Help Center/ SecMaster/ User Guide/ Security Situation/ Checking the Situation Overview

Updated on 2024-12-30 GMT+08:00

View PDF

Checking the Situation Overview

The Situation Overview page displays the overall security assessment status of resources in the current workspace in real time. You will view the security assessment results, security monitoring details, and security trend of your assets.

You can view the overall security assessment result by workspace, as well as view the assessment results of all workspaces.

Security Overview: This page displays the overall security assessment results of all your workspaces in real time. You can follow the procedure provided in Checking Security Overview to do this.
Situation Overview: The page Security Situation > Situation Overview in each workspace displays the security assessment result of the logged-in workspace. You can follow the procedure below to view the assessment result of a specific workspace.

Checking the Situation Overview

Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

Figure 1 Workspace management page
In the navigation pane on the left, choose Security Situation > Situation Overview.

Figure 2 Situation Overview

On the Security Overview page, you can view the security overview of your assets and perform related operations. The Situation Overview page consists of the following modules:

Security Score
Security Monitoring
Your Security Score over Time

The following table describes the reference periods and update frequency of the modules.

**Table 1** Situation Overview
Parameter	Reference Period	Update Frequency	Description
Security Score	Real-time	Automatic update at 02:00 every day Updated every time you click Check Again	The score is calculated based on what security services are enabled, and the severity levels and numbers of unhandled configuration issues, vulnerabilities, and threats. For more details, see Security Score.
Threat Alarms	Last 7 days	Every 5 minutes	Total number of alerts on the Threat Operations > Alerts page in a workspace.
Vulnerabilities	Last 7 days	Every 5 minutes	Total number of vulnerabilities on the Risk Prevention > Vulnerabilities in a workspace.
Abnormal Baseline Settings	Real-time	Every 5 minutes	Total number of issues on the Risk Prevention > Baseline Inspection page in a workspace.
Your Security Score over Time	Last 7 days	Every 5 minutes	Security scores in the last seven days.

Security Score

The security score shows the overall health status of your workloads on the cloud based on the service edition you are using. You can quickly learn about unhandled risks and their threats to your assets.

The security score is automatically updated at 02:00 every day. You can also click Check Again to update it immediately.
The score ranges from 0 to 100. A larger score indicates a lower risk and a more secure asset. For details about the security scores, see Security Score.
Different color blocks in the security score ring chart indicate different severity levels. For example, yellow indicates that your security is medium.
Click Handle Now. The Risks pane is displayed on the right. You can handle risks by referring to the corresponding guidance.
- The Risks slide-out panel lists all threats that you should handle in a timely manner. These threats are included in the Threat Alarms, Vulnerabilities, and Abnormal Baseline Settings areas.
- The Risks pane displays the latest check results of the last scan. The Alerts, Vulnerabilities, and Abnormal Baseline Settings pages show check results of all previous scans. So, you will find the threat number on the Risks pane is less than that on those pages. You can click Handle for an alert on the Risks pane to go to the corresponding page quickly.
- Handling detected security risks:
  1. In the Security Score area, click Handle Now.
  2. On the Risks slide-out panel displayed, click Handle.
  3. On the page displayed, handle risk alerts, vulnerabilities, or baseline inspection items.
The security score is updated when you refresh status of the alert incident after risk handling. After you fix the risks, you can click Check Again so that SecMaster can check and score your system again.

After risks are fixed, manually ignore or handle alert incidents and update the alert incident status in the alert list. The risk severity can be down to a proper level accordingly.
The security score reflects the security situation of your system last time you let SecMaster check the system. To obtain the latest score, click Check Again.

Security Monitoring

The Security Monitoring area includes Threat Alarms, Vulnerabilities, and Abnormal Baseline Settings, which sort risks that have not been handled.

**Table 2** Security Monitoring parameters
Parameter	Description
Threat Alarms	This panel displays the unhandled threat alerts in a workspace for the last 7 days. You can quickly learn of the total number of unhandled threat alerts and the number of vulnerabilities at each severity level. The statistics are updated every 5 minutes. Risk severity levels: Critical: There are intrusions to your workloads, and you should view alert details and handle the alert in a timely manner. High: There are abnormal incidents on your workloads, and you should view alert details and handle the alert in a timely manner. Others: There are risky incidents that are marked as medium-risk, low-risk, and informational alerts detected in your systems, and you should view alert details and take necessary actions. To quickly view details of top 5 threat alerts for the last 7 days, click the Threat Alarms panel. You can view details of those threats, including the threat alert name, severity, asset name, and discovery time. If no data is available here, no threat alerts are generated for the last 7 days. You can click View More to go to the Alerts page and view more alerts. You can also customize filter criteria to query alert information. For details about how to view threat alerts, see Viewing Alert Details.
Vulnerabilities	This panel displays the top five vulnerability types and the total number of unfixed vulnerabilities in your assets in a workspace for the last 7 days. You can quickly learn of the total number of unfixed vulnerabilities and the number of vulnerabilities at each severity level. The statistics are updated every 5 minutes. Risk severity levels: High: There are vulnerabilities on your workloads, and you should view vulnerability details and handle them in a timely manner. Medium: There are abnormal incidents on your workloads, and you should view vulnerability details and handle the vulnerability in a timely manner. Others: There are risky incidents that are marked as low-risk or informational in your systems, and you should view vulnerability details and take necessary actions. When you click the Top 5 Vulnerability Types tab, the system displays the five vulnerability types with the most affected servers. Vulnerability rankings are based on the number of hosts a vulnerability affects. The vulnerability ranked the first affects the most hosts. The data is displayed in Top 5 Vulnerability Types only when the hosts have Host Security Service (HSS) Agent version 2.0 installed. If no data is displayed or you want to view top 5 vulnerability types, upgrade Agent from 1.0 to 2.0. Click Top 5 Real-Time Vulnerabilities tab. The system displays the top 5 vulnerability incidents for the last 7 days. You can quickly view vulnerability details. You can view details such as the vulnerability name, severity, asset name, and discovery time. If no data is available here, no vulnerabilities are detected on the current day. You can click View More to go to the Vulnerabilities page and view more vulnerabilities. You can also customize filter criteria to query vulnerability information. For details, see Viewing Vulnerability Details.
Abnormal Baseline Settings	This panel displays the total number of compliance violations detected in a workspace. You can quickly learn of total number of violations and the number of violations at each severity level. The statistics are updated every 5 minutes. Risk severity levels: Critical: There are intrusions to your workloads, and you should view details about compliance risks and handle them in a timely manner. High: There are abnormal incidents on your workloads, and you should view details about compliance risks and handle them in a timely manner. Others: There are risky incidents that are marked as medium-risk, low-risk, and informational alerts detected in your systems, and you should view details about compliance risks and take necessary actions. To quickly view details of top 5 abnormal compliance risks discovered, click the Abnormal Baseline Settings panel. You can view details of the top compliance risks discovered in the latest check, such as check item name, severity, asset name, and discovery time. If no data is available, no compliance violations are detected. You can click View More to go to the Baseline Inspection page and view more compliance risks. You can also customize filter criteria to make an advanced search. For details, see Viewing Baseline Check Results.