Manage servers

Demo video

The following video demonstrates key considerations for managing server assets in Security Center.

Synchronize assets

Security Center automatically synchronizes status changes for connected servers every minute, including agent online status and asset information. If you just finished installing the Security Center agent, new servers may not appear in the asset list immediately due to synchronization delay. Perform a manual sync to get the latest assets right away.

1. Log on to the Security Center console.

2. In the navigation pane on the left, choose Assets > Host. In the upper-left corner of the console, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.

3. On the Server tab of the Host page., and click Synchronize Assets.

4. Security Center pulls the latest server asset information and refreshes the server list.

Add multi-cloud assets

Security Center supports protection for non-Alibaba Cloud servers, including third-party cloud servers and data center servers. Before you can protect these servers, connect them to Security Center. The following table describes the supported server types and connection procedures.

View server information

1. Log on to the Security Center console.

2. In the navigation pane on the left, choose Assets > Host. In the upper-left corner of the console, select the region where your assets are located: Chinese Mainland or Outside Chinese Mainland.

3. On the Assets tab, view server information.

   View a single server

   Use the search component above the server list to locate a specific server by its Instance Name, Public IP Address, or Private IP Address.

   Check the Risk Status column to determine whether the server has security risks.

   Click View in the Actions column to go to the server details page.

   Tab	Description
   Basic Information	Basic information Displays basic server information such as ID, region, group, and operating system. Supports changing the server group and performing one-click diagnostics on agent abnormal status. Note If basic information such as MAC address or kernel version is missing, return to the asset list, select the server, and choose More Operations > Asset Collection to collect the basic information. Defense status Displays the enabled status of client self-protection, malicious network behavior defense, webshell defense, and malicious host behavior defense. Vulnerability detection Displays vulnerability detection types and supports enabling or disabling different types of vulnerability detection for the server. Brute-force attack prevention Displays the brute-force attack defense rules applied to the server and supports modifying these rules. Logon security settings Displays the frequently used logon addresses, IP addresses, times, and accounts for the server. Supports configuring related alerts.
   Vulnerability Details	Displays the vulnerability detection results for the server.
   Alert	Displays the security alert information for the server.
   Asset Fingerprints	Displays detailed server fingerprint information. This tab is available only when Security Center meets the following conditions. Subscription: Enterprise or Ultimate (If your current edition does not support this feature, upgrade). Note The protection edition of the server must be set to the edition you purchased. For more information, see Bind a server protection edition. Pay-as-you-go: Host and Container Security pay-as-you-go is activated (If not activated, purchase). Note The server protection level must be set to Host Protection or Host and Container Security. For more information, see Bind a server protection level.
   Agentless Detection	Displays the vulnerabilities, baseline configurations, and security alerts detected by the agentless detection feature.
   Cloud Security Posture Management	Cloud Service Configuration Risk: Displays the cloud product configuration risk check details for the server. System Baseline Risks: Displays the baseline risk check results for the server. Note This tab is available only for Security Center instances with the baseline risk check feature enabled. For more information, see Authorize and enable features.
   O&M and Monitoring	Remote O&M Displays the command list, command execution results, and file delivery results for remote O&M through Cloud Assistant. Performance monitoring Displays CPU utilization, memory utilization, system load, network inbound and outbound rates, and TCP connection count.

   Filter by category

   The Server tab provides server categories such as At Risk, Unprotected, and Exposed for organized management.

   Category	Description
   All Servers	Displays all servers protected by Security Center, including all Alibaba Cloud servers and non-Alibaba Cloud servers with the Security Center agent installed.
   At Risk	Displays servers with security risks such as vulnerabilities, Cloud Security Posture Management (CSPM) risks, or security alerts.
   Unprotected	Displays servers whose agent status is Offline or Paused, or whose power status is Yes or Unknown. Important Security Center cannot provide security protection for servers whose agent status is Offline or Paused, or whose power status is Yes or Unknown. To enable protection, see Enable server protection.
   Unauthorized	Displays servers whose authorized version is Basic (subscription) or whose protection level is Unprotected (pay-as-you-go for host and container security).
   Stopped	Displays stopped servers.
   Exposed	Displays servers exposed to the Internet (servers that can communicate over the Internet). For details, see Asset exposure analysis. Note This feature (asset exposure analysis) is available only when the protection version or level of the server meets specific requirements. Subscription: Enterprise or Ultimate (If your current edition does not support this feature, upgrade). Note The protection edition of the server must be set to the edition you purchased. For more information, see Bind a server protection edition. Pay-as-you-go: Host and Container Security pay-as-you-go is activated (If not activated, purchase). Note The server protection level must be set to Host Protection or Host and Container Security. For more information, see Bind a server protection level. If the requirements are not met, Security Center cannot provide the count of exposed servers. Exposed displays Unknown.
   Add	Displays Alibaba Cloud ECS servers purchased within the last 15 days.
   Server Group	Displays servers in each server group. Click a group name to view the security status of servers in that group. Note Security Center supports managing and deleting server groups. For more information, see Manage server groups.
   Server Region	Displays servers in each region. Click a region name to view the security status of servers in that region.
   VPC	Displays servers in each VPC. Click a VPC name to view the security status of servers in that VPC.
   Importance	Displays servers under each asset importance level. In the Importance section, click Important, Normal, or Test to view the security status of servers at that level. Note Security Center supports classifying assets into three importance levels based on actual business needs, allowing batch management by importance.
   Tag	Displays servers under each asset tag. Click an added tag under Tag to view the security status of servers with that tag. Note Security Center supports managing and deleting server tags. For more information, see Manage server tags.

   Search by multiple criteria

   Server categories such as All Servers and Unprotected also support one or more search conditions to filter servers.

   The following example shows how to search for servers that meet all three conditions: OS type is Linux, security alerts exist, and region is China (Hangzhou).

   1. On the All Servers tab, click Whether Alert Exists.

   2. In the search condition dropdown, configure the following conditions for OS Type, OS Type, and Region respectively:

      • OS Type: Linux

      • Whether Alert Exists: Yes

      • Region: China (Hangzhou)

      Note

      Some search conditions do not support direct selection. Select the filter condition and enter a specific value in the input field on the right.

      After configuring filter conditions, the set conditions are displayed above the server list.

   3. Click AND or OR to the left of the search conditions to switch the logical relationship between them.

      • AND: All conditions must be satisfied.

      • OR: At least one condition must be satisfied.

      After configuration, servers in the list satisfy all three conditions.

   4. Optional: To save the filter conditions for reuse, click Save to the right of the search conditions.

      After saving as a frequently used search condition, use the saved conditions to quickly find target servers.

Manage server information

The Asset Center page provides server group, importance, and tag features to manage servers from different dimensions and simplify the use of other Security Center features.

Release and unbind servers

Choose the appropriate operation based on the server type and usage status:

• Release instance: For Alibaba Cloud servers (ECS or simple application servers) that are no longer in use. This recycles resources and stops billing. Perform the release in the corresponding cloud server console.

• Unbind server: For non-Alibaba Cloud servers that no longer need Security Center protection. Unbinding releases quotas that can be used to protect other servers.

• Scheduled cleanup: When the number of non-Alibaba Cloud servers is large. After you enable this feature, the system automatically cleans up offline non-Alibaba Cloud servers and reclaims quotas.

FAQ