Updated on 2023-12-22 GMT+08:00

Overview

The Security Overview page gives you a comprehensive overview of your asset security posture in real time together with other linked cloud security services to collectively display security assessment findings. On the Security Overview page, you can view security status of your cloud resources, take required actions with just a few clicks, and manage risks centrally.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
  3. In the navigation pane on the left, choose Security Overview.

    Figure 1 Security Overview

  4. On the Security Overview page, you can view the security overview of your assets and perform related operations. The Security Overview page consists of the following modules:

    The following table describes the reference periods and update frequency of the modules.

    Table 1 Security Overview

    Parameter

    Statistical Period

    Update Frequency

    Description

    Security Score

    Real-time

    • Automatic update at 02:00 every day
    • Updated every time you click Check Again

    The score is calculated based on what security services are enabled, and the levels and numbers of unhandled configuration issues, vulnerabilities, and threats. For details, see Security Score.

    Threat Alarms

    Last 7 days

    Every 5 minutes

    Total number of alerts in all SecMaster workspaces of your account.

    Vulnerabilities

    Last 7 days

    Every 5 minutes

    Total number of vulnerabilities in all SecMaster workspaces of your account.

    Abnormal Baseline Settings

    Real-time

    Every 5 minutes

    Total number of abnormal baseline settings in all SecMaster workspaces of your account.

    Your Security Score over Time

    Last 7 days

    Every 5 minutes

    Security scores in the last seven days.

Security Score

The security score shows the overall health of your workloads on the cloud based on the SecMaster edition you are using. You can quickly understand the unprocessed risks and their threats to your assets. Figure 2 shows an example.

Figure 2 Security Score
  • The security score is automatically updated at 02:00 every day. You can also click Check Again to update it immediately.
  • The score ranges from 0 to 100. The higher the security score, the more secure your assets. For details, see Security Score.
  • Different color blocks in the security score ring chart indicate different severity levels. For example, yellow indicates that your security is medium.
  • The security score is updated when you refresh status of the alert incident after risk handling. After you fix the risks, you can click Check Again so that SecMaster can check and score your system again.

    After risks are fixed, manually ignore or handle alert incidents and update the alert incident status in the alert list. The risk severity can be down to a proper level accordingly.

  • The security score reflects the security situation of your system last time you let SecMaster check the system. To obtain the latest score, click Check Again.

Security Monitoring

The Security Monitoring area includes Threat Alarms, Vulnerabilities, and Abnormal Baseline Settings, which sort risks that have not been handled.

Figure 3 Security Monitoring
Table 2 Security Monitoring parameters

Parameter

Description

Threat Alarms

This panel displays the unhandled threat alerts in all workspace of the current account for the last 7 days. You can quickly learn of the total number of unhandled threat alerts and the number of vulnerabilities at each severity level. The statistics are updated every 5 minutes.

  • Risk severity levels:
    • Critical: There are intrusions to your workloads, and you should view alert details and handle the alert in a timely manner.
    • High: There are abnormal incidents on your workloads, and you should view alert details and handle the alert in a timely manner.
    • Others: There are risky incidents that are marked as medium-risk, low-risk, and informational alerts detected in your systems, and you should view alert details and take necessary actions.
  • To quickly view details of top 5 threat alerts for the last 7 days, click the Threat Alarms panel.
    • You can view details of those threats, including the threat alert name, severity, asset name, and discovery time.
    • If no data is available here, no threat alerts are generated for the last 7 days.
    Figure 4 Viewing real-time alerts

Vulnerabilities

This panel displays the top five vulnerability types and the total number of unfixed vulnerabilities in your assets in all workspaces of your account for the last 7 days. You can quickly learn of the total number of unfixed vulnerabilities and the number of vulnerabilities at each severity level. The statistics are updated every 5 minutes.

  • Risk severity levels:
    • High: There are vulnerabilities on your workloads, and you should view vulnerability details and handle them in a timely manner.
    • Medium: There are abnormal incidents on your workloads, and you should view vulnerability details and handle the vulnerability in a timely manner.
    • Others: There are risky incidents that are marked as low-risk or informational in your systems, and you should view vulnerability details and take necessary actions.
  • When you click the Top 5 Vulnerability Types tab, the system displays top 5 vulnerability types.
    • Vulnerability rankings are based on the number of hosts a vulnerability affects. The vulnerability ranked the first affects the most hosts.
    • The data is displayed in Top 5 Vulnerability Types only when the hosts have Host Security Service (HSS) Agent version 2.0 installed. If no data is displayed or you want to view top 5 vulnerability types, upgrade Agent from 1.0 to 2.0.
    Figure 5 Top 5 Vulnerability Types
  • Click Top 5 Real-Time Vulnerabilities tab. The system displays the top 5 vulnerability incidents for the last 7 days. You can quickly view vulnerability details.
    • You can view details such as the vulnerability name, severity, asset name, and discovery time.
    • If no data is available here, no vulnerabilities are detected on the current day.
    Figure 6 Viewing real-time vulnerabilities

Abnormal Baseline Settings

This panel displays the total number of compliance violations detected in all workspaces of your account. You can quickly learn of total number of violations and the number of violations at each severity level. The statistics are updated every 5 minutes.

  • Risk severity levels:
    • Critical: There are intrusions to your workloads, and you should view details about abnormal baseline settings and handle them in a timely manner.
    • High: There are abnormal incidents on your workloads, and you should view details about compliance risks and handle them in a timely manner.
    • Others: There are risky incidents that are marked as medium-risk, low-risk, and informational alerts detected in your systems, and you should view details about results of compliance checks and take necessary actions.
  • To quickly view details of top 5 abnormal compliance risks, click the Abnormal Baseline Settings panel.
    • You can view details of the top compliance risks discovered in the latest check, such as check item name, severity, asset name, and discovery time.
    • If no data is available, no violations are detected for the last 30 days.
    Figure 7 Viewing compliance risks

Your Security Score over Time

SecMaster displays your security scores over the last 7 days. The statistics are updated every 5 minutes.

Figure 8 Your Security Score over Time