Managing Check Items
This topic describes how to manage check items. The check items support the operations in the following table.
Operation Type |
Operation |
Description |
---|---|---|
Viewing check items |
Both check items in built-in and custom compliance packs are supported. |
|
Creating a custom check item |
Only check items in custom compliance packs are supported. |
|
Adding a check item to an allowlist |
Method 1: Adding a Check Item to an Allowlist on the Check Result Page |
If you want to skip a check item or resource instance during a check, you can add the check item or instance to an allowlist. On the check result page, you can add some check items you do not want to check in an allowlist. Removing them from the allowlist is not supported. If you want to check the check item again, remove it from the allowlist. To this end, you can go to the details page of the compliance pack, locate the specific check item, and cancel the allowlist. Alternatively, you can delete the allowlist policy on the Policy Settings page. |
Method 2: Adding a Check Item to an Allowlist on the Compliance Pack Details Page |
If you do not need to check a check item, you can add it to an allowlist. If you want to check the check item again, you can cancel the corresponding allowlist. On the details page of a compliance pack, you can add a specific check item to an allowlist, but the resource instances a check item applies to cannot be added to an allowlist through this page. |
|
Method 3: Adding an Allowlist Policy for a Check Item on the Policy Settings Page |
If you want to skip a check item or resource instance during a check, you can add the check item or instance to an allowlist. You can configure allowlist policies, delete an individual allowlist policy, all delete more allowlist policies all at once. |
|
Import |
Only check items in custom compliance packs are supported. |
|
Export |
Both check items in built-in and custom compliance packs are supported. |
|
Editing or deleting |
Only check items in custom compliance packs can be edited and deleted. Check items in built-in compliance packs cannot be edited or deleted. |
Limitations and Constraints
- For custom check items, SecMaster does not check them immediately after they are created. You need to perform an immediate check manually or check the compliance pack the check items associated with. Then, you can get their check results.
- When you import check items, note the following restrictions:
- Only .xlsx files can be imported.
- Only one file can be imported at a time. Maximum file size: 100 records.
- Check items in built-in compliance packs can only be viewed and exported, but cannot be edited or deleted.
Viewing Check Items
- Log in to the SecMaster console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose
. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.Figure 2 Accessing the Check Item tab
- On the Check Item tab, view the information about existing check items. For details about the parameters, see Table 2.
Creating a Custom Check Item
- Log in to the SecMaster console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 3 Workspace management page
- In the navigation pane on the left, choose
. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.Figure 4 Accessing the Check Item tab
- Click Create Check Item in the upper left corner of the check item list.
- On the Create Check Item page, set check item parameters.
Table 3 Parameters for creating check items Parameter
Description
Check Item
Name you specify for the check item.
It must meet the following requirements:
- Only letters, digits, underscores (_), periods (.), and hyphens (-) are allowed.
- Length: 1 to 256 characters
Description
Description you provide for the check item. A maximum of 4,096 characters are allowed.
Severity
Select the severity of the check item.
- Critical
- High
- Medium
- Low
- Informational
Action
Select an action for the check item.
- Executed by workflows: The check item is automatically executed through a workflow you specify, and the check result is reported by the workflow as well.
- Executed manually: You will manually complete the check item offline.
Select Workflow
If you set Action to Executed by workflows, you need to select a workflow. The Workflow Type must be Baseline Inspection.
If no appropriate workflows are available, click Create Workflow and create one on the workflow page.
Manual Check Items
If Action for a check item is set to Executed manually, SecMaster sets the check result options by default.
Cloud Service
Enter the information about the cloud service associated with the check item. Enter 0 to 36 characters.
- Click OK. You can filter check items by the created check item name on the check item page and view the basic information about the check items.
For custom check items, SecMaster does not check them immediately after they are created. You need to perform an immediate check manually or check the compliance pack the check items associated with. Then, you can get their check results.
You can edit or delete custom check items you add as required.
Adding a Check Item to an Allowlist on the Check Result Page
If you want to skip a check item or resource instance during a check, you can add the check item or instance to an allowlist.
An item or instance that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.
- Log in to the SecMaster console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 5 Workspace management page
- In the navigation pane on the left, choose Risk Prevention > Baseline Inspection.
Figure 6 Accessing the check result page
- In the check result list, click Allow in the Operation column of the row that contains the target check item.
- In the displayed dialog box, click OK. If an item is added to an allowlist, the check result list does not display the information about the check item. An item that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.
Adding a Check Item to an Allowlist on the Compliance Pack Details Page
If you do not need to check a check item, you can add it to an allowlist.
An item that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.
- Log in to the SecMaster console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 7 Workspace management page
- In the navigation pane on the left, choose Compliance Pack tab.
. On the displayed page, click the Security Standards tab. Then, click the Figure 8 Accessing the Compliance Pack tab
- Click the name of the target compliance pack to go to its details page.
- Search for the target check item in the compliance pack list and click Allow in the Operation column.
- In the displayed dialog box, click OK. If an item is added to an allowlist, the check result list does not display the information about the check item. An item that has been added to an allowlist will be skipped during the check. It will not be counted when the Check Pass Rate is calculated.
Adding an Allowlist Policy for a Check Item on the Policy Settings Page
- Log in to the SecMaster console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 9 Workspace management page
- In the navigation pane on the left, choose Risk Prevention > Baseline Inspection.
Figure 10 Accessing the check result page
- Click Policy Settings in the upper right corner of the page. The Policy Settings page is displayed.
- On the Allowlist Policies tab, click Add Allowlist Policy. The Add Allowlist Policy page is displayed. Set the parameters as required.
Table 4 Parameters for adding an allowlist policy Parameter
Description
Environment
Select the cloud environment that the target check item belongs to.
You can only select a value from the drop-down list.
The value can be Huawei Cloud, indicating the Huawei Cloud environment.
Cloud Service
After selecting a value for Environment, select the cloud service that the target check item belongs to.
You can only select a value from the drop-down list.
The options of Cloud Service are cloud services associated with all check items in the cloud environment you select.
Check Item
After Environment and Cloud Service are configured, select the check item you want to add to the allowlist.
You can only select a value from the drop-down list.
The options for Check Item can be check items associated with the cloud services in the selected cloud environment.
Policy Application Scope
Set the application scope of the check item allowlist policy. The options are as follows:
- All instances: If you select All instances, the allowlist policy works for all resource instances associated with the check item added to the allowlist policy.
- Selected instances: If you select Selected instances, the allowlist policy works for resource instances selected by you and associated with the check item added to the allowlist policy.
- If a check item is associated with only one resource instance, you can select All instances or Selected instances. No matter which option is selected, the policy works the same.
Remarks (Optional)
A description of the policy.
A maximum of 1,000 characters are allowed.
- Click OK. You can view added allowlist policies on the Policy Settings page.
Cancelling or Deleting an Allowlist Policy
After an item is added to an allowlist, SecMaster skips this item during the check. This item is no longer counted when the check pass rate is calculated. If you need to check the item later, you can cancel the allowlist or delete the allowlist policy. To this end, you can select one of the following methods based on how the item was added to an allowlist.
- For check items added to an allowlist by Adding a Check Item to an Allowlist on the Check Result Page:
- Method 1: Click Cancel Allowlist in the Operation column of the target check item by referring to Adding a Check Item to an Allowlist on the Compliance Pack Details Page. In the dialog box displayed, click OK.
- Method 2: Delete the allowlist policy corresponding to the target check item by referring to Adding an Allowlist Policy for a Check Item on the Policy Settings Page.
- For check items added to an allowlist by Adding a Check Item to an Allowlist on the Compliance Pack Details Page:
- Click Cancel Allowlist in the Operation column of the target check item by referring to Adding a Check Item to an Allowlist on the Compliance Pack Details Page. In the dialog box displayed, click OK.
- For Adding an Allowlist Policy for a Check Item on the Policy Settings Page, you can delete the allowlist policy of the target check item through the Policy Settings page.
- Deletion: Click Delete in the Operation column of the check item allowlist policy to be canceled. In the Delete dialog box, confirm the information and click OK.
- Batch deletion: Select all the allowlist policies you want to delete and click Batch Delete. In the Delete dialog box, confirm the information and click OK.
Importing Check Items
- Log in to the SecMaster console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 11 Workspace management page
- In the navigation pane on the left, choose
. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.Figure 12 Accessing the Check Item tab
- In the upper left corner above the check item list, click Import.
- In the dialog box displayed, click Download Template and complete the template.
- In the displayed dialog box, click Add File and upload the completed template file.
- Only .xlsx files can be imported.
- Only one file can be imported at a time. Maximum file size: 100 records.
- Click Import.
- You can view the imported check items on the check item tab. You can filter check items by check item name.
Exporting Check Items
- Log in to the SecMaster console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 13 Workspace management page
- In the navigation pane on the left, choose
. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.Figure 14 Accessing the Check Item tab
- Select check items you want to export from the check item list and click Export in the upper left corner above the list.
- In the displayed dialog box, select the format and data columns you want.
- Click Export.
Editing or Deleting a Check Item
- Log in to the SecMaster console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 15 Workspace management page
- In the navigation pane on the left, choose
. On the displayed page, click the Security Standards tab. Then, click the Check Item tab.Figure 16 Accessing the Check Item tab
- In the check item list, edit or delete a check item.
Table 5 Editing or deleting a check item Operation
Description
Editing a custom check item
- Locate the target check item and click Edit in the Operation column.
- Edit settings and click OK.
- Then, filter check items by check item name on the check item tab and view the check item information.
Only custom check items can be edited. Check items in built-in compliance packs cannot be edited.
Deleting a custom check item
- Locate the target check item and click Delete in the Operation column.
- In the displayed dialog box, confirm the deletion object, enter DELETE, and click OK.
Only custom check items can be deleted. Check items in built-in compliance packs cannot be deleted.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot