Viewing a Security Report

Procedure

1. Log in to the management console.
2. Click in the upper left corner of the page and choose Security > SecMaster.
3. In the navigation pane, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 1 Management
   

4. In the navigation pane on the left, choose Security Situation > Reports.
   Figure 2 Reports
   

5. Select the target report and click the report icon. The report details page is displayed.

   On the report details page, you can preview details about the current security report.

   When there are a large number of reports, you can search for a specific report type by selecting the Type or Enabling Status of the report, and then click .

Content in the Daily Report Template

• Data Scope

  The default data scope of a daily report is from 00:00:00 to 23:59:59 on the previous day.

• Security score

  SecMaster evaluates and scores your asset security for the previous day (from 00:00:00 to 23:59:29) so that you can quickly learn of the overall security posture of assets. This score varies depending on the SecMaster edition you are using.

• Baseline check

  Displays the statistics of the latest baseline inspection, including the total number of current baseline check items, number of compliance check items, number of failed compliance check items, and proportion of failed compliance check items.

• Security vulnerabilities

  Displays the vulnerability statistics of the accessed cloud service on the previous day, including the total number of vulnerabilities, and number of unfixed vulnerabilities.

• Policy coverage

  Displays the coverage of current security products, including the following information: number of instances protected by security products (= number of protected ECSs + number of protected WAF instances), host security coverage (= number of protected ECSs/total number of ECSs), number of current protected ECSs, and number of current protected websites.

• Asset security

  Displays the security status of current assets, including the total number of assets you have, and the number of vulnerable assets.

• Security analysis

  Displays security analysis statistics of the previous day, including the total security log traffic of the previous day, and the number of security log models.

• Security response

  Displays the security response status of the previous day, including the total number of alerts handled, intrusions confirmed, and playbooks executed, percentage of alerts automatically handled by playbooks, average MTTR, and number of confirmed high-risk intrusions for the previous day.

• Asset risk

  Displays the asset security status of the previous day, including number of attacked assets, number of unprotected assets, number of vulnerable assets, and asset protection rate of the previous day, as well as the asset changes over the last 7 days.

• Threat posture

  Displays the threat posture of assets for the previous day. You can view how many DDoS, network, application, and server attacks detected, DDoS, WAF, and HSS inspection statistics, and network and server attack changes for the previous day. You can also view top 5 network, application, and server attack types, as well as the distribution of top 5 application attack sources, top 5 attacked applications, top 5 network attack sources, and the five servers with the most alerts.

• Log analysis

  Displays the log statistics for the previous day, including log sources, log indexes, received logs, and log storage capacity as well as top 10 models that report the most alerts. It also displays logs analysis for the past 7 days, including log change trend and 5 log sources with the largest traffic volume.

• Security Response

  Displays the security response information for the previous day, including the number of handled alerts, incidents, vulnerabilities, and risky baseline settings, distribution and quantity of threat alerts, distribution and quantity of top 5 intrusion incidents, top 5 emergency responses, and handling status of top 20 threat alerts.

• External security hotspot

  Displays information about external security hotspots for the previous day.