Updated on 2023-01-20 GMT+08:00

Checking Operation History

HSS proactively records the changes on account information, software information, and auto-started items. You can check the change details according to different dimensions and time ranges.


Servers that are not protected by HSS enterprise, premium, WTP, or container editions cannot perform asset fingerprint-related operations.

Checking Change Records

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.

    Figure 1 Accessing HSS

  3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.

    • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
    • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

  4. Choose Asset Management > Asset Fingerprints and click Operation History. On the displayed Operation History page, select a dimension and time period to view the change history of accounts, software, and auto-started items.

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

Managing Account Information

Account changes are recorded.
  • The Action column records the operations. Its value can be Create (newly found in the latest check), Delete (found in earlier checks but missing in the latest check), and Modify (changes on account information, such as account names, administrator rights, and user groups, are detected).
  • The last scan time indicates the time of the latest scan performed for servers in a period.

You can check the information about and changes on all accounts here. If you find unnecessary or super-privileged accounts (such as root) that are not mandatory for services, delete them or modify their permissions to prevent exploits.

Managing Software

Operations made to accounts are recorded.
  • Action: Create and Delete.
  • The last scan time records the time when the changes were detected, not the time they were made.

You can check the information about and changes on all software, upgrade software, and delete software that is unnecessary, suspicious, or in old version.

Auto-started Items

Trojans usually intrude servers by creating auto-started services, scheduled tasks, preloaded dynamic libraries, run registry keys, or startup folders. The auto-startup check function collects information about all auto-started items, including their names, types, and number of affected servers, making it easy for you to locate suspicious auto-started items.

You can check the servers, IP addresses, changes, paths, file hashes, users, and last scan time of auto-startup items.