Help Center/
Host Security Service/
FAQs/
Detection & Response/
How Do I Add High-risk Command Execution Alarms to the Whitelist?
Updated on 2024-11-15 GMT+08:00
How Do I Add High-risk Command Execution Alarms to the Whitelist?
If you run commands related to normal services on the server, HSS generates high-risk command execution alarms. You can add a whitelist to prevent the alarm.
To add a command alarm whitelist, perform the following steps:
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > HSS. - In the navigation pane, choose Security Operations > Policies.
- Locate the policy group of the protected edition corresponding to the server and click the policy group name.
- Click Real-time Process.
- Add a command whitelist. The parameters are as follows:
- Full path or program name of a process: Enter the full path or program name of the process, for example, /usr/bin/sleep or sleep.
- Regular expression in CLI: Enter the regular expression of the command to be added to the whitelist, for example, ^[A-Za-z0-9[:space:]\\*\\.\\\":_'\\(>=-]+$.
Figure 1 Adding a whitelist
- Click OK to save the change.
Parent topic: Detection & Response
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
