Host Security Service
Host Security Service
All results for "
" in this service
All results for "
" in this service
What's New
Technology Poster
Host Security Service (New) Is Coming
Your Server Is Under Brute-force Attacks Every Day
Service Overview
HSS Infographics
What Is HSS?
Advantages
Scenarios
Features
Provided Free of Charge
Personal Data Protection Mechanism
Security
Shared Responsibilities
Certificates
Asset Identification and Management
Identity Authentication and Access Control
Data Protection Technologies
Audit and Logging
Service Resilience
Risk Monitoring
Permissions Management
Constraints
Related Services
Basic Concepts
Billing
Billing Overview
Billing Modes
Overview
Yearly/Monthly Billing
Pay-per-Use Billing
Billing Items
Billing Examples
Changing the Billing Mode
Overview
Pay-per-Use to Yearly/Monthly
Yearly/Monthly to Pay-per-Use
Renewing Subscriptions
Overview
Manually Renewing HSS
Auto-renewing HSS
Bills
Arrears
Billing Termination
Cost Management
Billing FAQ
How Do I Unsubscribe from HSS Quotas?
How Do I Renew HSS?
If I Unsubscribe from HSS and Purchase It Again, Do I Need to Install Agents and Configure Server Protection Settings from Scratch?
How Do I Disable Auto-Renewal?
Getting Started
Free Trial of HSS Basic Edition for 30 Days
Purchasing and Enabling HSS
Buying and Enabling Server WTP
Purchasing and Enabling Container Security
Quickly Viewing ECS Security Situation
Getting Started with Common Practices
User Guide
Using IAM to Grant Access to HSS
Using IAM Roles or Policies to Grant Access to HSS
Using IAM Identity Policies to Grant Access to HSS
Purchasing and Accessing HSS
Access Process
Purchasing HSS
Installing the HSS Agent
Installing the Agent on Huawei Cloud Servers
Installing the Agent on Third-Party Cloud Servers or On-Premises IDCs
Installing the Container Security Agent
Installing the Agent in a Huawei Cloud CCE Cluster
Installing an Agent in a User-built Cluster on Huawei Cloud
Installing the Agent in a Third-Party Public Network Cluster
Installing the Agent in a Third-Party Private Network Cluster
Installing the Agent on an Independent Container Node
Install the Security Agent on Serverless Assets
Enabling Protection
Checking the Dashboard
Asset Management
Asset Overview
Server Fingerprints
Server Fingerprint Overview
Manually Collecting Server Fingerprints
Checking Server Fingerprints
Checking the Changes of Server Fingerprints
Container Assets
Container Asset Overview
Manually Collecting Container Assets
Checking Container Assets
Server Management
Enabling Server Protection
Checking Server Protection Status
Checking the Assets and Risks of a Server
Exporting the Server List
Switching the HSS Quota Edition
Deploying a Protection Policy
Managing Server Groups
Servers Importance Management
Ignoring a Server
Disabling HSS
Container Management
Enabling Container Protection
Checking the Container Node Protection Information
Managing Container Nodes
Exporting the Container Node List
Viewing Container Information
Handling Unsafe Containers
Disabling Container Protection
Serverless Assets
Enabling Serverless Asset Protection
Checking Serverless Assets
Deploying Custom Serverless Asset Protection Policies
Exporting Serverless Asset Information
Disabling Serverless Asset Protection
Protection Quota Management
Viewing Protection Quotas
Binding a Protection Quota
Unbinding a Protection Quota
Upgrading a Protection Quota
Exporting the Protection Quota List
Risk Management
Vulnerability Management
Vulnerability Management Overview
Scanning for Vulnerabilities
Checking Vulnerability Details
Exporting the Vulnerability List
Handling Vulnerabilities
Managing the Vulnerability Whitelist
Viewing Vulnerability Handling History
Baseline Check
Baseline Check Overview
Configuring a Baseline Check Policy
Performing a Baseline Check
Viewing and Handling Baseline Check Results
Exporting a Baseline Check Report
Managing the Baseline Whitelist
Container Image Security
Container Image Security Overview
Enabling Pay-per-use Container Image Scan
CI/CD Image Security Scan
CI/CD Image Security Scan Overview
Viewing and Handling CI/CD Image Scan Results
Exporting CI/CD Image Scan Results
Repository Image Security Scan
Repository Image Security Scan Overview
Synchronizing Repository Images
Scanning Repository Images
Viewing and Handling Repository Image Scan Results
Exporting Repository Image Scan Results
Managing the Repository Image Vulnerability Whitelist
Local Image Security Scan
Local Image Security Scan Overview
Scanning Local Images
Viewing and Handling Local Image Scan Results
Exporting Local Image Scan Results
Managing the Local Image Vulnerability Whitelist
Cluster Environment Security
Cluster Environment Security Overview
Checking Cluster Environment Security
Viewing and Handling Security Risks in a Cluster
Serverless Asset Security Risks
Serverless Asset Security Risk Overview
Scanning Serverless Assets for Security Risks
Checking and Handling the Security Risks of Serverless Assets
Proactive Defense
Application Protection
Application Protection Overview
Enabling Application Protection
Viewing Application Protection
Managing Application Protection Policies
Disabling Application Protection
ServerWeb Tamper Protection
Server WTP Overview
Enabling Server WTP
Configuring Remote Backup
Modifying Server WTP Settings
Manually Enabling or Disabling Directory Protection
Deleting Assets Protected by Server WTP
Viewing ServerWTP Events
Disabling Server WTP
Ransomware Prevention
Ransomware Prevention Overview
Enabling Ransomware Prevention
Enabling Backup
Viewing and Handling Ransomware Prevention Events
Managing Ransomware Protection Policies
Restoring Server Data
Managing Server Backup
Disabling Ransomware Prevention
Application Process Control
Application Process Control Overview
Creating a Whitelist Policy
Confirming Learning Outcomes
Enabling Application Process Control
Checking and Handling Suspicious Processes
Extending the Process Whitelist
Start Learning on Servers Again
Disabling Application Process Control
File Integrity Monitoring
File Integrity Monitoring Overview
Checking File Change Events
Virus Scan
Virus Scan Overview
Scanning for Viruses
Viewing and Handling Viruses
Managing Antivirus Policies
Managing Isolated Files
Dynamic Port Honeypot
Dynamic Port Honeypot Overview
Creating a Protection Policy for a Dynamic Honeypot Port
Viewing and Handling Honeypot Protection Events
Managing Dynamic Port Honeypot Protection Policies
Managing Associated Servers
Container WTP
Container WTP Overview
Purchasing Container WTP
Enabling Container WTP
Configuring Containers on Independent Nodes to Read-Only
Modifying Container WTP Configuration
Viewing Container WTP Events
Disabling Container WTP
Deleting Container WTP Assets
Container Firewalls
Container Firewall Overview
Configuring a Network Defense Policy (for a Container Tunnel Network)
Configuring a Network Defense Policy (for a VPC Network)
Configuring a Network Defense Policy (for Cloud Native Network 2.0)
Configuring a Network Defense Policy (for a Native Kubernetes Network)
Container Cluster Protection
Container Cluster Protection Overview
Container Cluster Protection Policy Templates
Enabling Container Cluster Protection
Configuring a Container Cluster Protection Policy
Checking Container Cluster Protection Events
Disabling Container Cluster Protection
Detection and Response
HSS Alarms
Server Alarms
Viewing Server Alarms
Handling Server Alarms
Exporting Server Alarms
Managing Isolated Files
Container Alarms
Container Alarms
Viewing Container Alarms
Handling Container Alarms
Exporting Container Alarms
Serverless Asset Security Alarms
Serverless Asset Security Alarm Overview
Checking Serverless Asset Security Alarms
Handling Serverless Asset Security Alarms
Exporting Serverless Asset Security Alarms
Custom Protection Rules
Custom Protection Rule Overview
Creating a Custom Protection Rule
Managing Custom Protection Rules
Whitelist Management
Managing the Login Whitelist
Managing the Alarm Whitelist
Managing the System User Whitelist
Security Operations
Policy Management
Policy Management Overview
Configuring Policies
Configuring the Policy Group Protection Mode
Creating a Custom Policy Group
Deleting a Custom Policy Group
Handling History
Container Audit
Container Audit Overview
Viewing Container Audit Logs
Security Report
Security Report Overview
Creating a Security Report
Checking a Security Report
Managing Security Reports
Free Health Check
Monthly Operation Summary
Installation and Configuration on Servers
Agent Management
Server Security Agent Overview
Viewing the Server Agent Version Description
Installing the Agent on a Server
Configuring Server Agent Resources
Upgrading the Agent
Uninstalling the Agent
Security Configurations
Configuring Common Login Locations
Configuring Common Login IP Addresses
Configuring an SSH Login IP Address Whitelist
Isolating and Killing Malicious Programs
Enabling and Disabling Agent Self-Protection
Enabling 2FA
Installation and Configuration on Containers
Container Management
Container Security Agent Overview
Cluster Management
Installing the Agent in a Cluster
Configuring Agent Resources for Container Clusters
Modifying Cluster Agent Installation Information
Upgrading or Uninstalling the Agent from a Cluster
Viewing the Cluster Node List and Permission List
Independent Node Management
Installing the Agent on an Independent Node
Upgrading or Uninstalling the Agent from an Independent Node
Serverless Assets
Serverless Security Agent Overview
Install the Security Agent on Serverless Assets
Upgrading or Uninstalling the Serverless Asset Security Agent
Exporting Serverless Assets
Image Access
Connecting to a Third-party Image Repository
Configuring CI/CD Access
Integrating Image Security Scan in CI/CD
Editing the Blacklist or Whitelist of Image Scan in CI/CD
Alarm Configuration
Configuring Alarm Notifications
Alarm Items
Account Management
Account Management Overview
Adding an Account to an Organization
Managing Organization Member Accounts
Switching Between Accounts
Authorization
Plug-in Settings
Plug-Ins Overview
Viewing Plug-in Information
Installing a Plug-in
Uninstalling a Plug-in
Monitoring and Auditing
Cloud Eye Monitoring
HSS Metrics
Monitored HSS Events
Configuring a Monitoring Alarm Rule
Viewing Monitoring Metrics
CTS Auditing
HSS Operations Supported by CTS
Viewing CTS Traces in the Trace List
Enterprise Project Management
Managing Projects and Enterprise Projects
Managing All Projects Settings
Best Practices
HSS Best Practices You May Need
Suggestions on How to Fix Official Disclosed Vulnerabilities Provided by HSS
Git Credential Disclosure Vulnerability (CVE-2020-5260)
SaltStack Remote Command Execution Vulnerabilities (CVE-2020-11651 and CVE-2020-11652)
OpenSSL High-risk Vulnerability (CVE-2020-1967)
Adobe Font Manager Library Remote Code Execution Vulnerability (CVE-2020-1020/CVE-2020-0938)
Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-1027)
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601)
Third-Party Servers or On-Premises IDCs Accessing HSS Through a Direct Connect and Proxy Servers
Overview
Resources and Costs
Process Flow
Process
Creating a Direct Connect
Creating a Proxy Server
Installing an Agent on the Proxy Server
Installing and Configuring Nginx on the Proxy Server
Creating an Agent Installation Package or Installation Commands Using a Proxy Server
Installing an Agent for a Third-Party Server
Connecting Third-Party Servers or On-premises IDCs to HSS Through Direct Connect and VPC Endpoint
Overview
Resources and Costs
Process Flow
Process
Creating a Direct Connect
Creating a VPC Endpoint
Obtaining a Project ID
Generating the Agent Installation Package or Installation Command
Installing an Agent for a Third-Party Server
Installing the HSS Agent Using CBH
Using HSS to Improve Server Login Security
Using HSS and CBR to Defend Against Ransomware
Overview
Resources and Costs
Defense Measures
Identifying and Fixing Ransomware
Enabling Ransomware Prevention and Backup
Restoring Backup Data
Combining WAF and HSS to Improve Web Page Tampering Protection
Using HSS to Scan for and Fix Vulnerabilities
Using HSS to Prevent Weak Passwords
Using HSS to Scan for Trojans
Using HSS to Handle Mining Attacks
Using HSS to Monitor the Integrity of Linux Server Files
Using the Whitelist to Reduce False Alarms
HSS Security Best Practices
API Reference
Before You Start
Calling APIs
Making an API Request
Authentication
Response
API Description
Asset Management
Obtaining the Historical Change Records of Software Information
Querying the Software List
Querying the Server List of the Software
Querying the Status of a Global Asset Scan Task
Creating a Global Asset Scan Task
Obtaining the Historical Change Records of Auto-started Items
Querying Automatic Startup Item Information
Querying the Service List of Auto-Started Items
Querying the Description of a Port
Exporting Asset Fingerprint Information
Querying the List of Servers with a Specified Kernel Module
Querying the List of Servers with a Specified Web Framework
Querying the List of Servers with a Specified Website
Querying the Asset Fingerprint Collection Status of a Single Server
Collecting Asset Fingerprints of a Single Server
Querying the Server List of a Specified Middleware
Querying the Middleware List
Asset Management - Overview - Top Accounts
Asset Management - Overview - Top Auto-started Items
Asset Management - Overview - Top JAR Packages
Asset Management - Overview - Top Kernel Modules
Asset Management - Overview - Top Ports
Asset Management - Overview - Top Processes
Asset Management - Overview - Software Top
Asset Management - Overview - WebAppAndServiceTop
Asset Management - Overview - Web Framework Top
Asset Management - Overview - Top Websites
Asset Management - Overview - Asset Status - Server Agent Status
Asset Management - Overview - Asset Status - Container Node Protection Status
Asset Management - Overview - Asset Status - Agent Status
Asset Management - Overview - Asset Status - OS Statistics
Asset Management - Overview - Asset Status - Protection Quota Statistics
Querying Open Port Statistics
Querying the List of Servers with a Specified Open Port
Querying the Open Port List of a Single Server
Querying Process Statistics
Querying the List of Servers with a Specified Process
Querying Kernel Module Statistics
Querying Web Framework Statistics
Querying Website Statistics
Querying the Number of Assets
Obtaining the Account Change History
Querying the Account List
Querying the Server List of an Account
Querying Statistics About Web Services, Web Applications, and Databases
Querying the Server List of a Web Service, Web Application, or Database
Querying the Middleware Information of a Server
Querying the Kernel Module Information of a Server
Querying the Web Framework Information of a Server
Querying the Website Information of a Server
Ransomware Prevention
Querying the Backup Policy Bound to HSS Protection Vault
Modifying the Backup Policy Bound to Vault
Querying Information About a Backup Policy
Binding a Repository to a Backup Policy
Querying the Backup and Restoration Task List
Reviewing Backup Policies
Fetching Specific Backup Details
Listing Backups
Restoring Data Using a Backup
Deleting Backup Copies
Querying the Backup Vault List
Enabling Ransomware Protection 2.0 in Batches
Disabling Ransomware Prevention
Enabling Ransomware Prevention
Switching the Ransomware Protection Policy
Querying the Protection Policy List of Ransomware
Modifying Ransomware Protection Policies
Adding a Protection Policy
Deleting a Protection Policy
Querying the Servers Protected Against Ransomware
Querying the Ransomware Protection Server List 2.0
Baseline Management
Ignoring, Unignoring, Repairing, or Verifying the Failed Configuration Check Items
Querying the Report of a Check Item in a Security Configuration Check
Querying Causes of Check Item Repair Failures
Querying the Impact Scope of a Baseline Check
Querying Lists of Servers Affected by Configuration Check Items
Manually Checking for Unsafe Settings and Weak Passwords for Selected Servers in a Policy
Exporting Baseline Check Reports from the Backend as Excel Files
Inspecting Server Check Items
Querying Baseline Check Statistics
Ignoring or Unignoring Servers that Fail the Password Complexity Check
Querying the Password Complexity Policy Detection Report
Exploring Policy Group Check Items
Exporting Configuration Check Reports Based on Query Results
Querying the Checklist of a Security Configuration Item
Querying the Check Result of a Security Configuration Item
Querying the List of Affected Servers of a Security Configuration Item
Querying the Result List of Server Security Configuration Check
Querying Manual Baseline Scan Results
Querying Detailed Check Items of a Baseline
Querying Default Baseline Information of Configuration Check Policy
Querying the Baseline Directory Information of a Baseline Detection Policy
Creating a Configuration Check Policy
Modifying Specified Configuration Detection Policy Information
Deleting Specified Configuration Detection Policy Information
Copying Configuration Detection Policy Information
Querying Configuration Check Policy Groups
Querying Statistics of Baseline Checks Including Weak Passwords, Password Complexity, and Configuration Checks
Querying the Weak Password Detection Result List
Added baseline whitelists.
Deleting a Baseline Whitelist
Modifying the Baseline Whitelist
Querying a Single Baseline Whitelist
Querying the Baseline Whitelist
Quota Management
Querying Quota Details
Querying Quota Information
Unbinding a Quota
Querying Quota IDs in Batches
Querying the Latest Version Used by a Customer
Querying Product and Offering Information
Creating an Order Quota by HSS
Querying the Resource Locking Status
Container Management
Querying the List of Commands Running in a Container
Creating a Container Export Task
Querying Basic Container Information List
Querying the Container Log List
Querying the Protection Overview Data of a Container Node
Querying the Container Node List
Changing Protection Status
Querying the Kubernetes Cluster List
Querying Container Details
Querying Kubernetes Endpoint Details
Querying the Kubernetes Endpoint List
Querying the Basic Pod Information List
Synchronizing Cluster Information
Querying Kubernetes Service Details
Querying the Kubernetes Service List
Handling Container Lifecycles
Querying Pod Details
Event Management
Querying Alarms Associated with an Alarm Event
Downloading Export Files
Querying the Statistics of ATT&CK Phases
Querying the Attack Identifier Distribution Statistics List
Querying the List of Blocked IP Addresses
Unblocking a Blocked IP Address
Downloading Alarm Source Files
Querying the Event Type Statistics List
Investigating Event Forensics Data
Submitting a Vulnerability Export Request
Exporting Vulnerability Reports
Querying the List of Isolated Files
Restoring Isolated Files
Deleting Isolated Files
Querying Export Tasks
Querying Export Tasks
Intrusion Detection
Querying the Detected Intrusion List
Handling Alarm Events
Server Management
Querying the Server List - Public API
Configuring Asset Importance
Configuring Server Resources in Batches
Modifying Firewall Authorization Statuses
Assigning to a Group
Querying Server Groups
Creating a Server Group
Editing a Server Group
Deleting a Server Group
Collecting Server Statistics
ECS Risk Status
Querying ECSs
Querying the Server Policy List
Changing the Protection Status
Uninstalling the Agent
Upgrading the Agent
Checking Server Endpoint Creation Status
Creating a VPC Endpoint
Delivering a Manual Scan
Initiating Manual Scans
Ignoring or Unignoring Servers
Querying the Status of the Automatic Quota Binding Switch
Enabling or Disabling the Automatic Quota Binding Function
Policy Management
Applying a Policy Group
Copying a Policy Group
Deleting a Policy Group
Modifying a Policy Group
Querying the Policy Group List
Vulnerability Management
Viewing the Handling History of Image Vulnerabilities
Viewing the Vulnerabilities of All Types of Images
Exporting Information About Vulnerabilities and Their Affected Servers
Querying the Backup Statistics of the Servers Where Vulnerabilities Were Handled
Querying the List of Backups That Can Be Rolled Back
Querying the List of Server Vaults Corresponding to Vulnerability Handling
Performing a Rollback Using a Backup
Gathering Basic Web-CMS Vulnerability Data
Querying Container Application Information Affected by a Vulnerability
Querying Information About Containers Affected by a Vulnerability
Creating a Task for Exporting Vulnerability Handling Records
Viewing Handled Vulnerabilities
Creating a Task for Exporting Handled Vulnerabilities
Displaying Server Vulnerability List
Inspecting Server View Vulnerabilities
Querying Vulnerability Information About a Server
Querying the Servers Affected by a Vulnerability
Collecting Basic Linux Vulnerability Info
Extracting Vulnerability Fix Commands
Vulnerability Management - Server View - Server List - Export Report
Querying a Vulnerability Scan Policy
Modifying a Vulnerability Scan Policy
Querying the List of Servers Corresponding to a Vulnerability Scan Task
Creating a Vulnerability Scan Task
Querying the Vulnerability Scan Tasks
Estimating Vulnerability Scan Durations
Rescanning Servers for Vulnerabilities
Counting Affected Servers and Vulnerabilities
Querying Vulnerability Management Statistics
Changing the Status of a Vulnerability
Obtaining the Number of Unread Vulnerability Tasks
Recording the Last Time When a User Viewed the Vulnerability Task Management Page
Monitoring Emergency Vulnerabilities
Querying the Vulnerability List
Reviewing Whitelisted Vulnerability Options
Detailing Vulnerability Whitelist Records
Editing Vulnerability Whitelists
Adding Vulnerability Whitelist Entries
Deleting a Vulnerability Whitelist Item
Examining Vulnerability Whitelists
Accessing Basic Windows Vulnerability Info
Querying Details About Affected Servers - Software List
Identifying Vulnerability Fix Failures
Querying Details About Affected Servers - Process List
Web Tamper Protection
Querying Web Tamper Protection Event List
Querying the List of Servers for Where WTP Can Be Enabled
Exporting the List of Protected WTP Directories
Querying the WTP list
Querying Image Options of the Container WTP Edition
Enabling/Disabling Container WTP Protection
Creating a WTP Configuration
Querying Web Tamper Protection Configuration List
Modifying a WTP Configuration
Deleting a WTP Configuration
Querying List of Containers Associated with Protection Configuration
Querying List of Protected Container Directories Associated with Protection Configuration
Enabling WTP for Servers in Batches
Querying Dynamic WTP Events
Enabling or Disabling Dynamic Web Tamper Protection
Querying Static WTP Events
Enabling or Disabling WTP
Querying Container WTP Statistics
Viewing Web Tamper Protection Policies
Editing a Web Tamper Protection Policy
Querying the Remote Backup Server List
Adding or Modifying a Remote Backup Server
Deleting a Remote Backup Server
Collecting Protection Data Statistics
Querying Remote Backup Server Information
Suspending or Resuming a Protected Directory
Querying the Tomcat Bin Directory Configured for Dynamic Web Tamper Protection
Modifying the Tomcat bin Directory for Dynamic Web Tamper Protection
Enabling or Disabling Remote Backup
Tag Management
Querying All Tags Used in the Current Project of a Tenant
Creating Tags in Batches
Deleting Tags in Batches
Deleting a Resource Tag
Querying the Tags of a Resource
Antivirus
Querying the List of Servers Available for Virus Scan
Querying Free Virus Scans Count
Querying Paid Virus Scans Server List
Creating Paid Virus Scan Task
Querying the Status of the Pay-per-use Billing Switch for Virus Scan
Changing the Status of the Pay-per-use Billing Switch for Virus Scan
Deleting a Custom Scan Policy
Creating a Custom Scan Policy
Querying a Custom Scan Policy List
Editing a Custom Scan Policy
Exporting the Virus Scan Result List
Handling Virus Scan Results
Querying the Virus Scan Result List
Querying Virus Scan Statistics
Creating a Virus Scan Task
Viewing the Virus Scan Task List
Canceling a Scan Task
Application Protection
Querying the Application Protection Event List
Querying the Protection Policy List
Querying Protection Policy Details
Deleting a Protection Policy
Adding a Protection Policy
Modifying a Protection Policy
Querying the Detection Rule List
Querying Java Applications of a Protected Server
Querying the List of Protected Servers
Protection Data Statistics
Enable/Disable application protection and update the protection port.
Querying the Status of Application Protection
Application Process Control
Counting Servers with Unmatched Agent Versions
Querying Suspicious Processes in the Process Whitelist
Querying the Servers Available for the Process Whitelist
Querying the Servers Associated with a Process Whitelist Policy
Applying a Whitelist Policy
Querying Process Whitelist Policies
Creating a Whitelist Policy
Modifying a Whitelist Policy
Deleting a Whitelist Policy
Querying Details About a Process Whitelist Policy
Adding a Server to a Whitelist Policy
Deleting a Server from a Whitelist Policy
Managing the Learning Status of a Process Whitelist Policy
Querying the Extended Process List of the Process Whitelist Policy
Querying the Processes Identified by the Process Whitelist Policy
Adding a Process to the Whitelist Policy
Marking a Process Identified by the Process Whitelist Policy
Whitelist Management
Querying the Alarm Whitelist
Deleting an Alarm Whitelist
Querying the Login Whitelist
Adding a Login Whitelist
Deleting Whitelisted Login Items
Querying System User Whitelist
Adding an Item to the System User Whitelist
Modifying System User Whitelist
Removing an Item from the System User Whitelist
File Integrity Monitoring
Modifying the File List
Checking the New Server List
Obtaining the File Statistics of a Server
Checking New File Information on a Server
Container Installation and Configuration
Batch Configuring Cluster Resources
Uninstalling daemonset in batches
Upgrading Cluster Daemonset in Batches
Acquiring Cluster DaemonSet Lists
Obtaining Cluster Node Tags
Deleting a Cluster Daemonset
Updating a Cluster Daemonset
Obtaining Cluster Daemonset Information
Creating a Cluster Daemonset
Obtaining Cluster Node Tags
Configuring Public Network Access Settings
Synchronizing the Access Status of a Multi-cloud Cluster
Obtaining the Agent Installation Script of a Multi-Cloud Cluster
Obtaining the Account Permissions of a Multi-cloud Cluster
Deleting a Multi-cloud Cluster
Updating a Multi-cloud Cluster
Querying a Multi-cloud Cluster
Creating a Multi-cloud Cluster
Parsing the Configuration File of a Multi-cloud Cluster
Obtaining the Image Upload Command of a Multi-Cloud Cluster
Obtaining the Deployment Template
Deleting CI/CD Configuration
Generating a CI/CD Access Configuration Command
Querying CI/CD Configuration
Modifying CI/CD Configuration
Querying the CI/CD Configuration List
Adding a CI/CD Configuration
Querying the CI/CD Image List
Obtaining Information About the Repository Associated with an Image Synchronization Task
Deleting Image Repository Access Information in Batches
Obtaining the Image Upload Command of the Scan Component
Querying the Statistics of an Image Repository
Editing Image Repository Access Information
Deleting Image Repository Access Information
Adding an Image Repository
Obtaining the Image Repository List
Creating a Task to Export All or Multiple Image Security Reports
Dynamic Port Honeypot
Checking Whether Auto-protection Is Enabled for New Servers by Default
Enabling Protection for New Servers by Default
Viewing the List of Protected Servers
Switching the Dynamic Port Honeypot Policy of a Server
Disabling the Dynamic Port Honeypot Policy of a Server
Enabling Dynamic Port Honeypot Policies
Viewing a Dynamic Port Honeypot Policy
Editing Dynamic Port Honeypot Policy
Viewing Dynamic Port Honeypot Policy Details
Deleting a Dynamic Port Honeypot Policy
Adding a Dynamic Port Honeypot Policy
Viewing the List of Servers Supporting Dynamic Port Honeypots
Installation and Configuration
Querying the Multi-Account List
Deleting an Account
Adding Accounts in Batches
Verifying Administrator Account Status
Querying an Account Organization
Obtaining Trusted Service Statuses
Enabling a Trusted Service
Querying the Agent Installation Script
Obtaining the Docker Plug-in Installation Script
Querying the Status of the Sample Collection Configuration Switch for Malware Cloud Scans
Enabling or Disabling Malware Sample Collection for Cloud Scan
Obtaining the Prompt Information Configuration
Configuring Prompt Information
Obtaining Notifications on a Page
Querying the Plug-in List
Plug-in Center
Starting a Plugin
Stopping a Plugin
Fetching Applied Plugin List
Retrieving Plugin Details
Querying the Plugin List
Cluster Management
Querying the Number of Cluster Assets
Obtaining Some Prompt Information
Synchronizing Cluster Protection Events
Querying a Cluster Component Protection Policy Template
Querying the Cluster Component Protection Policy Templates
Querying the Audit Log List of the Kubernetes Cluster
Querying the Kubernetes Cluster Event List
Obtaining Cluster Configurations
Creating a CCE Integrated Protection Configuration
Obtaining Container Cluster Risk Information in Batches
Cluster Risks
Exporting Cluster Environment Security Information
Querying the List of Cluster Resources Affected by Cluster Risks
Querying the Cluster Risk List
Querying Cluster Scanning Statistics
Server Installation and Configuration
Querying the Global Switch of a Specified Policy
Modifying the Global Switch of a Policy (to Enable/Disable the Policy for All Associated Servers)
Querying Agent Version List
Querying Alarm Configuration
Configuring Alarms
Querying the Status of the Automatic Agent Upgrade Function
Enabling or Disabling the Automatic Agent Upgrade Function
Obtaining the Dictionary List
Querying Common Login IP Addresses
Adding, Editing, or Deleting a Common Login IP Address
Querying Common Login Locations
Adding, Editing, or Deleting a Common Login Location
Querying the SSH Login IP Address Whitelist
Managing Login IP Addresses
Downloading a Script File
Obtaining the Configuration Switch Status
Modifying the Configuration Switch Status
Querying the System Configuration List
Configuring Two-Factor Login
Querying the Two-Factor Server List
Querying the Automatic Isolation and Killing Status of a Program
Enabling or Disabling Automatic Isolation and Killing of Malicious Programs
Common Modules
Saving User Access Records
Querying Project Configurations
Modifying Project Configurations
Uploading a Security Report Logo
IaC Risks
Obtaining the Risk Path List of IAC Files
Obtaining the Risk List of the IAC File
Obtaining the IAC File List
Common Service Modules
Querying Task Statistics
Creating a Task
Obtaining Jobs
Querying the Resource List Associated with the Current Task
Restarting Tasks
Container Images
Listing Resources Affected by a Configuration Check Item
Obtaining Baseline Check Configuration Information
Querying Container Image Operation Logs
Querying the Container Image List
Obtaining Image Software Information
Container Assets - Image Statistics
Querying the Mirror Configuration Check Report
Exporting Baseline Check Results of Image Repositories in Batches (Full Export Supported)
Querying Custom Weak Passwords of Images
Updating Custom Weak Passwords for Images
Querying Image Password Complexity Policy Check Reports
Querying the Check Item List of a Specified Security Configuration Item of an Image
Querying the List of Image Security Configuration Detection Results
Querying the Statistics of Baseline Checks
Querying Lists of Weak Password Check Results of Images
Scanning Images in the Image Repository in Batches (Deprecated)
Listing Images Impacted by Build Commands
Assessing Image Build Command Risks
Obtaining Image File Information
Querying the Local Image List
Exporting Vulnerabilities of Local Images in Batches (Full Export Supported)
Querying Software Information of Local Images
Performing Local Image Scans
Querying Container Information of Local Images
Querying Host Information of Local Images
Querying the List of Malicious Files of Tenants
Exporting Image Security Report Statistics
Querying Sensitive Information of Images
Querying Whitelist of Sensitive Information File Paths of an Image
Modifying Whitelist of Sensitive Information File Paths of an Image
Querying Whitelist of Sensitive Information File Paths of an Image (Deprecated)
Modifying Whitelist of Sensitive Information File Paths of an Image (Deprecated)
Handling Sensitive Information Operations
Querying the Image List of the SWR Image Repository (Deprecated)
Synchronizing Image List from the SWR (Deprecated)
Retrieving User Vulnerability Data
Querying the List of Vulnerabilities Affected by Image Vulnerability Handling Operations
Handling Image Vulnerabilities
Viewing the Software of the Images Affected by a Vulnerability
Viewing the Containers Associated with the Images Affected by a Vulnerability
CVE Information Corresponding to the Vulnerability
Querying Details About an Image Whitelist
Modifying the Image Whitelist Configuration
Querying the Image Whitelist
Adding an Image to the Whitelist
Deleting an Image from the Whitelist
Query the Image Software List
Querying Basic Image Information
Querying Image File Statistics
Querying the Image File List
Querying the List of Malicious Files in Images
Querying the List of Non-Compliant Software in Images
Obtaining Sensitive Information of an Image
Querying Image Vulnerability Information
Information About the Images Affected by Vulnerabilities
Viewing the List of Images Affected by the Vulnerability
Image Scan Task
Terminating a Repository Image Scan Task
Creating a Scan Task
Querying Pay-per-use Image Scans Statistics
Obtaining Scan Policies
Modifying a Periodic Scan Policy
Obtaining the Scan Task List
Repository image
Creating an Image Synchronization Task
Querying the Image List of a Repository
Security Operations
Querying the List of Historical Virus Scan Records
Querying the List of Historical Alarm Records
Querying Scheduled Security Check Configuration
Modifying Scheduled Security Check Configuration
Querying the Security Check Report Information of a Cluster
Querying the Security Check Report List of a Cluster
Querying the Security Check Report of a Specified Server
Manually Start a Health Check
Querying the Status and Progress of a Manual Health Check
Cancelling a Manual Health Check
Viewing Vulnerability Handling History
Dashboard
Exporting a Monthly Operations Summary Report
Querying the Status of a User's Monthly Operations Dialog Box
Changing the Status of a User's Monthly Operations Dialog Box
Querying the Details of a Monthly Operations Report
Querying the Monthly Operations Report List
Querying the Information in the News and Promotions Area of a Monthly Operations Report
Querying the Number of Agents
Hot News
Querying the Protection Period, Virus Database Update Time, Vulnerability Database Update Time, and Accumulated Number of Records of Each Module
Querying Risk Score
Querying the Security Risk List
Security Reports
Querying the List on the Report Overview Page
Sending a Security Report
These APIs are used for serverless asset management.
Querying Details about a Serverless Asset (Deprecated)
Querying Serverless Asset List (Deprecated)
Custom Protection Rules
Querying Details About a Custom Rule
Enabling or Disabling a Custom Rule
Creating a Custom Rule
Querying the Custom Rule List
Modifying a Custom Rule
Deleting a Custom Rule
Asset discovery.
Modifying the Open Port Status
agent
Querying the Agent History Status List
Cluster Protection
Querying Cluster Protection Information
Obtaining the List of Default Cluster Protection Policies
Obtaining Alarm Events in All Clusters
Modifying the Alarm Status
Cluster Protection Overview
Viewing Details About a Specified Policy
Deleting a Cluster Protection Policy
Obtaining the Cluster Protection Policies
Creating a Cluster Protection Policy
Modifying a Cluster Protection Policy
Obtaining All the Protection Items of a Cluster
Performing Operations on Cluster Protection
Event management
Querying Supported Event Processing Types
Handling All Alarms
Querying the List of Duplicate Alarms for Alarm Events
Querying the Threat Level Statistics List
Querying the List of Handled Similar Alarms Associated with an Alarm Event
Querying the Top 5 Event Type Statistics (Deprecated)
Container Assets
Querying the Basic CronJobs Information List
Querying the Basic DaemonSets Information List
Querying Basic Deployment Information
Querying the Basic Job Information List
Querying the Basic StatefulSet Information List
Container Network Isolation Information
Synchronizing the latest data of a container cluster
Querying Clusters Protected by Container Security
Cluster Network Policy Overview
Querying All Security Groups in an Enterprise Project
Obtaining Namespaces in a Cluster
Querying the Network Information of a Container Cluster
Synchronizing the Latest Data of Network Nodes in a Cluster
Querying the Node List of a Container Cluster VPC Network
Synchronizing the Latest Container Network Policies from a Cluster
Querying the List of Container Cluster Network Policies
Delete The Container Cluster Network Configuration Policy
Configuration Policy for Adding a Network to a Container Cluster
Container Cluster Network Update Configuration Policy
Querying the Security Group Policies Configured for Clusters Using Cloud Native Network Mode 2.0
Synchronizing the Latest Security Group Policies in a Cluster
Deleting a Security Group Policy
Creating a Security Group Policy
Updating a Security Group Policy
Querying the Workloads in a Namespace in a Cluster
asset
Viewing AI Component Details
Querying AI Component Statistics
Permissions and Supported Actions
Introduction
Actions Supported by Policy-based Authorization
Actions Supported by Identity Policy-based Authorization
Appendixes
Status Code
Error Codes
Obtaining a Project ID
Obtaining an Enterprise Project ID
Obtaining the Region ID
SDK Reference
SDK Overview
FAQs
About HSS
What Is Host Security?
What Is Container Security?
What Is Web Tamper Protection?
What Are the Relationships Between Images, Containers, and Applications?
How Do I Use HSS?
Can HSS Protect Local IDC Servers?
Is HSS in Conflict with Any Other Security Software?
What Are the Differences Between HSS and WAF?
Can HSS Be Used Across Accounts?
What Is the HSS Agent?
Can HSS Be Used Across Clouds?
Does HSS Support Version Upgrade?
Can HSS Automatically Detect and Remove Viruses?
Agent
Do I Need to Install the HSS Agent After Purchasing HSS?
Is the Agent in Conflict with Any Other Security Software?
How Do I Uninstall the Agent?
What Do I Do If the Agent Fails to Be Installed on a Server?
How Do I Fix an Abnormal Agent?
What Is the Default Agent Installation Path?
How Many CPU, Memory, Disk, and Bandwidth Resources Are Occupied When the Agent Is Running?
Do Different HSS Editions Share the Same Agent?
How Do I View Servers Where No Agents Have Been Installed?
How Do I Upgrade the Agent?
What Do I Do If the HSS Upgrade Fails?
What Resources Will Be Accessed by the Agent After It Is Installed on a Server?
How Do I Use Images to Install Agents in Batches?
What Do I Do If I Cannot Access the Download Link of the Windows or Linux Agent?
What Do I Do If Agent Upgrade Fails and the Message "File replacement failed" Is Displayed?
What Can I Do If Agents Failed to Be Installed in Batches and a Message Is Displayed Indicating that the Network Is Disconnected?
How Do I Verify the Connection Between My Server and the HSS Server?
Protection
Protection Interrupted
Protection Degraded
What Do I Do If HSS Protection Fails to Be Configured for a CCE Cluster?
Vulnerability Management
How Do I Fix Vulnerabilities?
What Do I Do If an Alarm Still Exists After I Fixed a Vulnerability?
Why a Server Displayed in Vulnerability Information Does Not Exist?
Do I Need to Restart a Server After Its Vulnerabilities Are Fixed?
Can I Check the Vulnerability and Baseline Fix History on HSS?
What Do I Do If Vulnerability Fix Failed?
Why Can't I Select a Server During Manual Vulnerability Scanning or Batch Vulnerability Fixing?
What Do I Do If a Vulnerability Scan Failed?
Do I Need to Subscribe to Ubuntu Pro to Fix Ubuntu Vulnerabilities?
Detection & Response
How Do I View and Handle HSS Alarm Notifications?
What Do I Do If My Servers Are Subjected to a Mining Attack?
Why a Process Is Still Isolated After It Was Whitelisted?
Why an Attack Is Not Detected by HSS?
Can I Unblock an IP Address Blocked by HSS, and How?
Why a Blocked IP Address Is Automatically Unblocked?
How Often Is Malware Scan and Removal?
How Often Are the HSS Virus Database and Vulnerability Database Updated?
What Do I Do If an IP Address Is Blocked by HSS?
How Do I Defend Against Ransomware Attacks?
Why Can't I Receive Alarms After the HSS Is Upgraded?
How Do I Add High-risk Command Execution Alarms to the Whitelist?
Why Doesn't HSS Generate Alarms for Some Web Shell Files?
Abnormal Logins
Why Do I Still Receive Remote Login Alarms After Configuring the Login IP Whitelist?
How Do I Check the User IP address of a Remote Login?
How Do I Cancel the Alarm Notifications of Successful Server Logins?
Can I Disable Remote Login Detection?
How Do I Know Whether an Intrusion Succeeded?
Brute-force Attack Defense
How Does HSS Block Brute-Force Attacks?
How Do I Handle a Brute-force Attack Alarm?
How Do I Defend Against Brute-force Attacks?
How Do I Unblock an IP Address?
What Do I Do If HSS Frequently Reports Brute-force Alarms?
What Do I Do If a Huawei Cloud IP Address Triggers a Brute-force Attack Alarm?
What Do I Do If the Port in Brute-force Attack Records Is Not Updated?
Baseline Inspection
Why Are Weak Password Alarms Generated After the Weak Password Detection Policy Is Disabled?
How Do I Install a PAM and Set a Proper Password Complexity Policy in a Linux OS?
How Do I Set a Proper Password Complexity Policy in a Windows OS?
How Do I Handle Unsafe Settings?
How Do I View Configuration Check Reports?
How Do I Handle a Weak Password Alarm?
How Do I Set a Secure Password?
Web Tamper Protection
Why Do I Need to Add a Protected Directory?
How Do I Modify a Protected Directory?
What Should I Do If I Cannot Enable Server WTP?
How Do I Modify a File After WTP Is Enabled?
What Are the Differences Between the Web Tamper Protection Functions of HSS and WAF?
Container Security
How Do I Disable Node Protection?
How Do I Switch from CGS to HSS?
How Do I Enable Node Protection?
How Do I Enable the API Server Audit for an On-Premises Kubernetes Container?
What Do I Do If the Container Cluster Protection Plug-in Fails to Be Uninstalled?
What Do I Do If the Cluster Connection Component (ANP-Agent) Failed to Be Deployed?
What Do I Do If Cluster Permissions Are Abnormal?
Failed to Upload the Image to the Private Image Repository
What Do I Do If I Failed to Enable Protection for a CCE Cluster?
What Do I Do If a Repository Image Scan Failed?
Failed to Install an Agent in a CCE Cluster
Failed to Install an Agent in a Third-Party Cluster
Ransomware Prevention
What Are the Differences Between Ransomware Protection Backup and Cloud Backup?
Ransomware Protection Exception
Region and AZ
What Are Regions and AZs?
In What Regions Is HSS Available to Non-Huawei Cloud Servers?
Security Configurations
How Do I Clear the SSH Login IP Address Whitelist Configured in HSS?
What Can I Do If I Cannot Remotely Log In to a Server via SSH?
How Do I Use 2FA?
What Do I Do If I Cannot Enable 2FA?
Why Can't I Receive a Verification Code After 2FA Is Enabled?
Why Does My Login Fail After I Enable 2FA?
How Do I Add a Mobile Number or Email Address for 2FA?
Do I Use a Fixed Verification Code for 2FA?
Will I Be Billed for Alarm Notifications and SMS?
How Do I Modify Alarm Notification Recipients?
Why No Topics Are Available for Me to Choose When I Configure Alarm Notifications?
Can I Disable HSS Alarm Notifications?
How Do I Modify Alarm Notification Items?
How Do I Disable the SELinux Firewall?
Protection Quota
How Do I Extend the Validity Period of HSS Quotas?
How Do I Filter Unprotected Servers?
Why Can't I Find the Servers I Purchased on the Console?
What Do I Do If My Quotas Are Insufficient and I Failed to Enable Protection?
How Do I Allocate My Quota?
If I Change the OS of a Protected Server, Does It Affect My HSS Quota?
Why Doesn't an HSS Edition Take Effect After Purchase?
How Do I Change the Protection Quota Edition Bound to a Server?
Can I Bind a Server to an HSS Quota If They Are in Different Enterprise Projects?
When an ECS or CCE Cluster Node Is Deleted, Will They Be Unbound from Their Protection Quotas?
Others
How Do I Use the Windows Remote Desktop Connection Tool to Connect to a Windows Server?
How Do I Check HSS Log Files?
How Do I Enable Logging for Login Failures?
Why Can't I View All Projects in the Enterprise Project Drop-down List?
How Do I Enable or Disable the Agent Self-protection Policy?
What Do I Do If Windows Self-Protection Cannot Be Disabled?
Why Is a Deleted Server Still Displayed in the HSS Server List?
Videos
More Documents
User Guide (Ankara Region)
Introduction
What Is HSS?
Advantages
Scenarios
Editions and Features
HSS Permissions Management
Constraints and Limitations
Basic Concepts
Enabling HSS
Installing an Agent
Installing an Agent on Linux
Installing an Agent on Windows
Enabling HSS
Enabling the Enterprise/Premium Edition
Enabling the WTP Edition
Enabling Container Node Protection
(Optional) Switching the HSS Edition
Installation and Configuration
Server Security Dashboard
Risk Statistics
Asset Management
Asset Management
Server Fingerprints
Viewing Server Asset Fingerprints
Viewing the Operation History of Server Assets
Manually Updating Server Asset Information in Real Time
Container Fingerprints
Viewing Container Asset Fingerprints
Manually Updating Container Asset Information in Real Time
Server Management
Viewing Server Protection Status
Enabling Protection
Enterprise/Premium Edition
WTP Edition
Disabling Protection
Enterprise/Premium Edition
WTP Edition
Applying a Policy
Managing Server Groups
Configuring Asset Importance
Container Management
Viewing the Clusters and Protection Quotas
Enabling Container Security Protection
Disabling Container Security Protection
Container Images
Local Images
Viewing Container Information
Handling Risk Containers
Risk Prevention
Vulnerability Management
Vulnerability Management Overview
Vulnerability Scan
Viewing Vulnerability Details
Fixing and Verifying the Fix ofVulnerabilities
Managing the Vulnerability Whitelist
Viewing Vulnerability Handling History
Baseline Inspection
Baseline Check Overview
Viewing Baseline Check Details
Fixing Unsafe Settings
Managing Baseline Check Policies
Container Image Security
Image Vulnerabilities
Viewing Malicious File Detection Results
Image Baseline Check
Prevention
Application Protection
Viewing Application Protection
Enabling Application Protection
Managing Application Protection
Disabling Application Protection
Managing Policies
WTP
Adding a Protected Directory
Managing Remote Backup Servers
Setting Scheduled WTP Protection
Enabling Dynamic WTP
Viewing WTP Reports
Viewing WTP Events
Adding a Privileged Process
Ransomware Prevention
Purchasing a Backup Vault
Enabling Ransomware Prevention
Preventing Ransomware
Disabling Ransomware Prevention
Managing Protection Policies
File Integrity Monitoring
Viewing File Integrity Management
Checking Change Details
Checking Modified Files
Intrusion Detection
Alarms
HSS Alarms
Server Alarms
Viewing Intrusion Alarms
Managing Isolated Files
Handling Server Alarms
Container Alarms
Container Alarm Events
Viewing Container Alarms
Handling Container Alarms
Whitelist Management
Configuring the Login Whitelist
Managing the Alarm Whitelist
Configuring the System User Whitelist
Security Operations
Policy Management
Viewing a Policy Group
Creating a Policy Group
Modifying a Policy
Viewing the Handling History
Security Report
Checking a Security Report
Subscribing to a Security Report
Creating a Security Report
Managing a Security Report
Installation & Configuration
Agent Management
Viewing Agent Management
Installing an Agent
Uninstalling an Agent
Upgrading the Agent
Security Configurations
Plug-in Management
Plug-Ins Overview
Viewing Plug-in Details
Installing a Plug-in
Upgrading a Plug-in
Uninstalling a Plug-in
Permissions Management
Creating a User and Granting Permissions
HSS Custom Policies
FAQs
About HSS
What Is HSS?
What Is Container Security Service?
What Is Web Tamper Protection?
What Are the Relationships Between Images, Containers, and Applications?
How Do I Use HSS?
Can HSS Protect Local IDC Servers?
Is HSS in Conflict with Any Other Security Software?
What Are the Differences Between HSS and WAF?
What Is the HSS Agent?
Agent FAQs
Is the Agent in Conflict with Any Other Security Software?
How Do I Install the Agent?
How Do I Uninstall the Agent?
What Should I Do If Agent Installation Failed?
How Do I Fix an Abnormal Agent?
What Is the Default Agent Installation Path?
How Many CPU and Memory Resources Are Occupied by the Agent When It Performs Scans?
Do WTP and HSS Use the Same Agent?
How Do I View Servers Where No Agents Have Been Installed?
Brute-force Attack Defense
How Does HSS Intercept Brute Force Attacks?
How Do I Handle a Brute-force Attack Alarm?
How Do I Defend Against Brute-force Attacks?
How Do I Do If the Account Cracking Prevention Function Does Not Take Effect on Some Linux Accounts?
How Do I Unblock an IP Address?
What Do I Do If HSS Frequently Reports Brute-force Alarms?
What Do I Do If My Remote Server Port Is Not Updated in Brute-force Attack Records?
Weak Passwords and Unsafe Accounts
How Do I Handle a Weak Password Alarm?
How Do I Set a Secure Password?
Why Are the Weak Password Alarms Still Reported After the Weak Password Policy Is Disabled?
Intrusions
What Do I Do If My Servers Are Subjected to a Mining Attack?
Why a Process Is Still Isolated After It Was Whitelisted?
What Do I Do If a Mining Process Is Detected on a Server?
Why Some Attacks on Servers Are Not Detected?
Can I Unblock an IP Address Blocked by HSS, and How?
Why a Blocked IP Address Is Automatically Unblocked?
How Often Does HSS Detect, Isolate, and Kill Malicious Programs?
What Do I Do If an IP Address Is Blocked by HSS?
How Do I Defend Against Ransomware Attacks?
Abnormal Logins
Why Do I Still Receive Remote Login Alarms After Configuring the Login IP Whitelist?
How Do I Check the User IP address of a Remote Login?
How Do I Know Whether an Intrusion Succeeded?
Unsafe Settings
How Do I Install a PAM and Set a Proper Password Complexity Policy in a Linux OS?
How Do I Set a Proper Password Complexity Policy in a Windows OS?
How Do I Handle Unsafe Configurations?
How Do I View Configuration Check Reports?
Vulnerability Management
How Do I Fix Vulnerabilities?
What Do I Do If an Alarm Still Exists After I Fixed a Vulnerability?
Why a Server Displayed in Vulnerability Information Does Not Exist?
Do I Need to Restart a Server After Fixing its Vulnerabilities?
Can I Check the Vulnerability and Baseline Fix History on HSS?
Web Tamper Protection
Why Do I Need to Add a Protected Directory?
How Do I Modify a Protected Directory?
What Should I Do If WTP Cannot Be Enabled?
How Do I Modify a File After WTP Is Enabled?
What Can I Do If I Enabled Dynamic WTP But Its Status Is Enabled but not in effect?
What Are the Differences Between the Web Tamper Protection Functions of HSS and WAF?
Container Guard Service
How Do I Disable Node Protection?
What Is the Log Processing Mechanism of CGS?
How Do I Enable Node Protection?
How Do I Enable the API Server Audit for an On-Premises Kubernetes Container?
Ransomware Protection
What Are the Differences Between Ransomware Protection Backup and Cloud Backup?
Security Configurations
How Do I Clear the SSH Login IP Address Whitelist Configured in HSS?
What Can I Do If I Cannot Remotely Log In to a Server via SSH?
How Do I Use 2FA?
What Do I Do If I Cannot Enable 2FA?
Why Can't I Receive a Verification Code After 2FA Is Enabled?
Why Does My Login Fail After I Enable 2FA?
How Do I Add a Mobile Phone Number or Email Address for Receiving 2FA Verification Notifications?
If I Choose to Use Verification Code for 2FA, How Do I Get the Code?
How Do I Disable the SELinux Firewall?
Quotas
How Do I Filter Unprotected Servers?
What Do I Do If My Quotas Are Insufficient and I Failed to Enable Protection?
If I Change the OS of a Protected Server, Does It Affect My HSS Quota?
Others
How Do I Use the Windows Remote Desktop Connection Tool to Connect to a Server?
How Do I Check HSS Log Files?
How Do I Enable Logging for Login Failures?
How Do I Clear an Alarm on Critical File Changes?
Is HSS Available as Offline Software?
How Do I Enable HSS Self-Protection?
What Do I Do If HSS Self-Protection Cannot Be Disabled?
Change History
User Guide (ME-Abu Dhabi Region)
Introduction
What Is HSS?
Advantages
Scenarios
Editions and Features
HSS Permissions Management
Constraints and Limitations
Billing
Related Services
Basic Concepts
Enabling HSS
Installing an Agent
Installing an Agent on Linux
Installing the Agent for Windows
Enabling Protection
Enabling the Enterprise/Premium Edition
Enabling Web Tamper Protection
Enabling Container Protection
Common Security Configuration
Server Security Dashboard
Risk Statistics
Asset Management
Asset Management
Server Fingerprints
Viewing Server Asset Fingerprints
Container Fingerprints
Viewing Container Asset Fingerprints
Server Management
Viewing Server Protection Status
Enabling Protection
Enterprise/Premium Edition
WTP Edition
Disabling Protection
Disabling the Enterprise/Premium Edition
Disabling WTP
Switching the HSS Quota Edition
Deploying a Policy
Managing Server Groups
Servers Importance Management
Container Management
Viewing the Container Node Protection List
Enabling Container Security Protection
Disabling Protection for Container Edition
Container Images
Local Images
Managing SWR Private Images
Managing SWR Shared Images
Viewing Container Information
Handling Risk Containers
Asset Fingerprint Management
Asset Management
Viewing Server Asset Information
Checking Operation History
Container Asset Management
Viewing Container Asset Details
Risk Prevention
Vulnerability Management
Vulnerability Management Overview
Vulnerability Scan (Manual)
Viewing Vulnerability Details
Exporting the vulnerability list
Fixing and Verifying the Fix of Vulnerabilities
Managing the Vulnerability Whitelist
Viewing Vulnerability Handling History
Baseline Inspection
Baseline Check Overview
Viewing Baseline Check Details
Fixing Unsafe Settings
Managing Baseline Check Policies
Container Image Security
Image Vulnerabilities
Viewing Malicious File Detection Results
Image Baseline Check
Prevention
Application Protection
Enabling Application Protection
Viewing Application Protection
Managing Application Protection
Managing Application Protection Policies
Disabling Application Protection
WTP
Adding a Protected Directory
Configuring Remote Backup
Adding a Privileged Process
Enabling/Disabling Scheduled Static WTP
Enabling Dynamic WTP
Viewing WTP Reports
Viewing WTP Events
Ransomware Prevention
Enabling Ransomware Prevention
Viewing Ransomware Protection
Managing Protection Policies
Disabling Ransomware Prevention
File Integrity Monitoring
Viewing File Integrity Management
Checking Change Details
Checking Modified Files
Container Firewalls
Container Firewall Overview
Creating a Policy (for a Cluster Using the Container Tunnel Network Model)
Creating a Policy (for a Cluster Using the VPC Network Model)
Managing Policies (for a Cluster Using the Container Tunnel Network Model)
Managing Policies (for a Cluster Using the VPC Network Model)
Intrusion Detection
Alarms
HSS Alarms
Server Alarms
Viewing Server Alarms
Handling Server Alarms
Exporting Server Alarms
Managing Isolated Files
Container Alarms
Container Alarm Events
Viewing Container Alarms
Handling Container Alarms
Exporting Container Alarms
Whitelist Management
Configuring the Login Whitelist
Managing the Alarm Whitelist
Managing the System User Whitelist
Security Operations
Policy Management
Viewing a Policy Group
Creating a Policy Group
Editing a Policy
Viewing the Handling History
Security Report
Checking a Security Report
Subscribing to a Security Report
Creating a Security Report
Managing Security Reports
Installation & Configuration
Agent Management
Viewing Agent Status
Installing an Agent
Upgrading the Agent
Uninstalling an Agent
Security Configurations
Plug-in Management
Plug-Ins Overview
Viewing Plug-in Details
Installing a Plug-in
Upgrading a Plug-in
Uninstalling a Plug-in
Audit
HSS Operations Supported by CTS
Viewing Audit Logs
Permissions Management
Creating a User and Granting Permissions
HSS Custom Policies
HSS Actions
Manually Upgrading HSS
Upgrade Overview
Step 1: Disabling HSS Protection of the Old Version
Step 2: Uninstalling the Agent of the Old Version
Step 3: Installing the Agent of the New Version
Step 4: Enabling HSS Protection of the New Version
Enabling the HSS Enterprise or Premium Edition
Enabling Web Tamper Protection
Enabling Container Protection
FAQs
About HSS
What Is HSS?
What Is Container Security Service?
What Is Web Tamper Protection?
What Are the Relationships Between Images, Containers, and Applications?
What Is the HSS Agent?
Agent FAQs
Is the Agent in Conflict with Any Other Security Software?
How Do I Uninstall the Agent?
What Should I Do If Agent Installation Failed?
How Do I Fix an Abnormal Agent?
What Is the Default Agent Installation Path?
How Many CPU and Memory Resources Are Occupied by the Agent When It Performs Scans?
Do WTP and HSS Use the Same Agent?
How Do I View Servers Where No Agents Have Been Installed?
What Can I Do If the Agent Status Is Still "Not installed" After Installation?
What Do I Do If the HSS Upgrade Fails?
Brute-force Attack Defense
How Does HSS Intercept Brute Force Attacks?
How Do I Handle a Brute-force Attack Alarm?
How Do I Defend Against Brute-force Attacks?
What Do I Do If the Account Cracking Prevention Function Does Not Take Effect on Some Accounts for Linux Servers?
How Do I Unblock an IP Address?
What Do I Do If HSS Frequently Reports Brute-force Alarms?
What Do I Do If My Remote Server Port Is Not Updated in Brute-force Attack Records?
Weak Passwords and Unsafe Accounts
How Do I Handle a Weak Password Alarm?
How Do I Set a Secure Password?
Why Are the Weak Password Alarms Still Reported After the Weak Password Policy Is Disabled?
Intrusions
What Do I Do If My Servers Are Subjected to a Mining Attack?
Why a Process Is Still Isolated After It Was Whitelisted?
What Do I Do If a Mining Process Is Detected on a Server?
Why Some Attacks on Servers Are Not Detected?
Can I Unblock an IP Address Blocked by HSS, and How?
Why a Blocked IP Address Is Automatically Unblocked?
How Often Does HSS Detect, Isolate, and Kill Malicious Programs?
What Do I Do If an IP Address Is Blocked by HSS?
How Do I Defend Against Ransomware Attacks?
Abnormal Logins
Why Do I Still Receive Remote Login Alarms After Configuring the Login IP Whitelist?
How Do I Check the User IP address of a Remote Login?
What Can I Do If an Alarm Indicating Successful Login Is Reported?
Can I Disable Remote Login Detection?
How Do I Know Whether an Intrusion Succeeded?
Unsafe Settings
How Do I Install a PAM and Set a Proper Password Complexity Policy in a Linux OS?
How Do I Set a Proper Password Complexity Policy in a Windows OS?
How Do I Handle Unsafe Configurations?
How Do I View Configuration Check Reports?
Vulnerability Management
How Do I Fix Vulnerabilities?
What Do I Do If an Alarm Still Exists After I Fixed a Vulnerability?
Why a Server Displayed in Vulnerability Information Does Not Exist?
Do I Need to Restart a Server After Fixing its Vulnerabilities?
Web Tamper Protection
Why Do I Need to Add a Protected Directory?
How Do I Modify a Protected Directory?
What Should I Do If WTP Cannot Be Enabled?
How Do I Modify a File After WTP Is Enabled?
What Can I Do If I Enabled Dynamic WTP But Its Status Is Enabled but not in effect?
What Are the Differences Between the Web Tamper Protection Functions of HSS and WAF?
Container Guard Service
How Do I Disable Node Protection?
What Is the Log Processing Mechanism of CGS?
How to Switch from CGS to HSS Console?
How Do I Enable Node Protection?
Security Configurations
What Can I Do If I Cannot Remotely Log In to a Server via SSH?
How Do I Use 2FA?
Why Can't I Receive a Verification Code After 2FA Is Enabled?
Why Does My Login Fail After I Enable 2FA?
How Do I Add a Mobile Phone Number or Email Address for Receiving 2FA Verification Notifications?
How Do I Disable the SELinux Firewall?
Others
How Do I Use the Windows Remote Desktop Connection Tool to Connect to a Server?
How Do I Check HSS Log Files?
How Do I Enable Logging for Login Failures?
How Do I Clear an Alarm on Critical File Changes?
Change History
User Guide (Paris)
Introduction
What Is ?
Advantages
Scenarios
Editions and Features
HSS Permissions Management
Constraints and Limitations
Billing
Related Services
Basic Concepts
Enabling HSS
Installing an Agent
Installing an Agent on Linux
Installing the Agent for Windows
Enabling Protection
Enabling the Enterprise/Premium Edition
Enabling Web Tamper Protection
Enabling Container Protection
Enabling Alarm Notifications
Common Security Configuration
Server Security Dashboard
Risk Statistics
Asset Management
Asset Management
Server Fingerprints
Viewing Server Asset Fingerprints
Container Fingerprints
Viewing Container Asset Fingerprints
Server Management
Viewing Server Protection Status
Enabling Protection
Enterprise/Premium Edition
WTP Edition
Disabling Protection
Disabling the Enterprise/Premium Edition
Disabling WTP
Switching the HSS Quota Edition
Deploying a Policy
Managing Server Groups
Servers Importance Management
Installing Agents in Batches (with the Same Server Account and Password)
Container Management
Viewing the Container Node Protection List
Enabling Container Security Protection
Disabling Protection for Container Edition
Container Images
Managing SWR Private Images
Viewing Container Information
Risk Prevention
Vulnerability Management
Vulnerability Management Overview
Vulnerability Scan (Manual)
Viewing Vulnerability Details
Exporting the vulnerability list
Handling Vulnerabilities
Managing the Vulnerability Whitelist
Viewing Vulnerability Handling History
Baseline Inspection
Baseline Check Overview
Viewing Baseline Check Details
Fixing Unsafe Settings
Managing Baseline Check Policies
Container Image Security
Image Vulnerabilities
Viewing Malicious File Detection Results
Image Baseline Check
Prevention
WTP
Adding a Protected Directory
Configuring Remote Backup
Adding a Privileged Process
Enabling/Disabling Scheduled Static WTP
Enabling Dynamic WTP
Viewing WTP Reports
Viewing WTP Events
Ransomware Prevention
Enabling Ransomware Prevention
Viewing Ransomware Protection
Managing Protection Policies
Disabling Ransomware Prevention
File Integrity Monitoring
Viewing File Integrity Management
Checking Change Details
Checking Modified Files
Container Firewalls
Container Firewall Overview
Creating a Policy (for a Cluster Using the Container Tunnel Network Model)
Creating a Policy (for a Cluster Using the VPC Network Model)
Managing Policies (for a Cluster Using the Container Tunnel Network Model)
Managing Policies (for a Cluster Using the VPC Network Model)
Intrusion Detection
Alarms
HSS Alarms
Server Alarms
Viewing Server Alarms
Handling Server Alarms
Exporting Server Alarms
Managing Isolated Files
Container Alarms
Container Alarm Events
Viewing Container Alarms
Handling Container Alarms
Exporting Container Alarms
Whitelist Management
Configuring the Login Whitelist
Managing the Alarm Whitelist
Managing the System User Whitelist
Security Operations
Policy Management
Viewing a Policy Group
Creating a Policy Group
Editing a Policy
Viewing the Handling History
Security Report
Checking a Security Report
Subscribing to a Security Report
Creating a Security Report
Managing Security Reports
Installation & Configuration
Agent Management
Viewing Agent Status
Installing an Agent
Upgrading the Agent
Uninstalling an Agent
Security Configurations
Plug-in Management
Plug-Ins Overview
Viewing Plug-in Details
Installing a Plug-in
Upgrading a Plug-in
Uninstalling a Plug-in
Audit
HSS Operations Supported by CTS
Viewing Audit Logs
Permissions Management
Creating a User and Granting Permissions
HSS Custom Policies
Manually Upgrading HSS
Upgrade Overview
Step 1: Disabling HSS Protection of the Old Version
Step 2: Uninstalling the Agent of the Old Version
Step 3: Installing the Agent of the New Version
Step 4: Enabling HSS Protection of the New Version
Enabling the HSS Enterprise or Premium Edition
Enabling Web Tamper Protection
Enabling Container Protection
FAQs
About HSS
What Is HSS?
What Is Container Security Service?
What Is Web Tamper Protection?
What Are the Relationships Between Images, Containers, and Applications?
What Are the Differences Between HSS and WAF?
What Is the HSS Agent?
Agent FAQs
Is the Agent in Conflict with Any Other Security Software?
How Do I Uninstall the Agent?
What Should I Do If Agent Installation Failed?
How Do I Fix an Abnormal Agent?
What Is the Default Agent Installation Path?
How Many CPU and Memory Resources Are Occupied by the Agent When It Performs Scans?
Do WTP and HSS Use the Same Agent?
How Do I View Servers Where No Agents Have Been Installed?
What Can I Do If the Agent Status Is Still "Not installed" After Installation?
What Addresses Do ECSs Access After the Agent Is Installed?
Brute-force Attack Defense
How Does HSS Intercept Brute Force Attacks?
How Do I Handle a Brute-force Attack Alarm?
How Do I Defend Against Brute-force Attacks?
What Do I Do If the Account Cracking Prevention Function Does Not Take Effect on Some Accounts for Linux Servers?
How Do I Unblock an IP Address?
What Do I Do If HSS Frequently Reports Brute-force Alarms?
What Do I Do If My Remote Server Port Is Not Updated in Brute-force Attack Records?
Weak Passwords and Unsafe Accounts
How Do I Handle a Weak Password Alarm?
How Do I Set a Secure Password?
Why Are the Weak Password Alarms Still Reported After the Weak Password Policy Is Disabled?
Intrusions
What Do I Do If My Servers Are Subjected to a Mining Attack?
Why a Process Is Still Isolated After It Was Whitelisted?
What Do I Do If a Mining Process Is Detected on a Server?
Why Some Attacks on Servers Are Not Detected?
Can I Unblock an IP Address Blocked by HSS, and How?
Why a Blocked IP Address Is Automatically Unblocked?
How Often Does HSS Detect, Isolate, and Kill Malicious Programs?
What Do I Do If an IP Address Is Blocked by HSS?
How Do I Defend Against Ransomware Attacks?
Abnormal Logins
Why Do I Still Receive Remote Login Alarms After Configuring the Login IP Whitelist?
How Do I Check the User IP address of a Remote Login?
What Can I Do If an Alarm Indicating Successful Login Is Reported?
Can I Disable Remote Login Detection?
How Do I Know Whether an Intrusion Succeeded?
Unsafe Settings
How Do I Install a PAM and Set a Proper Password Complexity Policy in a Linux OS?
How Do I Set a Proper Password Complexity Policy in a Windows OS?
How Do I Handle Unsafe Configurations?
How Do I View Configuration Check Reports?
Vulnerability Management
How Do I Fix Vulnerabilities?
What Do I Do If an Alarm Still Exists After I Fixed a Vulnerability?
Why a Server Displayed in Vulnerability Information Does Not Exist?
Do I Need to Restart a Server After Fixing its Vulnerabilities?
Can I Check the Vulnerability and Baseline Fix History on HSS?
What Do I Do If Vulnerability Fix Failed?
Why Can't I Select a Server During Manual Vulnerability Scanning or Batch Vulnerability Fixing?
Web Tamper Protection
Why Do I Need to Add a Protected Directory?
How Do I Modify a Protected Directory?
What Should I Do If WTP Cannot Be Enabled?
How Do I Modify a File After WTP Is Enabled?
What Can I Do If I Enabled Dynamic WTP But Its Status Is Enabled but not in effect?
What Are the Differences Between the Web Tamper Protection Functions of HSS and WAF?
Container Guard Service
How Do I Disable Node Protection?
What Is the Log Processing Mechanism of CGS?
How to Switch from CGS to HSS Console?
How Do I Enable Node Protection?
How Do I Enable the API Server Audit for an On-Premises Kubernetes Container?
Security Configurations
How Do I Clear the SSH Login IP Address Whitelist Configured in HSS?
What Can I Do If I Cannot Remotely Log In to a Server via SSH?
How Do I Use 2FA?
What Do I Do If I Cannot Enable 2FA?
Why Can't I Receive a Verification Code After 2FA Is Enabled?
Why Does My Login Fail After I Enable 2FA?
How Do I Add a Mobile Phone Number or Email Address for Receiving 2FA Verification Notifications?
If I Choose to Use Verification Code for 2FA, How Do I Get the Code?
How Do I Modify Alarm Notification Recipients?
Why No Topics Are Available for Me to Choose When I Configure Alarm Notifications?
Can I Disable HSS Alarm Notifications?
How Do I Modify Alarm Notification Items?
How Do I Disable the SELinux Firewall?
Others
How Do I Use the Windows Remote Desktop Connection Tool to Connect to a Server?
How Do I Check HSS Log Files?
How Do I Enable Logging for Login Failures?
How Do I Clear an Alarm on Critical File Changes?
Is HSS Available as Offline Software?
Why Is a Deleted ECS Still Displayed in the HSS Server List?
Change History
User Guide (Kuala Lumpur Region)
Introduction
What Is HSS?
Advantages
Scenarios
Features
HSS Permissions Management
Constraints
Related Services
Basic Concepts
Using IAM to Grant Access to HSS
Creating a User and Granting Permissions
HSS Custom Policies
HSS Actions
and Accessing HSS
Access Process
Installing the Agent on Servers
Installing the Agent on Cloud Platform Servers
On-Premises IDCs Accessing HSS Through a Direct Connect and Proxy Servers
Overview
Resources
Process Flow
Process
Creating a Direct Connect
Creating a Proxy Server
Installing an Agent on the Proxy Server
Installing and Configuring Nginx on the Proxy Server
Creating an Agent Installation Package or Installation Commands Using a Proxy Server
Installing an Agent for an On-premises IDC
Installing the HSS Agent Using CBH
Installing the Agent on Containers
Installing the Agent in a CCE Cluster
Installing the Agent on an Independent Container Node
Enabling Protection
Enabling the Basic/Enterprise/Premium Edition
Enabling Web Tamper Protection
Enabling Container Protection
Checking the Dashboard
Asset Management
Asset Overview
Server Fingerprints
Collecting Server Asset Fingerprints
Viewing Server Asset Fingerprints
Container Fingerprints
Collecting Container Asset Fingerprints
Viewing Container Asset Fingerprints
Server Management
Enabling Server Protection
Viewing Server Protection Status
Exporting the Server List
Deploying a Protection Policy
Managing Server Groups
Servers Importance Management
Ignoring a Server
Disabling HSS
Disabling the Basic/Enterprise/Premium Edition
Disabling WTP
Container Management
Enabling Container Protection
Viewing the Container Node Protection Status
Exporting the Container Node List
Managing Local Images
Managing Repository Images
Viewing Container Information
Handling Unsafe Containers
Uninstalling the Agent from a Cluster
Disabling Container Protection
Prediction
Vulnerability Management
Vulnerability Management Overview
Vulnerability Scan
Viewing Vulnerability Details
Exporting the Vulnerability List
Handling Vulnerabilities
Managing the Vulnerability Whitelist
Viewing Vulnerability Handling History
Baseline Check
Baseline Check Overview
Performing a Baseline Check
Viewing and Handling Baseline Check Results
Exporting a Baseline Check Report
Managing Manual Baseline Check Policies
Container Image Security
Viewing SWRImage Repository Vulnerabilities
Viewing Malicious File Detection Results in Images
Server Protection
Application Protection
Application Protection Overview
Enabling Application Protection
Viewing Application Protection
Managing Application Protection Policies
Disabling Application Protection
WTP
WTP Overview
Enabling Web Tamper Protection
Adding a Protected Directory
Configuring Remote Backup
Enabling Dynamic WTP
Viewing WTP Events
Adding a Privileged Process
Enabling/Disabling Scheduled Static WTP
Ransomware Prevention
Ransomware Prevention Overview
Enabling Ransomware Prevention
Enabling Backup
Viewing and Handling Ransomware Prevention Events
Managing Ransomware Protection Policies
Restoring Server Data
Managing Server Backup
Disabling Ransomware Prevention
Application Process Control
Application Process Control Overview
Creating a Whitelist Policy
Confirming Learning Outcomes
Enabling Application Process Control
Checking and Handling Suspicious Processes
Extending the Process Whitelist
Start Learning on Servers Again
Disabling Application Process Control
File Integrity Monitoring
File Integrity Management Overview
Viewing File Change Records
Virus Scan
Virus Scan Overview
Scanning for Viruses
Viewing and Handling Viruses
Managing Custom Antivirus Policies
Managing Isolated Files
Dynamic Port Honeypot
Dynamic Port Honeypot Overview
Creating a Protection Policy for a Dynamic Honeypot Port
Viewing and Handling Honeypot Protection Events
Managing Dynamic Port Honeypot Protection Policies
Managing Associated Servers
Container Protection
Container Firewalls
Container Firewall Overview
Configuring a Network Defense Policy (for a Container Tunnel Network)
Configuring a Network Defense Policy (for a VPC Network)
Container Cluster Protection
Container Cluster Protection Overview
Enabling Container Cluster Protection
Configuring a Container Cluster Protection Policy
Checking Container Cluster Protection Events
Disabling Container Cluster Protection
Detection and Response
HSS Alarms
Server Alarms
Viewing Server Alarms
Handling Server Alarms
Exporting Server Alarms
Managing Isolated Files
Container Alarms
Container Alarm Events
Viewing Container Alarms
Handling Container Alarms
Exporting Container Alarms
Whitelist Management
Managing the Login Whitelist
Managing the Alarm Whitelist
Managing the System User Whitelist
Security Operations
Policy Management
Policy Management Overview
Configuring Policies
Creating a Custom Policy Group
Deleting a Custom Policy Group
Handling History
Container Audit
Container Audit Overview
Viewing Container Audit Logs
Security Report
Security Report Overview
Creating a Security Report
Checking a Security Report
Managing Security Reports
Free Health Check
Installation and Configuration
Installation and Configuration on Servers
Agent Management
Agent Overview
Installing the Agent on a Server
Upgrading the Agent
Uninstalling the Agent
Security Configurations
Configuring Common Login Locations
Configuring Common Login IP Addresses
Configuring an SSH Login IP Address Whitelist
Isolating and Killing Malicious Programs
Enabling 2FA
Installation and Configuration on Containers
Cluster Management
Modifying Cluster Agent Installation Information
Upgrading or Uninstalling the Agent from a Cluster
Viewing the Cluster Node List and Permission List
Independent Node Management
Installing the Agent on an Independent Node
Upgrading or Uninstalling the Agent from an Independent Node
Connecting to a Third-party Image Repository
Alarm Configuration
Authorization
Plug-in Settings
Plug-Ins Overview
Viewing Plug-in Information
Installing a Plug-in
Uninstalling a Plug-in
Monitoring and Auditing
Cloud Eye Monitoring
HSS Metrics
Monitored HSS Events
Configuring a Monitoring Alarm Rule
Viewing Monitoring Metrics
CTS Auditing
HSS Operations Supported by CTS
FAQs
About HSS
What Is Host Security?
What Is Container Security?
What Is Web Tamper Protection?
What Are the Relationships Between Images, Containers, and Applications?
Is HSS in Conflict with Any Other Security Software?
What Are the Differences Between HSS and WAF?
What Is the HSS Agent?
Can HSS Automatically Detect and Remove Viruses?
Agent
Is the Agent in Conflict with Any Other Security Software?
How Do I Uninstall the Agent?
What Should I Do If Agent Installation Failed?
How Do I Fix an Abnormal Agent?
What Is the Default Agent Installation Path?
How Many CPU, Memory, and Disk Resources Are Occupied When the Agent Is Running?
Do Different HSS Editions Share the Same Agent?
How Do I View Servers Where No Agents Have Been Installed?
What Can I Do If the Agent Status Is Still "Not installed" After Installation?
What Do I Do If the Upgrade Fails?
What If I Do Not Upgrade to the New Version?
What Do I Do If I Cannot Access the Download Link of the Windows Or Linux Agent?
What Do I Do If Agent Upgrade Fails and the Message "File replacement failed" Is Displayed?
Vulnerability Management
How Do I Fix Vulnerabilities?
What Do I Do If an Alarm Still Exists After I Fixed a Vulnerability?
Why a Server Displayed in Vulnerability Information Does Not Exist?
Do I Need to Restart a Server After Its Vulnerabilities Are Fixed?
What Do I Do If Vulnerability Fix Failed?
Why Can't I Select a Server During Manual Vulnerability Scanning or Batch Vulnerability Fixing?
Detection & Response
What Do I Do If My Servers Are Subjected to a Mining Attack?
Why a Process Is Still Isolated After It Was Whitelisted?
Why an Attack Is Not Detected by HSS?
Can I Unblock an IP Address Blocked by HSS, and How?
Why a Blocked IP Address Is Automatically Unblocked?
How Often Is Malware Scan and Removal?
What Do I Do If an IP Address Is Blocked by HSS?
How Do I Defend Against Ransomware Attacks?
How Do I Add High-risk Command Execution Alarms to the Whitelist?
Abnormal Logins
Why Do I Still Receive Remote Login Alarms After Configuring the Login IP Whitelist?
How Do I Check the User IP address of a Remote Login?
How Do I Cancel the Alarm Notifications of Successful Server Logins?
Can I Disable Remote Login Detection?
How Do I Know Whether an Intrusion Succeeded?
Brute-force Attack Defense
How Does HSS Intercept Brute Force Attacks?
How Do I Handle a Brute-force Attack Alarm?
How Do I Defend Against Brute-force Attacks?
How Do I Unblock an IP Address?
What Do I Do If HSS Frequently Reports Brute-force Alarms?
What Do I Do If the Port in Brute-force Attack Records Is Not Updated?
Baseline Inspection
Why Are Weak Password Alarms Generated After the Weak Password Detection Policy Is Disabled?
How Do I Install a PAM and Set a Proper Password Complexity Policy in a Linux OS?
How Do I Set a Proper Password Complexity Policy in a Windows OS?
How Do I Handle Unsafe Settings?
How Do I View Configuration Check Reports?
How Do I Handle a Weak Password Alarm?
How Do I Set a Secure Password?
Web Tamper Protection
Why Do I Need to Add a Protected Directory?
How Do I Modify a Protected Directory?
What Should I Do If WTP Cannot Be Enabled?
How Do I Modify a File After WTP Is Enabled?
What Can I Do If I Enabled Dynamic WTP But Its Status Is Enabled but not in effect?
What Are the Differences Between the Web Tamper Protection Functions of HSS and WAF?
Container Security
How Do I Disable Node Protection?
How Do I Enable Node Protection?
How Do I Enable the API Server Audit for an On-Premises Kubernetes Container?
What Do I Do If the Container Cluster Protection Plug-in Fails to Be Uninstalled?
Security Configurations
What Can I Do If I Cannot Remotely Log In to a Server via SSH?
How Do I Use 2FA?
Why Can't I Receive a Verification Code After 2FA Is Enabled?
Why Does My Login Fail After I Enable 2FA?
How Do I Add a Mobile Number or Email Address for 2FA?
Can I Disable HSS Alarm Notifications?
How Do I Modify Alarm Notification Items?
How Do I Disable the SELinux Firewall?
Others
How Do I Use the Windows Remote Desktop Connection Tool to Connect to a Windows Server?
How Do I Check HSS Log Files?
How Do I Enable Logging for Login Failures?
How Do I Enable or Disable the Agent Self-protection Policy?
What Do I Do If HSS Self-Protection Cannot Be Disabled?
Change History
API Reference (Kuala Lumpur Region)
Before You Start
Calling APIs
Making an API Request
Authentication
Response
API Description
Intrusion Detection
Handling Alarm Events
Querying the Detected Intrusion List
Querying the Alarm Whitelist
Ransomware Prevention
Querying the Servers Protected Against Ransomware
Querying a Protection Policy List
Modifying a Protection Policy
Enabling Ransomware Prevention
Disabling Ransomware Prevention
Querying the Backup Policy Bound to HSS Protection Vault
Modifying the Backup Policy Bound to Vault
Baseline Management
Querying the Weak Password Detection Result List
Querying the Password Complexity Policy Detection Report
Querying the Result List of Server Security Configuration Check
Querying the Check Result of a Security Configuration Item
Querying the Checklist of a Security Configuration Item
Querying the List of Affected Servers of a Security Configuration Item
Querying the Report of a Check Item in a Security Configuration Check
Ignoring, Unignoring, Repairing, or Verifying the Failed Configuration Check Items
Vulnerability Management
Querying the Vulnerability List
Querying the Servers Affected by a Vulnerability
Changing the Status of a Vulnerability
Querying Vulnerability Information About a Server
Creating a Vulnerability Scan Task
Querying a Vulnerability Scan Policy
Modifying a Vulnerability Scan Policy
Querying the Vulnerability Scan Tasks
Querying the List of Servers Corresponding to a Vulnerability Scan Task
Querying Vulnerability Management Statistics
Tag Management
Creating Tags in Batches
Deleting a Resource Tag
Quota Management
Querying Quota Information
Querying Quota Details
Policy Management
Querying the Policy Group List
Applying a Policy
Event Management
Querying the List of Blocked IP Addresses
Unblocking a Blocked IP Address
Querying the List of Isolated Files
Restoring Isolated Files
Asset Management
Collecting Asset Statistics, Including Accounts, Ports, and Processes
Querying the Account List
Querying Open Port Statistics
Querying the Process List
Querying the Software List
Querying Automatic Startup Item Information
Querying the Server List of an Account
Querying the Open Port List of a Single Server
Querying the Server List of the Software
Querying the Service List of Auto-Started Items
Obtaining the Account Change History
Obtaining the Historical Change Records of Software Information
Obtaining the Historical Change Records of Auto-started Items
Asset Fingerprints - Process - Server List
Asset Fingerprints - Port - Server List
Querying the Middleware List
Querying the Server List of a Specified Middleware
Web Tamper Protection
Querying the Protection List
Enabling or Disabling WTP
Enabling or Disabling Dynamic WTP
Querying the Status of Static WTP for a Server
Querying the Status of Dynamic WTP for a Server
Server Management
Querying ECSs
Changing the Protection Status
Querying Server Groups
Creating a Server Group
Editing a Server Group
Deleting a Server Group
Container Management
Querying the Container Node List
Container Image
Querying the Image List in the SWR Image Repository
Scanning Images in the Image Repository in Batches
Querying Image Vulnerability Information
CVE Information Corresponding to the Vulnerability
Synchronizing the Image List from SWR
Querying the List of Image Security Configuration Detection Results
Querying the Check Item List of a Specified Security Configuration Item of an Image
Querying the Mirror Configuration Check Report
Appendixes
Status Code
Error Codes
Obtaining a Project ID
Obtaining an Enterprise Project ID
Obtaining Region ID
Change History
User Guide (Ally Region)
Introduction
What Is HSS?
Advantages
Scenarios
Features
Provided Free of Charge
HSS Permissions Management
Constraints
Related Services
Basic Concepts
Using IAM to Grant Access to HSS
Creating a User and Granting Permissions
HSS Custom Policies
HSS Actions
Applying for and Accessing HSS
Access Process
Installing the HSS Agent
Installing the Agent on Cloud Platform Servers
On-Premises IDCs Accessing HSS Through a Direct Connect and Proxy Servers
Overview
Resources
Process Flow
Process
Creating a Direct Connect
Creating a Proxy Server
Installing an Agent on the Proxy Server
Installing and Configuring Nginx on the Proxy Server
Creating an Agent Installation Package or Installation Commands Using a Proxy Server
Installing an Agent for an On-premises IDC
Installing the HSS Agent Using CBH
Installing the Container Security Agent
Installing the Agent in a CCE Cluster
Installing the Agent on an Independent Container Node
Enabling Protection
Checking the Dashboard
Asset Management
Asset Overview
Server Fingerprints
Manually Collecting Server Fingerprints
Viewing Server Fingerprints
Checking the Changes of Server Fingerprints
Container Assets
Manually Collecting Container Assets
Viewing Container Assets
Server Management
Enabling Server Protection
Viewing Server Protection Status
Viewing the Assets and Risks of a Server
Exporting the Server List
Deploying a Protection Policy
Managing Server Groups
Servers Importance Management
Ignoring a Server
Disabling HSS
Container Management
Enabling Container Protection
Viewing the Container Node Protection Status
Exporting the Container Node List
Viewing Container Information
Handling Unsafe Containers
Disabling Container Protection
Prediction
Vulnerability Management
Vulnerability Management Overview
Scanning for Vulnerabilities
Viewing Vulnerability Details
Exporting the Vulnerability List
Handling Vulnerabilities
Managing the Vulnerability Whitelist
Viewing Vulnerability Handling History
Baseline Check
Baseline Check Overview
Configuring a Baseline Check Policy
Performing a Baseline Check
Viewing and Handling Baseline Check Results
Exporting a Baseline Check Report
Managing the Baseline Whitelist
Container Image Security
Container Image Security Overview
CI/CD Image Security Scan
CI/CD Image Security Scan Overview
Viewing and Handling CI/CD Image Scan Results
Exporting CI/CD Image Scan Results
Repository Image Security Scan
Repository Image Security Scan Overview
Synchronizing Repository Images
Scanning Repository Images
Viewing and Handling Repository Image Scan Results
Exporting Repository Image Scan Results
Managing the Repository Image Vulnerability Whitelist
Local Image Security Scan
Local Image Security Scan Overview
Scanning Local Images
Viewing and Handling Local Image Scan Results
Exporting Local Image Scan Results
Managing the Local Image Vulnerability Whitelist
Cluster Environment Security
Cluster Environment Security Overview
Checking Cluster Environment Security
Viewing and Handling Security Risks in a Cluster
Server Protection
Application Protection
Application Protection Overview
Enabling Application Protection
Viewing Application Protection
Managing Application Protection Policies
Disabling Application Protection
Web Tamper Protection
WTP Overview
Enabling WTP
Configuring Remote Backup
Modifying Settings
Manually Enabling or Disabling Directory Protection
Deleting Assets Protected by WTP
Viewing WTP Events
Ransomware Prevention
Ransomware Prevention Overview
Enabling Ransomware Prevention
Enabling Backup
Viewing and Handling Ransomware Prevention Events
Managing Ransomware Protection Policies
Restoring Server Data
Managing Server Backup
Disabling Ransomware Prevention
Application Process Control
Application Process Control Overview
Creating a Whitelist Policy
Confirming Learning Outcomes
Enabling Application Process Control
Checking and Handling Suspicious Processes
Extending the Process Whitelist
Start Learning on Servers Again
Disabling Application Process Control
File Integrity Monitoring
File Integrity Monitoring Overview
Viewing File Change Records
Virus Scan
Virus Scan Overview
Scanning for Viruses
Viewing and Handling Viruses
Managing Custom Antivirus Policies
Managing Isolated Files
Dynamic Port Honeypot
Dynamic Port Honeypot Overview
Creating a Protection Policy for a Dynamic Honeypot Port
Viewing and Handling Honeypot Protection Events
Managing Dynamic Port Honeypot Protection Policies
Managing Associated Servers
Container Protection
Container Firewalls
Container Firewall Overview
Configuring a Network Defense Policy (for a Container Tunnel Network)
Configuring a Network Defense Policy (for a VPC Network)
Configuring a Network Defense Policy (for Cloud Native Network 2.0)
Configuring a Network Defense Policy (for a Native Kubernetes Network)
Container Cluster Protection
Container Cluster Protection Overview
Enabling Container Cluster Protection
Configuring a Container Cluster Protection Policy
Checking Container Cluster Protection Events
Disabling Container Cluster Protection
Detection and Response
HSS Alarms
Server Alarms
Viewing Server Alarms
Handling Server Alarms
Exporting Server Alarms
Managing Isolated Files
Container Alarms
Container Alarms
Viewing Container Alarms
Handling Container Alarms
Exporting Container Alarms
Whitelist Management
Managing the Login Whitelist
Managing the Alarm Whitelist
Managing the System User Whitelist
Security Operations
Policy Management
Policy Management Overview
Configuring Policies
Configuring the Policy Group Protection Mode
Creating a Custom Policy Group
Deleting a Custom Policy Group
Handling History
Container Audit
Container Audit Overview
Viewing Container Audit Logs
Security Report
Security Report Overview
Creating a Security Report
Checking a Security Report
Managing Security Reports
Free Health Check
Monthly Operation Summary
Installation and Configuration
Installation and Configuration on Servers
Agent Management
Server Security Agent Overview
Viewing the Server Agent Version Description
Installing the Agent on a Server
Upgrading the Agent
Uninstalling the Agent
Security Configurations
Configuring Common Login Locations
Configuring Common Login IP Addresses
Configuring an SSH Login IP Address Whitelist
Isolating and Killing Malicious Programs
Enabling and Disabling Agent Self-Protection
Enabling 2FA
Installation and Configuration on Containers
Container Management
Cluster Management
Installing the Agent in a Cluster
Modifying Cluster Agent Installation Information
Upgrading or Uninstalling the Agent from a Cluster
Viewing the Cluster Node List and Permission List
Independent Node Management
Installing the Agent on an Independent Node
Upgrading or Uninstalling the Agent from an Independent Node
Image Access
Connecting to a Third-party Image Repository
Configuring CI/CD Access
Integrating Image Security Scan in CI/CD
Editing the Blacklist or Whitelist of Image Scan in CI/CD
Alarm Configuration
Authorization
Plug-in Settings
Plug-Ins Overview
Viewing Plug-in Information
Installing a Plug-in
Uninstalling a Plug-in
Auditing
CTS Auditing
HSS Operations Supported by CTS
Viewing CTS Traces in the Trace List
FAQs
About HSS
What Is Host Security?
What Is Container Security?
What Is Web Tamper Protection?
What Are the Relationships Between Images, Containers, and Applications?
How Do I Use HSS?
Can HSS Protect Local IDC Servers?
What Are the Differences Between HSS and WAF?
What Is the HSS Agent?
Can HSS Be Used Across Clouds?
Can HSS Automatically Detect and Remove Viruses?
Agent
Is the Agent in Conflict with Any Other Security Software?
How Do I Uninstall the Agent?
How Do I Install the Agent on a Server?
How Do I Fix an Abnormal Agent?
What Is the Default Agent Installation Path?
How Many CPU, Memory, and Disk Resources Are Occupied When the Agent Is Running?
Do Different HSS Editions Share the Same Agent?
How Do I View Servers Where No Agents Have Been Installed?
What Do I Do If the Upgrade Fails?
What Resources Will Be Accessed by the Agent After It Is Installed on a Server?
What Do I Do If I Cannot Access the Download Link of the Windows or Linux Agent?
What Do I Do If Agent Upgrade Fails and the Message "File replacement failed" Is Displayed?
Protection
Protection Interrupted
Protection Degraded
Vulnerability Management
How Do I Fix Vulnerabilities?
What Do I Do If an Alarm Still Exists After I Fixed a Vulnerability?
Why a Server Displayed in Vulnerability Information Does Not Exist?
Do I Need to Restart a Server After Its Vulnerabilities Are Fixed?
Can I Check the Vulnerability and Baseline Fix History on HSS?
What Do I Do If Vulnerability Fix Failed?
Why Can't I Select a Server During Manual Vulnerability Scanning or Batch Vulnerability Fixing?
What Do I Do If a Vulnerability Scan Failed?
Do I Need to Subscribe to Ubuntu Pro to Fix Ubuntu Vulnerabilities?
Detection & Response
How Do I View and Handle HSS Alarm Notifications?
What Do I Do If My Servers Are Subjected to a Mining Attack?
Why a Process Is Still Isolated After It Was Whitelisted?
Why an Attack Is Not Detected by HSS?
Can I Unblock an IP Address Blocked by HSS, and How?
Why a Blocked IP Address Is Automatically Unblocked?
How Often Is Malware Scan and Removal?
What Do I Do If an IP Address Is Blocked by HSS?
How Do I Defend Against Ransomware Attacks?
How Do I Add High-risk Command Execution Alarms to the Whitelist?
Why Doesn't HSS Generate Alarms for Some Web Shell Files?
Abnormal Logins
Why Do I Still Receive Remote Login Alarms After Configuring the Login IP Whitelist?
How Do I Check the User IP address of a Remote Login?
How Do I Cancel the Alarm Notifications of Successful Server Logins?
Can I Disable Remote Login Detection?
How Do I Know Whether an Intrusion Succeeded?
Brute-force Attack Defense
How Does HSS Block Brute-Force Attacks?
How Do I Handle a Brute-force Attack Alarm?
How Do I Defend Against Brute-force Attacks?
How Do I Unblock an IP Address?
What Do I Do If HSS Frequently Reports Brute-force Alarms?
What Do I Do If a Cloud IP Address Triggers a Brute-force Attack Alarm?
What Do I Do If the Port in Brute-force Attack Records Is Not Updated?
Baseline Inspection
Why Are Weak Password Alarms Generated After the Weak Password Detection Policy Is Disabled?
How Do I Install a PAM and Set a Proper Password Complexity Policy in a Linux OS?
How Do I Set a Proper Password Complexity Policy in a Windows OS?
How Do I Handle Unsafe Settings?
How Do I View Configuration Check Reports?
How Do I Handle a Weak Password Alarm?
How Do I Set a Secure Password?
Web Tamper Protection
Why Do I Need to Add a Protected Directory?
How Do I Modify a Protected Directory?
What Should I Do If I Cannot Enable WTP?
How Do I Modify a File After WTP Is Enabled?
What Can I Do If I Enabled Dynamic WTP But Its Status Is Enabled but not in effect?
What Are the Differences Between the Web Tamper Protection Functions of HSS and WAF?
Container Security
How Do I Disable Node Protection?
How Do I Enable Node Protection?
How Do I Enable the API Server Audit for an On-Premises Kubernetes Container?
What Do I Do If the Container Cluster Protection Plug-in Fails to Be Uninstalled?
What Do I Do If a Repository Image Scan Failed?
Ransomware Prevention
What Are the Differences Between Ransomware Protection Backup and Cloud Backup?
Ransomware Protection Exception
Security Configurations
How Do I Clear the SSH Login IP Address Whitelist Configured in HSS?
What Can I Do If I Cannot Remotely Log In to a Server via SSH?
How Do I Use 2FA?
What Do I Do If I Cannot Enable 2FA?
Why Can't I Receive a Verification Code After 2FA Is Enabled?
Why Does My Login Fail After I Enable 2FA?
How Do I Add a Mobile Number or Email Address for 2FA?
Do I Use a Fixed Verification Code for 2FA?
How Do I Modify Alarm Notification Recipients?
Why No Topics Are Available for Me to Choose When I Configure Alarm Notifications?
Can I Disable HSS Alarm Notifications?
How Do I Modify Alarm Notification Items?
How Do I Disable the SELinux Firewall?
Others
How Do I Use the Windows Remote Desktop Connection Tool to Connect to a Windows Server?
How Do I Check HSS Log Files?
How Do I Enable Logging for Login Failures?
How Do I Enable or Disable the Agent Self-protection Policy?
What Do I Do If Windows Self-Protection Cannot Be Disabled?
Why Is a Deleted Server Still Displayed in the HSS Server List?
Change History
API Reference (Ally Region)
Before You Start
Calling APIs
Making an API Request
Authentication
Response
API Description
Asset Management
Collecting Asset Statistics, Including Accounts, Ports, and Processes
Querying the Account List
Querying Open Port Statistics
Querying the Process List
Querying the Software List
Querying Automatic Startup Item Information
Querying the Server List of an Account
Querying the Open Port List of a Single Server
Querying the Server List of the Software
Querying the Service List of Auto-Started Items
Obtaining the Account Change History
Obtaining the Historical Change Records of Software Information
Obtaining the Historical Change Records of Auto-started Items
Asset Fingerprints - Process - Server List
Asset Fingerprints - Port - Server List
Querying the Middleware List
Querying the Server List of a Specified Middleware
Ransomware Prevention
Querying the Servers Protected Against Ransomware
Querying the Protection Policy List of Ransomware
Modifying Ransomware Protection Policies
Enabling Ransomware Prevention
Disabling Ransomware Prevention
Querying the Backup Policy Bound to HSS Protection Vault
Modifying the Backup Policy Bound to Vault
Baseline Management
Querying the Weak Password Detection Result List
Querying the Password Complexity Policy Detection Report
Querying the Result List of Server Security Configuration Check
Querying the Check Result of a Security Configuration Item
Querying the Checklist of a Security Configuration Item
Querying the List of Affected Servers of a Security Configuration Item
Querying the Report of a Check Item in a Security Configuration Check
Ignoring, Unignoring, Repairing, or Verifying the Failed Configuration Check Items
Container Management
Querying the Container Node List
Querying Basic Container Information List
Event Management
Querying the List of Blocked IP Addresses
Unblocking a Blocked IP Address
Querying the List of Isolated Files
Restoring Isolated Files
Querying Export Tasks
Downloading Export Files
Intrusion Detection
Handling Alarm Events
Querying the Detected Intrusion List
Querying the Alarm Whitelist
Server Management
Querying ECSs
Changing the Protection Status
Querying Server Groups
Creating a Server Group
Editing a Server Group
Deleting a Server Group
Container Image
Querying the Image List in the SWR Image Repository
Scanning Images in the Image Repository in Batches
Querying the Local Image List
Querying Image Vulnerability Information
CVE Information Corresponding to the Vulnerability
Synchronizing the Image List from SWR
Querying the List of Image Security Configuration Detection Results
Querying the Check Item List of a Specified Security Configuration Item of an Image
Querying the Mirror Configuration Check Report
Policy Management
Querying the Policy Group List
Applying a Policy Group
Vulnerability Management
Querying the Vulnerability List
Exporting Information About Vulnerabilities and Their Affected Servers
Querying the Servers Affected by a Vulnerability
Changing the Status of a Vulnerability
Querying Vulnerability Information About a Server
Creating a Vulnerability Scan Task
Querying a Vulnerability Scan Policy
Modifying a Vulnerability Scan Policy
Querying the Vulnerability Scan Tasks
Querying the List of Servers Corresponding to a Vulnerability Scan Task
Querying Vulnerability Management Statistics
Web Tamper Protection
Querying the Protection List
Enabling or Disabling WTP
Enabling or Disabling Dynamic WTP
Querying the Status of Static WTP for a Server
Querying the Status of Dynamic WTP for a Server
Tag Management
Creating Tags in Batches
Deleting a Resource Tag
Cluster Management
Deleting a Cluster Daemonset
Updating a Cluster Daemonset
Creating a CCE Integrated Protection Configuration
Obtaining Cluster Configurations
Installation and Configuration
Querying the Agent Installation Script
Appendixes
Status Code
Error Codes
Obtaining a Project ID
General Reference
Glossary
Shared Responsibilities
Service Level Agreement
White Papers
Endpoints
Permissions