SecMaster
SecMaster
All results for "
" in this service
All results for "
" in this service
What's New
Function Overview
Service Overview
SecMaster Infographics
What Is SecMaster?
Product Advantages
Application Scenarios
Functions
Experience Packages
Preconfigured Playbooks
Limitations and Constraints
Permissions Management
SecMaster and Other Services
Basic Concepts
SOC
Security Overview and Situation Overview
Workspaces
Alert Management
Security Orchestration
Security Analysis
Billing
Billing Overview
Billing Modes
Overview
Yearly/Monthly Billing
Pay-per-Use Billing
Billing Items
Billing Examples
Changing the Billing Mode
Renewing Your Subscription
Overview
Manually Renewing SecMaster
Auto-renewing SecMaster
Bills
Arrears
Billing Termination
Cost Management
Billing FAQs
How Is SecMaster Billed?
Can I Use SecMaster for Free?
How Do I Change or Disable Auto Renewal for SecMaster?
Will SecMaster Be Billed After It Expires?
How Do I Renew SecMaster When It Is About to Expire?
Where Can I Unsubscribe from SecMaster?
Getting Started
How to Buy and Use SecMaster Basic Edition
How to Buy and Use SecMaster Standard Edition
How to Buy and Use SecMaster Professional Edition
Getting Started Through Common Practices
User Guide
Buying SecMaster
Buying SecMaster
Purchasing Value-Added Packages
Upgrading the Service Edition
Increasing Quotas
Authorizing SecMaster
Checking Security Overview
Workspaces
Workspace Overview
Creating a Workspace
Managing Workspaces
Viewing a Workspace
Editing a Workspace
Deleting a Workspace
Managing Workspace Tags
Workspace Agencies
Creating a Workspace Agency
Managing Agencies
Viewing Purchased Resources
Security Situation
Checking the Situation Overview
Checking Security Situation through Large Screens
Overall Situation Screen
Monitoring Statistics Screen
Asset Security Screen
Threat Situation Screen
Vulnerable Assets Screen
Security Reports
Creating and Copying a Security Report
Viewing a Security Report
Downloading a Security Report
Managing Security Reports
Task Center
Viewing To-Do Tasks
Handling a To-Do Task
Viewing Completed Tasks
Resource Manager
Overview
Configuring the Asset Subscription
Viewing Asset Information
Importing and Exporting Assets
Editing or Deleting an Asset
Risk Prevention
Baseline Inspection
Baseline Inspection Overview
Starting an Immediate Baseline Check
Conducting a Scheduled Baseline Inspection
Viewing Baseline Check Results
Handling Check Results
Managing Compliance Packs
Managing Check Items
Vulnerability Management
Overview
Viewing Vulnerability Details
Fixing Vulnerabilities
Ignoring and Unignoring a Vulnerability
Importing and Exporting Vulnerabilities
Policy Management
Overview
Adding an Emergency Policy
Managing Emergency Policies
Blocking and Canceling Blocking of an IP Address or IP Address Range
Threat Operations
Incident Management
Viewing Incidents
Adding and Editing an Incident
Importing and Exporting Incidents
Closing and Deleting an Incident
Alert Management
Overview
Viewing Alert Details
Suggestions on Handling Common Alerts
Converting an Alert into an Incident or Associating an Alert with an Incident
One-click Blocking or Unblocking
Closing and Deleting an Alert
Adding and Editing an Alert
Importing and Exporting Alerts
Indicator Management
Adding and Editing an Indicator
Closing and Deleting an Indicator
Importing and Exporting Indicators
Viewing Indicators
Intelligent Modeling
Viewing Model Templates
Creating and Editing a Model
Viewing a Model
Managing Models
Security Analysis
Security Analysis Overview
Configuring Indexes
Querying and Analyzing Logs
Log Fields
Quickly Adding a Log Alert Model
Viewing Results on a Chart
Downloading Logs
Managing Data Spaces
Managing Pipelines
Enabling Data Consumption
Enabling Data Monitoring
Query and Analysis Syntax
Query and Analysis Syntax Overview
Query Statements
Analysis Statements
SELECT
GROUP BY
HAVING
ORDER BY
LIMIT
Functions
Aggregate Functions
Data Delivery
Data Delivery Overview
Delivering Logs to Other Data Pipelines
Delivering Logs to OBS
Delivering Logs to LTS
Managing Data Delivery
Security Orchestration
Security Orchestration Overview
Playbook Orchestration Management
Enabling a Workflow
Enabling a Playbook
Managing Workflows
Managing Workflow Versions
Managing Playbooks
Managing Playbook Versions
Managing Asset Connections
Viewing Monitored Playbook Instances
Operation Object Management
Viewing Data Classes
Managing Alert Types
Managing Incident Types
Viewing Threat Intelligence Types
Managing Vulnerability Types
Viewing Custom Types
Managing Categorical Mappings
Creating a Custom Layout
Viewing Layout Templates
Viewing Plug-in Details
Playbook Overview
Ransomware Incident Response Solution
Attack Link Analysis Alert Notification
Playbook Overview
Configuring Playbooks
HSS Isolation and Killing of Malware
Playbook Overview
Configuring Playbooks
Automatic Renaming of Alert Names
Auto High-Risk Vulnerability Notification
Automatic Notification of High-Risk Alerts
Auto Blocking for High-risk Alerts
Real-time Notification of Critical Organization and Management Operations
Settings
Data Integration
Cloud Service Log Access Supported by SecMaster
Enabling Log Access
Log Data Collection
Data Collection Overview
Adding a Node
Configuring a Component
Adding a Connection
Creating and Editing a Parser
Adding and Editing a Collection Channel
Managing Connections
Managing Parsers
Managing Collection Channels
Managing Collection Nodes
Viewing Collection Nodes
Partitioning a Disk
Logstash Configuration Description
Connector Rules
Parser Rules
Upgrading the Component Controller
Customizing Directories
Permissions Management
Creating a User and Granting Permissions
SecMaster Custom Policies
SecMaster Permissions and Supported Actions
Key Operations Recorded by CTS
SecMaster Operations Recorded by CTS
Viewing CTS Traces in the Trace List
Best Practices
Log Access and Transfer Operation Guide
Solution Overview
Resource Planning
Process Flow
Procedure
(Optional) Step 1: Buy an ECS
(Optional) Step 2: Buy a Data Disk
(Optional) Step 3: Attach a Data Disk
Step 4: Create a Non-administrator IAM User
Step 5: Configure Network Connection
Step 6: Install the Component Controller (isap-agent)
Step 7: Install the Log Collection Component (Logstash)
(Optional) Step 8: Creating a Log Storage Pipeline
Step 9: Configure a Connector
(Optional) Step 10: Configure a Log Parser
Step 11: Configure a Log Collection Channel
Step 12: Verify Log Access and Transfer
Credential Leakage Response Solution
API Reference
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
API
Alert Management
Searching for an Alert List
Creating an Alert Rule
Deleting an Alert
This API is used to convert alerts to incidents
Querying Alert Detail
Updating an Alert
Incident Management
This API is used to search for the incident list
Creating an Incident
Deleting an Incident
Obtaining Details of an Incident
Updating an Incident
Indicator Management
Query the intelligence indicator list
Creating an Indicator
This API is used to delete an indicator
Querying Indicator Details
Updating Indicators
Playbook Management
Playbook Running Monitoring
Querying Playbook Statistic Data
Querying the Playbook List
Creating a Playbook
Querying Playbook Details
Deleting a Playbook
Modifying a Playbook
Alert Rule Management
Listing Alert Rules
Creating an Alert Rule
Deleting an Alert Rule
Querying an Alert Rule
Updating an Alert Rule
Simulating an Alert Rule
Total number of alert rules
Enabling an Alert Rule
Disabling an Alert Rule
Listing Alert Rule Templates
Viewing Alert Rule Templates
Playbook Version Management
Cloning a Playbook and Its Version
Querying the Playbook Version List
Creating a Playbook Version
Querying Playbook Version Details
Deleting a Playbook Version
Updated the playbook version
Playbook Rule Management
Querying Playbook Rule Details
Deleting a Playbook Rule
Creating a Playbook Rule
Updating a Playbook Rule
Playbook Instance Management
Querying the Playbook Instance List
Querying Playbook Instance Details
Operation Playbook Instance
Querying the Playbook Topology
Querying Playbook Instance Audit Logs
Playbook Approval Management
Reviewing a Playbook
Querying Playbook Review Result
Playbook Action Management
Querying the Playbook Workflow
Creating a Playbook Action
Delete Playbook Action
Updating a Playbook Workflow
Incident Relationship Management
Querying the Associated Data Object List
Associating a Data Object
Canceling Association with a Data Object
Data Class Management
Querying the Data Class List
Querying the Data Class List
Workflow Management
Querying the Workflow List
Data Space Management
Creating a Data Space
Pipelines
Creating a Data Pipeline
Workspace Management
Creating a Workspace
Querying the Workspace List
Metering and Billing
On-Demand Subscription of SecMaster
Metric Query
Querying Metrics in Batches
Baseline Inspection
Search Baseline Check Results
Appendix
Status Codes
Error Codes
Obtaining a Project ID
About Metrics
FAQs
Product Consulting
What Are the Dependencies and Differences Between SecMaster and Other Security Services?
What Are the Differences Between SecMaster and HSS?
What Are the Relationships and Differences Between SecMaster and SA?
Where Does SecMaster Obtain Its Data From?
About Purchase and Specifications Change
Why Cannot the Total ECS Quota Be Less Than the Number of Existing ECSs?
How Do I Obtain Permissions to Purchase SecMaster?
How Do I Change SecMaster Editions or Specifications?
Security Situation
How Do I Update My Security Score?
Why Is There No Attack Data or Only A Small Amount of Attack Data?
Why Is Data Inconsistent or Not Displayed on the Security Overview Page?
Threat Management
How Do I Handle a Brute-force Attack?
How Do I Check the Storage Space Used by All Logs?
Data Integration
How Long Are Logs Stored in SecMaster?
Data Collection
Why Did the Component Controller Failed to Be Installed?
How Are Collection Node or Collection Channel Faults Handled?
Which Commands Are Commonly Used for the Component Controller?
How Do I Release an ECS or VPC Endpoint?
Permissions Management
Can I Use SecMaster Across Accounts?
How Do I Grant Permissions to an IAM User?
Regions and AZs
What Are Regions and AZs?