Customize security metrics and schedule periodic reports to track the risk profile, security posture, and remediation progress of your assets.
Version Limits
Limitations
-
By default, you can manually create up to 10 security reports in the China region and 10 in the Outside China region. These quotas are independent, for a combined total of 20 manual reports.
-
A single security report can have a maximum of 10 recipients.
-
For new users of a paid Security Center edition (subscription or pay-as-you-go), data for security reports becomes available the next day (T+1).
Procedure
Follow this procedure to generate and manage security reports.
Step 1: Create a security report
Creating a security report involves two steps: Configure basic information and Specify report content.
1. Configure basic information
-
Log on to the Security Center console.
-
In the left-side navigation pane, choose . In the upper-left corner of the console, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.
-
On the Security Report page, click Create Security Report.
-
On the Configure Basic Information page, set the parameters for the report as described in the following table, then click Next.
Parameter
Description
Report Name
Enter a name for the report.
Report Scope
Select a scope for data analysis: Single Account, Multiple Accounts, or Multiple Groups.
-
Single Account: The report covers all data under the current account by default.
-
Multiple Accounts: Select the Accounts to include. The report covers only the specified accounts. You can also select New accounts added by default.
ImportantOnly administrators who have configured Multi-account Management can select this scope. Multi-account Security Management.
-
Multiple Groups: Select a Report Group. The report covers only the specified groups.
ImportantData for the specified groups is updated on the day after the configuration takes effect (T+1).
Accounts
This parameter is available only when you set Report Scope to Multiple Accounts.
-
Selection limit: Up to 30 accounts.
-
Account source: Accounts synchronized from Multi-account Security Management.
-
Automatically add new accounts (Recommended): Select New Accounts Added by Default to automatically include new accounts added through Multi-account Security Management in future reports.
Report Group
This parameter is available only when you set Report Scope to Multiple Groups.
-
Selection limit: Up to 30 groups.
-
Group source:
-
By resource group: Resource groups you configured in Resource Management are automatically synchronized. View resource groups.
-
By asset group: Server groups you configured in the Assets module are automatically synchronized. Manage server groups.
-
Data Collection Period
-
Periodic report: Automatically sends reports on a schedule. Select a period: Last Day, Last Week, Last Month, Last Year, or Custom Days.
-
Custom report: Specify a Custom Time Range only. No automatic sending — you must manually publish the report.
Note-
For periodic reports, Security Center sends one email per day per recipient. Changes to the Sent At take effect the next day.
-
For custom reports, find the report card on the Security Report page and click Send Now to send it manually.
Language
Select the report language: Simplified Chinese or English.
NoteThe exported HTML report, PDF report, and email content are displayed in the language that you select.
Sent At
Specify the delivery time. The report is sent within two hours of the specified time, though actual delivery may vary.
Recipient
Enter up to 10 recipient email addresses.
Note-
The recipients do not need to have an Alibaba Cloud account.
-
Each new email address must be verified before it can receive reports. Security Center sends a verification email with instructions.
Sticky
Pin the report to the top of the list on the Security report page and prioritize it in the Security Operations Trend section on the Overview page.
NoteOnly one report can be pinned at a time. To pin a different report, first set the current pinned report's Sticky status to No.
-
2. Specify report content
-
On the Specify Report Data page, select the metrics to include in your report.
Select metrics based on your role and monitoring needs.
Metric name
Function and purpose
Target user/scenario
Notes
Multi-account ranking metrics
Compares and ranks accounts in a multi-account environment to identify high-risk accounts for centralized governance.
Administrators of multi-account environments
Displayed only when Report scope is set to Multiple accounts.
Overall operations metrics
Provides a high-level overview of your security status, including your overall security posture and the status of key features.
Senior managers and decision-makers
Displayed only when Report scope is set to Single account or Multiple groups.
Asset operations metrics
Displays the overall status of business assets and trends of at-risk assets to help with asset management and prioritization.
Asset management teams
None
Security alert operations metrics
Tracks and analyzes trends, response, and handling of security alerts to evaluate threat detection and response capabilities.
Security operations center (SOC) staff
None
Vulnerability operations metrics
Provides an overview of the system vulnerability status and tracks the progress and effectiveness of vulnerability remediation to improve vulnerability management.
IT operations and security teams
None
Baseline operations metrics
Monitors the compliance status of systems and adherence to baseline settings to help maintain secure system configurations.
Compliance and security configuration teams
None
Cloud product operations metrics
Summarizes the security status of cloud product configurations and tracks configuration changes and responses.
Cloud security administrators
None
Attack analysis operations metrics
Analyzes and evaluates potential or actual security attacks to help you effectively identify security risks.
Security analysts and threat intelligence teams
None
Application protection operations metrics
Provides an overview of application protection status, attack trends, and changes to enhance application protection capabilities.
Application security teams and DevSecOps engineers
None
Web tamper-proofing operations metrics
Provides an overview of web tamper proofing risks and trends of monitored events to enable a prompt response.
Website and web application administrators
None
Cloud Honeypot operations metrics
Monitors honeypot systems to understand attack trends and response effectiveness, which enhances threat intelligence.
Threat hunting and intelligence analysis teams
None
AK leakage operations metrics
Detects the usage of AccessKey (AK) credentials and potential leakage risks.
Cloud security administrators and developers
Displayed only when Report scope is set to Single account or Multiple groups.
Large model operations metrics
Provides model-based security recommendations that are generated based on large-scale data analytics to help you optimize security policies.
Security policy makers and senior analysts
None
-
Click Save Report Data to create the report. The report is enabled by default.
ImportantFor new users of a paid Security Center edition (subscription or pay-as-you-go), data for security reports becomes available the next day (T+1).
Step 2: Manage security reports
Available operations:
-
Disable automatic sending of security reports
A report is enabled by default after creation. If you no longer need to receive it, click the
icon on the report card to disable automatic sending. -
Edit a security report
Click Edit on the report card to modify the basic information and content of the report.
-
Clone a security report
Click Clone on the report card, or click the More
icon and select Clone. -
Export a security report
Click Export on the report card and select a format to download the report as an HTML or PDF file.
-
Send now
For custom reports, click Send Now on the report card to manually send the report to the specified recipients.
-
Delete a security report
Click the More
icon on the report card and select Delete.Important-
Deleted reports cannot be recovered. This action is irreversible.
-
Default security reports created by Security Center cannot be deleted.
-
Related documents
Review reports with risk alerts and take appropriate action to maintain asset security.
-
For more information about security scores, see Security score.
-
Cloud security posture management: Configure and run a check policy.
-
Cloud Honeypot alerts: View and handle alert events.
-
Application protection: Handle attack alerts.
-
Web tamper proofing: File tamper proofing.