Features and Functions

Based on cloud native security, SecMaster provides a comprehensive closed-loop security handling process that contains log collection, security governance, intelligent analysis, situation awareness, and orchestration response, helping you protect cloud security.

SecMaster provides Security Overview, Workspace Management, #secmaster_01_0003/section5377133145011, Security Situation, Asset Management, Risk Prevention, Security Response, Security Orchestration, Data Collection, and Data Integration.

Security Overview

The Security Overview page gives you a comprehensive view of your asset security posture together with other linked cloud security services to collectively display security assessment findings.

**Table 1** Functions
Function Module	Description
Security Score	SecMaster comes in different editions to evaluate and score your cloud asset security. You can quickly learn of unhandled risks and their threats to your assets. The lower the security score, the greater the overall asset security risk.
Security Monitoring	You can view how many threats, vulnerabilities, and compliance risks that are not handled and view details of them.
Your Security Score over Time	You can view your security scores for the last 7 days.

Workspace Management

Workspaces are top-level workbenches in SecMaster. A single workspace can be bound to common projects, enterprise projects, and regions for different application scenarios.

**Table 2** Functions
Function Module	Description
Workspaces	Workspace management: A single workspace can be bound to common projects and regions to support workspace operation modes in different scenarios. Workspace agencies: Workspace data hosting: All workspaces of a single account can be aggregated to a workspace for cross-account centralized security operations. Workspace hosting: You can create agencies to let a user centrally view the asset risks, alerts, and incidents of multiple workspaces.

Security Situation

You can view the security overview on the large screen in real time and periodically subscribe to security operation reports to know the core security indicators.

**Table 3** Functions
Function Module		Description
Situation Overview	Security Score	SecMaster evaluates and scores your cloud asset security. You can quickly learn of unhandled risks and their threats to your assets. The lower the security score, the greater the overall asset security risk.
	Security Monitoring	You can view how many threats, vulnerabilities, and compliance risks that are not handled and view details of them.
	Your Security Score over Time	You can view your security scores for the last 7 days.
Large Screen		AI analyzes and classifies massive cloud security data and then displays security incidents in real time on a large screen. The large screen display gives you a simple, intuitive, bird's eye view of the security of your entire network clearly and efficiently.
Reports		You can generate analysis reports. In this way, you can learn about the security status of your assets in a timely manner.
Task Center		Displays the tasks to be processed in a centralized manner.

Asset Management

SecMaster automatically discovers and manages all assets on and off the cloud and displays the real-time security status of your assets.

**Table 4** Functions
Function Module	Description
Resource Manager	Synchronizes the security statistics of all resources and allows you to view the name, service, and security status of a resource, helping you quickly locate security risks.

Risk Prevention

Risk prevention provides baseline check and vulnerability management to help your cloud security configuration meet authoritative security standards, such as DJCP, ISO, and PCI, as well as Huawei Cloud security best practice standards. You can learn about the global vulnerability distribution.

Function Module	Description
Baseline Inspection	SecMaster can scan cloud baseline configurations to find out unsafe settings, report alerts for incidents, and offer hardening suggestions to you.
Vulnerabilities	Automatically synchronizes vulnerability scanning result from Huawei Cloud Host Security Service (HSS), displays vulnerability scanning details by category, allows users to view vulnerability details, and provides vulnerability fixing suggestions.
Policy Management	SecMaster supports centralized management of defense and emergency policies.

Security Response

Threat operation provides various threat detection models to help you detect threats from massive security logs and generate alerts; provides various security response playbooks to help you automatically analyze and handle alerts, and automatically harden security defense and security configurations.

**Table 5** Functions
Function Module		Description
Incidents		Displays incident details in a centralized manner and supports manually or automatically turning alerts into incidents.
Alerts		Provides unified data class management (security operation objects) and built-in Huawei Cloud alert standards. Integrates and displays alerts of various cloud services, including HSS, WAF, and Anti-DDoS.
Indicators		Provides unified data class management (security operations objects) and built-in Huawei Cloud threat indicator standards. Integrates indicators of many cloud services and extracts indicators based on custom alert and incident rules.
Intelligent Modeling		Alert models can be built.
Security Analysis	Query and Analysis	Search and analysis: Supports quick data search and analysis, quick filtering of security data for security survey, and quick locating of key data. Statistics filtering: SecMaster supports quick analysis and statistics of data fields and quick data filtering based on the analysis result. Time series data supports statistics collection by default time partition, allowing data volume trend to be quickly spotted. SecMaster supports analysis, statistics, and sorting functions, and supports quick building of security analysis models. Visualization: Visualized data analysis intuitively reflects service structure and trend, enabling customized analysis reports and analysis indicators to be easily created.
	Data Monitoring	Supports end-to-end data traffic monitoring and management.
	Data Consumption	Provides streaming communication interfaces for data consumption and production, provides data pipelines that are integrated with SDKs, and allows customers to set policies for data production and consumption. Provides Logstash open-source collection plug-ins for data consumption and production.

Security Orchestration

Security Orchestration supports playbook management, process management, data class management (security entity objects), and asset connection management. You can also customize playbooks and processes.

Security Orchestration allows you to flexibly orchestrate security response playbooks through drag-and-drop according to your service requirements. You can also flexibly extend and define security operation objects and interfaces.

**Table 6** Functions
Function Module	Description
Objects	Manages operation objects such as data classes, data class types, and category mappings in a centralized manner.
Playbooks	Supports full lifecycle management of playbooks, processes, connections, and instances.
Layouts	Provides a visualized low-code development platform for customized layout of security analysis reports, alarm management, incident management, vulnerability management, baseline management, and threat indicator library management.
Plugins	Plug-ins used in the security orchestration process can be managed in a unified manner.

Data Collection

Collects various log data in multiple modes. After data is collected, historical data analysis and comparison, data association analysis, and unknown threat discovery can be quickly implemented.

**Table 7** Functions
Function Module	Description
Collectors	Logstash is used to collect various log data in multiple modes. After data is collected, historical data analysis and comparison, data association analysis, and unknown threat discovery can be quickly implemented.

Data Integration

Integrate security ecosystem products for associated operations or data interconnection. After the integration, you can search for and analyze all collected logs.

**Table 8** Functions
Function Module	Description
Data Integration	The built-in log collection system supports one-click integration of logs from Huawei Cloud cloud products, covering storage, management, monitoring, and security. After the integration, you can search for and analyze all collected logs.