Help Center/ SecMaster/ Best Practices/ Using SecMaster to Enable Efficient Security Operations/ Step 1: Organize Your Service Information
Updated on 2026-06-24 GMT+08:00
View PDF
Share

Step 1: Organize Your Service Information

Check the overall network protection information, organize the attack paths that may target cloud service systems, and build a security architecture.

SecMaster manages assets such as websites, ECSs, databases, IP addresses, and VPCs, and associates them with corresponding security services. SecMaster helps build a comprehensive network protection architecture across multiple layers, such as the network, application, server, and data layers, to keep your service system secure and stable.

  • You can import assets from other environments into SecMaster for centralized management. For details, see Importing Assets.

Organizing Website Assets

Web services are critical and widely used by businesses, yet they are also highly vulnerable to attacks. So, organizing web assets is essential before starting network protection.

For website domain names, you can use Web Application Firewall (WAF) to check and protect website service traffic. WAF intelligently identifies malicious requests and defends against unknown threats, preventing origin servers from being attacked or cracked by hackers and safeguarding core assets.

SecMaster's asset management function automatically synchronizes domain names that have been added to WAF into SecMaster for centralized management. Ensure that all websites are connected to WAF and WAF protection is enabled to keep them secure.

To check website protection status, perform the following operations:

  1. Log in to the SecMaster console.
  2. Go to the target workspace.
  3. In the navigation pane on the left, choose Resource Manager > Resource Manager. On the displayed page, click the Websites tab to view the protection status of each server.
    The following table describes website protection statuses.
    Table 1 Website protection statuses

    Protection Status

    Description

    Unprotected

    WAF protection has not been enabled for the website domain name.

    To prevent your website from being attacked by malicious traffic, you are advised to connect your website to WAF so that WAF can inspect HTTP and HTTPS requests to keep your core service data secure. For details, see Connecting a Website to WAF.

    After protection is enabled, you can customize the following website protection configurations and use the strict protection mode:

    Basic web protection (block mode), CC attack protection (block mode), precise protection (block mode), IP address blacklist and whitelist (block mode), and geolocation access control (block mode)

    For details about how to configure protection, see Website Protection Configuration Suggestions.

    Protected

    You have purchased WAF, connected your website domain name to WAF, and enabled protection.

    --

    The corresponding security protection product (WAF) is unavailable in the region.

Organizing Server Assets

SecMaster offers an asset management feature that automatically collects information about Elastic Cloud Server (ECS) assets you have. You can view their names, images, IP addresses, and other information in SecMaster.

For your ECS assets, you can use Host Security Service (HSS) to build a server security system and reduce major security risks faced by servers. HSS comprehensively identifies and manages information assets on ECSs, monitors risks in real time, and prevents unauthorized access.

Ensure that all your ECSs, especially those associated with EIPs and those hosting web services, are connected to HSS, so that HSS can protect them against security risks.

To check website protection status, perform the following operations:

  1. Log in to the SecMaster console.
  2. Go to the target workspace.
  3. In the navigation pane on the left, choose Resource Manager > Resource Manager. On the displayed page, click the Servers tab to view the protection status of each server.
    The following table describes server protection statuses.
    Table 2 Server protection statuses

    Server Protection Status

    Description

    Unprotected

    HSS protection has not been enabled for the ECS. The ECS is at high risk of intrusion. You are advised to enable HSS protection for the ECS as soon as possible. To enable protection, take the following steps:

    1. Buy HSS quotas by referring to Purchasing HSS.
    2. Install the agent by referring to Installing the Agent.
    3. Enable HSS protection by referring to Enable HSS Protection.

    After protection is enabled, you can enable malware scans and configure refined policies to harden server security. For details, see Isolation and Killing Malware and Configuring Policies.

    Protected

    HSS protection has been enabled for the server. The HSS agent will be continuously iterated for better services. Please upgrade your agent to the latest version in a timely manner by referring to Upgrading the Agent.

    --

    The corresponding security protection product (HSS) is unavailable in the region.

    Currently, SecMaster cannot synchronize container asset information from HSS. For your container assets, check their protection statuses on the HSS console. For details, see Checking the Container Node Protection Information.

Organizing Database Assets

You can organize database assets in SecMaster. In doing this, SecMaster can automatically associate alerts with related database assets during security operations.

SecMaster offers an asset management feature that automatically collects information about Relational Database Service (RDS) assets you have. For database assets on the cloud, you can use Database Security Service (DBSS) to protect them.

Ensure that database audit is enabled for all RDS assets on the cloud.

To check website protection status, perform the following operations:

  1. Log in to the SecMaster console.
  2. Go to the target workspace.
  3. In the navigation pane on the left, choose Resource Manager > Resource Manager. On the displayed page, click the Databases tab to view the protection status of each database.

    The following table describes database protection statuses.

    Table 3 Database protection statuses

    Database Protection Status

    Description

    Unprotected

    DBSS protection has not been configured or enabled for the RDS instance.

    To prevent your database from being attacked, enable and use database audit. For details, see Auditing an RDS DB Instance (with Agents) or Auditing an RDS DB Instance (Without Agents).

    Protected

    DBSS protection has been configured and enabled for the RDS instance.

    --

    The corresponding security protection product (DBSS) is unavailable in the region.

    To manage, audit, and protect RDS through DBSS, you need to configure alarm settings in DBSS and synchronize DBSS log data to SecMaster. In this way, you can monitor DBSS alarm data in SecMaster. For details, see Configuring Alarm Notifications. When configuring alarm notifications, enable alarm notifications for all alarm severity levels for all DBSS instances.

Organizing VPC Assets

Virtual Private Cloud (VPC) allows you to provision logically isolated virtual private networks for cloud resources, such as cloud servers, containers, and databases.

SecMaster offers a resource management feature that automatically collects information about VPC assets you have. For VPC assets, you can use Cloud Firewall (CFW) to protect the Internet border and VPC border on the cloud. The VPC border firewall controls access between two VPCs, visualizing and securing internal service access.

Ensure that all VPC assets are protected by CFW to secure the Internet border and VPC border on the cloud.

To check website protection status, perform the following operations:

  1. Log in to the SecMaster console.
  2. Go to the target workspace.
  3. In the navigation pane on the left, choose Resource Manager > Resource Manager. On the displayed page, click the VPCs tab to view the protection status of each VPC.

    The following table describes VPC protection statuses.

    Table 4 VPC protection status description

    VPC Protection Status

    Description

    Unprotected

    CFW protection has not been configured or enabled for the VPC.

    To effectively detect communication traffic between VPCs and collect statistics, you are advised to use and configure a VPC border firewall. For details, see Configuring a VPC Border Firewall.

    Protected

    CFW protection has been configured and enabled for the VPC.

    --

    The corresponding security protection product (CFW) is unavailable in the region.

Organizing EIP Assets

The Elastic IP (EIP) service provides independent public IP addresses and bandwidth for Internet access. A resource with an EIP can access the Internet directly. A resource with only a private IP address cannot. You can easily bind or unbind EIPs to or from ECSs, BMSs, virtual IP addresses, load balancers, and NAT gateways as needed.

SecMaster offers a resource management feature that automatically collects information about EIP assets you have. For EIP assets, you can use Anti-DDoS to monitor the service traffic from the Internet to public IP addresses and detect attack traffic in real time. Anti-DDoS scrubs attack traffic based on defense policies you configure without interrupting service continuity. It also generates monitoring reports that provide visibility into network security.

Ensure that all EIP assets are using Anti-DDoS for traffic scrubbing to keep public network traffic on the cloud secure.

To check website protection status, perform the following operations:

  1. Log in to the SecMaster console.
  2. Go to the target workspace.
  3. In the navigation pane on the left, choose Resource Manager > Resource Manager. On the displayed page, click the EIPs tab to view the protection status of each VPC.

    The following table describes EIP protection statuses.

    Table 5 EIP protection status description

    EIP Protection Status

    Description

    Unprotected

    Anti-DDoS protection has not been configured for the EIP.

    To effectively detect and scrub attack traffic EIPs, you are advised to configure Anti-DDoS. Anti-DDoS protection is automatically enabled for all EIPs upon your purchase.

    Protected

    Anti-DDoS protection has been configured for the EIP.

    --

    The corresponding security protection product (Anti-DDoS) is unavailable in the region.

    In addition to using Anti-DDoS for traffic scrubbing, CFW is also recommended to protect EIPs. With all service traffic checked by CFW, you can monitor the overall service status based on CFW log data or configure other operations policies for better security. For details, see Enabling EIP Protection.