Updated on 2025-08-26 GMT+08:00

Collecting Container Assets

Scenarios

HSS can collect information about container assets, including clusters, nodes, containers, images, and container fingerprints. With the container asset function, you can centrally count container assets and detect unsafe assets in a timely manner. This section describes the container asset collection items and how they are collected.

Prerequisite

Container assets have been connected to HSS. For details, see Connecting to a Third-party Image Repository, Accessing CI/CD, and Installing an Agent in a Cluster.

Constraints

The container fingerprint function is supported only by the HSS enterprise edition. For details about how to purchase HSS, see Purchasing an HSS Quota.

Container Asset Collection Items

The container asset function can collect information about container assets, including clusters, nodes, containers, images, and container fingerprints. Container fingerprints are classified into multiple subtypes, including accounts, open ports, processes, software, auto-started items, web applications, web services, web frameworks, websites, middleware, and databases. For details about assets, see Table 1.

Table 1 Container asset collection items

Item

Description

Clusters

You can check statistics and details about clusters, workloads, services, and pods.

Nodes

You can check details about cluster nodes and independent nodes.

Containers

You can check details about container instances.

Images

You can check information about local images, repository images, and CI/CD images.

Accounts

Check and manage all accounts on your containers to keep them secure.

Real-time account information includes the account name, number of servers, server name, IP address, login permission, root permission, user group, user directory, shell started by the user, container name, container ID, the last scan time, and the first scan time.

Open ports

Check open ports on your containers, including risky and unknown ports.

You can easily find high-risk ports on containers by checking local ports, protocol types, server names, IP addresses, statuses, PIDs, and program files.

  • Manually disabling high-risk ports

    If dangerous or unnecessary ports are found enabled, check whether they are mandatory for services, and disable them if they are not. For dangerous ports, you are advised to further check their program files, and delete or isolate their source files if necessary.

    It is recommended that you handle the ports with the Dangerous risk level promptly and handle the ports with the Unknown risk level based on the actual service conditions.

  • Ignore risks: If a detected high-risk port is actually a normal port used for services, you can ignore it. The port will no longer be regarded risky or generate alarms.

Processes

Check processes on your containers and find abnormal processes.

You can easily identify abnormal processes on your containers based process paths, server names, IP addresses, startup parameters, startup time, users who run the processes, file permissions, PIDs, and file hashes.

If a suspicious process has not been detected in the last 30 days, its information will be automatically deleted from the process list.

Installed software

Check and manage all software installed on your containers, and identify insecure versions.

You can check real-time and historical software information to determine whether the software is risky.

  • Real-time software information includes the software name, number of servers, server names, IP addresses, software versions, software update time, the last scan time, and the first scan time.
  • Historical software change records include the server names, IP addresses, change statuses, software versions, software update time, and the last scan time.

Auto-started items

Check for auto-started items and quickly locate Trojans.

Real-time information about auto-started items includes their names, types (auto-started service, startup folder, pre-loaded dynamic library, Run registry key, or scheduled task), number of servers, server names, IP addresses, paths, file hashes, users, container name, container ID, and the last scan time.

Websites

Check information about web directories and sites that can be accessed from the Internet. You can view the directories and permissions, access paths, external ports, certificate information (to be provided later), and key processes of websites.

The following websites support data collection: Apache, Nginx, and Tomcat.

Web frameworks

Check statistics about frameworks used for web content display, including their versions, paths, and associated processes.

The following types of web frameworks support data collection:

  • Java language framework: Struts, struts2, spring, hibernate, webwork, quartz, velocity, turbine, FreeMarker, flexive, stripes, vaadin, vertx, wicket, zkoss, jackson, fastjson, shiro, MyBatis, Jersey and JFinal.
  • Python framework: Django, Flask, Tornado, web.py, and web2py.
  • PHP language framework: Webasyst, KYPHP, CodeIgniter, InitPHP, SpeedPHP, ThinkPHP, and OneThink
  • Go framework: Gin, Beego, Fasthttp, Iris, and Echo.

Middleware

Check information about servers, versions, paths, and processes associated with middleware.

Web services

Check details about the software used for web content access, including versions, paths, configuration files, and associated processes of all software.

Data can be collected from the following web services: Apache, Nginx, Tomcat, WebLogic, WebSphere, JBoss, Wildfly, and Jetty.

Web applications

Check details about software used for web content push and release, including versions, paths, configuration files, and associated processes of all software.

Data of the following web applications can be collected: PHPMailer, PHPMyadmin, DedeCMS, WordPress, ThinkPHP, BigTree, JPress, Jenkins, Zabbix, Discuz!, and ThinkCMF.

Databases

Check details about the software that provides data storage, including versions, paths, configuration files, and associated processes of all software.

Data can be collected from the following types of databases: MySQL, Redis, Oracle, MongoDB, Memcache, PostgreSQL, HBase, DB2, Sybase, Dameng database management system, and KingbaseES database management system.

Container Asset Collection Methods

Container asset information can be collected automatically or manually. For details about how each type of fingerprints is collected, see Table 2.

After the agent is installed on a cluster node or independent node, information about server assets will be collected for the first time immediately. By default, the automatic collection period starts from the time when the agent installation succeeded.

Collection intervals can be customized for middleware, web frameworks, kernel modules, web applications, websites, web services, and databases. For details, see Asset Discovery.

Table 2 Container asset collection methods

Item

Automatic Collection Frequency

Manual Collection Method

Clusters

Automatic check every 24 hours

Manually Collecting Cluster, Service, Workload, and Container Information

Nodes

  • Cluster nodes: automatic check every 24 hours
  • Independent nodes: Data is automatically collected after the agent is installed.

None

Containers

Automatic check every 24 hours

Manually Collecting Cluster, Service, Workload, and Container Information

Images

  • Local images:
    • Images on cluster nodes: automatic check every 24 hours
    • Images on independent nodes: Data is automatically collected after the agent is installed.
  • Repository image: None. Manual collection required.
  • CI/CD image: Data is automatically collected during CI/CD project building.
  • Local image and CI/CD image: Data cannot be collected manually.
  • For details about how to manually collect repository images, see Synchronizing Repository Images.

Accounts

Automatic check every hour

Manually Collecting the Latest Asset Fingerprints of All Containers

Open ports

Automatic check every 30 seconds

Manually Collecting the Latest Asset Fingerprints of All Containers

Processes

Automatic check every hour

Manually Collecting the Latest Asset Fingerprints of All Containers

Installed software

Automatic check every day

Manually Collecting the Latest Asset Fingerprints of All Containers

Auto-started items

Automatic check every hour

Manually Collecting the Latest Asset Fingerprints of All Containers

Websites

Once a week (04:10 a.m. every Monday)

Web frameworks

Once a week (04:10 a.m. every Monday)

Middleware

Once a week (04:10 a.m. every Monday)

Web services

Once a week (04:10 a.m. every Monday)

Web applications

Once a week (04:10 a.m. every Monday)

Databases

Once a week (04:10 a.m. every Monday)

Manually Collecting the Latest Asset Fingerprints of a Single Container

To view the latest data of web applications, web services, web frameworks, websites, middleware, and databases in real time, you can manually collect their fingerprints.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Asset Management > Servers & Quota. Click the Servers tab.
  4. (Optional) If you have enabled the enterprise project function, select an enterprise project from the Enterprise Project drop-down list in the upper part of the page to view its data.
  5. Click the name of the target server. On the server details page that is displayed, choose Asset Fingerprints > Containers.
  6. Click a fingerprint in the fingerprint list, and click Discover Assets on the upper area of the list on the right.

    Currently, only Web Applications, Web Services, Web Frameworks, Websites, Middleware, and Databases support real-time manual collection and update. Information about other types is automatically collected and updated every day.

    Figure 1 Collecting data now

  7. After the automatic execution is complete, the last scan time is updated and the latest container asset information is displayed.

Manually Collecting the Latest Asset Fingerprints of All Containers

To view the latest data of accounts, open ports, processes, software, auto-started items, websites, web frameworks, middleware, web services, web applications, and databases in real time, you can manually collect their fingerprints.

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. Choose Asset Management > Container Assets.
  1. In the upper right corner of the page, click Update Asset Fingerprints.
  2. Select the server update scope and click OK.

    Figure 2 Updating asset fingerprints

  3. After the Updating Asset Fingerprints status disappears from the button in the upper right corner of the page, you can view the latest asset fingerprints.

Manually Collecting Cluster, Service, Workload, and Container Information

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
  3. In the navigation pane, choose Asset Management > Container Assets.

    Alternatively, you can choose Installation & Configuration > Container Install & Config, click the Cluster tab, and click Synchronize the Latest Assets.

  4. Click the Cluster tab and click Synchronize Clusters in the upper right corner.
  5. Wait for about 5 minutes, refresh the cluster page, and view the latest assets after synchronization.

Follow-up Procedure

After the container fingerprints are collected, you can view the latest asset fingerprint data. For details, see Viewing Container Assets.