Viewing and Configuring Defense Policies

Scenario

This section describes how to view and configure defense policies.

There are seven defense lines, physical, identity, server, maintenance, data, application, and network defense lines.

Viewing Defense Policies

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 1 Workspace management page
   

5. In the navigation pane on the left, choose Risk Prevention > Policy Management.
   Figure 2 Defense Layer Policies
   

6. View defense policy statistics.
   • Health Score: indicates the current health status of resources.

     The score ranges from 0 to 100. A larger score indicates a lower risk and higher asset security. For details about the security scores, see Security Overview and Situation Overview.

   • Total Assets: displays how many assets, high-risk assets, and assets at other risk levels you have.
   • Threat alarm, vulnerability, and baseline check statistics: display unhandled threat alarms, unfixed vulnerabilities, and risky baseline settings.
     • Threat Alarm: Displays threat alarms that have not been handled in the last seven days.
     • Vulnerability Risk: Displays the top 5 types of vulnerabilities in assets and the total number of vulnerabilities that have not been fixed in the last seven days.
     • Baseline Risk: displays resources by risk severity, including critical, high, medium, low, and informational levels, based on the latest baseline inspection results.
   • SecMaster Protection Overview: displays the protection status and resource information in the seven defense lines.
     • In the seven defense line area, you can click the icon of a defense line to view the protection products and protection statistics of the defense line.
     • You can view the resource statistics in the resource area.

Configuring Defense Policies

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
4. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
   Figure 3 Workspace management page
   

5. In the navigation pane on the left, choose Risk Prevention > Policy Management.
   Figure 4 Defense Layer Policies
   

6. Click the name of the defense line the security service belongs to. The cloud service information corresponding to the defense line slides out from the right.
7. On the page of the corresponding cloud service, click Protection Policy to go to the configuration page.

   If you have not purchased the corresponding cloud service, click the service name under service overview in the tab to go to the service console and purchase the service.

8. On the policy configuration page, configure policies of the corresponding cloud service.
   • Anti-DDoS policy configuration:
     • Configuring a Protection Policy
     • Configuring a Protection Policy
   • CFW protection policies: Configuring Intrusion Prevention and Basic Defense Rule Management
   • WAF protection policies: Creating a Protection Policy
   • HSS protection policies: Enabling HSS, Creating a Policy Group, and Installation and Configuration