select No Limit, up to 20 notifications can be sent to the webhook URL within 1 minute.
Language
The language of the notifications. Valid values: English and Chinese.
By default, a new DingTalk chatbot is in the Enabled state. After you complete the preceding steps, Security Center sends notifications based on your configurations.
Optional. In the list of DingTalk chatbots, find the new DingTalk chatbot and click Test in the Actions column to check whether a notification is received in the DingTalk group.
NoteYou can modify or delete a DingTalk chatbot. After you delete a chatbot, related notifications can no longer be received in the DingTalk group. However, Security Center continues to send notifications by using other methods that you specified, such as emails or internal messages.
FAQ
Can I receive notifications if I did not specify a severity level when I configured notification settings?
References
For more information about configuring security message recipients, see Best practices for configuring security message recipients.