Functions

Security Overview

• Security Score: A security score shows the overall health status of your workloads on the cloud so you can quickly learn of unhandled risks and their threats to your assets.

  The lower the security score, the greater the overall asset security risk.

• Security Monitoring: You can view how many threats, vulnerabilities, and compliance violations that are not handled and view their details.
• Your Security Score over Time: You can view the trend of the asset health scores for the last seven days.

√

√

√

Workspaces

• Workspace management:

  Workspaces are top-level workbenches in SecMaster. A workspace can be associated with projects and regions to support security operations in different scenarios.

• Workspace agencies: You can create an agency and use it to view the asset risks, alerts, and incidents of multiple workspaces across accounts.

√

√

√

Account Management

As more and more enterprises migrate their services to the cloud, cloud resource, project, personnel, and permission management is becoming increasingly complex. A centralized approach to managing cloud resources across multiple accounts is essential for enterprise environments.

You can aggregate resources from multiple accounts into one account to centrally manage security, configure protection policies, monitor data operations, and detect security risks in real time.

×

×

√

Security Governance

• Compliance Pack

  Huawei's open security governance templates include original standards and regulation terms, check policies, compliance evaluation items, and improvement suggestions from Huawei experts, covering PCI DSS, ISO27701, ISO27001, privacy protection, and other regulations and standards. You can subscribe to and unsubscribe from security compliance packs and view the evaluation results.

• Policy Check

  Security Governance periodically detects the compliance status of cloud assets through code-based scanning. You can view compliance risks on the dashboard, and obtain corresponding improvement suggestions from Huawei experts.

• Compliance Evaluation

  Security Governance integrates regulatory clauses and standard requirements into compliance pack check items. You complete evaluation of your services using the compliance pack, and view evaluation results. You can also view historical results, upload and download evidence, and take actions based on Huawei experts' improvement suggestions.

• Result Display

  Security Governance displays the evaluation results and compliance status on the dashboard, including the compliance rates of the compliance packs you subscribed to, and the compliance rate of each term the regulations and standards, each security, as well as the policy check results.

×

×

√

Purchased Resources

You can view resources purchased by the current account on the Purchased Resources page and manage them centrally.

√

√

√

Situation Overview

• Security Score: A security score shows the overall health status of your workloads on the cloud so you can quickly learn of unhandled risks and their threats to your assets.

  The lower the security score, the greater the overall asset security risk.

• Security Monitoring: You can view how many threats, vulnerabilities, and compliance violations that are not handled and view their details.
• Your Security Score over Time: You can view the trend of the asset health scores for the last seven days.

√

√

√

Large Screen

SecMaster leverages AI to analyze and classify massive cloud security data and then displays real-time results on a large screen. In a simple, intuitive, and efficient way, you will learn of what risks your cloud environment are facing and how secure your cloud environment is.

×

√

√

Security Reports

You can generate analysis reports and periodically send them to specified recipients by email. In this way, all recipients can learn about the security status of your assets in a timely manner.

×

×

√

Task Center

All tasks that need to be processed are displayed centrally.

×

√

√

AI Risk Overview

AI Risk Overview displays the compliance status of the AI models in real time. It supports data corpus, inference services, and environment security risk operations. So, you can identify risks and potential threats of AI models in a timely manner. On the AI Risk Overview page, you can lear of your AI model inference security, corpus security, and environment security.

√

√

√

Resource Manager

SecMaster can synchronize the security statistics of all resources. So that you can check the name, service, and security status of a resource to quickly locate security risks.

√

√

√

Baseline Inspection

SecMaster can scan cloud baseline configurations to find out unsafe settings, report alerts for incidents, and offer hardening suggestions to you.

√

√

√

Vulnerabilities

SecMaster automatically synchronizes vulnerability scan results from Host Security Service (HSS), displays vulnerability scan details by category, and provides vulnerability fixing suggestions.

√

√

√

Emergency Vulnerability Notices

SecMaster collects the latest information on known host security vulnerabilities every 5 minutes.

√

√

√

Security Policies

SecMaster supports centralized management of defense and emergency policies.

√

√

√

Incidents

SecMaster centrally displays incident details and allows you to manually or automatically convert alerts into incidents.

×

√

√

Alerts

Alerts of other cloud services such as HSS, WAF, and DDoS Mitigation are integrated for central display and management.

• SecMaster basic edition supports the aggregation of raw alerts from other security services.
• SecMaster standard edition supports the aggregation of raw alerts from other security services.
• SecMaster professional edition supports aggregation of raw alerts from other security services and precise alert reporting based on threat detection models.

√

√

√

Indicators

Indicators describe potential threats to your systems. Indicators provide necessary context for abnormal activities, so that you can quickly take measures to protect your personnel, information, and assets.

Indicators associate observation items such as URLs or IP addresses with known threat activities such as phishing or malware. Indicators are widely used in security products and automated services to detect and prevent potential threats to organizations. You can create and manage indicators to accelerate threat detection and rectification. You can manually add indicators or import indicators to SecMaster. Then you can use indicators to create custom playbooks for threat management, analysis, and handling.

×

×

√

Objects

You can centrally manage operation objects such as data classes, data class types, and categorical mappings.

×

×

√

Playbooks

You can manage playbooks, workflows, operation connections, and playbook instances throughout their lifecycles.

×

×

√

Layouts

This module provides a visualized low-code development platform. In this module, you can create custom layout of pages for security analysis reports, alert management, incident management, vulnerability management, baseline management, and threat indicator library management.

×

×

√

Plugins

Plug-ins used in the security orchestration process can be managed centrally.

×

×

√

Directory Customization

You can customize directories as needed.

×

√

√

Log Audit Overview

You can learn about the overall log audit status for the statistical period in the current workspace.

√

√

√

Security Data

• Query and Analysis
  • Search and analysis: Supports quick data search and analysis, quick filtering of security data for security survey, and quick locating of key data.
  • Statistics filtering: SecMaster supports quick analysis and statistics of data fields and quick data filtering based on the analysis result. Time series data supports statistics collection by default time partition, allowing data volume trend to be quickly spotted. SecMaster supports analysis, statistics, and sorting functions, and supports quick building of security analysis models.
  • Visualization: Visualized data analysis intuitively reflects service structure and trend, enabling customized analysis reports and analysis indicators to be easily created.
• Data Delivery: Data can be delivered to other pipelines or Huawei Cloud products in real time so that you can store data to or retrieve data from other systems.
• Data Monitoring: Data streams are monitored and managed in an end-to-end manner.
• Data Consumption: SecMaster provides streaming communication interfaces for data consumption and production, as well as data pipeline SDKs. So that you can use SDKs to integrate data across systems, and specify custom data producers and consumers. SecMaster provides open-source log collection plug-in Logstash. You can enable custom data consumers and producers.

×

√

√

Cloud Service Access

SecMaster can integrate logs of multiple Huawei Cloud services, such as Web Application Firewall (WAF), Host Security Server (HSS), and Object Storage Service (OBS). You can search and analyze all collected logs in SecMaster. By default, the logs are stored for 7 days.

×

√

√

Data Collection (Collections and Components)

Logstash is used to collect varied log data in multiple modes. After data is collected, historical data analysis and comparison, data association analysis, and unknown threat discovery can be quickly implemented.

×

√

√

Security Analysis

Security data collection

120 MB/day/quota

120 MB/day/quota

Security data retention

120 MB/day/quota

120 MB/day/quota

Security data export

120 MB/day/quota

120 MB/day/quota

Platform security data

40 MB/day/quota

40 MB/day/quota

Security modeling analysis

×

120 MB/day/quota

Threats

Preset threat models

×

Calculation model data: 120 MB/day/quota; Preset models: 200

Preset response playbooks

×

Preset playbooks: 30

Security Orchestration

Security Orchestration

×

Operations: 7,000