Updated on 2024-07-18 GMT+08:00

Viewing a Security Report

Scenario

This section describes how to view a created security report and its displayed information.

Procedure

  1. Log in to the management console.
  2. Click in the upper part of the page and choose Security > SecMaster.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. In the navigation pane on the left, choose Security Situation > Reports.

    Figure 2 Reports

  5. Select the target report and click the report icon. The report details page is displayed.

    On the report details page, you can preview details about the current security report.

    When there are a large number of reports, you can search for a specific report type by selecting the Type or Enabling Status of the report, and then click .

Content in the Daily Report Template

Table 1 Content in the daily report template

Parameter

Description

Data Scope

The default data scope of a daily report is from 00:00:00 to 23:59:59 on the previous day.

Security Score

SecMaster evaluates and scores your asset security for the previous day (from 00:00:00 to 23:59:59) so that you can quickly learn of the overall security posture of assets. This score varies depending on the SecMaster edition you are using.

Baseline Inspection

Displays the statistics of the latest baseline check, including the following information:

  • The number of baseline check items
  • Number of failed compliance check items in the latest baseline check

Security Vulnerabilities

Displays the vulnerability statistics of the accessed cloud services on the previous day, including the following information:

  • Number of vulnerabilities
  • Number of unfixed vulnerabilities

Policy Coverage

Displays the coverage of current security products, including the following information:

  • Number of instances protected by security products (= Number of protected ECSs + Number of websites protected with WAF instances)
  • HSS coverage (= Number of protected ECSs/Total number of ECSs)
  • Number of protected cloud servers
  • Protected websites

Asset Security

Displays the current asset security status, including the following information:

  • Total number of current assets
  • Number of vulnerable assets

Security Analysis

Displays the security analysis statistics of the previous day, including the following information:

  • Total traffic of security logs on the previous day
  • Number of security log models

Security Response (Overview)

Displays the security response statistics for the previous day, including the following information:

  • Number of security alerts handled
  • Number of confirmed intrusion incidents
  • Number of executed automatic response playbooks
  • Percentage of alerts handled by automatic playbooks
  • Average MTTR
  • Number of confirmed high-risk intrusion incidents

Asset risks

Displays the asset security status for the previous day, including the following information:

  • Number of attacked assets
  • Number of unprotected assets
  • Number of vulnerable assets
  • Asset change trend over the last seven days as of the previous day
  • Asset protection rate

Threat posture

Displays the threat posture of assets on the previous day, including the following information:

  • Number of DDoS attacks
  • Number of network attacks
  • Number of application attacks
  • Number of server attacks
  • DDoS inspection findings
  • Network and server attack changes
  • WAF inspection findings
  • Top 5 network attack types
  • Top 5 application attack type statistics
  • Top 5 server attack type statistics
  • Top 5 application attack sources distribution
  • Top 5 attacked application distribution
  • Top 5 server alert distribution
  • Top 5 network attack sources distribution
  • HSS inspection findings

Log analysis

Displays the log analysis results for the previous day, including the following information:

  • Number of log sources on the previous day
  • Number of log indexes on the previous day
  • Total number of logs received on the previous day
  • Log volume stored on the previous day
  • Log change trend over the last seven days as of the previous day
  • Access traffic statistics of top 5 log sources over the last seven days as of the previous day
  • Number of alerts generated by top 10 models on the previous day

Security Response (Details)

Displays the security response information for the previous day, including the following information:

  • Number of alerts handled on the previous day
  • Number of incidents handled on the previous day
  • Number of vulnerabilities fixed on the previous day
  • Number of unsafe baseline settings fixed on the previous day
  • Threat alert distribution and quantity on the previous day
  • Top 5 intrusion incidents by type on the previous day
  • Top 5 emergency responses on the previous day
  • Top 20 threat alerts handled on the previous day

External Security Info

Displays information about external security hotspots for the previous day.

Content in the Weekly Report Template

Table 2 Content in the Weekly Report Template

Parameter

Description

Data Scope

SecMaster collects security information from 00:00 on Monday to 23:59:59 on Sunday of the previous week.

Security Score

SecMaster evaluates and scores your asset security for the last day of the previous week so that you can quickly learn of the overall security posture of assets. This score varies depending on the SecMaster edition you are using.

Baseline Inspection

Displays the statistics of the latest baseline check in the previous week, including the following information:

  • The number of baseline check items
  • Number of compliance check items in the latest baseline check

Security vulnerabilities

Displays the vulnerability statistics of the accessed cloud services for the last week, including the following information:

  • Number of vulnerabilities.
  • Number of unfixed vulnerabilities

Policy Coverage

Displays the latest asset security information on the last day of the previous week, including the following information:

  • Number of instances protected by security products (= Number of protected ECSs + Number of websites protected with WAF instances)
  • HSS coverage (= Number of protected ECSs/Total number of ECSs)
  • Number of protected cloud servers
  • Protected websites

Asset security

Displays the latest asset security information on the last day in the last week, including the following information:

  • Total number of assets
  • Number of vulnerable assets

Security analysis

Displays the security analysis statistics, including the following information:

  • Total security log traffic of last week
  • Number of security log models on the last day of the last week

Security Response (Overview)

Displays the security response information for the previous week, including the following information:

  • Number of security alerts handled over the previous week
  • Number of confirmed intrusion incidents over the previous week
  • Number of executed automatic response playbooks
  • Percentage of alerts handled by automatic playbooks
  • Average MTTR
  • Number of confirmed high-risk intrusion incidents

Asset risks

Displays the latest asset security information on the last day of the previous week, including the following information:

  • Week-over-week changes on attacked asset quantity in monthly reports
  • Week-over-week changes on unprotected asset quantity in monthly reports
  • Week-over-week changes on vulnerable asset quantity in monthly reports
  • Asset changes over the previous week
  • Asset protection (%)

Threat posture

Displays the latest threat posture n on the last day of the previous week, including the following information:

  • Number of DDoS attacks
  • Number of network attacks
  • Number of application attacks
  • Number of server attacks
  • DDoS inspection findings
  • Network attack changes
  • WAF inspection findings
  • Top 5 network attack types
  • Top 5 application attack types
  • Top 5 server attack types
  • Top 5 application attack sources distribution
  • Top 5 attacked application distribution
  • Top HSS alert distribution
  • Top 5 network attack sources distribution
  • HSS inspection findings

Log analysis

Displays the log analysis results for the previous week, including the following information:

  • Number of log sources
  • Number of log indexes
  • Total number of received logs
  • Log storage
  • Log volume changes
  • Top 5 log source access statistics
  • Number of alerts generated by top 10 models on the previous day

Security Response (Details)

Displays the security response information for the previous week, including the following information:

  • Number of handled alerts
  • Number of handled incidents
  • Number of fixed vulnerabilities
  • Number of fixed baseline settings
  • Threat alert distribution and quantity
  • Top 5 intrusion incidents by type
  • Top 5 emergency responses
  • Top 20 threat alert handling

External Security Info

This part includes information about external security hotspots.

Content in the Monthly Report Template

Table 3 Content in the monthly report template

Parameter

Description

Data Scope

By default, a monthly report includes security information for the previous month.

Security Score

SecMaster evaluates and scores your asset security for the last day of the previous month so that you can quickly learn of the overall security posture of assets. This score varies depending on the SecMaster edition you are using.

Baseline Inspection

Displays the statistics of the latest baseline check in the previous month, including the following information:

  • The number of baseline check items
  • Number of compliance check items in the latest baseline check

Security Vulnerabilities

Displays the vulnerability statistics of the accessed cloud services on the last data of the previous month, including the following information:

  • Number of vulnerabilities
  • Number of unfixed vulnerabilities

Policy Coverage

Displays the latest asset security information on the last day of the last month, including the following information:

  • Number of instances protected by security products (= Number of protected ECSs + Number of websites protected with WAF instances)
  • HSS coverage (= Number of protected ECSs/Total number of ECSs)
  • Number of protected cloud servers
  • Protected websites

Asset Security

Displays the latest asset security information on the last day of the last month, including the following information:

  • Total number of assets
  • Number of vulnerable assets

Security analysis

Displays the security analysis statistics, including the following information:

  • Total security log traffic of the last month
  • Number of security log models on the last day of the last month

Security Response (Overview)

Displays the security response information for the previous month, including the following information:

  • Number of security alerts handled over the previous month
  • Number of confirmed intrusion incidents
  • Number of executed automatic response playbooks
  • Percentage of alerts handled by automatic playbooks
  • Average MTTR
  • Number of confirmed high-risk intrusion incidents

Asset risks

Displays the latest asset security information on the last day of the last month, including the following information:

  • Attacked asset quantity changes compared to the previous month
  • Unprotected asset quantity changes compared to the previous month
  • Vulnerable asset quantity changes compared to the previous month
  • Asset changes over the previous month
  • Asset protection (%)

Threat posture

Displays the latest threat posture n on the last day of the previous month, including the following information:

  • Number of DDoS attacks
  • Number of network attacks
  • Number of application attacks
  • Number of server attacks
  • DDoS inspection findings
  • Network attack changes
  • WAF inspection findings
  • Top 5 network attack types
  • Top 5 application attack types
  • Top 5 server attack types
  • Top 5 application attack sources distribution
  • Top 5 attacked application distribution
  • Top HSS alert distribution
  • Top 5 network attack sources distribution
  • HSS inspection findings

Log analysis

Displays the log analysis results for the previous month, including the following information:

  • Number of log sources
  • Number of log indexes
  • Total number of received logs
  • Log storage
  • Log volume changes
  • Top 5 log source access statistics
  • Number of alerts generated by top 10 models on the previous day

Security Response (Details)

Displays the security response information for the previous month, including the following information:

  • Number of handled alerts
  • Number of handled incidents
  • Fixed vulnerabilities
  • Number of fixed baseline settings
  • Threat alerts by severity
  • Top 5 intrusion incidents by type
  • Top 5 emergency responses
  • Top 20 threat alert handling

External Security Info

This part includes information about external security hotspots.