SecMaster
SecMaster
All results for "
" in this service
All results for "
" in this service
What's New
Function Overview
Service Overview
SecMaster Infographics
What Is SecMaster?
What Is a SOC?
Product Advantages
Application Scenarios
Functions
Limitations and Constraints
Security
Shared Responsibilities
Identity Authentication and Access Control
Data Protection Technologies
Audit Logs
Service Resilience
Risk Monitoring
Certificates
Security Orchestration
Permissions Management
SecMaster and Other Services
Basic Concepts
Billing
Billing Overview
Billing Modes
Overview
Yearly/Monthly Billing
Pay-per-Use Billing
Billing Items
Billing Examples
Changing the Billing Mode
Renewing Your Subscription
Overview
Manually Renewing SecMaster
Auto-renewing SecMaster
Bills
Arrears
Billing Termination
Cost Management
Billing FAQs
How Is SecMaster Billed?
Can I Use SecMaster for Free?
How Do I Change or Disable Auto Renewal for SecMaster?
Will SecMaster Be Billed After It Expires?
How Do I Renew SecMaster When It Is About to Expire?
Where Can I Unsubscribe from SecMaster?
Where Can I View the Remaining Quotas of Security Data Collection and Security Data Packages?
Getting Started
Before You Start
Step 1: Buy SecMaster
Step 2: Create a Workspace
Step 3: Access Security Data
Enabling Asset Subscription
Enabling Log Access
Step 4: Configure and Enable Related Checks
Enabling an Alert Model
Enabling a Playbook
Conducting a Baseline Inspection
(Optional) Configuring a Security Policy
Step 5: Create a Security Report
Step 6: Start Security Operations
Getting Started Through Common Practices
User Guide
Buying SecMaster
Buying SecMaster
Purchasing Value-Added Packages
Upgrading the Service Edition
Increasing the Quota
Authorizing SecMaster
Viewing the Dashboard
Overview
Security Score
Workspaces
Workspace Overview
Creating a Workspace
Managing Workspaces
Viewing Workspace Details
Editing a Workspace
Managing Workspace Tags
Deleting a Workspace
Workspace Agencies
Workspace Agency Overview
Creating an Agency View
Creating an Agency
Authorizing an Agency
Managing Agencies
Viewing Purchased Resources
Security Governance
Security Governance Overview
Security Compliance Pack Description
Procedure
Authorizing SecMaster
Subscribing to Compliance Packs
User Self-Assessment
Security Compliance Overview
Evaluation Result
Policy Check Result
Downloading a Compliance Report
Unsubscribing from a Compliance Pack
Security Situation
Situation Overview
Large Screen
Overall Situation Screen
Security Response Screen
Asset Security Screen
Threat Situation Screen
Venerability Situation Screen
Security Reports
Creating and Copying a Security Report
Viewing a Security Report
Downloading a Security Report
Managing Security Reports
Task Center
Viewing To-Do Tasks
Handling a To-Do Task
Viewing Completed Tasks
Resource Manager
Overview
Configuring the Asset Subscription
Viewing Resource Information
Importing and Exporting Assets
Editing and Deleting Resources
Risk Prevention
Baseline Inspection
Baseline Inspection Overview
Creating a Custom Check Plan
Starting an Immediate Baseline Check
Viewing Check Results
Handling Check Results
Viewing Compliance Packs
Creating a Custom Compliance Pack
Importing and Exporting a Compliance Pack
Viewing Check Items
Creating a Custom Check Item
Importing and Exporting Check Items
Vulnerability Management
Overview
Viewing Vulnerability Details
Fixing Vulnerabilities
Importing and Exporting Vulnerabilities
Ignoring and Unignoring a Vulnerability
Viewing/Exporting Emergency Vulnerability Notices
Policy Management
Overview
Viewing Defense Policies
Configuring Defense Policies
Adding and Editing an Emergency Policy
Viewing Emergency Policies
Deleting an Emergency Policy
Blocking or Canceling Blocking of an IP Address or IP Address Range
Threat Operations
Incident Management
Viewing Incidents
Adding and Editing an Incident
Importing and Exporting Incidents
Closing or Deleting Incidents
Alert Management
Viewing Alerts
Converting an Alert to an Incident or Associating an Alert with an Incident
Adding and Editing an Alert
Importing and Exporting Alerts
Closing or Deleting an Alert
Handling Alerts based on Suggestions
One-click Blocking or Unblocking
Indicator Management
Adding and Editing an Indicator
Disabling and Deleting an Indicator
Importing and Exporting Intelligence Indicators
Viewing Indicators
Intelligent Modeling
Viewing Available Model Templates
Creating and Editing a Model
Viewing Available Models
Managing Models
Security Analysis
Security Analysis Overview
How to Use Security Analysis
Log Fields
Configuring Indexes
Querying and Analyzing Data
Downloading Logs
Quick Query
Quickly Adding a Log Alarm Model
Charts
Overview
Tables
Line Charts
Bar Charts
Pie Charts
Managing Data Spaces
Creating a Data Space
Viewing Data Space Details
Editing a Data Space
Deleting a Data Space
Managing Pipelines
Creating a Pipeline
Viewing Pipeline Details
Editing a Pipeline
Deleting a Pipeline
Data Consumption
Data Monitoring
Query and Analysis Syntax - V1
Query and Analysis Syntax Overview
Query Statements
Analysis Statements
SELECT
GROUP BY
HAVING
ORDER BY
LIMIT
Functions
Aggregate Functions
Query and Analysis Syntax - V2
Query and Analysis Syntax Overview
Retrieval SQL Syntax Reference
Overview
Query Statements
Analysis Statements
SELECT
GROUP BY
HAVING
ORDER BY
LIMIT
Functions
Aggregate Functions
SecMaster SQL Syntax Reference
Supported Data Types
Syntax
Data Manipulation Language (DML)
DML Snytax
SELECT
UNION
Window
JOIN
OrderBy & Limit
Top-N
Deduplication
Reserved Keywords
Data Delivery
Creating a Data Delivery
Data Delivery Authorization
Checking the Data Delivery Status
Managing Data Delivery
Delivering Logs to LTS
Security Orchestration
Security Orchestration Overview
Built-in Playbooks
Security Orchestration Process
(Optional) Configuring and Enabling a Workflow
(Optional) Configuring and Enabling a Playbook
Operation Object Management
Data Class
Viewing Data Classes
Type Management
Managing Alert Types
Managing Incident Types
Viewing Threat Intelligence Types
Managing Vulnerability Types
Viewing Custom Types
Classification & Mapping
Viewing Categorical Mappings
Creating, Copying, and Editing a Categorical Mapping
Managing Categorical Mappings
Playbook Orchestration Management
Playbooks
Submitting a Playbook Version
Reviewing a Playbook Version
Enabling a Playbook
Managing Playbooks
Managing Playbook Versions
Workflows
Reviewing a Workflow Version
Enabling a Workflow
Managing Workflows
Managing Workflow Versions
Asset Connections
Adding an Asset Connection
Managing Asset Connections
Instance Management
Viewing Monitored Playbook Instances
Layout Management
Viewing an Existing Layout Template
View Existing Layouts
Plug-in Management
Plug-in Management Overview
Viewing Plug-in Details
Playbook Overview
Ransomware Incident Response Solution
Attack Link Analysis Alert Notification
Playbook Overview
Configuring Playbooks
HSS Isolation and Killing of Malware
Playbook Overview
Configuring Playbooks
Automatic Renaming of Alert Names
Auto High-Risk Vulnerability Notification
Automatic Notification of High-Risk Alerts
Auto Blocking for High-risk Alerts
Real-time Notification of Critical Organization and Management Operations
Settings
Data Collection
Data Collection Overview
Component Management
Creating and Editing a Node
Partitioning a Disk
Managing Nodes
Configuring a Component
Logstash Configuration Description
Viewing Component Details
Collection Management
Adding and Editing a Connection
Connector Rules
Managing Connections
Creating and Editing a Parser
Parser Rules
Managing Parsers
Adding and Editing a Collection Channel
Managing Collection Channels
Viewing Collection Nodes
Upgrading the Component Controller
Data Integration
Log Access Supported by SecMaster
Enabling Log Access
Customizing Directories
Permissions Management
Creating a User and Granting Permissions
SecMaster Custom Policies
SecMaster Permissions and Supported Actions
Key Operations Recorded by CTS
SecMaster Operations Recorded by CTS
Querying Real-Time Traces
Best Practices
Log Access and Transfer Operation Guide
Solution Overview
Resource Planning
Process Flow
Procedure
(Optional) Step 1: Buy an ECS
(Optional) Step 2: Buy a Data Disk
(Optional) Step 3: Attach a Data Disk
Step 4: Create a Non-administrator IAM User
Step 5: Configure Network Connection
Step 6: Install the Component Controller (isap-agent)
Step 7: Install the Log Collection Component (Logstash)
(Optional) Step 8: Creating a Log Storage Pipeline
Step 9: Configure a Connector
(Optional) Step 10: Configure a Log Parser
Step 11: Configure a Log Collection Channel
Step 12: Test and Verify Log Access and Transfer
Credential Leakage Response Solution
API Reference
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
API
Alert Management
Searching for an Alert List
Creating an Alert Rule
Deleting an Alert
Converting an Alert to an Incident
Querying Alert Detail
Updating an Alert
Incident Management
Querying the Incident List
Creating an Incident
Deleting an Incident
Obtaining Details of an Incident
Updating an Incident
Indicator Management
Query the intelligence indicator list.
Creating an Indicator
Deleting an Indicator
Querying Indicator Details
Updating Indicators
Playbook Management
Playbook Running Monitoring
Querying Playbook Statistic Data
Querying the Playbook List
Creating a Playbook
Querying Playbook Details
Deleting a Playbook
Modifying a Playbook
Alert Rule Management
Listing Alert Rules
Creating an Alert Rule
Deleting an Alert Rule
Querying an Alert Rule
Updating an Alert Rule
Simulating an Alert Rule
Total number of alert rules.
Enabling an Alert Rule
Disabling an Alert Rule
Listing Alert Rule Templates
Viewing Alert Rule Templates
Playbook Version Management
Cloning a Playbook and Its Version
Querying the Playbook Version List
Creating a Playbook Version
Querying Playbook Version Details
Deleting a Playbook Version
Updated the playbook version.
Playbook Rule Management
Querying Playbook Rule Details
Deleting a Playbook Rule
Creating a Playbook Rule
Updating a Playbook Rule
Playbook Instance Management
Querying the Playbook Instance List
Querying Playbook Instance Details
Operation Playbook Instance
Querying the Playbook Topology
Querying Playbook Instance Audit Logs
Playbook Approval Management
Reviewing a Playbook
Querying Playbook Review Result
Playbook Action Management
Querying the Playbook Workflow
Creating a Playbook Action
Delete Playbook Action
Updating a Playbook Workflow
Incident Relationship Management
Querying the Associated Data Object List
Associating a Data Object
Canceling Association with a Data Object
Data Class Management
Querying the Data Class List
Querying the Field List
Workflow Management
Querying the Workflow List
Data Space Management
Creating a Data Space
Pipelines
Creating a Data Pipeline
Workspace Management
Creating a Workspace
Querying the Workspace List
Metering and Billing
On-Demand Subscription of SecMaster
Metric Query
Querying Metrics in Batches
Baseline Inspection
Search Baseline Check Results
Appendix
Status Codes
Error Codes
Obtaining a Project ID
About Metrics
FAQs
Product Consulting
Why Is There No Attack Data or Only A Small Amount of Attack Data?
Where Does SecMaster Obtain Its Data From?
What Are the Dependencies and Differences Between SecMaster and Other Security Services?
What Are the Differences Between SecMaster and HSS?
What Are the Relationships and Differences Between SecMaster and SA?
Why Cannot the Total ECS Quota Be Less Than the Number of Existing ECSs?
Can I Use SecMaster Across Accounts?
How Do I Update My Security Score?
How Do I Handle a Brute-force Attack?
Issues About Data Synchronization and Data Consistency
How Do I Grant Permissions to an IAM User?
How Long Are Logs Stored in SecMaster?
Purchase Consulting
How Do I Change SecMaster Editions or Specifications?
How Do I Obtain Permissions to Purchase SecMaster?
How Do I Release an ECS or VPC Endpoint?
How Do I Upgrade SA to SecMaster?
About Data Collection Faults
Component Controller Installation Failure
Collection Node or Collection Channel Faults
Common Commands for the Component Controller
Regions and AZs
What Are Regions and AZs?
Why Is the Region Selection Box Displayed for Global-Level Projects?
More Documents
User Guide (ME-Abu Dhabi Region)
Service Overview
What Is SecMaster?
Product Advantages
Application Scenarios
Functions
Billing
Permissions Management
SecMaster and Other Services
Basic Concepts
Permissions Management
Creating a User and Granting Permissions
SecMaster Custom Policies
SecMaster Permissions and Supported Actions
Buying SecMaster
Buying the Professional Edition
Purchasing Value-Added Packages
Increasing the Quota
Unsubscribing from SecMaster
Authorizing SecMaster
Security Overview
Overview
Security Score
Workspaces
Workspace Overview
Creating a Workspace
Managing Workspaces
Viewing Workspace Details
Editing a Workspace
Managing Workspace Tags
Deleting a Workspace
Viewing Purchased Resources
Security Situation
Situation Overview
Large Screen
Overall Situation Screen
Security Response Screen
Asset Security Screen
Threat Situation Screen
Venerability Situation Screen
Security Reports
Creating and Copying a Security Report
Viewing a Security Report
Downloading a Security Report
Managing Security Reports
Task Center
Viewing To-Do Tasks
Handling a To-Do Task
Viewing Completed Tasks
Resource Manager
Overview
Configuring Resource Subscription
Viewing Resource Information
Importing and Exporting Assets
Editing and Deleting Resources
Risk Prevention
Baseline Inspection
Baseline Inspection Overview
Creating a Custom Baseline Check Plan
Starting an Immediate Baseline Check
Handling Manual Check Items
Viewing Baseline Inspection Results
Handling Baseline Inspection Results
Vulnerability Management
Overview
Viewing Vulnerability Details
Fixing Vulnerabilities
Importing and Exporting Vulnerabilities
Ignoring and Unignoring a Vulnerability
Policy Management
Overview
Adding or Editing an Emergency Policy
Viewing Emergency Policies
Deleting an Emergency Policy
Blocking or Canceling Blocking of an IP Address or IP Address Range
Threat Operations
Incident Management
Viewing Incidents
Adding or Editing an Incident
Importing and Exporting Incidents
Closing or Deleting Incidents
Alert Management
Viewing Alerts
Converting an Alert to an Incident or Associating an Alert with an Incident
Adding or Editing an Alert
Importing and Exporting Alerts
Closing or Deleting an Alert
One-click Blocking or Unblocking
Indicator Management
Adding and Editing an Indicator
Disabling and Deleting an Indicator
Importing and Exporting Intelligence Indicators
Viewing Indicators
Intelligent Modeling
Viewing Available Model Templates
Creating and Editing a Model
Viewing Available Models
Managing Models
Security Analysis
Security Analysis Overview
How to Use Security Analysis
Configuring Indexes
Querying and Analyzing Data
Downloading Logs
Query and Analysis Statements - SQL Syntax
Basic Syntax
Limitations and Constraints
Query Statements
Syntax of Analysis Statements
Analysis Statements - SELECT
Analysis Statements - GROUP BY
Analysis Statements - HAVING
Analysis Statements - ORDER BY
Analysis Statements - LIMIT
Analysis Statements - Functions
Analysis Statements - Aggregate Functions
Quick Query
Quickly Adding a Log Alarm Model
Charts
Overview
Tables
Line Charts
Bar Charts
Pie Charts
Managing Data Spaces
Creating a Data Space
Viewing Data Space Details
Editing a Data Space
Deleting a Data Space
Managing Pipelines
Creating a Pipeline
Viewing Pipeline Details
Editing a Pipeline
Deleting a Pipeline
Data Consumption
Data Delivery
Creating a Data Delivery
Data Delivery Authorization
Checking the Data Delivery Status
Managing Data Delivery
Delivering Logs to LTS
Data Monitoring
Security Orchestration
Security Orchestration Overview
Built-in Playbooks and Workflows
Security Orchestration Process
(Optional) Configuring and Enabling a Workflow
Configuring and Enabling a Playbook
Operation Object Management
Data Class
Viewing Data Classes
Type Management
Managing Alert Types
Managing Incident Types
Managing Threat Intelligence Types
Managing Vulnerability Types
Managing Custom Types
Classification & Mapping
Viewing Categorical Mappings
Creating, Copying, and Editing a Categorical Mapping
Managing Categorical Mappings
Playbook Orchestration Management
Playbooks
Submitting a Playbook Version
Reviewing a Playbook Version
Enabling a Playbook
Managing Playbooks
Managing Playbook Versions
Workflows
Reviewing a Workflow Version
Enabling a Workflow
Managing Workflows
Managing Workflow Versions
Asset Connections
Adding an Asset Connection
Managing Asset Connections
Instance Management
Viewing Monitored Playbook Instances
Layout Management
Viewing an Existing Layout Template
Manage Existing Layouts
Plug-in Management
Overview
Viewing Plug-in Details
Settings
Data Collection
Data Collection Overview
Component Management
Creating or Editing a Node
Partitioning a Disk
Managing Nodes
Configuring a Component
Logstash Configuration Description
Viewing Component Details
Collection Management
Adding and Editing a Connection
Rules for Configuring Connectors
Managing Connections
Creating and Editing a Parser
Rules for Configuring Parsers
Managing Parsers
Adding and Editing a Collection Channel
Managing Collection Channels
Viewing Collection Nodes
Upgrading the Component Controller
Data Integration
Log Access Supported by SecMaster
Access Data
Checks
Customizing Directories
FAQs
Product Consulting
Why Is There No Attack Data or Only A Small Amount of Attack Data?
Where Does SecMaster Obtain Its Data From?
What Are the Dependencies and Differences Between SecMaster and Other Security Services?
What Are the Differences Between SecMaster and HSS?
How Do I Update My Security Score?
How Do I Handle a Brute-force Attack?
Data Synchronization and Consistency
How Do I Grant Permissions to an IAM User?
Purchase Consulting
How Do I Change SecMaster Editions or Specifications?
How Is SecMaster Billed?
Can I Unsubscribe from SecMaster?
Troubleshooting
Data Collection
Component Controller Installation Failure
Collection Node or Collection Channel Faults
Change History
User Guide (Kuala Lumpur Region)
Service Overview
What Is SecMaster?
What Is a SOC?
Product Advantages
Application Scenarios
Functions
SecMaster and Other Services
Basic Concepts
Authorizing SecMaster
Security Overview
Overview
Security Score
Workspaces
Workspace Overview
Creating a Workspace
Managing Workspaces
Viewing Workspace Details
Editing a Workspace
Managing Workspace Tags
Deleting a Workspace
Viewing Purchased Resources
Security Situation
Situation Overview
Large Screen
Overall Situation Screen
Security Response Screen
Asset Security Screen
Threat Situation Screen
Venerability Situation Screen
Security Reports
Creating and Copying a Security Report
Viewing a Security Report
Downloading a Security Report
Managing Security Reports
Task Center
Viewing To-Do Tasks
Handling a To-Do Task
Viewing Completed Tasks
Resource Manager
Overview
Configuring the Asset Subscription
Viewing Resource Information
Importing and Exporting Assets
Editing and Deleting Resources
Risk Prevention
Baseline Inspection
Baseline Inspection Overview
Creating a Custom Check Plan
Starting an Immediate Baseline Check
Viewing Check Results
Handling Check Results
Viewing Compliance Packs
Creating a Custom Compliance Pack
Importing and Exporting a Compliance Pack
Viewing Check Items
Creating a Custom Check Item
Importing and Exporting Check Items
Vulnerability Management
Overview
Viewing Vulnerability Details
Fixing Vulnerabilities
Importing and Exporting Vulnerabilities
Ignoring and Unignoring a Vulnerability
Policy Management
Overview
Adding and Editing an Emergency Policy
Viewing Emergency Policies
Deleting an Emergency Policy
Blocking or Canceling Blocking of an IP Address or IP Address Range
Threat Operations
Incident Management
Viewing Incidents
Adding and Editing an Incident
Importing and Exporting Incidents
Closing or Deleting Incidents
Alert Management
Viewing Alerts
Converting an Alert to an Incident or Associating an Alert with an Incident
Adding and Editing an Alert
Importing and Exporting Alerts
Closing or Deleting an Alert
One-click Blocking or Unblocking
Indicator Management
Adding and Editing an Indicator
Disabling and Deleting an Indicator
Importing and Exporting Intelligence Indicators
Viewing Indicators
Intelligent Modeling
Viewing Available Model Templates
Creating and Editing a Model
Viewing Available Models
Managing Models
Security Analysis
Security Analysis Overview
How to Use Security Analysis
Log Fields
Configuring Indexes
Querying and Analyzing Data
Downloading Logs
Query and Analysis Statements - SQL Syntax
Basic Syntax
Limitations and Constraints
Query Statements
Analysis Statements - SELECT
Analysis Statements - GROUP BY
Analysis Statements - HAVING
Analysis Statements - ORDER BY
Analysis Statements - LIMIT
Analysis Statements - Functions
Analysis Statements - Aggregate Functions
Quick Query
Quickly Adding a Log Alarm Model
Charts
Overview
Tables
Line Charts
Bar Charts
Pie Charts
Managing Data Spaces
Creating a Data Space
Viewing Data Space Details
Editing a Data Space
Deleting a Data Space
Managing Pipelines
Creating a Pipeline
Viewing Pipeline Details
Editing a Pipeline
Deleting a Pipeline
Data Consumption
Data Monitoring
Data Delivery
Creating a Data Delivery
Data Delivery Authorization
Checking the Data Delivery Status
Managing Data Delivery
Delivering Logs to LTS
Security Orchestration
Security Orchestration Overview
Built-in Playbooks
Security Orchestration Process
(Optional) Configuring and Enabling a Workflow
Configuring and Enabling a Playbook
Operation Object Management
Data Class
Viewing Data Classes
Type Management
Managing Alert Types
Managing Incident Types
Managing Threat Intelligence Types
Managing Vulnerability Types
Managing Custom Types
Classification & Mapping
Viewing Categorical Mappings
Creating, Copying, and Editing a Categorical Mapping
Managing Categorical Mappings
Playbook Orchestration Management
Playbooks
Submitting a Playbook Version
Reviewing a Playbook Version
Enabling a Playbook
Managing Playbooks
Managing Playbook Versions
Workflows
Reviewing a Workflow Version
Enabling a Workflow
Managing Workflows
Managing Workflow Versions
Asset Connections
Adding an Asset Connection
Managing Asset Connections
Instance Management
Viewing Monitored Playbook Instances
Layout Management
Viewing an Existing Layout Template
Manage Existing Layouts
Plug-in Management
Plug-in Management Overview
Viewing Plug-in Details
Settings
Data Collection
Data Collection Overview
Component Management
Creating and Editing a Node
Partitioning a Disk
Managing Nodes
Configuring a Component
Logstash Configuration Description
Viewing Component Details
Collection Management
Adding and Editing a Connection
Rules for Configuring Connectors
Managing Connections
Creating and Editing a Parser
Rules for Configuring Parsers
Managing Parsers
Adding and Editing a Collection Channel
Managing Collection Channels
Viewing Collection Nodes
Upgrading the Component Controller
Data Integration
Log Access Supported by SecMaster
Enabling Log Access
Customizing Directories
FAQs
Product Consulting
Why Is There No Attack Data or Only A Small Amount of Attack Data?
Where Does SecMaster Obtain Its Data From?
What Are the Dependencies and Differences Between SecMaster and Other Security Services?
What Are the Differences Between SecMaster and HSS?
How Do I Update My Security Score?
How Do I Handle a Brute-force Attack?
Issues About Data Synchronization and Data Consistency
About Data Collection Faults
Component Controller Installation Failure
Collection Node or Collection Channel Faults
Common Commands for the Component Controller
Change History
General Reference
Glossary
Service Level Agreement
White Papers
Endpoints
Permissions