SecMaster
SecMaster
All results for "
" in this service
All results for "
" in this service
What's New
Technology Poster
Infographics
Getting to Know Huawei Cloud SecMaster: A Next-Generation Cloud Security Operations Center
SecMaster: Enjoy Out-of-the-Box Security Operations
SecMaster Core Functions: Asset Management and Log Collection
Struggling with Security Compliance? SecMaster Baseline Inspection: One-Click Security Compliance and Custom Compliance Packs, Making It Easy to Win
Service Overview
SecMaster Infographic
What Is SecMaster?
Product Advantages
Application Scenarios
Edition Differences
Functions
Personal Data Protection
Experience Packages
Built-in Check Items
Preconfigured Playbooks
Preset Types
Limitations and Constraints
Security
Shared Responsibilities
Identity Authentication and Access Control
Data Protection Technologies
Audit Logs
Service Resilience
Using Cloud Eye to Monitor SecMaster
Events Supported by Event Monitoring
Creating an Alarm Rule and Notification for Event Monitoring
Certificates
Security Orchestration
Permissions Management
SecMaster and Other Services
Basic Concepts
SOC
Security Overview and Situation Overview
Workspaces
Alert Management
Security Orchestration
Security Analysis
Billing
Billing Overview
Billing Items
Billing Modes
Overview
Yearly/Monthly Billing
Pay-per-Use Billing
Billing Examples
Changing the Billing Mode
Overview
Changing the Billing Mode from Pay-per-Use to Yearly/Monthly
Renewing Your Subscription
Overview
Manually Renewing SecMaster
Auto-renewing SecMaster
Bills
About Arrears
Billing Termination
Cost Management
Billing FAQs
How Is SecMaster Billed?
Can I Use SecMaster for Free?
How Do I Change or Disable Auto Renewal for SecMaster?
Will SecMaster Be Billed After It Expires?
How Do I Renew SecMaster?
Where Can I Unsubscribe from SecMaster?
Where Can I View the Remaining Quotas of Security Data Collection and Security Data Packages?
Can I Change the Billing Mode for SecMaster?
Getting Started
How to Buy and Use SecMaster Basic Edition
How to Buy and Use SecMaster Standard Edition
How to Buy and Use SecMaster Professional Edition
Getting Started Through Common Practices
User Guide
Buying SecMaster
Buying SecMaster
Buying Value-Added Packages
Upgrading the Service Edition
Increasing Quotas
Authorizing SecMaster
Checking Security Overview
Workspaces
Workspace Overview
Creating a Workspace
Managing Workspaces
Viewing a Workspace
Editing a Workspace
Deleting a Workspace
Managing Workspace Tags
Workspace Agencies
Creating a Workspace Agency
Managing Agencies
Multi-Account Management
Viewing Purchased Resources
Security Governance
Security Governance Overview
Security Compliance Pack Description
Authorizing SecMaster to Access Cloud Service Resources
Subscribing to or Unsubscribing from a Compliance Pack
Starting a Self-Assessment
Viewing Security Compliance Overview
Viewing Evaluation Results
Viewing Policy Scanning Results
Downloading a Compliance Report
Situation Awareness
Checking the Situation Overview
Checking Security Situation through Large Screens
Large Screen Overview
Overall Situation Screen
Monitoring Statistics Screen
Asset Security Screen
Threat Situation Screen
Vulnerable Assets Screen
Security Reports
Creating and Copying a Security Report
Checking a Security Report
Downloading a Security Report
Managing Security Reports
Task Center
Viewing To-Do Tasks
Handling a To-Do Task
Viewing Completed Tasks
AI Risk Overview
Resource Manager
Overview
Configuring the Asset Subscription
Viewing Asset Information
Importing and Exporting Assets
Editing or Deleting an Asset
Risk Prevention
Baseline Inspection
Overview
Starting an Immediate Baseline Check
Performing a Scheduled Baseline Check
Performing a Manual Baseline Check
Viewing Baseline Check Results
Handling Check Results
Managing Compliance Packs
Managing Check Items
Managing Check Plans
Vulnerabilities
Overview
Viewing Vulnerability Details
Fixing Vulnerabilities
Ignoring and Unignoring a Vulnerability
Importing and Exporting Vulnerabilities
Security Policies
Overview
Viewing and Configuring Defense Policies
Adding an Emergency Policy
Managing Emergency Policies
Viewing and Exporting Emergency Vulnerability Notices
Threats
Incidents
Viewing Incidents
Adding and Editing an Incident
Importing and Exporting Incidents
Closing and Deleting an Incident
Alerts
Overview
Viewing Alert Details
Checking Suggestions on Handling Common Alerts
Converting an Alert into an Incident or Associating an Alert with an Incident
One-Click Blocking or Unblocking
Closing and Deleting an Alert
Adding and Editing an Alert
Importing and Exporting Alerts
Handling Attacks
Indicators
Overview
Adding and Editing an Indicator
Closing and Deleting an Indicator
Importing and Exporting Indicators
Viewing Indicators
Log Audit
Log Audit Overview
Checking Log Audit Overview
Security Analysis
Overview
Configuring Indexes
Querying and Analyzing Logs
Log Fields
Quickly Adding a Log Alert Model
Viewing Results in a Chart
Downloading or Exporting Logs
Managing Data Spaces
Managing Pipelines
Enabling Data Consumption
Enabling Data Monitoring
Query and Analysis Syntax - V1
Overview
Query Statements
Analysis Statements
SELECT
GROUP BY
HAVING
ORDER BY
LIMIT
Functions
Aggregate Functions
Query and Analysis Syntax - V2
Overview
Retrieval SQL Syntax Reference
Overview
Query Statements
Analysis Statements
SELECT
GROUP BY
HAVING
ORDER BY
LIMIT
Functions
Aggregate Functions
SecMaster SQL Syntax Reference
Supported Data Types
Syntax
Data Query Language (DQL) Syntax
Data Query Language (DQL) Syntax
WITH
SELECT
UNION
Union/Union ALL
PROCTIME
Window
JOIN
OrderBy & Limit
Top-N
Deduplication
Reserved Keywords
Functions
Comparison Functions
Logical Functions
Arithmetic Functions
String Functions
Temporal Functions
Conditional Functions
Type Conversion Functions
Collection Functions
Hash Functions
Aggregate Functions
Data Delivery
Overview
Delivering Logs to Other Data Pipelines
Delivering Logs to OBS
Delivering Logs to LTS
Managing Data Delivery
Cloud Service Access
Cloud Service Log Access Supported by SecMaster
Enabling Log Access
Log Data Collection
Overview
Adding a Node
Partitioning a Disk
Configuring a Component
Adding a Connection
Creating and Editing a Parser
Adding and Editing a Collection Channel
Verifying Log Collection
Managing Connections
Managing Parsers
Managing Collection Channels
Viewing Collection Nodes
Managing Nodes and Components
Logstash Configuration Description
Connector Rules
Parser Rules
Upgrading the Component Controller
Modeling Analysis
Intelligent Modeling
Overview
Viewing Model Templates
Creating and Editing a Model
Viewing a Model
Managing Models
Security Orchestration
Overview
Playbooks
Enabling a Workflow
Enabling a Playbook
Managing Workflows
Managing Workflow Versions
Managing Playbooks
Managing Playbook Versions
Managing an Operation Connection
Viewing Monitored Playbook Instances
Objects
Overview
Viewing Data Classes
Managing Alert Types
Managing Incident Types
Viewing Threat Intelligence (Indicator) Types
Managing Vulnerability Types
Viewing Custom Types
Managing Categorical Mappings
Creating a Custom Layout
Viewing Layouts
Viewing a Layout Template
Viewing Plug-in Details
Directory Customization
Playbook Overview
Ransomware Incident Response Solution
Attack Link Analysis Alert Notification
Playbook Overview
Configuring Playbooks
HSS Isolation and Killing of Malware
Playbook Overview
Configuring Playbooks
Automatic Renaming of Alert Names
Auto High-Risk Vulnerability Notification
Automatic Notification of High-Risk Alerts
Auto Blocking for High-risk Alerts
Real-time Notification of Critical Organization and Management Operations
Permissions Management
Creating a User and Granting Permissions
SecMaster Custom Policies
SecMaster Permissions and Supported Actions
Key Operations Recorded by CTS
SecMaster Operations Recorded by CTS
Viewing CTS Traces in the Trace List
Best Practices
Log Access and Transfer Operation Guide
Solution Overview
Resource Planning
Process Flow
Procedure
(Optional) Step 1: Buy an ECS
(Optional) Step 2: Buy a Data Disk
(Optional) Step 3: Attach a Data Disk
Step 4: Create a Non-administrator IAM User
Step 5: Configure Network Connection
Step 6: Install the Component Controller (isap-agent)
Step 7: Install the Log Collection Component (Logstash)
(Optional) Step 8: Creating a Log Storage Pipeline
Step 9: Configure a Connector
(Optional) Step 10: Configure a Log Parser
Step 11: Configure a Log Collection Channel
Step 12: Verify Log Access and Transfer
Application Examples
Connecting EulerOS Logs to SecMaster
Integrating Windows Configuration Logs into SecMaster
Integrating AWS ALB Logs into SecMaster
Credential Leakage Response Solution
API Reference
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
SecMaster APIs (Excluding APIs for Security Analysis V2)
Classifications & Mappings
Querying Classifications & Mappings
Querying Classification & Mapping Functions
Copying a Mapping
Deleting Mapping Information
Modifying the Status of a Mapping
Adding a Classification
Modifying a Classification
Querying Classification Details
Adding a Mapping
Querying the Mapping List
Querying Mapping Details
Deleting a Mapping
Creating a Preprocessing Rule
Querying Preprocessing Rules
Data Class Management
Querying the Data Class List
Querying the Field List
Querying Data Class Details
Resource Manager
Querying the Resource List
Deleting a Resource
Obtaining Resource Details
Updating Resource Information
Importing Resources
Exporting the Resource List
Downloading the Resource Import Template
Workflow Management
Querying the Workflow List
Creating a Workflow
Querying Workflow Details
Deleting a Workflow
Updating a Workflow
Workflow Version Management
Querying the Workflow Version List
Creating a Workflow Version
Querying Workflow Version Details
Deleting a Workflow Version
Updating the Workflow Version Information
Reviewing the Workflow Version for Release
Verifying a Workflow Version
Workflow Packaging Management
Exporting a Workflow
Importing Workflow Information
Workflow Instance Management
Creating a Workflow Instance
Querying the Workflow Instance List
Querying the Details of a Workflow Instance
Alert Management
Querying the Alert List
Creating an Alert
Deleting an Alert
Converting an Alert into an Incident
Obtain Alert Details
Updating an Alert
Batch Updating Alerts
Batch Deleting Alerts
Importing Alerts
Downloading an Alert Import Template
Exporting Alerts
Incident Management
Querying the Incident List
Creating an Incident
Deleting an Incident
Querying Details About an Incident
Updating an Incident
Batch Updating Incidents
Batch Deleting Incidents
Importing Incidents
Downloading an Incident Import Template
Exporting Incidents
Threat Indicator Management
Querying the Indicator List
Creating a Threat Indicator
Deleting a Threat Indicator
Querying Details About a Threat Indicator
Updating a Threat Indicator
Incident Relationship Management
Querying the List of Associated Data Objects
Associating with a Data Object
Canceling the Association with a Data Object
Batch Associating Data Objects
General Security Application
Querying the Data Object List
Creating a Data Object
Batch Deleting Data Objects
Querying a Data Object
Editing a Data Object
Exporting a Data Object
Importing a Data Object
Data Object Management
Querying a Data Object
Batch Creating Data Objects
Querying the Data Object List
Playbook Management
Monitoring Playbook Running
Querying Playbook Statistics Data
Querying the Playbook List
Creating a Playbook
Querying Playbook Details
Deleting a Playbook
Modifying a Playbook
Playbook Version Management
Cloning a Playbook and Its Version
Querying the Playbook Version List
Creating a Playbook Version
Querying Playbook Version Details
Deleting a Playbook Version
Updating a Playbook Version
Playbook Rule Management
Querying Playbook Rule Details
Deleting a Playbook Rule
Creating a Playbook Rule
Updating a Playbook Rule
Playbook Instance Management
Querying the Playbook Instance List
Querying Details About a Playbook Instance
Operating a Playbook Instance
Querying the Playbook Topology
Querying Review Logs of a Playbook Instance
Playbook Review Management
Reviewing a Playbook
Querying the Playbook Review Result
Playbook Workflow Management
Querying the Playbook Workflow
Creating a Playbook Workflow
Deleting a Playbook Workflow
Updating a Playbook Workflow
Playbook Packaging Management
Exporting Playbooks
Importing Playbooks
Layouts
Querying the Layout List
Creating a Layout
Deleting a Layout
Modifying a Layout
Querying Layout Details
Managing Layouts
Querying the Layout Page List
Creating a Layout Page
Batch Updating Layout Pages
Querying Layout Page Details
Querying the Layout Page
Deleting a Layout Page
Querying the Module List
Creating a Module
Updating a Layout Module
Querying Module Details
Deleting a Module
Security Reports
Managing Security Reports
Obtaining Security Report Details
Deleting a Security Report
Updating a Security Report
Creating a Security Report
Querying the Security Report List
Updating the Recipient Email Address Status
Querying the Recipient Status
Directory Customization
Creating a Custom Directory
Querying the Directory List
Batch Deleting Directories
Modifying a Custom Directory
Querying the List of Directories by Condition
Batch Modifying Directories
Metric Definitions
Creating a Metric
Querying the Metric List
Obtaining Metric Metadata
Updating a Metric Definition
Deleting a Metric
Emergency Policies
Creating a Retry Emergency Policy
Updating an Emergency Policy
Batch Deleting Emergency Policies
Resource Tag Management
Batch Adding tags to a Resource
Querying Resource Tags
Updating a Tag Value
Querying Tags in a Project
This API is used to batch delete resource tags.
Resource Instance Management
Querying the Number of Resource Instances
Querying the Resource Instance List
Workspace Management
Creating a Workspace
Querying the Workspace List
Updating a Workspace
Querying Details About a Workspace
Deleting a Workspace
Agency Management
Viewing Agency Information
Creating an Agency and Granting Permissions to It
Plug-in Management
Querying the Plug-in Definition List
Querying Plug-in Details
Querying the Plug-in Action List
Querying Plug-in Action Details
Operation Connection Management
Querying the Operation Connection List
Creating an Operation Connection
Querying Operation Connection Details
Deleting an Operation Connection
Updating an Operation Connection
Attachment Management
Uploading an Attachment
Downloading an Attachment
Obtaining Attachment Details
Plugin Configuration Template Management
Querying Plugin Configuration Templates
Creating a Plugin Configuration Template
Querying Plugin Configuration Template Details
Updating a Plugin Configuration Template
Deleting a Plugin Configuration Template
Metering and Billing
Subscribing to SecMaster
Querying Metrics
Batch Querying Metrics
Comment
Querying the Comment List
Creating a Comment
Deleting a Comment
Dictionary Management
Querying Dictionary Information
Creating a Dictionary
Updating a Dictionary
Deleting a Dictionary
Tenant Collection
Querying the Collection Channel List
Creating a Collection Channel
Displaying Collection Channels
Modifying a Collection Channel
Creating an Operation for a Collection Channel
Querying the Collection Channel Group List
Creating a Collection Channel Group
Updating a Collection Channel Group
Deleting a Collection Channel Group
Querying the Collection Channel Instance List
Querying the Collection Connection List
Creating a Collection Connection
Querying Collection Connection Details
Updating a Collection Connection
Deleting a Collection Connection
Installing a Collection Channel File
Querying Collection Parsers
Creating a Collection Parser
Querying Collection Parser Details
Deleting a Collection Parser
Exporting a Collection Parser
Importing a Collection Parser
Querying the Parser List
Querying the Collection Parser Template List
Querying the Parser Rule List
Querying the Collection Node List
Deleting a Collection Channel
Node Management
Querying Component Information by Node ID
Deleting a Node by Node ID
Querying the Installation Script List
Querying the VPCEP Description
Updating VPCEP Description
Component Management
Querying the Component Template List
Querying the Running Node List
Creating a Configuration Application
Querying Component Configurations
Querying the Component List
Displaying the Component Details
Alert Rule Management
Listing Alert Rules
Creating an Alert Rule
Deleting an Alert Rule
Querying an Alert Rule
Updating an Alert Rule
Simulating an Alert Rule
Querying Alert Rules
Enabling an Alert Rule
Disabling an Alert Rule
Viewing Alert Rule Templates
Querying the Alert Rule Template List
Data Space Management
Creating a Data Space
Pipeline Management
Creating a Data Pipeline
Vulnerability Management
This API is used to obtain vulnerability details.
This API is used to query the list of detected vulnerabilities.
Exporting Vulnerabilities
Import Vulnerabilities
Downloading a Vulnerability Import Template
Indicator Management
Downloading an Indicator Template
Exporting Indicators
Importing Indicators
Security Analysis V2 APIs
Layouts
Creating a Layout Field
Batch Deleting Layout Fields
Querying the Layout Field List
Querying Layout Field Details
Updating a Layout Field
Baseline Inspection
Querying the List of Baseline Inspection Results
Querying the Check Item List
Adding a Custom Check Item
Deleting a Custom Check Item
Querying Check Item Details
Updating a Check Item
Querying the Compliance Pack List
Adding a Custom Compliance Pack
Deleting a Custom Compliance Pack
Querying Compliance Pack Details
Updating a Compliance Pack
Alert Rule Template Management
Querying the Alert Rule Template List
Viewing an Alert Rule Template
Querying the Alert Rule Template Overview
Security Analysis
Querying a Table Histogram
Creating a Security Analysis Query
Data Consumption Management
Querying Real-Time Consumption Configurations
Enabling Real-time Consumption
SQL Verification
Creating an SQL Verification
Directory Management
Querying the Directory Group
Pipeline Management
Updating the Pipeline Structure
Querying Pipeline Details
Updating a Pipeline
Deleting a Pipeline
Querying the Pipeline List
Creating a Pipeline
Analysis Script Management
Querying the List of Analysis Scripts
Creating an Analysis Script
Viewing an Analysis Script
Updating an Analysis Script
Deleting an Analysis Script
Retrieval Script Management
Querying the Retrieval Script List
Creating a Retrieval Script
Querying a Retrieval Script
Updating a Retrieval Script
Deleting a Retrieval Script
Code Snippet Management
Querying Code Snippets
Creating Code Snippets
View Code Snippets
Updating a Code Snippet
Deleting a Code Snippet
Subscription Management
Querying Resource Subscription Information
Table Management
Querying the Table List
Creating a Table
Querying Table Details
Modifying Table Details
Deleting a Table
Modifying the Table Structure
Upgrading a Version
Querying the Current Available Version
Data Processing Job Management
Querying the Data Processing Job List
Creating a Data Processing job.
Viewing a Data Processing Job
Updating a Data Processing Job
Deleting a Data Processing Job
Enabling a Data Processing Job
Disabling a Data Processing Job
Alert Rule Management
Querying the Alert Rule List
Creating an Alert Rule
Querying an Alert Rule
Updating an Alert Rule
Deleting an Alert Rule
Enabling an Alert Rule
Disabling an Alert Rule
Data Statistics
Obtaining Monitoring Statistics
Appendix
Status Codes
Error Codes
Obtaining a Project ID
About Metrics
FAQs
Product Consulting
What Are the Dependencies and Differences Between SecMaster and Other Security Services?
What Are the Differences Between SecMaster and HSS?
What Are the Relationships and Differences Between SecMaster and SA?
Where Does SecMaster Obtain Its Data From?
About Purchase and Specifications Change
Why Cannot the Total ECS Quota Be Less Than the Number of Existing ECSs?
How Do I Obtain Permissions to Purchase SecMaster?
How Do I Change SecMaster Editions or Specifications?
How Do I Upgrade SA to SecMaster?
Security Situation
How Do I Update My Security Score?
Why Is There No Attack Data or Only A Small Amount of Attack Data?
Why Is Data Inconsistent or Not Displayed on the Security Overview Page?
Risk Prevention
What Is the Difference Between a Baseline and a Vulnerability?
How Do I Handle Vulnerabilities?
Why Is an Alert Still Reported After I Fixed a Vulnerability?
Do I Need to Restart a Server After Its Vulnerabilities Are Fixed?
What Is the Sequence of Fixing Vulnerabilities in Batches?
Threat Management
How Do I Handle a Brute-force Attack?
How Do I Check the Storage Space Used by All Logs?
Data Integration
How Long Are Logs Stored in SecMaster?
Data Collection
Why Did the Component Controller Fail to Be Installed?
How Are Collection Node or Collection Channel Faults Handled?
Which Commands Are Commonly Used for the Component Controller?
How Do I Release an ECS or VPC Endpoint?
Permissions Management
Can I Use SecMaster Across Accounts?
How Do I Grant Permissions to an IAM User?
Regions and AZs
What Are Regions and AZs?
Why Is the Region Selection Box Displayed for Global-Level Projects?
More Documents
User Guide (ME-Abu Dhabi Region)
Service Overview
What Is SecMaster?
Product Advantages
Application Scenarios
Functions
Experience Packages
Preconfigured Playbooks
Billing
Permissions Management
SecMaster and Other Services
Basic Concepts
SOC
Security Overview and Situation Overview
Workspaces
Alert Management
Security Orchestration
Security Analysis
Buying SecMaster
Buying SecMaster
Purchasing Value-Added Packages
Increasing Quotas
Unsubscribing from SecMaster
Authorizing SecMaster
Viewing Security Overview
Workspaces
Workspace Overview
Creating a Workspace
Managing Workspaces
Viewing a Workspace
Editing a Workspace
Deleting a Workspace
Managing Workspace Tags
Viewing Purchased Resources
Security Governance
Security Governance Overview
Security Compliance Pack Description
Authorizing SecMaster to Access Cloud Service Resources
Subscribing to or Unsubscribing from a Compliance Pack
Starting a Self-Assessment
Viewing Security Compliance Overview
Viewing Evaluation Results
Viewing Policy Scanning Results
Downloading a Compliance Report
Security Situation
Checking the Situation Overview
Checking Security Situation through Large Screens
Large Screen Overview
Overall Situation Screen
Monitoring Statistics Screen
Asset Security Screen
Threat Situation Screen
Vulnerable Assets Screen
Security Reports
Creating and Copying a Security Report
Viewing a Security Report
Downloading a Security Report
Managing Security Reports
Task Center
Viewing To-Do Tasks
Handling a To-Do Task
Viewing Completed Tasks
Resource Manager
Overview
Configuring the Asset Subscription
Viewing Asset Information
Importing and Exporting Assets
Editing or Deleting an Asset
Risk Prevention
Baseline Inspection
Baseline Inspection Overview
Starting an Immediate Baseline Check
Performing a Scheduled Baseline Check
Performing a Manual Baseline Check
Viewing Baseline Check Results
Handling Check Results
Managing Compliance Packs
Managing Check Items
Vulnerability Management
Overview
Viewing Vulnerability Details
Fixing Vulnerabilities
Ignoring and Unignoring a Vulnerability
Importing and Exporting Vulnerabilities
Policy Management
Overview
Adding an Emergency Policy
Managing Emergency Policies
Batch Blocking and Canceling Batch Blocking of an IP Address or IP Address Range
Threat Operations
Incident Management
Viewing Incidents
Adding and Editing an Incident
Importing and Exporting Incidents
Closing and Deleting an Incident
Alert Management
Overview
Viewing Alert Details
Converting an Alert into an Incident or Associating an Alert with an Incident
One-click Blocking or Unblocking
Closing and Deleting an Alert
Adding and Editing an Alert
Importing and Exporting Alerts
Indicator Management
Adding and Editing an Indicator
Closing and Deleting an Indicator
Importing and Exporting Indicators
Viewing Indicators
Intelligent Modeling
Viewing Model Templates
Creating and Editing a Model
Viewing a Model
Managing Models
Security Analysis
Security Analysis Overview
Configuring Indexes
Querying and Analyzing Logs
Log Fields
Quickly Adding a Log Alert Model
Viewing Results in a Chart
Downloading Logs
Managing Data Spaces
Managing Pipelines
Enabling Data Consumption
Enabling Data Monitoring
Query and Analysis Syntax
Query and Analysis Syntax Overview
Query Statements
Analysis Statements
SELECT
GROUP BY
HAVING
ORDER BY
LIMIT
Functions
Aggregate Functions
Data Delivery
Data Delivery Overview
Delivering Logs to Other Data Pipelines
Delivering Logs to OBS
Delivering Logs to LTS
Managing Data Delivery
Security Orchestration
Security Orchestration Overview
Playbook Orchestration Management
Enabling a Workflow
Enabling a Playbook
Managing Workflows
Managing Workflow Versions
Managing Playbooks
Managing Playbook Versions
Managing Asset Connections
Viewing Monitored Playbook Instances
Operation Object Management
Operation Object Management Overview
Viewing Data Classes
Managing Alert Types
Managing Incident Types
Managing Threat Intelligence Types
Managing Vulnerability Types
Managing Custom Types
Managing Categorical Mappings
Creating a Custom Layout
Managing Layouts
Viewing a Layout Template
Viewing Plug-in Details
Settings
Data Integration
Cloud Service Log Access Supported by SecMaster
Enabling Log Access
Log Data Collection
Data Collection Overview
Adding a Node
Configuring a Component
Adding a Connection
Creating and Editing a Parser
Adding and Editing a Collection Channel
Managing Connections
Managing Parsers
Managing Collection Channels
Viewing Collection Nodes
Managing Nodes and Components
Partitioning a Disk
Logstash Configuration Description
Connector Rules
Parser Rules
Upgrading the Component Controller
Customizing Directories
Permissions Management
Creating a User and Granting Permissions
SecMaster Custom Policies
SecMaster Permissions and Supported Actions
FAQs
Product Consulting
What Are the Dependencies and Differences Between SecMaster and Other Security Services?
What Are the Differences Between SecMaster and HSS?
Where Does SecMaster Obtain Its Data From?
About Purchase and Specifications Change
How Do I Change SecMaster Editions or Specifications?
How Is SecMaster Billed?
Can I Unsubscribe from SecMaster?
Security Situation
How Do I Update My Security Score?
Why Is There No Attack Data or Only A Small Amount of Attack Data?
Why Is Data Inconsistent or Not Displayed on the Security Overview Page?
Threat Management
How Do I Handle a Brute-force Attack?
How Do I Check the Storage Space Used by All Logs?
Data Collection
Why Did the Component Controller Fail to Be Installed?
How Are Collection Node or Collection Channel Faults Handled?
Which Commands Are Commonly Used for the Component Controller?
How Do I Release an ECS or VPC Endpoint?
Permissions Management
How Do I Grant Permissions to an IAM User?
Change History
User Guide (Kuala Lumpur Region)
Service Overview
What Is SecMaster?
Product Advantages
Application Scenarios
Functions
Personal Data Protection
Experience Packages
Preconfigured Playbooks
Permissions Management
SecMaster and Other Services
Basic Concepts
SOC
Security Overview and Situation Overview
Workspaces
Alert Management
Security Orchestration
Security Analysis
Applying for SecMaster
Authorizing SecMaster
Checking Security Overview
Workspaces
Workspace Overview
Creating a Workspace
Managing Workspaces
Viewing a Workspace
Editing a Workspace
Deleting a Workspace
Managing Workspace Tags
Workspace Agencies
Creating a Workspace Agency
Managing Agencies
Viewing Purchased Resources
Security Situation
Checking the Situation Overview
Checking Security Situation through Large Screens
Large Screen Overview
Overall Situation Screen
Monitoring Statistics Screen
Asset Security Screen
Threat Situation Screen
Vulnerable Assets Screen
Security Reports
Creating and Copying a Security Report
Viewing a Security Report
Downloading a Security Report
Managing Security Reports
Task Center
Viewing To-Do Tasks
Handling a To-Do Task
Viewing Completed Tasks
Resource Manager
Overview
Configuring the Asset Subscription
Viewing Asset Information
Importing and Exporting Assets
Editing or Deleting an Asset
Risk Prevention
Baseline Inspection
Overview
Starting an Immediate Baseline Check
Performing a Scheduled Baseline Check
Performing a Manual Baseline Check
Viewing Baseline Check Results
Handling Check Results
Managing Compliance Packs
Managing Check Items
Managing Check Plans
Vulnerabilities
Overview
Viewing Vulnerability Details
Fixing Vulnerabilities
Ignoring and Unignoring a Vulnerability
Importing and Exporting Vulnerabilities
Security Policies
Overview
Adding a Security Policy
Managing Security Policies
Threats
Incidents
Viewing Incidents
Adding and Editing an Incident
Importing and Exporting Incidents
Closing and Deleting an Incident
Alerts
Overview
Viewing Alert Details
Converting an Alert into an Incident or Associating an Alert with an Incident
One-Click Blocking or Unblocking
Closing and Deleting an Alert
Adding and Editing an Alert
Importing and Exporting Alerts
Handling Attacks
Indicators
Overview
Adding and Editing an Indicator
Closing and Deleting an Indicator
Importing and Exporting Indicators
Viewing Indicators
Intelligent Modeling
Overview
Viewing Model Templates
Creating and Editing a Model
Viewing a Model
Managing Models
Security Analysis
Overview
Configuring Indexes
Querying and Analyzing Logs
Log Fields
Quickly Adding a Log Alert Model
Viewing Results in a Chart
Downloading or Exporting Logs
Managing Data Spaces
Managing Pipelines
Enabling Data Consumption
Enabling Data Monitoring
Query and Analysis Syntax
Overview
Query Statements
Analysis Statements
SELECT
GROUP BY
HAVING
ORDER BY
LIMIT
Functions
Aggregate Functions
Data Delivery
Overview
Delivering Logs to Other Data Pipelines
Delivering Logs to OBS
Delivering Logs to LTS
Managing Data Delivery
Security Orchestration
Overview
Playbooks
Enabling a Workflow
Enabling a Playbook
Managing Workflows
Managing Workflow Versions
Managing Playbooks
Managing Playbook Versions
Managing an Asset Connection
Viewing Monitored Playbook Instances
Objects
Overview
Viewing Data Classes
Managing Alert Types
Managing Incident Types
Managing Threat Intelligence Types
Managing Vulnerability Types
Managing Custom Types
Managing Categorical Mappings
Creating a Custom Layout
Managing Layouts
Viewing a Layout Template
Viewing Plug-in Details
Settings
Data Integration
Cloud Service Log Access Supported by SecMaster
Enabling Log Access
Log Data Collection
Overview
Data Collection Process
Adding a Node
Partitioning a Disk
Configuring a Component
Adding a Connection
Creating and Editing a Parser
Adding and Editing a Collection Channel
Verifying Log Collection
Managing Connections
Managing Parsers
Managing Collection Channels
Viewing Collection Nodes
Managing Nodes and Components
Logstash Configuration Description
Connector Rules
Parser Rules
Upgrading the Component Controller
Directory Customization
Permissions Management
SecMaster Custom Policies
SecMaster Permissions and Supported Actions
FAQs
Product Consulting
What Are the Dependencies and Differences Between SecMaster and Other Security Services?
What Are the Differences Between SecMaster and HSS?
Where Does SecMaster Obtain Its Data From?
Security Situation
How Do I Update My Security Score?
Why Is There No Attack Data or Only A Small Amount of Attack Data?
Why Is Data Inconsistent or Not Displayed on the Security Overview Page?
Threat Management
How Do I Handle a Brute-force Attack?
How Do I Check the Storage Space Used by All Logs?
Data Collection
Why Did the Component Controller Fail to Be Installed?
How Are Collection Node or Collection Channel Faults Handled?
Which Commands Are Commonly Used for the Component Controller?
Permissions Management
How Do I Grant Permissions to an IAM User?
Change History
API Reference (Kuala Lumpur Region)
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
API
Alert Management
Querying the Alert List
Creating an Alert
Deleting an Alert
Converting an Alert into an Incident
Obtain Alert Details
Updating an Alert
Incident Management
Querying the Incident List
Creating an Incident
Deleting an Incident
Querying Details About an Incident
Updating an Incident
Threat Indicator Management
Querying the Indicator List
Creating a Threat Indicator
Deleting a Threat Indicator
Querying Details About a Threat Indicator
Updating a Threat Indicator
Playbook Management
Monitoring Playbook Running
Querying Playbook Statistics Data
Querying the Playbook List
Creating a Playbook
Querying Playbook Details
Deleting a Playbook
Modifying a Playbook
Alert Rule Management
Listing Alert Rules
Creating an Alert Rule
Deleting an Alert Rule
Querying an Alert Rule
Updating an Alert Rule
Simulating an Alert Rule
Total number of alert rules.
Enabling an Alert Rule
Disabling an Alert Rule
Querying the Alert Rule Template List
Viewing Alert Rule Templates
Playbook Version Management
Cloning a Playbook and Its Version
Querying the Playbook Version List
Creating a Playbook Version
Querying Playbook Version Details
Deleting a Playbook Version
Updating a Playbook Version
Playbook Rule Management
Querying Playbook Rule Details
Deleting a Playbook Rule
Creating a Playbook Rule
Updating a Playbook Rule
Playbook Instance Management
Querying the Playbook Instance List
Querying Details About a Playbook Instance
Operating a Playbook Instance
Querying the Playbook Topology
Querying Review Logs of a Playbook Instance
Playbook Review Management
Reviewing a Playbook
Querying the Playbook Review Result
Playbook Workflow Management
Querying the Playbook Workflow
Creating a Playbook Workflow
Deleting a Playbook Workflow
Updating a Playbook Workflow
Incident Relationship Management
Querying the List of Associated Data Objects
Associating with a Data Object
Canceling the Association with a Data Object
Data Class Management
Querying the Data Class List
Querying the Field List
Workflow Management
Querying the Workflow List
Data Space Management
Creating a Data Space
Pipeline Management
Creating a Data Pipeline
Workspace Management
Creating a Workspace
Querying the Workspace List
Metering and Billing
Subscribing to Pay-per-Use SecMaster
Querying Metrics
Batch Querying Metrics
Baseline Inspection
Querying the List of Baseline Inspection Results
Appendix
Status Codes
Error Codes
Obtaining a Project ID
About Metrics
Change History
Videos
General Reference
Glossary
Service Level Agreement
White Papers
Endpoints
Permissions