Enabling Alarm Notification

Prerequisites

• Login credentials have been obtained.
• The SMN service has been enabled.

Procedure

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click Service List at the top of the page. Choose Security > Web Application Firewall. In the navigation pane on the left, choose Events.
4. Click the Notify tab and configure alarm notification parameters by referring to Table 1.

   Table 1 Notification setting parameters

   Parameter	Description
   Notification ID	Alarm event ID
   Notification	Whether to enable notification
   Notification Topic	Click the drop-down list to select an available topic or click View Topic to create a topic. For more information, see the Simple Message Notification User Guide.
   Threshold	Alarm threshold NOTE: Alarm notifications are sent when the number of attacks is greater than or equal to the threshold within the configured period.
   Event Type	By default, All is selected. You can also click Customize to specify event types. For details about event types, see Table 2.

   Table 2 List of event types

   Event Type	Description
   Challenge Collapsar	CC attack. When you find out that your website is experiencing slowed processing and high bandwidth usage, it may have been under CC attacks.
   Command Injection	Command injection. It is a technique used by hackers to execute system commands on a server by chaining commands and bypassing blacklists to invoke web application interfaces.
   Custom	Events logged by one or more precise protection rules
   Illegal Request	Invalid requests. For example, more than 512 parameters are used.
   SQL Injection	SQL injection. It is a common web attack whereby attackers inject malicious SQL commands into database query strings to deceive the server into executing them. By exploiting these commands, the attacker can obtain sensitive information, add users, export files, or even gain the highest permissions to the database or system.
   Local File Inclusion	Local file inclusion (LFI) allows attackers to access files on a local server or download sensitive configurations. The vulnerability occurs due to the use of user-supplied input without proper validation.
   Scanner & Crawler	Scanner and crawler attack events
   AntiTamper	Events logged by one or more web tamper protection rules
   Remote File Inclusion	Remote file inclusion
   Miscellaneous	Other types of attacks, such as a combination of SQL injection and command injection attacks or certain CVE vulnerabilities
   Cross Site Scripting	XSS. It is a type of attacks that exploits security vulnerabilities in web applications. XSS enables attackers to inject auto-executed malicious codes into web pages to steal users' information when they visit the pages.
   Black/White IP	Events logged by one or more blacklist or whitelist rules
   Webshell	A web shell is an attack script. After intruding into a website, an attacker adds an .asp, .php, .jsp, or .cgi script file with normal web page files. Then, the attacker accesses the file from a web browser and uses it as a backdoor to obtain a command execution environment for controlling the web server. For this reason, web shells are also called backdoor tools.

5. Click Save.