DocsICP FilingConsole
官方文档
首页

Activate Detection and Response

更新时间:
复制 MD 格式
产品详情
我的收藏

Data Security Center (DSC) offers a Data Detection and Response value-added service that provides OSS leak and database leak detection features. To use these features, you must first purchase sufficient OSS protection capacity and database instance quotas. The service scans your target OSS buckets to detect whether files contain AccessKey pairs (referred to as AKs) of your Alibaba Cloud account or Resource Access Management (RAM) users, or database credentials such as endpoints, port numbers, usernames, and passwords. It also detects risky behaviors involving leaked or abnormal AK access to authorized buckets and files, along with risky behaviors from compromised database accounts accessing their respective databases. This topic describes the billing rules and purchase method for the Detection and Response service.

Prerequisites

If you use a RAM user to activate the Detection and Response service, grant the RAM user the following system policies: AliyunBSSOrderAccess and AliyunBSSRefundAccess for purchasing, renewing, and opting out of DSC instances, and AliyunYundunSDDPFullAccess for managing or accessing the Data Security Center console. For more information, see Manage permissions for RAM users.

Billing overview

The Detection and Response service uses a subscription billing model. For details about billing components, billable items, billing rules, and included free resources, see Billing overview.

Activate a 7-day free trial

Eligibility

  • If you are a new user who has never purchased Data Security Center, you can directly request a free trial to use all DSC features. For more information, see Activate a 7-day free trial of Data Security Center.

  • If you have already purchased a paid DSC edition but have never purchased the Detection and Response service, you may be eligible for a 7-day free trial of Detection and Response if you meet both of the following conditions:

    • Your current account must be an enterprise-verified Alibaba Cloud account or RAM user.

    • Your current account has not previously requested a free trial of the Detection and Response service.

      Each Alibaba Cloud account can request the 7-day free trial of Detection and Response only once. A RAM user’s trial request counts as a request from the associated Alibaba Cloud account.

Free resource specifications

The free trial includes 1 TB of OSS protection capacity and 1 database instance by default. It also provides 50 GB of log storage capacity for the 1 TB OSS protection quota and 200 GB of log storage capacity for the 1 database instance.

Steps to request the free trial

  1. Log on to the Data Security Center console.

  2. In the navigation pane on the left, choose Data Detection and Response > Data Leak.

  3. Click Start Your Free Trial.

  4. Complete the application form as prompted, then click Submit.

After your free trial request is approved, the system sends a confirmation message to the mobile number or DingTalk ID you provided, along with a console link for the trial. Use this link to log on to the Data Security Center console and access the Detection and Response service.

After the trial ends

After the 7-day trial period ends, your authorizations, detected data, and configurations remain saved. However, the Detection and Response feature pages become unavailable, and you are prompted to upgrade and purchase the service.

Only after you purchase the Detection and Response service can you view and use the data and configurations from your trial period. Subsequent usage is billed under standard pricing rules.

Purchase and activate the Detection and Response service

Follow the steps below based on your scenario to purchase the Detection and Response value-added service.

First-time DSC activation with value-added service purchase

  1. Go to the Data Security Center purchase page and log on with your Alibaba Cloud account.

  2. Select an edition.

    You can choose Advanced Edition, Enterprise Edition, Database Audit (Level Protection Compliance Edition), or Purchase value-added services only. For edition details, see Purchase Data Security Center.

  3. Set the feature extension module Data Detection and Response to Enable.

    When enabled, you receive 1 TB of OSS protection capacity and 1 database instance per month at no extra cost.

  4. Select the amount of Detection and Response – OSS protection capacity (in TB) and the number of Detection and Response – database instances you need.

    Pricing varies by protection capacity tier. For example, subtract the free monthly 1 TB from your required OSS data volume, then purchase the remaining capacity. For OSS protection pricing details, see Billing overview.

  5. Select Duration.

  6. Click Buy Now and complete payment as prompted.

  7. After purchase, if you log on to the Data Security Center console for the first time, the Overview page prompts you to authorize cloud resources. Complete this authorization so your DSC instance can access OSS resources and perform operations such as sensitive data scanning and analysis.

    For details, see Authorize DSC to access cloud resources.

Upgrade to add value-added services after purchasing DSC

  1. Log on to the Data Security Center console.

  2. On the Overview page, click Upgrade.

  3. On the Upgrade/Downgrade page, enable the feature extension module Data Detection and Response, then select your desired Detection and Response – OSS protection capacity and Detection and Response – database instance count.

    The Detection and Response service requires the data audit feature and sufficient Log Storage Capacity capacity.

  4. Click Buy Now and complete payment as prompted.

What to do next

After activating the service and completing authorization, follow the workflow in Data leak detection to identify and address data breach risks promptly.

Previous:Data detection and responseNext:Data leak detection