All Documentation
SecMaster
SecMaster
All results for "
" in this service
All results for "
" in this service
What's New
Function Overview
Service Overview
SecMaster Infographics
What Is SecMaster?
Product Advantages
Application Scenarios
Functions
Edition Differences
Limitations and Constraints
Security
Shared Responsibilities
Identity Authentication and Access Control
Data Protection Technologies
Audit Logs
Service Resilience
Risk Monitoring
Certificates
Security Orchestration
Permissions Management
SecMaster and Other Services
Basic Concepts
Change History
Billing
Billing Overview
Billing Modes
Overview
Yearly/Monthly Billing
Pay-per-Use Billing
Billing Items
Billing Examples
Changing the Billing Mode
Renewing Your Subscription
Overview
Manually Renewing SecMaster
Auto-renewing SecMaster
Bills
Arrears
Billing Termination
Cost Management
Billing FAQs
How Is SecMaster Billed?
Can I Use SecMaster for Free?
How Do I Change or Disable Auto Renewal for SecMaster?
Will SecMaster Be Billed After It Expires?
How Do I Renew SecMaster When It Is About to Expire?
Can I Unsubscribe from SecMaster?
Change History
Getting Started
Overview
Purchasing SecMaster
Configuring Service Authorization
Creating a Workspace
Enabling Data Access
Enabling Asset Subscription
Enabling Log Access
Configuring and Enabling Related Checks
Configuring Policies
Enabling an Alert Model
Enabling a Playbook
Performing Baseline Inspection
Creating a Report
Security Operations
Getting Started with Common Practices
Change History
User Guide
Authorizing SecMaster
Buying SecMaster
Buying the Standard Edition
Buying the Professional Edition
Upgrading the Service Edition
Purchasing Value-Added Packages
Increasing the Quota
Unsubscribing from SecMaster
Security Overview
Overview
Security Score
Workspaces
Workspace Overview
Creating a Workspace
Managing Workspaces
Viewing Workspace Details
Editing a Workspace
Managing Workspace Tags
Deleting a Workspace
Workspace Agencies
Overview
Creating an Agency View
Creating an Agency
Authorizing an Agency
Managing Agencies
Viewing Purchased Resources
Security Governance
Overview
Security Compliance Pack Description
Procedure
Authorizing Service
Subscribing to Compliance Packs
User Self-Assessment
Security Compliance Overview
Evaluation Result
Policy Check Result
Downloading a Compliance Report
Unsubscribing from a Compliance Pack
Security Situation
Situation Overview
Large Screen
Overall Situation Screen
Monitoring Statistics Screen
Asset Security Screen
Threat Situation Screen
Vulnerable Assets Screen
Reports
Creating and Copying a Security Report
Viewing a Security Report
Downloading a Security Report
Managing Security Reports
Task Center
Viewing To-Do Tasks
Handling a To-Do Task
Viewing Completed Tasks
Resource Manager
Overview
Configuring Resource Subscription
Viewing Resource Information
Importing and Exporting Assets
Editing and Deleting Resources
Risk Prevention
Baseline Inspection
Baseline Inspection Overview
Creating a Custom Baseline Check Plan
Starting an Immediate Baseline Check
Handling Manual Check Items
Viewing Baseline Inspection Results
Handling Baseline Inspection Results
Vulnerability Management
Overview
Viewing Vulnerability Details
Fixing Vulnerabilities
Importing and Exporting Vulnerabilities
Ignoring and Unignoring a Vulnerability
Viewing/Exporting Emergency Vulnerability Notices
Policy Management
Overview
Viewing Defense Policies
Configuring Defense Policies
Adding or Editing an Emergency Policy
Viewing Emergency Policies
Deleting an Emergency Policy
Blocking or Canceling Blocking of an IP Address or IP Address Range
Threat Operations
Incident Management
Viewing Incidents
Adding or Editing an Incident
Importing and Exporting Incidents
Closing or Deleting Incidents
Alert Management
Viewing Alerts
Converting an Alert to an Incident or Associating an Alert with an Incident
Adding or Editing an Alert
Importing and Exporting Alerts
Closing or Deleting an Alert
Handling Alerts based on Suggestions
One-click Blocking or Unblocking
Indicator Management
Adding and Editing an Indicator
Disabling and Deleting an Indicator
Importing and Exporting Intelligence Indicators
Viewing Indicators
Intelligent Modeling
Viewing Available Model Templates
Creating and Editing a Model
Viewing Available Models
Managing Models
Security Analysis
Security Analysis Overview
How to Use Security Analysis
Log Fields
Configuring Indexes
Querying and Analyzing Data
Downloading Logs
Query and Analysis Statements - SQL Syntax
Basic Syntax
Limitations and Constraints
Query Statements
Syntax of Analysis Statements
Analysis Statements - SELECT
Analysis Statements - GROUP BY
Analysis Statements - HAVING
Analysis Statements - ORDER BY
Analysis Statements - LIMIT
Analysis Statements - Functions
Analysis Statements - Aggregate Functions
Quick Query
Quickly Adding a Log Alarm Model
Charts
Overview
Tables
Line Charts
Bar Charts
Pie Charts
Managing Data Spaces
Creating a Data Space
Viewing Data Space Details
Editing a Data Space
Deleting a Data Space
Managing Pipelines
Creating a Pipeline
Viewing Pipeline Details
Editing a Pipeline
Deleting a Pipeline
Data Consumption
Data Delivery
Creating a Data Delivery
Data Delivery Authorization
Checking the Data Delivery Status
Managing Data Delivery
Delivering Logs to LTS
Data Monitoring
Security Orchestration
Security Orchestration Overview
Built-in Playbooks and Workflows
Security Orchestration Process
(Optional) Configuring and Enabling a Workflow
(Optional) Configuring and Enabling a Playbook
Operation Object Management
Data Class
Viewing Data Classes
Type Management
Managing Alert Types
Managing Incident Types
Viewing Threat Intelligence Types
Managing Vulnerability Types
Viewing Custom Types
Classification & Mapping
Viewing Categorical Mappings
Creating, Copying, and Editing a Categorical Mapping
Managing Categorical Mappings
Playbook Orchestration Management
Playbooks
Submitting a Playbook Version
Reviewing a Playbook Version
Enabling a Playbook
Managing Playbooks
Managing Playbook Versions
Workflows
Reviewing a Workflow Version
Enabling a Workflow
Managing Workflows
Managing Workflow Versions
Asset Connections
Adding an Asset Connection
Managing Asset Connections
Instance Management
Viewing Monitored Playbook Instances
Layout Management
Viewing an Existing Layout Template
View Existing Layouts
Plug-in Management
Overview
Viewing Plug-in Details
Settings
Data Collection
Data Collection Overview
Collecting Data
Collection Management
Managing Connections
Managing Parsers
Managing Collection Channels
Managing Collection Nodes
Component Management
Managing Collection Nodes
Managing Components
Data Integration
Log Access Supported by SecMaster
Access Data
Checks
Customizing Directories
How to Use Playbooks
Overview
Automatic Renaming of Alert Names
Overview
Configuring and Enabling the Playbook
Verifying the Playbook
Attack Link Analysis Alert Notification
Overview
Creating and Subscribing to a Topic
Configuring and Enabling the Playbook
Automatic Notification of High-Risk Vulnerabilities
Overview
Creating and Subscribing to a Topic
Configuring an Asset Connection
Configuring and Enabling the Playbook
Automatic Notification of High-Risk Alerts
Overview
Creating and Subscribing to a Topic
Configuring and Enabling the Playbook
Automatic Security Blocking of WAF Attacks
Overview
Configuring an Asset Connection
Configuring and Enabling the Playbook
HSS Isolation and Killing of Malware
Overview
Configuring and Enabling the Playbook
Real-time Notification of Critical Organization and Management Operations
Overview
Enabling an Alert Model
Creating and Subscribing to a Topic
Configuring and Enabling the Playbook
Permissions Management
Creating a User and Granting Permissions
SecMaster Custom Policies
SecMaster Permissions and Supported Actions
Key Operations Recorded by CTS
SecMaster Operations Recorded by CTS
Querying Real-Time Traces
Change History
Best Practices
Operation Guide to Data Transfer
Scenario
Constraints
Quick Data Access with the Default Parser in SecMaster
Data Access with a Custom Parser
Change History
API Reference
Before You Start
Overview
API Calling
Endpoints
Concepts
Calling APIs
Making an API Request
Authentication
Response
API Overview
API
Alert Management
Searching for an Alert List
Creating an Alert Rule
Deleting an Alert
This API is used to convert alerts to incidents.
Querying Alert Detail
Updating an Alert
Incident Management
This API is used to search for the incident list.
Creating an Incident
Deleting an Incident
Obtaining Details of an Incident
Updating an Incident
Indicator Management
This API is used to query the intelligence indicator list.
Creating an Indicator
This API is used to delete an indicator.
Querying Indicator Details
Updating Indicators
Playbook Management
Playbook Running Monitoring
Querying Playbook Statistic Data
Querying the Playbook List
Creating a Playbook
Querying Playbook Details
Deleting a Playbook
Modifying a Playbook
Alert Rule Management
Listing Alert Rules
Creating an Alert Rule
Deleting an Alert Rule
Querying an Alert Rule
Updating an Alert Rule
Simulating an Alert Rule
Total number of alert rules.
Enabling an Alert Rule
Disabling an Alert Rule
Listing Alert Rule Templates
Viewing Alert Rule Templates
Playbook Version Management
Cloning a Playbook and Its Version
Querying the Playbook Version List
Creating a Playbook Version
Querying Playbook Version Details
Deleting a Playbook Version
Updated the playbook version.
Playbook Rule Management
Querying Playbook Rule Details
Deleting a Playbook Rule
Creating a Playbook Rule
Updating a Playbook Rule
Playbook Instance Management
Querying the Playbook Instance List
Querying Playbook Instance Details
Operation Playbook Instance
Querying the Playbook Topology
Querying Playbook Instance Audit Logs
Playbook Approval Management
Reviewing a Playbook
Querying Playbook Review Result
Playbook Action Management
Querying the Playbook Workflow
Creating a Playbook Action
Delete Playbook Action
Updating a Playbook Workflow
Incident Relationship Management
Querying the Associated Data Object List
Associating a Data Object
Canceling Association with a Data Object
Data Class Management
Querying the Data Class List
Querying the Data Class List
Workflow Management
Querying the Workflow List
Data Space Management
Creating a Data Space
Pipelines
Creating a Data Pipeline
Appendix
Status Codes
Error Codes
Obtaining a Project ID
Change History
FAQs
Product Consulting
Why Is There No Attack Data or Only A Small Amount of Attack Data?
Where Does SecMaster Obtain Its Data From?
What Are the Dependencies and Differences Between SecMaster and Other Security Services?
What Are the Differences Between SecMaster and HSS?
What Are the Relationships and Differences Between SecMaster and SA?
Why Cannot the Total ECS Quota Be Less Than the Number of Existing ECSs?
Can I Use SecMaster Across Accounts?
How Do I Update My Security Score?
How Do I Handle a Brute-force Attack?
Data Synchronization and Consistency
Troubleshooting the Agent Installation Failure
How Do I Grant Permissions to an IAM User?
How Long Are Logs Stored in SecMaster?
Purchase Consulting
How Do I Change SecMaster Editions or Specifications?
How Do I Obtain Permissions to Purchase SecMaster?
How Do I Release an ECS or VPC Endpoint?
Regions and AZs
What Are Regions and AZs?
Why Is the Region Selection Box Displayed for Global-Level Projects?
Change History
More Documents
User Guide (ME-Abu Dhabi Region)
Service Overview
What Is SecMaster?
Features and Functions
Product Advantages
Application Scenarios
Billing
Permissions Management
SecMaster and Other Services
Basic Concepts
Authorizing SecMaster
Editions
Buying a Value-Add Pack
Increasing the Quota
Unsubscribing from SecMaster
Security Overview
Overview
Security Score
Workspaces
Workspace Overview
Creating a Workspace
Managing Workspaces
Viewing Workspace Details
Editing a Workspace
Deleting a Workspace
Viewing Purchased Resources
Security Situation
Situation Overview
Large Screen
Overall Situation Screen
Monitoring Statistics Screen
Asset Security Screen
Threat Situation Screen
Vulnerable Assets Screen
Reports
Creating or Copying a Report
Viewing a Security Report
Downloading a Report
Managing Security Reports
Task Center
Viewing To-Do Tasks
Handling a To-Do Task
Resource Manager
Resource Manager Overview
Modifying the Asset Information Synchronization Policy
Viewing Resource Information
Importing and Exporting Assets
Deleting an Asset
Risk Prevention
Baseline Inspection
Cloud Service Baseline Overview
Configuring a Baseline Inspection Plan
Executing a Baseline Inspection Plan
Handling Manual Check Items
Viewing Baseline Inspection Results
Handling Baseline Inspection Results
Vulnerability Management
Vulnerability Management Overview
Viewing Vulnerability Details
Fixing Vulnerabilities
Importing and Exporting Vulnerabilities
Ignoring and Unignoring a Vulnerability
Threat Operations
Incident Management
Viewing an Incident
Adding or Editing an Incident
Importing and Exporting Incidents
Closing or Deleting Incidents
Alert Management
Viewing Alerts
Converting an Alert to an Incident
Adding or Editing an Alert
Importing and Exporting Alerts
Closing or Deleting an Alert
Indicator Management
Creating an Indicator
Disabling Indicators
Importing and Exporting Intelligence Indicators
Managing Indicators
Intelligent Modeling
Viewing Existing Model Templates
Creating/Editing a Model
Viewing Existing Models
Managing Models
Security Analysis
Security Analysis Overview
Getting Started
Configuring Indexes
Querying and Analyzing Data
Downloading Logs
Query and Analysis Syntax
SQL Syntax
Basic Syntax
Query Statements
Analysis Statements
Syntax of Analysis Statements
SELECT
GROUP BY
HAVING
ORDER BY
LIMIT
Functions
Aggregate Functions
Limitations and Constraints
Quick Query
Quickly Adding a Log Alarm Model
Charts
Overview
Tables
Line Charts
Bar Charts
Pie Charts
Managing Data Spaces
Creating a Data Space
Viewing Data Space Details
Editing a Data Space
Deleting a Data Space
Managing Pipelines
Creating a Pipeline
Viewing Pipeline Details
Editing a Pipeline
Deleting a Pipeline
Data Consumption
Data Delivery
Creating a Data Delivery
Data Delivery Authorization
Checking the Data Delivery Status
Managing Data Delivery
Data Monitoring
Security Orchestration
Security Orchestration Overview
Security Orchestration Process
Configuring and Enabling a Workflow
Configuring and Enabling a Playbook
Operation Object Management
Data Class
Viewing Data Classes
Type Management
Managing Alert Types
Managing Incident Types
Managing Threat Intelligence Types
Managing Vulnerability Types
Classification & Mapping
Creating a Classification and Mapping
Managing Category Mappings
Playbook Orchestration Management
Playbooks
Submitting a Playbook Version
Reviewing a Playbook Version
Enabling a Playbook
Managing Playbooks
Managing Playbook Versions
Workflows
Reviewing a Workflow Version
Enabling a Workflow
Managing Workflows
Managing Workflow Versions
Asset Connections
Adding an Asset Connection
Managing Asset Connections
Instance Management
Viewing Monitored Playbook Instances
Layout Management
Viewing an Existing Layout Template
Manage Existing Layouts
Plug-in Management
Overview
Viewing Plug-in Details
Settings
Data Collection
Data Collection Overview
Buying an ECS
Installing the Agent
Creating a Node
Configuring a Component
Adding a Connection
Configuring a Parser
Adding a Collection Channel
Collection Management
Managing Connections
Managing Parsers
Managing Collection Channels
Managing Collection Nodes
Component Management
Managing Collection Nodes
Managing Components
Data Integration
Access Data
Checks
Customizing Directories
Permissions Management
Creating a User and Granting Permissions
SecMaster Custom Policies
SecMaster Permissions and Supported Actions
FAQs
Product Consulting
What Is SecMaster?
Why Is There No Attack Data or Only A Small Amount of Attack Data?
What Are Data Sources of SecMaster?
What Are the Dependencies and Differences Between SecMaster and Other Security Services?
What Are the Differences Between SecMaster and HSS?
How Do I Update My Security Score?
How Do I Handle a Brute-force Attack?
Why Is the Incident Data in SecMaster Inconsistent with That in WAF and HSS?
Troubleshooting the Agent Installation Failure
How Do I Grant Permissions to an IAM User?
Purchase Consulting
How Do I Change SecMaster Editions or Specifications?
How Is SecMaster Billed?
Can I Unsubscribe from SecMaster?
Change History
General Reference
Glossary
Service Level Agreement
White Papers
Endpoints
Permissions