Dashboard

On the HSS dashboard, you can check the security score, risks, and protection overview of all your assets in real time, including servers and containers.

Viewing the Dashboard Page

Log in to the management console.
In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.

In the navigation pane, choose Dashboard and check the security overview. For more information, see Table 1.

If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.

Figure 1 Dashboard

**Table 1** Dashboard components
Component	Description
Quotas and agents to be upgraded (component 1 in Dashboard)	HSS edition quotas and their usage, and the number of agents to be upgraded. Click the number of quotas to go to quota list. Click the number of agents to be upgraded to go to the agent list and upgrade agents. NOTE: HSS will be continuously upgraded to provide new features and fix bugs. To enjoy better HSS features, upgrade the agent to the latest version in a timely manner. For details, see Upgrading the agent.
Secure score (component 2 in Dashboard)	The security score is in the range 0 to 100. The default score for risk-free assets is 100. Points are deducted based on baseline risks, vulnerability risks, intrusion risks, and asset risks. A low score indicates high security risks in assets. For details about scoring criteria and how to improve your score, see Security Score Deduction.
News (component 3 in Dashboard)	Latest vulnerability information.
Security risk (component 4 in Dashboard)	Security risks detected by HSS in your assets. Server Risks Urgent/Total Alarms: Number of alarms that need to be handled immediately and the total number of alarms. You can click the number of urgent alarms to go to the Alarms page and handle alarms. For details, see Handling Server Alarms. Critical/Total Vulnerabilities: Number of critical vulnerabilities and the total number of vulnerabilities. You can click the number of critical vulnerabilities to go to the Vulnerabilities page and handle vulnerabilities. For details, see Handling Vulnerabilities. Unsafe Settings: Number of baseline risks to be handled. You can click the number to go to the Baseline Checks page and fix baseline risks. For details, see Fixing Unsafe Settings. Suspicious Processes to Be Handled: Total number of suspicious processes to be handled. You can click the number of suspicious processes to be handled to go to the Application Process Control page and handle suspicious processes. For details, see Checking and Handling Suspicious Processes. Container Risks High-Priority/Total Vulnerabilities: Number of high-risk vulnerabilities and the total number of vulnerabilities. You can click the number of high-priority vulnerabilities to go to the Image Vulnerabilities tab and check vulnerability fixing suggestions. For details, see SWR Image Repository Vulnerabilities. Risk Trend Asset risk trend in the last seven days.
Protection overview (component 5 in Dashboard)	Asset protection overview. Assets: Total number of assets in the current region. You can click the total number of assets to go to the Assets page to view asset distribution and protection status. Unprotected/Total Servers: Number of unprotected servers and the total number of servers. You can click the number of unprotected servers to go to the Servers & Quota page to view servers and enable protection. For details, see Enabling Protection. Unprotected/Total Containers: Number of unprotected containers and the total number of containers. You can click the number of unprotected containers to go to the Containers & Quota page to view containers and enable protection. For details, see Enabling Container Protection. Security feature status: The number of servers protected by each feature and the number of items detected by each feature. You can click View Details to go to corresponding feature page.
Best Practices	HSS best practices. Click a title to view details.
FAQ	HSS best FAQ. Click a title to view details.
Related Services	Security services related to HSS. Click a service name to go to its console.

Security Score Deduction

HSS calculates your security score based on detected security items (vulnerabilities, baselines, intrusions, assets, and images) and unprotected assets. The total full score is 100. The full score of each category is as follows:

No vulnerabilities detected: 20
No baseline risks detected: 20
No intrusion risks detected: 30
No asset risks detected: 10
No image risks detected: 10
No unprotected assets: 10

Points are deducted every time a risk is detected in a category until all points in that category are deducted. For more information, see Table 2.

**Table 2** Security score deduction
Category		Score Deduction Item	Affected HSS Edition	Points Deducted	Multiply Deducted Score by Risk Quantity	How to Improve Score
Vulnerabilities	Unhandled vulnerabilities	Unhandled critical vulnerabilities	All	10	√	Fix vulnerabilities based on the suggestions provided, scan for vulnerabilities again, and update the score. For details about how to fix vulnerabilities, see Handling Vulnerabilities. For details about how to scan for vulnerabilities, see Vulnerability Scan.
		Unhandled high-risk vulnerabilities	All	3	√
		Unhandled medium-risk vulnerabilities	All	1	√
		Unhandled low-risk vulnerabilities	All	0.1	√
	No vulnerability scan	No vulnerability scans were performed in the past month.	All	15	×	The basic edition HSS does not provide vulnerability scan. To use this feature, upgrade HSS to the enterprise or premium edition. For details, see Upgrading Protection Quotas. In HSS professional, enterprise, premium, and WTP editions, you are advised to perform vulnerability scans. For details, see Vulnerability Scan.
Baseline issues	Unhandled non-compliance items	Unhandled high-risk non-compliance items	All	10	√	Rectify non-compliance items, perform a baseline check again, and update the score. For details about how to fix baseline risks, see Fixing Unsafe Settings. For details about how to perform a baseline check, see Viewing Baseline Check Details.
		Unhandled medium-risk non-compliance items	All	3	√
		Unhandled low-risk non-compliance items	All	1	√
	Weak passwords	Weak passwords	All	10	√	Use strong passwords. For details, see How Do I Set a Secure Password?
	Weak password check not enabled	Weak password check policy not enabled	All	10	×	Enable the Weak Password Detection policy to check for weak passwords on servers. For details, see Viewing a Policy Group.
	Baseline check not performed	No baseline checks were performed in the past month.	All	10	×	The HSS basic and professional editions do not provide baseline check. To use this feature, you are advised to upgrade HSS to the enterprise or premium edition. For details, see Upgrading Protection Quotas. In HSS professional, enterprise, premium, and WTP editions, you are advised to perform baseline checks. For details, see Viewing a Policy Group.
Intrusions	Unhandled alarms	Unhandled critical alarms	All	10	√	Handle alarms based on the suggestions provided. After alarms are handled, HSS will automatically update the score. For details, see Handling Server Alarms and Handling Container Alarms.
		Unhandled high-risk alarms	All	3	√
		Unhandled medium-risk alarms	All	1	√
		Unhandled low-risk alarms	All	0.1	√
	Protection not enabled	No security policies enabled	All	30	×	In the HSS professional, enterprise, premium, WTP, and container editions, you need to enable protection policies. For details, see Viewing a Policy Group. The intrusion detection policies that need to be enabled for each edition are as follows: Professional/Enterprise edition: Linux: web shell detection, file protection, HIPS detection, login security check, malicious file detection, abnormal process behaviors, root privilege escalation, real-time process, and rootkit detection Windows: AV detection, web shell detection, HIPS detection, login security check, and real-time process Premium/WTP edition Linux: cluster intrusion detection, web shell detection, file protection, HIPS detection, login security check, malicious file detection, port scan detection, abnormal process behaviors, root privilege escalation, real-time process, and rootkit detection Windows: AV detection, web shell detection, HIPS detection, login security check, and real-time process Container edition Cluster intrusion detection, container escape detection, web shell detection, container file monitoring, container process whitelist, and suspicious image behaviors
		Login security policy not enabled	All	10	×	In HSS professional, enterprise, premium, WTP, and container editions, you need to enable the Login Security Check policy for servers. For details, see Viewing a Policy Group.
		Ransomware prevention policy not enabled	Premium edition	15	×	The HSS premium, WTP, and container editions support ransomware prevention. In these editions, you need to enable the ransomware prevention policy and the backup policy. (10 points will be deducted if backup is not enabled.) For details, see Enabling Ransomware Prevention.
		WTP policy is not enabled	WTP edition	20	×	In the HSS WTP edition, you need to enable WTP policy for servers. For details, see Enabling Web Tamper Protection.
		Container runtime detection policy not enabled	Container edition	20	×	In the HSS container edition, you need to enable the Container Escape policy for servers. For details, see Viewing a Policy Group.
Asset risks	Open ports	Open TCP/UDP high-risk ports	All	1	√	You are advised to disable unnecessary ports. To enable a port, choose Asset Management > Server Fingerprints, click Open Ports, and ignore the port.
Asset risks	Asset discovery not enabled	Asset discovery policy not enabled	All	5	×	The HSS basic, professional, and enterprise editions do not provide asset discovery. To use this feature, upgrade HSS to the premium edition. For details, see Upgrading Protection Quotas. In the HSS premium and WTP editions, you are advised to enable the Asset Discovery policy. For details, see Viewing a Policy Group.
Image risks	Unsafe images	High-risk images	Container edition	3	√	Re-create an image, scan the image, and update the score.
		Medium-risk images	Container edition	1	√
		Medium-risk images	Container edition	0.1	√
	Image security scan not performed	No image security scans were performed in the past month.	Container edition	5	×	In the HSS container edition, you are advised to perform image security scans. For details, see Container Images.
Server protection not enabled	Server protection not enabled	Unprotected servers	All	0.1–1	√	The points deducted for an unprotected server vary depending on its asset importance: Important asset: 1 General asset: 0.5 Test asset: 0.1 You are advised to enable protection for your server as soon as possible. For details, see Enabling Protection.