Configuring SA Alarm Notifications
Situation Awareness (SA) is an intuitive platform for threat detection and analysis. It gives you a comprehensive overview of the security of all your cloud assets so that you can make an informed decision about how to handle security events.
In SA professional edition, you can configure alarm notifications to ensure you learn of security risks in a timely manner.
Follow the example here to learn how to quickly configure alarm notifications and query threat details.
Step 1: Prepare the Environment
1. Log in to the Huawei Cloud management console and choose Security & Compliance > Situation Awareness.
2. In the upper right corner on the displayed page, click Upgrade. Then, on the displayed page, specify ECS Quota, Website Quota, Large Screen, and Required Duration.
Note
- At least one ECS should be protected with other security services so that SA can aggregate security data from the services, analyze security threats collectively, and provide security hardening suggestions.
- Alarm notifications are not included in SA basic edition.
- You have obtained the username and password for logging in to the management console and have the SA operation permissions.
1
Accessing SA management console
2
Buying professional SA
View Image
Step 2: Assign Permissions
1. Go to the IAM console. Create a user group and assign SA FullAccess and Tenant Guest permissions to the group. For details, see Creating a User Group and Assigning Permissions.
2. Create a user on the IAM console and add the user to the group created in 1. For details, see Creating a User and Adding the User to a User Group.
3. Assign Tenant Administrator and IAM-related permissions to the user, or the user cannot use SA Resource Manager or Baseline Inspection. For details, see How Do I Assign Operation Permissions to an Account?
4. Log in to the management console using the newly created user, and verify that the user has the administrator permissions for SA.
1
Accessing IAM console
View Image
Step 3: Configure Alarm Notification Items
1. In the navigation pane on the left, choose Settings > Notifications > Alarm Settings > Alarm Notifications.
2. Select notification items and risk severity levels of your concern, and configure Daily Alarm Notification and Real-Time Alarm Notification.
Note
- Daily Alarm Notifications: Alarm notifications are sent to you at 10:00 every day.
- Real-Time Alarm Notifications: Alarm notifications are sent to you every hour within the notification time you configure.
1
Accessing the Alarm Notifications page
2
Configuring alarm notification items
View Image
Step 4: Configure an SMN Topic
In the SMN Topic area, select a topic.
Note
1. If you have created a topic and added subscriptions to it, directly select the topic. If there are no topics available, go to the Simple Message Notification console and create one. For details, see Creating a Topic and Adding a Subscription.
2. Multiple subscriptions can be added to a topic. Before selecting a topic, ensure that subscriptions added to it are in the Confirmed status. Otherwise, no notifications can be received.
1
Creating a topic and adding a subscription to the topic.
2
Selecting an SMN topic
View Image
Step 5: View Alarms
1. After alarm notification items and SMN topic are configured, click Apply.
2. When you receive an alarm notification through the endpoint you configure, go to the SA console, choose Threat Alarms > Alarms, and then view alarm details and find security hardening suggestions.
Note
- On the Alarms tab, you can quickly query threat alarms by alarm name, risk severity, time, and processing status.
- You can also mark the processing status of an alarm on the Alarms tab.
1
Applying notifications
2
Viewing alarms
View Image
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
