Help Center> Host Security Service (New)> FAQs> Intrusions> How Do I Add a Whitelist for High-Risk Command Execution Alarms?
Updated on 2024-03-25 GMT+08:00
View PDF

How Do I Add a Whitelist for High-Risk Command Execution Alarms?

If you run commands related to normal services on the server, HSS generates high-risk command execution alarms. You can add a whitelist to prevent the alarm.

To add a command alarm whitelist, perform the following steps:

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Security Operations > Policies.
  4. Locate the policy group of the protected edition corresponding to the server and click the policy group name.
  5. Click Real-time Process.
  6. Add a command whitelist. The parameters are as follows:
    • Full path or program name of a process: Enter the full path or program name of the process, for example, /usr/bin/sleep or sleep.
    • Regular expression in CLI: Enter the regular expression of the command to be added to the whitelist, for example, ^[A-Za-z0-9[:space:]\\*\\.\\\":_'\\(>=-]+$.
    Figure 1 Adding a whitelist
  7. Click OK to save the change.
Parent topic: Intrusions

Intrusions FAQs

more