Security reports

更新时间:
复制 MD 格式

Customize security metrics and schedule periodic reports to track the risk profile, security posture, and remediation progress of your assets.

Version Limits

  • Subscription: Advanced, Enterprise, or Ultimate (If your current edition does not support this feature, upgrade).

  • Pay-as-you-go: Any pay-as-you-go feature is activated (If not activated, purchase).

Limitations

  • By default, you can manually create up to 10 security reports in the China region and 10 in the Outside China region. These quotas are independent, for a combined total of 20 manual reports.

  • A single security report can have a maximum of 10 recipients.

  • For new users of a paid Security Center edition (subscription or pay-as-you-go), data for security reports becomes available the next day (T+1).

Procedure

Follow this procedure to generate and manage security reports.

image

Step 1: Create a security report

Creating a security report involves two steps: Configure basic information and Specify report content.

1. Configure basic information

  1. Log on to the Security Center console.

  2. In the left-side navigation pane, choose System Settings > Security Report. In the upper-left corner of the console, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.

  3. On the Security Report page, click Create Security Report.

  4. On the Configure Basic Information page, set the parameters for the report as described in the following table, then click Next.

    Parameter

    Description

    Report Name

    Enter a name for the report.

    Report Scope

    Select a scope for data analysis: Single Account, Multiple Accounts, or Multiple Groups.

    • Single Account: The report covers all data under the current account by default.

    • Multiple Accounts: Select the Accounts to include. The report covers only the specified accounts. You can also select New accounts added by default.

      Important

      Only administrators who have configured Multi-account Management can select this scope. Multi-account Security Management.

    • Multiple Groups: Select a Report Group. The report covers only the specified groups.

      Important

      Data for the specified groups is updated on the day after the configuration takes effect (T+1).

    Accounts

    This parameter is available only when you set Report Scope to Multiple Accounts.

    • Selection limit: Up to 30 accounts.

    • Account source: Accounts synchronized from Multi-account Security Management.

    • Automatically add new accounts (Recommended): Select New Accounts Added by Default to automatically include new accounts added through Multi-account Security Management in future reports.

    Report Group

    This parameter is available only when you set Report Scope to Multiple Groups.

    • Selection limit: Up to 30 groups.

    • Group source:

      • By resource group: Resource groups you configured in Resource Management are automatically synchronized. View resource groups.

      • By asset group: Server groups you configured in the Assets module are automatically synchronized. Manage server groups.

    Data Collection Period

    • Periodic report: Automatically sends reports on a schedule. Select a period: Last Day, Last Week, Last Month, Last Year, or Custom Days.

    • Custom report: Specify a Custom Time Range only. No automatic sending — you must manually publish the report.

    Note
    • For periodic reports, Security Center sends one email per day per recipient. Changes to the Sent At take effect the next day.

    • For custom reports, find the report card on the Security Report page and click Send Now to send it manually.

    Language

    Select the report language: Simplified Chinese or English.

    Note

    The exported HTML report, PDF report, and email content are displayed in the language that you select.

    Sent At

    Specify the delivery time. The report is sent within two hours of the specified time, though actual delivery may vary.

    Recipient

    Enter up to 10 recipient email addresses.

    Note
    • The recipients do not need to have an Alibaba Cloud account.

    • Each new email address must be verified before it can receive reports. Security Center sends a verification email with instructions.

    Sticky

    Pin the report to the top of the list on the Security report page and prioritize it in the Security Operations Trend section on the Overview page.

    Note

    Only one report can be pinned at a time. To pin a different report, first set the current pinned report's Sticky status to No.

2. Specify report content

  1. On the Specify Report Data page, select the metrics to include in your report.

    Select metrics based on your role and monitoring needs.

    Metric name

    Function and purpose

    Target user/scenario

    Notes

    Multi-account ranking metrics

    Compares and ranks accounts in a multi-account environment to identify high-risk accounts for centralized governance.

    Administrators of multi-account environments

    Displayed only when Report scope is set to Multiple accounts.

    Overall operations metrics

    Provides a high-level overview of your security status, including your overall security posture and the status of key features.

    Senior managers and decision-makers

    Displayed only when Report scope is set to Single account or Multiple groups.

    Asset operations metrics

    Displays the overall status of business assets and trends of at-risk assets to help with asset management and prioritization.

    Asset management teams

    None

    Security alert operations metrics

    Tracks and analyzes trends, response, and handling of security alerts to evaluate threat detection and response capabilities.

    Security operations center (SOC) staff

    None

    Vulnerability operations metrics

    Provides an overview of the system vulnerability status and tracks the progress and effectiveness of vulnerability remediation to improve vulnerability management.

    IT operations and security teams

    None

    Baseline operations metrics

    Monitors the compliance status of systems and adherence to baseline settings to help maintain secure system configurations.

    Compliance and security configuration teams

    None

    Cloud product operations metrics

    Summarizes the security status of cloud product configurations and tracks configuration changes and responses.

    Cloud security administrators

    None

    Attack analysis operations metrics

    Analyzes and evaluates potential or actual security attacks to help you effectively identify security risks.

    Security analysts and threat intelligence teams

    None

    Application protection operations metrics

    Provides an overview of application protection status, attack trends, and changes to enhance application protection capabilities.

    Application security teams and DevSecOps engineers

    None

    Web tamper-proofing operations metrics

    Provides an overview of web tamper proofing risks and trends of monitored events to enable a prompt response.

    Website and web application administrators

    None

    Cloud Honeypot operations metrics

    Monitors honeypot systems to understand attack trends and response effectiveness, which enhances threat intelligence.

    Threat hunting and intelligence analysis teams

    None

    AK leakage operations metrics

    Detects the usage of AccessKey (AK) credentials and potential leakage risks.

    Cloud security administrators and developers

    Displayed only when Report scope is set to Single account or Multiple groups.

    Large model operations metrics

    Provides model-based security recommendations that are generated based on large-scale data analytics to help you optimize security policies.

    Security policy makers and senior analysts

    None

  2. Click Save Report Data to create the report. The report is enabled by default.

    Important

    For new users of a paid Security Center edition (subscription or pay-as-you-go), data for security reports becomes available the next day (T+1).

Step 2: Manage security reports

Available operations:

  • Disable automatic sending of security reports

    A report is enabled by default after creation. If you no longer need to receive it, click the Enable icon icon on the report card to disable automatic sending.

  • Edit a security report

    Click Edit on the report card to modify the basic information and content of the report.

  • Clone a security report

    Click Clone on the report card, or click the More image icon and select Clone.

  • Export a security report

    Click Export on the report card and select a format to download the report as an HTML or PDF file.

  • Send now

    For custom reports, click Send Now on the report card to manually send the report to the specified recipients.

  • Delete a security report

    Click the More image icon on the report card and select Delete.

    Important
    • Deleted reports cannot be recovered. This action is irreversible.

    • Default security reports created by Security Center cannot be deleted.

Related documents

Review reports with risk alerts and take appropriate action to maintain asset security.