Help Center> Host Security Service (New)> User Guide> Asset Management> Server Fingerprints> Viewing the Operation History of Server Assets
Updated on 2024-03-28 GMT+08:00

Viewing the Operation History of Server Assets

HSS proactively records the changes on account information, software information, and auto-started items. You can check the change details according to different dimensions and time ranges.

Prerequisite

HSS enterprise edition, premium edition, WTP edition, or container edition has been enabled for the server.

Checking Change Records

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. Choose Asset Management > Server Fingerprints and click Operation History. On the displayed Operation History page, select a dimension and time period to view the change history of accounts, software, and auto-started items.

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

Managing Account Information

Account changes are recorded.
  • Action: The Action column records the operations. Its value can be Create (newly found in the latest check), Delete (found in earlier checks but missing in the latest check), and Modify (changes on account information, such as account names, administrator rights, and user groups, are detected).
  • Last Scan Time: The last scan time indicates the time of the latest scan performed for servers in a period.

You can check the information about and changes on all accounts here. If you find unnecessary or super-privileged accounts (such as root) that are not mandatory for services, delete them or modify their permissions to prevent exploits.

Managing Software

Operations made to accounts are recorded.
  • Action: Create and Delete.
  • Last Scan Time: The last scan time records the time when the changes were detected, not the time they were made.

You can check the information about and changes on all software, upgrade software, and delete software that is unnecessary, suspicious, or in old version.

Auto-started Items

Trojans usually intrude servers by creating auto-started services, scheduled tasks, preloaded dynamic libraries, run registry keys, or startup folders. The auto-startup check function collects information about all auto-started items, including their names, types, and number of affected servers, making it easy for you to locate suspicious auto-started items.

You can check the servers, IP addresses, changes, paths, file hashes, users, and last scan time of auto-startup items.