After activating Data Security Center (DSC), authorizing it to scan for sensitive data in your databases, Object Storage Service (OSS), and Simple Log Service (SLS) assets, and enabling Data Auditing, you can view statistics such as asset authorization status, sensitive data identification results, security baseline check risk trends, and asset audit alerts on the DSC overview page.
Supported data assets
DSC supports scanning for relational databases, non-relational databases, big data platforms, unstructured data, and self-managed databases. For a detailed list, see Supported data asset types.
To protect your privacy, DSC performs only necessary processing of sensitive data (such as tagging, static data masking, and operation auditing) and does not store your data files.
View statistics
The Overview page of the Data Security Center console displays the following statistics.
Version and quota statistics
The Version and Quota Statistics (Used/Monthly Quota) section shows your current edition and resource consumption, including remaining protection days, database count, and storage usage.
-
Free edition
The Free Edition does not support upgrades or renewals. If the free resources do not meet your business needs, purchase Data Security Center for continuous data security. For more information, see Purchase Data Security Center.
On the Data Security Center overview page, the Free Quota Statistics section displays the used and monthly quotas for each feature module. This includes asset authorization (number of database instances, storage capacity), security baseline check (check items), Classification and Grading (amount of unstructured data identified, number of database tables identified), Data Auditing (log storage), column encryption (number of columns), and detection and response (AK/credential leak detection, access behavior and governance). The Version Information panel on the right shows the current version and instance ID, and provides links to paid features such as data masking, allowlist management, and report analysis.
-
Paid editions
To upgrade or renew your subscription, click Upgrade or Renew Subscription. For details, see Upgrade an instance and Renew an instance.
The Version and Quota Statistics section compares used and monthly quotas for various metrics, including authorized instances (e.g., 47/50), authorized storage (e.g., 382.96 GB/9.97 TB), detection and response (OSS protection volume), detection and response (database instances), image masking count, enhanced image identification count, log storage, and column encryption (number of columns). Next to some metrics, you can find links to Upgrade or Configure. The top of the page also shows the asset discovery status and subscription expiration reminders.
Asset configuration statistics
The Asset allocation statistics section shows the authorization status of your data assets, including statistics for asset authorization and data identification.
-
Click Authorize to go to the Asset Authorization Configuration page, where you can add asset authorizations, and view, edit, or delete authorized assets. For more information, see the Configuration wizard section below.
-
Click Config to go to the Data Identification Configuration page. On this page, you can select authorized assets and configure the scan frequency and time for the corresponding identification task (a system default task). For more information, see the Configuration wizard section below.
-
Click Config to go to the Data Audit Configuration page, where you can enable an audit mode for your target assets. For more information, see the Configuration wizard section below.
Authorized asset statistics
In the Asset Statistics area, view the number of authorized assets and the trends in total asset count and audit volume over the last 12 hours, 1 day, 7 days, or 30 days.
DSC scans for assets every day at midnight and automatically adds them to the unauthorized list. You can click Restart under The scan task is complete. in the upper-right corner of the Overview page to sync the latest asset data from your current Alibaba Cloud account and member accounts (if you have enabled multi-account management).
The count of authorized assets includes the following asset types: RDS, PolarDB, PolarDB-X, PolarDB-X 2.0, Redis, MongoDB, OceanBase, self-managed database, OSS, TableStore, MaxCompute, ADB-MYSQL, ADB-PG, and SLS. OSS and SLS are counted by storage capacity, while the others are counted by instance. You can hover over the count to see a breakdown of authorized and unauthorized assets. Below, line charts for Data Volume and Audit Volume show trends over the selected time range.
Sensitive data identification statistics
In the Sensitive Data section, view statistics on the identification results for structured data and unstructured data in your scanned data assets.
DSC identifies sensitive files and data using configured sensitive data identification templates. These templates include built-in and custom templates. DSC uses these templates to identify sensitive data tables, columns, and files, and to classify their sensitivity levels. For more information, see View and configure identification templates.
The Overview page displays statistics from scans that use the New National Standard Template.
-
Click Details in the upper-right corner of the Sensitive Data section to go to the page, where you can view detailed sensitive data identification results. For more information, see View sensitive data identification results.
-
Click Configure to go to the Data Identification Configuration page. On this page, you can select authorized assets and configure the scan frequency and time for the corresponding identification task (a system default task). For more information, see the Configuration wizard section below.

Risk trend statistics
In the Risk Trends section, view the risk trends from security baseline checks over the last 7 days or last 30 days.
-
Click Recheck to run a security baseline check on all authorized assets. Refresh the page later to view the results.
-
Click Details in the upper-right corner of the Risk Trends section to go to the page, where you can view detailed results of the security baseline checks.
The Risk Trends section includes the Asset Risk panel (which displays the number of at-risk assets by High, Medium, and Low risk levels), Governance Progress (showing passed vs. total check items), and the Risk Compliance Trend line chart (showing the trend of passed and failed check items, filterable by last 7 days or last 30 days).
Threat trend statistics
In the Threat Trends section, view the trend in the number of data audit alerts over the last 12 hours, 1 day, 7 days, or 30 days.
-
Click Details for Audit Alerts in the Threat Trends section to go to the page and view the corresponding alert details.
-
Click Configure to go to the Data Audit Configuration page, where you can enable an audit mode for your target assets. For more information, see the Configuration wizard section below.

Configuration wizard
Click Configuration Wizard in the upper-right corner of the overview page or in the Asset allocation statistics section for a guided setup of data identification and auditing for your target assets.
-
Asset sync.
-
Click Click to Sync to automatically sync your asset data to DSC.
-
Click manual entry to open the Add Asset dialog box. Select the asset information and click Confirm.
If you select Data Identification and Audit, you must configure data identification and Data Auditing. Click Add and Configure Permissions.
Asset information includes Database Type (e.g., MySQL 8.0), Server Type (e.g., ECS asset), region, instance ID, and port.
-
-
Asset authorization.
Click Configure to go to the Asset Authorization Configuration page. Here, you can add, view, edit, or delete asset authorizations. For more information, see Authorize a general-purpose database, Authorize an ECS-hosted self-managed database, Authorize unstructured data (OSS and SLS), and Authorize MaxCompute.
The left-side navigation pane on this page categorizes assets into structured data, unstructured data, and big data. The main content area has Asset Sync, Authorized, and Unauthorized tabs. You can select target assets and click Batch Authorization to complete the authorization process.
-
Data identification.
Configure the scan frequency and time for your target asset's data identification task (a system default task). For details about identification tasks, see Scan for sensitive data by using an identification task.
-
Click Configure. On the Data Identification Configuration page, select the target assets and click Next.
-
Configure the identification template, scan frequency, and scan time for the identification policy, then click Next.
Available identification templates include the New National Standard Template and the General Identification Template. You can set the scan frequency to Daily and specify a scan time, for example, 00:00-06:00 (this applies only to structured data). You can select Scan immediately. When scanning structured data, only the first 200 rows of each table are scanned.
-
Review and confirm the identification policy for the target assets, then click OK.
The configuration summary page displays three sections: Target Assets (number of structured data assets and Object Storage Service data volume), Identification Template (such as New National Standard Template or General Identification Template), and Scan Configuration (Scan frequency: daily; Scan time: 00:00-06:00, applies only to structured data; only the first 200 rows of each structured data table are scanned).
-
-
Data Auditing.
For a detailed description of audit modes, see Enable Data Auditing.
-
Click Configure. On the Data Audit Configuration page, enable an audit mode for your target assets and click Next.
The audit mode provides three options: Off, native log collection, and traffic collection (Agent). Select the desired audit mode for each target instance.
-
For assets that use the traffic collection audit mode, install the agent and click Next.
-
Review and confirm the audit configuration for the target assets, then click OK.
-