Help Center/
Host Security Service/
FAQs/
Detection & Response/
How Do I Add High-risk Command Execution Alarms to the Whitelist?
Updated on 2024-09-25 GMT+08:00
How Do I Add High-risk Command Execution Alarms to the Whitelist?
If you run commands related to normal services on the server, HSS generates high-risk command execution alarms. You can add a whitelist to prevent the alarm.
To add a command alarm whitelist, perform the following steps:
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > HSS. - In the navigation pane, choose Security Operations > Policies.
- Locate the policy group of the protected edition corresponding to the server and click the policy group name.
- Click Real-time Process.
- Add a command whitelist. The parameters are as follows:
- Full path or program name of a process: Enter the full path or program name of the process, for example, /usr/bin/sleep or sleep.
- Regular expression in CLI: Enter the regular expression of the command to be added to the whitelist, for example, ^[A-Za-z0-9[:space:]\\*\\.\\\":_'\\(>=-]+$.
Figure 1 Adding a whitelist
- Click OK to save the change.
Parent topic: Detection & Response
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
