Functions

Based on cloud native security, SecMaster provides a comprehensive closed-loop security response process that contains log collection, security governance, intelligent analysis, situation awareness, orchestration, and response, helping you protect cloud security.

SecMaster provides basic, standard, and professional editions for you to help meet security requirements in different scenarios. You can select the one that best fits your service needs.

Security Overview

The Security Overview page gives you a comprehensive view of your asset security posture together with other linked cloud security services to centrally display security assessment findings.

**Table 1** Functions
Function Module	Description	Basic	Standard	Professional
Security Overview	Security Score: A security score shows the overall health status of your workloads on the cloud so you can quickly learn of unhandled risks and their threats to your assets. The lower the security score, the greater the overall asset security risk. Security Monitoring: You can view how many threats, vulnerabilities, and compliance violations that are not handled and view their details. Your Security Score over Time: You can view the trend of the asset health scores for the last seven days.	√	√	√

Workspace Management

Workspaces are top-level workbenches in SecMaster. A workspace can be associated with common projects, enterprise projects, and regions to support security operations in different scenarios.

**Table 2** Functions
Function Module	Description	Basic	Standard	Professional
Workspaces	Workspace management: Workspaces are top-level workbenches in SecMaster. A workspace can be associated with projects and regions to support security operations in different scenarios. Workspace agencies: You can create an agency and use it to view the asset risks, alerts, and incidents of multiple workspaces across accounts.	√	√	√

Purchased Resources

Purchased Resources centrally displays the resources purchased by the current account, making it easier for you to manage them in one place.

**Table 3** Functions
Function Module	Description	Basic	Standard	Professional
Purchased Resources	You can view resources purchased by the current account on the Purchased Resources page and manage them centrally.	√	√	√

Security Situation

You can view the security overview on the large screen in real time and periodically subscribe to security operation reports to know the core security indicators.

**Table 4** Security situation functions
Function Module	Description	Basic	Standard	Professional
Situation Overview	Security Score: A security score shows the overall health status of your workloads on the cloud so you can quickly learn of unhandled risks and their threats to your assets. The lower the security score, the greater the overall asset security risk. Security Monitoring: You can view how many threats, vulnerabilities, and compliance violations that are not handled and view their details. Your Security Score over Time: You can view the trend of the asset health scores for the last seven days.	√	√	√
Large Screen	SecMaster leverages AI to analyze and classify massive cloud security data and then displays real-time results on a large screen. In a simple, intuitive, and efficient way, you will learn of what risks your cloud environment are facing and how secure your cloud environment is. NOTE: The large screen function needs to be purchased separately based on the standard or professional edition.	×	√	√
Security Reports	You can generate analysis reports and periodically send them to specified recipients by email. In this way, all recipients can learn about the security status of your assets in a timely manner.	×	×	√
Task Center	All tasks that need to be processed are displayed centrally.	×	√	√

Resource Manager

Resource Manager supports centralized management of assets on the cloud and assets outside the cloud and displays their security status in real time.

**Table 5** Functions
Function Module	Description	Basic	Standard	Professional
Resource Manager	SecMaster can synchronize the security statistics of all resources. So that you can check the name, service, and security status of a resource to quickly locate security risks.	√	√	√

Risk Prevention

Risk prevention provides baseline inspection, vulnerability management, and security policy management to help you check cloud security configurations and meet requirements in many security standards, such as DJCP, ISO, and PCI, as well as Huawei Cloud security best practice standards. You can learn about where vulnerabilities are located in the entire environment and fix them in just a few clicks.

**Table 6** Functions
Function Module	Description	Basic	Standard	Professional
Baseline Inspection	SecMaster can scan cloud baseline configurations to find out unsafe settings, report alerts for incidents, and offer hardening suggestions to you.	√	√	√
Vulnerabilities	SecMaster automatically synchronizes vulnerability scan results from Host Security Service (HSS), displays vulnerability scan details by category, and provides vulnerability fixing suggestions.	√	√	√
Security Policies	SecMaster supports centralized management of defense and emergency policies.	√	√	√

Threat Operations

SecMaster provides many threat detection models in the Threat Operations module to help customers detect threats from massive security logs and generate alerts. Beyond that, it provides built-in security response playbooks to help automatically analyze and handle alerts, and automatically harden security defense lines and security configurations.

**Table 7** Functions of the Threat Operations module
Function Module	Description	Basic	Standard	Professional
Incidents	SecMaster centrally displays incident details and allows you to manually or automatically convert alerts into incidents.	×	√	√
Alerts	Alerts of other cloud services such as HSS, WAF, and DDoS Mitigation are integrated for central display and management. SecMaster basic edition supports the aggregation of raw alerts from other security services. SecMaster standard edition supports the aggregation of raw alerts from other security services. SecMaster professional edition supports aggregation of raw alerts from other security services and precise alert reporting based on threat detection models.	√	√	√
Indicators	Indicators describe potential threats to your systems. Indicators provide necessary context for abnormal activities, so that you can quickly take measures to protect your personnel, information, and assets. Indicators associate observation items such as URLs or IP addresses with known threat activities such as phishing or malware. Indicators are widely used in security products and automated services to detect and prevent potential threats to organizations. You can create and manage indicators to accelerate threat detection and rectification. You can manually add indicators or import indicators to SecMaster. Then you can use indicators to create custom playbooks for threat management, analysis, and handling.	×	×	√
Intelligent Modeling	Models are supported to scan log data in pipelines. If SecMaster detects data that hits the trigger in a model, SecMaster generates an alert.	×	×	√
Security Analysis	Query and Analysis Search and analysis: Supports quick data search and analysis, quick filtering of security data for security survey, and quick locating of key data. Statistics filtering: SecMaster supports quick analysis and statistics of data fields and quick data filtering based on the analysis result. Time series data supports statistics collection by default time partition, allowing data volume trend to be quickly spotted. SecMaster supports analysis, statistics, and sorting functions, and supports quick building of security analysis models. Visualization: Visualized data analysis intuitively reflects service structure and trend, enabling customized analysis reports and analysis indicators to be easily created. Data Delivery: Data can be delivered to other pipelines or Huawei Cloud products in real time so that you can store data to or retrieve data from other systems. Data Monitoring: Data streams are monitored and managed in an end-to-end manner. Data Consumption: SecMaster provides streaming communication interfaces for data consumption and production, as well as data pipeline SDKs. So that you can use SDKs to integrate data across systems, and specify custom data producers and consumers. SecMaster provides open-source log collection plug-in Logstash. You can enable custom data consumers and producers. NOTE: You need to purchase the security analysis function in the value-added package at an extra cost.	×	√	√

Security Orchestration

Security Orchestration supports playbook, workflow, and data class (security entity objects) management. You can also customize playbooks and processes.

Security Orchestration allows you to flexibly orchestrate security response playbooks through drag-and-drop according to your service requirements. You can also flexibly extend and define security operation objects and interfaces.

SecMaster standard edition does not include security orchestration. You can buy a value-added package to use this function.

**Table 8** Functions
Function Module	Description	Basic	Standard	Professional
Objects	You can centrally manage operation objects such as data classes, data class types, and categorical mappings.	×	×	√
Playbooks	You can manage playbooks, workflows, asset connections, and playbook instances throughout their lifecycles. NOTE: You need to purchase the security orchestration function in the value-added package at an extra cost.	×	×	√
Layouts	This module provides a visualized low-code development platform. In this module, you can create custom layout of pages for security analysis reports, alert management, incident management, vulnerability management, baseline management, and threat indicator library management.	×	×	√
Plugins	Plug-ins used in the security orchestration process can be managed centrally.	×	×	√

Data Collection

You can collect various logs using different methods. After data is collected, historical data analysis and comparison, data association analysis, and unknown threat discovery can be quickly implemented.

**Table 9** Functions
Function Module	Description	Basic	Standard	Professional
Data Collection (Collections and Components)	Logstash is used to collect varied log data in multiple modes. After data is collected, historical data analysis and comparison, data association analysis, and unknown threat discovery can be quickly implemented.	×	√	√

Data Integration

SecMaster can integrate other cloud native security products for associated operations or data interconnection. After the integration, you can search for and analyze all collected logs.

**Table 10** Functions
Function Module	Description	Basic	Standard	Professional
Data Integration	SecMaster provides a preset log collection system. You can enable access to logs of other cloud services in just a few clicks. After the integration, you can search for and analyze all collected logs.	×	√ (Only cloud service alerts can be integrated.)	√