Help Center/ SecMaster/ Best Practices/ Using SecMaster to Enable Efficient Security Operations/ Step 5: Enable Security Monitoring and Emergency Response/ Enabling Risk Control
Updated on 2026-06-24 GMT+08:00
View PDF
Share

Enabling Risk Control

Scenarios

You can configure emergency policies to control security risks in a timely manner.

SecMaster can work with CFW, WAF, and VPC security groups to block and unblock source IP addresses through emergency policies.

If you need to block one or more IP addresses based on indicators, you can use emergency policies in SecMaster to block them all at once.

Enabling Risk Control

  1. Log in to the SecMaster console.
  2. Go to the target workspace.
  3. In the navigation pane on the left, choose Risk Prevention > Security Policy. On the displayed page, select the Emergency Policies tab to go to the emergency policy management page.

    Figure 1 Emergency Policies

  4. On the Emergency Policies tab, click Add. The page for adding policies slides out from the right of the page.
  5. On the displayed page, configure policy information.

    Table 1 Policy parameters

    Parameter

    Description

    Policy Type

    Type of the policy. You can select Block or Allow.

    • If Block is selected, the access from the policy object will be denied.
    • Allow: The access from the policy object will be allowed.

    Object Type

    If Policy Type is set to Block, Object Type can be set to IP, Account, or Domain name.

    If Policy Type is set to Allow, Object Type can be set to IP or Domain name.

    Select an object type based on your needs.

    • If IP is selected, the operation object of the policy is an IP address or IP address range.
    • If Domain name is selected, the operation object of the policy is a domain name.
    • If Account is selected, the policy is applied to a cloud service account (IAM user).

    Policy Object

    Enter one or more policy objects.

    • If Object Type is set to IP, enter IP addresses or IP address ranges. Enter one or more IP addresses or IP address ranges and separate them with commas (,).

      Example: IPv4: 192.168.0.0 or 192.168.0.0/12; IPv6: 0:0:0:0:0:0:0:0 or 0:0:0:0:0:0:0:0/128.

    • If Object Type is set to Domain name, enter domain names. Enter one or more domain names. If there are multiple domain names, separate them with commas (,). Enter a maximum of 63 characters. Only letters, digits, hyphens (-), underscores (_), and periods (.) are allowed.
    • If Policy type is set to Block and Object Type is set to Account, set Policy Object to the cloud service account (IAM user). Enter one or more cloud service accounts (IAM usernames). If there are multiple cloud service accounts (IAM usernames), separate them with commas (,).

    Execution Tool

    Select the execution tool, which is the operation connection of the policy.

    • If Policy Type is set to Block and Object Type is set to IP, you can select CFW, VPC, and WAF operation connections.
    • If Policy Type is set to Block and Object Type is set to Account, you can select IAM operation connections.
    • If Policy Type is set to Block and Object Type is set to Domain name, you can select CFW operation connections.
    • If Policy Type is set to Allow and Object Type is set to IP, you can select WAF operation connections.
    • If Policy Type is set to Allow and Object Type is set to Domain name, you can select CFW operation connections.

    Direction

    You can set the defense line direction only when Object Type is IP.

    • If Object Type is set to IP and Execution Tool is set to a CFW or VPC operation connection, you can set the defense line direction to Inbound or Outbound.
      • Inbound: Cloud assets (EIPs) are accessed from the Internet.
      • Outbound: Cloud assets (EIPs) access the Internet.
    • If Object Type is set to IP and Execution Tool is set to a WAF operation connection, you can set the defense line direction to Outbound.

    Account

    Select the account range where the new policy takes effect. Only the operations account of the primary workspace can set the account range.

    • All accounts: If you select All accounts, the policy is applied to the operations account and all service accounts managed by the operations account.
    • Specify account: If you select Specify account and select some accounts, the policy is applied to the selected service accounts managed by the operations account.

      The meanings of the operations account and service account are as follows:

    • Operations account: An operations account, or parent account, is an account that can manage member accounts. An operations account can manage multiple service accounts.
    • Service account: A service account is a member account, or child account, managed by an operations account. A service account (child account) can be managed by only one operations account.
    • Primary workspace: The first workspace created by SecMaster is the primary workspace by default. The workspace is pinned on top of the Workspaces > Management page. You can also change the primary workspace. On the Workspaces > Management page, click next to the target workspace. On the workspace details page displayed, toggle on Primary workspace.

    Region

    Select the region where the new policy takes effect.

    • Current region
    • All regions
    • Specify regional projects

    Enterprise Project

    Select the enterprise project where the new policy takes effect.

    • All enterprise projects
    • Specify enterprise projects

    Auto Expiration

    Auto expiration configured for the policy.

    • If you select Yes, set the policy expiration time.
    • If you select No, the policy is always valid.

    Tag (Optional)

    Tag of the custom emergency policy.

    Policy Description (Optional)

    Description of the custom policy.

  6. Click OK.
  7. After the new emergency policy is configured, go to the Emergency Policies tab and check the new policy.