Help Center/ Situation Awareness/ User Guide/ Security Overview/ Overview
Updated on 2023-05-16 GMT+08:00
View PDF
Share

Overview

The Security Overview page gives you a comprehensive overview of your asset security posture in real time together with other linked cloud security services to collectively display security assessment findings. On the Security Overview page, you can view the security status of your cloud resources, take required actions with just a few clicks, and manage risks centrally.

On the Security Overview page, you can view the overall security posture of your assets and take actions accordingly. The Security Overview page consists of the following parts:

Security Score

The security score shows the overall health status of your workloads on the cloud based on the SA edition you are using. You can quickly learn about unhandled risks and their threats to your assets. Figure 1 shows an example.

Figure 1 Security Score
  • The score ranges from 0 to 100. The higher the security score, the more secure your assets. For details, see Security Score.
  • Different color blocks in the security score ring chart indicate different severity levels. For example, yellow indicates that your security is medium.
  • If you click Handle Now, the Risks pane is displayed on the right. You can handle risks by referring to the corresponding guidance.
    • The Risks pane lists all threats that you should handle as soon as possible. Those threats are included in the Threat Alarms, Vulnerabilities, and Compliance Check areas.
    • The Risks pane displays the latest alarms found in the last scan. The Events page shows all alarms found in all previous scans. So, you will find the threat number on the Risks pane is less than that on the Events page. You can click Handle for an alarm on the Risks pane to go to the Events page quickly.
    • Handling detected security risks:
      1. In the Security Score area, click Handle Now. The Risks pane is displayed on the right.
      2. On the Risks pane, locate a risk and click Handle in the corresponding row. The Events page is displayed.
      3. Select one or more events in the Unhandled status and click Ignore or Mark as Offline above the result list to handle all selected events at a time.
        • Ignore: If the event does not cause any harm, ignore the result. After click Ignore, record the Handler and Reason in the Ignore Risk dialog box.
        • Mark as Offline: If the event has been handled offline, click Mark as Offline in the Operation column. In the displayed dialog box, fill in Processor, Processing Time, and Processing Result, and click OK.
  • The security score is updated when you refresh the status of an alarm event after the risk is handled. After you address the risks, you can click Check Again so that SA can check and score your system again.
    • It takes some time for a check to finish. You can refresh the page to get the new security score five minutes after you start the recheck.
    • After risks are fixed, you can manually ignore or handle alarm events and update the alarm event status in the alarm list. The risk severity will then be downgraded accordingly.
  • The security score reflects the security situation of your system last time you let SA check the system. To obtain the latest score, click Check Again.

Security Monitoring

The Security Monitoring area includes Threat Alarms, Vulnerabilities, and Compliance Check, which sort risks that have not been handled.

Figure 2 Security Monitoring
Table 1 Security Monitoring parameters

Parameter

Description

Threat Alarms

This panel displays the unhandled threat alarms for the last 7 days. You can quickly learn of the total number of unhandled threat alarms and the number of vulnerabilities at each severity level.

  • Risk severity levels:
    • Critical: Unauthorized access to your workloads has been detected, and you should view alarm details and handle the alarm in a timely manner.
    • High: There are abnormal events on your workloads, and you should view alarm details and handle the alarm in a timely manner.
    • Others: There are risky events that are marked as medium-risk, low-risk, and informational alarms detected in your systems, and you should view alarm details and take necessary actions.
  • To quickly view details of the top 5 threat alarms for the last 7 days, click the Threat Alarms panel. Figure 3 shows an example.
    • You can view details of those threats, including the threat alarm name, severity, asset name, and discovery time.
    • If there is no data available, that means that no threat alarms have been triggered in the last 7 days.
    • You can click View More to go to the Events tab and view more alarms. You can apply custom search filters to query alarms. For details about how to view threat alarms, see Threat Alarms Overview.
    Figure 3 Viewing real-time alarms

Vulnerabilities

This panel displays the top five vulnerability types and the total number of unfixed vulnerabilities in your assets detected in the last 24 hours. You can quickly learn of the total number of unfixed vulnerabilities and the number of vulnerabilities at each severity level.

  • Risk severity levels:
    • Critical: There are vulnerabilities in your workloads, and you should view vulnerability details and handle the vulnerability in a timely manner.
    • High: There are abnormal events on your workloads, and you should view vulnerability details and handle the vulnerability in a timely manner.
    • Others: There are risky events that are marked as medium-risk, low-risk, and informational alarms detected in your systems. You can view vulnerability details to learn what actions need to be taken.
  • When you click the Top 5 Vulnerability Types tab, the system displays the top 5 vulnerability types.
    • Vulnerability rankings are based on the number of hosts a vulnerability affects. The vulnerability that affects the most hosts ranked the first.
    • The data is only displayed in Top 5 Vulnerability Types if the hosts have Host Security Service (HSS) Agent version 2.0 installed. If no data is displayed or you want to view the top 5 vulnerability types, upgrade Agent from 1.0 to 2.0.
    Figure 4 Top 5 Vulnerability Types
  • Click Top 5 Real-Time Vulnerabilities tab. The system displays the top 5 vulnerability events detected in the last 24 hours. You can quickly view vulnerability details. Figure 5 shows an example.
    • You can view details such as the vulnerability name, severity, asset name, and discovery time.
    • If there is no data available, no vulnerabilities were detected on the current day.
    • You can click View More to go to the Events tab and view more vulnerabilities. You can apply custom search filters to query vulnerability information.
    Figure 5 Viewing real-time vulnerabilities

Compliance Check

This panel displays the total number of compliance violations detected for the last 30 days. You can quickly learn of total number of violations and the number of violations at each severity level.

  • Risk severity levels:
    • Critical: There are some configurations that failed compliance checks on your workload, and you should view their details and handle them in a timely manner.
    • High: There are abnormal settings on your workloads, and you should view details about compliance violations and handle them in a timely manner.
    • Others: There are risky events that are marked as medium-risk, low-risk, and informational alarms detected in your systems, and you should view the compliance check details and take the necessary actions.
  • To quickly view details of the top 5 abnormal compliance risks discovered in the last 30 days, click the Compliance Check panel. Figure 6 shows an example.
    • You can view details such as the check item name, severity, asset name, and discovery time.
    • If there is no data available, that means no violations have been detected in the last 30 days.
    • You can click View More to go to the Events tab and view more compliance risks. You can apply custom search filters to make an advanced search. For details, see Cloud Service Baseline Overview.
    Figure 6 Viewing compliance risks

Your Security Score over Time

SA displays your security scores for the last 7 days.

Figure 7 Your Security Score over Time

Threat Detection

The Threat Detection area displays the number and types of alarms detected on your assets in the last seven days.

Managed Threat Detection (MTD) continuously scans for malicious activities and unauthorized behavior to protect your accounts and workloads. It integrates detection models, such as an AI detection engine, threat intelligence, and detection policies, to identify threats and generate detection reports. By analyzing the detection results, MTD improves the accuracy of alarm notifications and threat detection, and simplifies O&M.

If you want to use MTD to monitor access behavior and potential threats using access logs, to generate alarms, and output alarm results, subscribe to MTD. If MTD is not enabled, click Buy Now.

Figure 8 Enabling MTD
Parent topic: Security Overview