Adding or Editing an Emergency Policy
Scenario
SecMaster can create blacklist policies for VPC security groups.
An emergency policy is used to quickly block attacks. You can select a block type based on the alert source to block attackers. Table 1 lists recommended settings. You can also block a single attack source based on the comprehensive investigation of multiple alerts.
|
Alert Type |
Defense Layer |
Recommended Policy |
|---|---|---|
|
HSS alerts |
Server protection |
VPC policies are recommended to block traffic. |
|
OBS and DBSS alerts |
Data protection |
You can use VPC policies based on actual attack scenarios and investigation results to disconnect attack sources from protected resources. |
This topic describes how to add or edit an emergency policy.
Limitations and Constraints
- A maximum of 300 emergency policies that support block aging can be added for a single workspace you have. A maximum of 1,300 emergency policies can be added for a single workspace you have. Limits on blocked objects at a time are as follows:
- When a policy needs to be delivered to VPC, each time a maximum of 20 IP addresses can be added as blocked objects within 1 minute for each account.
- If an IP address or IP address range is added to the blacklist, VPC will block requests from that IP address without checking whether the requests are malicious.
- Once an emergency policy is added, its blocked object type and blocked objects, such as IP addresses and IP address ranges, cannot be modified.
Adding an Emergency Policy
- Log in to the management console.
- Click
in the upper part of the page and choose Security > SecMaster. - In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
- In the navigation pane on the left, choose Risk Prevention > Policy management. Then, go to the emergency policy page.
Figure 1 Emergency strategy page
- On the Emergency strategy page, click Add. The page for adding policies slides out from the right of the page.
- On the Add page, configure policy information.
Table 2 Emergency policy parameters Parameter
Description
Blocked Object Type
Type of the object you want to block. You can select IP.
Block Object
- If you select IP for Blocked Object Type, enter one or more IP addresses or IP address ranges you want to block. If there are multiple IP addresses or IP address ranges, separate them with commas (,).
- There are some restrictions on delivery of blocked objects:
- When a policy needs to be delivered to VPC, each time a maximum of 20 IP addresses can be added as blocked objects within 1 minute for each account.
Label
Label of a custom emergency policy.
Operation Connection
Asset connections that are used to operate blocking workflows of security services in the seven layers of defense.
Select the operation connection for the policy.
Block Aging
Check whether the policy needs to be stopped.
- If you select Yes, set the aging time of the policy. For example, if you set the aging time to 180 days, the policy is valid within 180 days after the setting. After 180 days, the IP address or IP address range will not be blocked.
- If you select No, the policy is always valid and blocks the specified IP address or IP address range.
Reason Description
Description of the custom policy.
- Click OK.
Editing an Emergency Policy
Once an emergency policy is added, its blocked object type and blocked objects, such as IP addresses and IP address ranges, cannot be modified.
- Log in to the management console.
- Click in the upper part of the page and choose Security > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
- In the navigation pane on the left, choose Risk Prevention > Policy management. Then, go to the emergency policy page.
Figure 2 Emergency strategy page
- On the emergency policy management page, locate the row that contains the policy you want to edit and click Edit in the Operation column.
- On the edit policy page, modify the policy information.
Table 3 Editing an emergency policy Parameter
Description
Blocked Object Type
After an emergency policy is added, its blocked object cannot be modified.
Blocked Object
After an emergency policy is added, its blocked object cannot be modified.
Label
Label of a custom emergency policy.
Operation Connection
Select the operation connection for the policy.
Block Aging
Check whether the policy needs to be stopped.
- If you select Yes, set the aging time of the policy. For example, if you set the aging time to 180 days, the policy is valid within 180 days after the setting. After 180 days, the IP address or IP address range will not be blocked.
- If you select No, the policy is always valid and blocks the specified IP address or IP address range.
Reason Description
Description of the custom policy.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
