Overall Situation Screen

There are always such scenarios as presentation, reporting, or real-time monitoring where you need to present the analysis results of SecMaster on big screens to achieve better demonstration effect. It is not ideal to just zoom in the console. Now, SecMaster Large Screen is a good choice for you to display the service console on bigger screens for a better visual effect.

By default, SecMaster provides a large screen for comprehensive situation awareness by displaying the attack history, attack status, and attack trend. This allows you to manage security incidents before, when, and after they happen.

Prerequisites

You have enabled Large Screen. For details, see Purchasing Value-Added Packages.

Procedure

Log in to the management console.
Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

Figure 1 Workspace management page
In the navigation pane on the left, choose Security Situation > Large Screen.

Figure 2 Large Screen
Click the Overall Situation screen. The large screen for overall situation awareness is displayed. Figure 3 shows an example.

This screen includes many graphs.
Figure 3 Overall Situation screen

Security Score

The security score of the current assets is displayed, as shown in Figure 4.

**Table 1** Security Score
Parameter	Reference Period	Update Frequency	Description
Security Score	Real-time	Automatic update at 02:00 every day Updated about 5 minutes after you click Check Again in the Security Score panel on the Situation Overview page in a workspace.	The score is calculated based on what security services are enabled, and the levels and numbers of unhandled configuration issues, vulnerabilities, and threats. Each calculation item is assigned a weight. There are six risk severity levels, Secure, Informational, Low, Medium, High, and Critical. The score ranges from 0 to 100. The higher the security score, the lower the risk severity level. The security score starts from 0 and the risk severity level is escalated up from Secure to the next level every 20 points. For example, for scores ranging from 40 to 60, the risk severity is Medium. The color keys listed on the right of the chart show the names of donut slices. Different color represents different risk severity levels. For example, the yellow slice indicates that your asset risk severity is Medium.

Figure 4 Security Score

Alert Statistics

The alert statistics of interconnected services are displayed, as shown in Figure 5.

To view details about the alert statistics, choose Threat Operation > Alerts in the current workspace.

**Table 2** Alert statistics
Parameter	Reference Period	Update Frequency	Description
New Alerts	Today	5 minutes	Number of new alerts generated on the current day.
Threat Alerts	Last 7 days	5 minutes	Number of new alerts generated in the last seven days.
Unhandled Alerts	Last 7 days	5 minutes	Number of alerts that have not been cleared in the last seven days.
Handled Alerts	Last 7 days	5 minutes	Number of alerts that have been cleared in the last seven days.

Figure 5 Alert Statistics

Asset Protection

The protection status of servers and websites is displayed, including the proportion of protected and unprotected assets, as shown in Figure 6. You can hover the cursor over a module to view the number of protected/unprotected assets.

**Table 3** Asset protection rate
Parameter	Reference Period	Update Frequency	Description
Asset Protection (%)	Last 7 days	5 minutes	The protection status of servers and websites is displayed, including the proportion of protected and unprotected assets. Servers: numbers of ECSs protected and not protected by HSS Websites: Numbers of websites protected and not protected by WAF

Figure 6 Asset protection rate

Baseline Inspection

The fixing status of the baseline configuration and vulnerabilities of your assets, distribution of risky resources, and vulnerability fixing trend within seven days are displayed, as shown in Figure 7.

To view details about the baseline data, choose Risk Prevention > Baseline Inspection in the current workspace.
To view details about the vulnerability data, choose Risk Prevention > Vulnerabilities in the current workspace.

**Table 4** Baseline inspection
Parameter	Reference Period	Update Frequency	Description
Baseline Settings	Real-time	5 minutes	Numbers of baseline settings that passed and failed the last baseline inspection.
Vulnerabilities	Last 7 days	5 minutes	Numbers of fixed and unfixed vulnerabilities in the last seven days.
Resources by Severity	Real-time	5 minutes	Numbers of unsafe resources at different severities in the last baseline inspection. Severity: Critical, High, Medium, Low, and Info.
Vulnerabilities	Last 7 days	5 minutes	New vulnerabilities by the day for the last seven days and vulnerability distribution.

Figure 7 Baseline Inspection

Recent Threats

The numbers of threatened assets and security logs reported every day in the last seven days are displayed, as shown in Figure 8.

The x-axis indicates time, the y-axis on the left indicates the number of threatened assets, and the y-axis on the right indicates the number of logs. Hover the cursor over a date to view the number of threatened assets of that day.

**Table 5** Recent threats
Parameter	Reference Period	Update Frequency	Description
Attacks	Last 7 days	5 minutes	Number of alerts reported every day in the last seven days. To view details about the alert statistics, choose Threat Operation > Alerts in the current workspace.
Logs	Last 7 days	5 minutes	Number of security logs reported every day in the last seven days.

Figure 8 Recent threats

To-Dos

The to-do items in the current workspace are displayed, as shown in Figure 9.

**Table 6** To-dos
Parameter	Reference Period	Update Frequency	Description
To-Dos	Real-time	5 minutes	To-do items on the Security Situation > Task Center in the current workspace.

Figure 9 To-Dos

Resolved Issues

The alert handling status, SLA and MTTR fulfillment rate in the last seven days, and automatic incident handling statistics in the last seven days are displayed, as shown in Figure 10.

To view details about the alert statistics, choose Threat Operation > Alerts in the current workspace.

**Table 7** Resolved issues
Parameter		Reference Period	Update Frequency	Description
Alerts	Alerts	Last 7 days	5 minutes	Number of new alerts generated in the last seven days.
	Handled			Number of alerts that have been cleared in the last seven days.
	Manual			Number of alerts that were handled within the SLA time in the last seven days. Alerts handled as planned and earlier than planned are counted.
	Auto			Number of alerts that were automatically handled by SecMaster playbooks. To determine how an alert was handled, check whether the value of close_comment is ClosedByCSB or ClosedBySecMaster in the alert details. If it is, the alert was automatically handled. If it is not, the alert was manually handled.
SLA and MTTR [Last 7 Days]	SLA Statistics	Last 7 days	5 minutes	Alert handling timeliness in the last seven days. The formula is as follows: For an alert with Service-Level Agreement (SLA) specified, if Alert closure time - Alert generation time ≤ SLA, it indicates the alert was handled in a timely manner. Otherwise, the alert fails to meet SLA requirements. Compliant: The alert closure time is the same as or earlier than planned. Non-compliant: The alert closure time is later than planned.
SLA and MTTR [Last 7 Days]	MTTR	Last 7 days	5 minutes	Average alert closure time in the last seven days. The formula is as follows: Mean Time To Repair (MTTR) = Total processing time of each alert/Total number of alerts. Processing time of each alert = Closure time – Creation time.
Handled Incidents [Last 7 Days]		Last 7 days	5 minutes	Total number of alerts handled in the last seven days. Manual: Number of alerts manually closed on the Alerts page. Auto: Number of alerts automatically closed by SecMaster playbooks. To determine how an alert was handled, check whether the value of close_comment is ClosedByCSB or ClosedBySecMaster in the alert details. If it is, the alert was automatically handled. If it is not, the alert was manually handled.