Help Center/ Data Security Center/ User Guide/ Asset Map
Updated on 2025-03-07 GMT+08:00
View PDF
Share

Asset Map

The data asset map allows you to view the security status of your assets from multiple dimensions, such as asset overview, categories and risk levels, permissions, storage, sensitivity, and data egress analysis. This helps you quickly detect risky assets and handle them.

Constraints

  • A maximum of 1000 assets can be displayed.
  • Table 1 lists the data sources supported by DSC.
    Table 1 Supported datasource versions

    Data Type

    Data Source Type

    Version

    Database

    MySQL

    5.6, 5.7, 5.8, and 8.0

    SQL Server

    2017_SE, 2017_EE, and 2017_WEB

    2016_SE, 2016_EE, and 2016_WEB

    2014_SE and 2014_EE

    2012_SE, 2012_EE, and 2012_WEB

    2008_R2_EE and 2008_R2_WEB

    PostgreSQL

    15, 14, 13, 12, 11, 10, 9.6, 9.5, 9.4, 9.1, and 1.0

    TDSQL

    10.3.X

    Oracle

    11, 12

    DDS

    4.2, 4.0, and 3.4

    KingBase

    V8

    GaussDB

    1.3, 1.4, and 2.7

    DMDBMS

    7 and 8

    DWS

    8.1.X

    Big Data

    ElasticSearch

    5.x, 6.x, and 7.x

    DLI

    1.0

    Hive

    1.0

    MRS-Hive

    3.x

    Hbase

    1.0

    OBS

    OBS

    V3

Prerequisites

Asset Map Functions

  • Sort out data assets on the cloud and displays them by region: DSC automatically scans and sorts out data assets on the cloud and displays asset distribution on a map. The asset map displays regions of assets based on VPCs and associates asset regions with service regions.
    Figure 1 Asset Map
  • Sensitive data display: DSC displays sensitive data by categories. It identifies and classifies sensitive data using a three-layer identification engine, including default compliance rules, natural language semantic identification, and advanced file similarity detection.
  • Data egress analysis: DSC provides a unified data egress view based on the asset map to help you identify all data egresses of on the cloud and potential security risks of these egresses, so you can take corresponding data security protection measures.
    Figure 2 Data egress analysis
  • Risk monitoring and alarming: DSC monitors data asset risks using the risk identification engine, displays the risk distribution for each asset type, and reports alarms for you to take quick response.
    • Security Score: The asset map displays the overall Security Score of all your assets. You can click next to Scoring Rules to view the asset security score calculation rule, as shown in Figure 3.
      Figure 3 Scoring Rule
    • Security Level: Assets are classified into different security levels to facilitate viewing and management. You can click an asset with risks to view the risk details.
      Figure 4 Security levels

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select a region or project.
  3. In the navigation tree on the left, click . Choose Security & Compliance > Data Security Center .
  4. In the navigation pane, choose Asset Map.
  5. After assets are added or authorized, you can view asset information on the Asset Map page. The following describes the functions and usage of each module on the page.

Risk Statistics

  • The Security Score, Last Scored Time , and Rating Details of the asset are displayed, as shown in Figure 5. You can manually re-analyze the score. The details are as follows:
    Figure 5 Security score
    • The security score of the asset is displayed. Click next to the Scoring Rules to view the asset security score calculation rule.
    • Click Analyze to perform security analysis and scanning on cloud assets again.
    • Click Rating Details to view the Protection Policy Analysis and Common Read/Write tabs. Click Modify or Details in the Operation column to configure policies based on the Configuration Policy Recommendation.
      Figure 6 Security policy analysis

  • The sensitive data identification and leveling results of assets are displayed. Assets are displayed by category based on the grading results, as shown in Figure 7. The details are as follows:
    Figure 7 Sensitive data identification and leveling result
    • You can hover the cursor over a sensitivity level to show information about all assets at the sensitivity level.
    • You can hover the cursor over an asset category to display the names and scan times of all its scanned assets in the adjacent dialog box.
    • You can select an asset to view its details in the right-hand dialog box, which includes basic asset information, sensitive data detection, protection policy analysis, bucket protection policy analysis, and data egress analysis. For details, see Viewing Database Instance Details.

Viewing Database Instance Details

  • Basic Info: displays the type, port number, version, private IP address, and engine type of the instance.
  • Sensitive data identification: displays authorized and unauthorized databases in the instance.
    • For an authorized database in the Scanned status. Click Create identification task to go to the sensitive data identification page and create an identification task to identify sensitive information in the database. For details, see Creating an Identification Task.
    • For an authorized database in the Not scanned status. Click Expand to view database scan details.
    • For an unauthorized database, click Go to Authorize to obtain the access permission to the database. For details, see Asset Center.
    Figure 8 Sensitive data identification

    For OBS data, click View Details to view the Result Details of the sensitive data identification task. If there is no identification result, create an identification task by referring to section Creating an Identification Task and view the identification result again.

  • Common Read/Write and Protection Policy Analysis:
    • Checks whether high-risk permissions, such as server-side encryption, database encryption, transmission encryption, security group, and public network access, are enabled and displays handling notifications. You can click View or Modify to handle the permissions.
    • Allows you to view the current status of security configurations, including encryption, backup, and audit, for all assets, along with the specific requirements of the policy baseline. Additionally, you can switch to the policy/task configuration page to configure policies and tasks.
  • Data Egress Analysis: identifies all data egresses on the cloud, including EIP, NAT, API Gateway, and ROMA. You can also move the cursor to the data type icon or VPC icon on the asset map to view the data egress gateway lines.
    Figure 9 Data exit analysis

Related Operations

  • If you want to change authorization status of your assets, click Modify in the upper right corner. If you want to stop authorization of your assets, ensure that the assets have no ongoing tasks. DSC will delete your agencies and assets and all related data. Exercise caution when performing this operation. For details, see Allowing or Disallowing Access to Cloud Assets.
  • Asset security level legend: Each color represents an asset security level from L0 to L10.
  • You can drag the slider on the progress bar to adjust the scale of the asset map.
  • Click in the lower right corner.
  • Click in the lower right corner to display the asset map operation guide.
  • Click in the lower right corner to display the data exception events, so that you can handle the exceptions in time.
  • Click in the lower right corner to display the asset legend.