Functions

Based on cloud native security, SecMaster provides a comprehensive closed-loop security response process that contains log collection, intelligent analysis, situation awareness, orchestration, and response, helping you protect cloud security.

Functions

**Table 1** Functions
Function	Function Module	Description	Basic Edition	Professional Edition
Security Overview	Security Overview	Security Score: A security score shows the overall health status of your workloads on the cloud so you can quickly learn of unhandled risks and their threats to your assets. The lower the security score, the greater the overall asset security risk. Security Monitoring: You can view how many threats, vulnerabilities, and compliance violations that are not handled and view their details. Your Security Score over Time: You can view the trend of the asset health scores for the last seven days.	√	√
Workspaces	Workspaces	Workspace management: Workspaces are top-level workbenches in SecMaster. A workspace can be associated with projects and regions to support security operations in different scenarios.	√	√
Purchased Resources	Purchased Resources	You can view resources purchased by the current account on the Purchased Resources page and manage them centrally.	√	√
Security Situation	Situation Overview	Security Score: A security score shows the overall health status of your workloads on the cloud so you can quickly learn of unhandled risks and their threats to your assets. The lower the security score, the greater the overall asset security risk. Security Monitoring: You can view how many threats, vulnerabilities, and compliance violations that are not handled and view their details. Your Security Score over Time: You can view the trend of the asset health scores for the last seven days.	√	√
	Large Screen	SecMaster leverages AI to analyze and classify massive cloud security data and then displays real-time results on a large screen. In a simple, intuitive, and efficient way, you will learn of what risks your cloud environment are facing and how secure your cloud environment is. NOTE: To use the large screen module, apply for it separately.	×	√
	Security Reports	You can generate analysis reports and periodically send them to specified recipients by email. In this way, all recipients can learn about the security status of your assets in a timely manner.	×	√
	Task Center	All tasks that need to be processed are displayed centrally.	×	√
Resource Manager	Resource Manager	SecMaster can synchronize the security statistics of all resources. So that you can check the name, service, and security status of a resource to quickly locate security risks.	√	√
Risk Prevention	Baseline Inspection	SecMaster can scan cloud baseline configurations to find out unsafe settings, report alerts for incidents, and offer hardening suggestions to you.	√	√
	Vulnerabilities	SecMaster automatically synchronizes vulnerability scan results from Host Security Service (HSS), displays vulnerability scan details by category, and provides vulnerability fixing suggestions.	√	√
	Security Policies	SecMaster supports centralized management of defense and emergency policies.	√	√
Threat Operations	Incidents	SecMaster centrally displays incident details and allows you to manually or automatically convert alerts into incidents.	×	√
	Alerts	This module provides unified data class (security operations objects) management and built-in alert reporting standards. You can aggregate alerts from other cloud services such as HSS, WAF, and DDoS Mitigation and manage them centrally.	√	√
	Indicators	This module provides unified data class (security operation objects) management and built-in threat intelligence indicator library. You can access and manage security indicators from other cloud services, and create custom rules for extracting indicators.	×	√
	Intelligent Modeling	SecMaster uses models to scan logs in pipelines. If SecMaster detects data that hits the trigger in a model, SecMaster generates an alert.	×	√
	Security Analysis	Query and analysis Search and analysis: Supports quick data search and analysis, quick filtering of security data for security survey, and quick locating of key data. Statistics filtering: SecMaster supports quick analysis and statistics of data fields and quick data filtering based on the analysis result. Time series data supports statistics collection by default time partition, allowing data volume trend to be quickly spotted. SecMaster supports analysis, statistics, and sorting functions, and supports quick building of security analysis models. Visualization: Data analysis is visualized to intuitively reflect service structure and trend, so that you can create custom analysis reports and analysis indicators easily. Data delivery: SecMaster can deliver data to other pipelines or other cloud products in real time so that you can store data or consume data with other systems. Data monitoring: SecMaster supports end-to-end data traffic monitoring and management. Data consumption: SecMaster provides streaming communication interfaces for data consumption and production and data pipelines that are integrated in SDKs. You can use SDKs to integrate data across systems and customize data consumers and producers. SecMaster provides open-source log collection plug-in Logstash. You can enable custom data consumers and producers. NOTE: To use security analysis, apply for it in the value-added pack separately.	×	√
Security Orchestration	Objects	You can centrally manage operation objects such as data classes, data class types, and categorical mappings.	×	√
	Playbooks	You can manage playbooks, workflows, asset connections, and playbook instances throughout their lifecycles.	×	√
	Layouts	This module provides a visualized low-code development platform. In this module, you can create custom layout of pages for security analysis reports, alert management, incident management, vulnerability management, baseline management, and threat indicator library management. NOTE: To use security orchestration, apply for it in the value-added pack separately.	×	√
	Plugins	Plug-ins used in the security orchestration process can be managed centrally.	×	√
Data Collection	Data Collection (Collections and Components)	Logstash is used to collect varied log data in multiple modes. After data is collected, historical data analysis and comparison, data association analysis, and unknown threat discovery can be quickly implemented.	×	√
Data Integration	Data Integration	SecMaster provides a preset log collection system. You can enable access to logs of other cloud services in just a few clicks. You can search and analyze all collected logs in SecMaster.	×	√
Directory Customization	Directory Customization	You can view in-use directories and change their layouts.	×	√