- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Buying SecMaster
- Authorizing SecMaster
- Viewing Security Overview
- Workspaces
- Viewing Purchased Resources
- Security Situation
- Resource Manager
- Risk Prevention
- Threat Operations
- Security Orchestration
-
Playbook Overview
- Ransomware Incident Response Solution
- Attack Link Analysis Alert Notification
- HSS Isolation and Killing of Malware
- Automatic Renaming of Alert Names
- Auto High-Risk Vulnerability Notification
- Automatic Notification of High-Risk Alerts
- Auto Blocking for High-risk Alerts
- Real-time Notification of Critical Organization and Management Operations
-
Settings
- Data Integration
-
Log Data Collection
- Data Collection Overview
- Adding a Node
- Configuring a Component
- Adding a Connection
- Creating and Editing a Parser
- Adding and Editing a Collection Channel
- Managing Connections
- Managing Parsers
- Managing Collection Channels
- Viewing Collection Nodes
- Managing Nodes and Components
- Partitioning a Disk
- Logstash Configuration Description
- Connector Rules
- Parser Rules
- Upgrading the Component Controller
- Customizing Directories
- Permissions Management
- Key Operations Recorded by CTS
-
Best Practices
-
Log Access and Transfer Operation Guide
- Solution Overview
- Resource Planning
- Process Flow
-
Procedure
- (Optional) Step 1: Buy an ECS
- (Optional) Step 2: Buy a Data Disk
- (Optional) Step 3: Attach a Data Disk
- Step 4: Create a Non-administrator IAM User
- Step 5: Configure Network Connection
- Step 6: Install the Component Controller (isap-agent)
- Step 7: Install the Log Collection Component (Logstash)
- (Optional) Step 8: Creating a Log Storage Pipeline
- Step 9: Configure a Connector
- (Optional) Step 10: Configure a Log Parser
- Step 11: Configure a Log Collection Channel
- Step 12: Verify Log Access and Transfer
- Credential Leakage Response Solution
-
Log Access and Transfer Operation Guide
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
- Alert Management
- Incident Management
- Indicator Management
- Playbook Management
- Alert Rule Management
- Playbook Version Management
- Playbook Rule Management
- Playbook Instance Management
- Playbook Approval Management
- Playbook Action Management
- Incident Relationship Management
- Data Class Management
- Workflow Management
- Data Space Management
- Pipelines
- Workspace Management
- Metering and Billing
- Metric Query
- Baseline Inspection
- Appendix
- FAQs
Baseline Inspection Overview
SecMaster can scan cloud services for risks in key configuration items, report scan results by category, generate alerts for incidents, and provide hardening suggestions and guidelines.
SecMaster can check key cloud service configurations for your workloads on the cloud based on preconfigured security standards Cloud Security Compliance Check 1.0 and Network Security. In addition, you can add check items and compliance packs to make custom compliance packs to meet your own needs.
Limitations and Constraints
The SecMaster basic and standard editions do not support custom check items or compliance packs.
Baseline Check Methods
- Automated baseline checks
By default, SecMaster performs a check every three days. From 00:00 to 06:00, SecMaster checks all assets in the current region under your account based on compliance pack Cloud Security Compliance Check 1.0. The default check plan can be enabled or disabled only. No changes on its compliance packs or execution time can be made.
- Scheduled custom baseline checks
You can customize the automatic check period, time, and scope. You can also customize the check items that can be automated in Cloud Security Compliance Check 1.0, Network Security, and Huawei Cloud Security Configuration. For details about how to perform a baseline inspection, see Performing a Scheduled Baseline Check.
- Immediate baseline checks
You can start all security standards or a specific check plan to detect violations in real time. You can set auto check items in Cloud Security Compliance Check 1.0, Network Security, and Huawei Cloud Security Configuration packs. For check items that support only manual check, the system generates check items whose check results are To be checked. You need to perform a manual check offline and then report the check results to the SecMaster console. For details about immediate baseline checks, see Starting an Immediate Baseline Check.
You can start all security standards or a specific check plan to detect violations in real time. You can set the auto check items in the compliance packs. For check items that support only manual check, the system generates check items whose check results are To be checked. You need to perform a manual check offline and then report the check results to the SecMaster console. For details about immediate baseline checks, see Starting an Immediate Baseline Check.
- You can start all compliance packs in use to detect violations against automatic check items.
- You can start a check plan to detect violations against check items in the compliance pack configured in the check plan.
- You can select one or more check items and start them at once.
- Manual baseline checks
There are some manual check items included in baseline inspection. After you finish a manual check, report the check results to SecMaster. The pass rate is calculated based on results from both manual and automatic checks. For automatic check items, you can manually start specific checks.
Some check items in Cloud Security Compliance Check 1.0 and Network Security are manual.
For details about manual checks, see Performing a Manual Baseline Check.
Process
The process of baseline inspection is as follows.
|
No. |
Operation |
Description |
|---|---|---|
|
1 |
SecMaster uses the default check plan to check all assets.
|
|
|
2 |
The baseline inspection supports periodic and immediate checks.
|
|
|
3 |
You can view the baseline inspection results after each manual check or automated check. You can quickly learn affected assets and details about the baseline inspection items. |
|
|
4 |
You can handle risky items based on the rectification suggestions. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
