Help Center/ Situation Awareness/ User Guide/ Baseline Inspection/ Handling Baseline Inspection Results
Updated on 2023-01-13 GMT+08:00
View PDF
Share

Handling Baseline Inspection Results

This topic describes how to handle unsafe settings by referring to recommended fixes and how to report manual check results to SA.

Prerequisites

  • Your professional edition SA is available.
  • The cloud service baseline has been scanned.

Handling Unsafe Settings

The following describes how to fix unsafe settings discovered by check item IAM user login protection.

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Situation Awareness.
  3. In the navigation pane on the left, choose Baseline Inspection.
  4. Select the region where the check result to be viewed is located.
  5. On the Security Standards tab, choose Cloud Security Compliance Standard 1.0, and view the risk status of check items.

    Figure 1 Check item status
    • If the icon of a check item status is green, the configuration is correct and no unsafe settings found.
    • If the icon of a check item status is red, there may be inappropriate configurations and the assets may have potential risks.

  6. In the row containing the IAM user login protection check, click View Details in the Operation column.
  7. View the risk details and fix the unsafe settings by referring to Result and Reference.

    Table 1 Check item description

    Parameter

    Description

    Status

    Displays the check status of the current check item.

    • If the result is Passed, the configuration corresponding to the check item is appropriate.
    • If the result is Failed, the configuration corresponding to the check item is inappropriate. The check results will be listed.

    Latest Check

    Last time when the current check item was performed.

    Check Method

    Method used by the current check item.

    Severity

    Severity of the unsafe settings discovered against the current check item.

    Impact

    Security impact caused by unsafe settings discovered against the current check item.

    Standard and Category

    Security standard and category of the current check item.

    Description

    Check content of the current check items.

    Check Process

    Check process of the current check item.

    Reference

    Links of documentation related to the check item.

    Click the reference link to go to the detailed page.

    Resource

    Resource to which the current check item belongs.

    The check result can be Passed or Failed.

    • If the result is Passed, the configuration corresponding to the check item is appropriate.
    • If unsafe settings are found, the detailed information is listed. You can click the button in the Operation column to go to page and fix the configuration.

  8. After all unsafe configurations are rectified, click Check to verify that all risky items have been rectified.

Reporting Manual Check Results to SA

For manual check items, after you finish each check, report the check results to SA. The pass rate is calculated based on results from both manual and automatic checks.

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Situation Awareness.
  3. In the navigation pane on the left, choose Baseline Inspection.
  4. Select the region where the check result to be viewed is located.
  5. In the Operation column of the target manual check item, click Manual Check.
  6. In the displayed dialog box, select a result and click OK.

    Figure 2 Manually Check

    Report manual check results every 7 days as your feedback is valid only for 7 days.

Ignoring a Check Item

If you have custom requirements for a check item, ignore the check item. For example, SA checks whether the session timeout duration is set to 15 minutes, while you need to set it to 20 minutes. In this situation, ignore this check item so that SA no longer executes this check.

An ignored check item will be no longer executed. It will not be counted when the Pass Rate is calculated.

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Situation Awareness.
  3. In the navigation pane on the left, choose Baseline Inspection.
  4. Select the region where the check result to be viewed is located.
  5. On the Security Standards tab, locate the row containing the check item you want to ignore, click Ignore in the Operation column.

    To ignore more than one check item at a time, select all the check items you want to ignore, and click Ignore in the upper left corner of the check item list.

  6. In the displayed dialog box, click OK.

    Figure 3 Ignore the following check items?
    • Ignored check items will be not executed. They will not be counted when the Pass Rate is calculated.
    • To resume an ignored check item, locate the row containing the ignored check item, and click Unignore in the Operation column. Then, in the displayed dialog box, click OK.

Parent topic: Baseline Inspection