检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Before using baseline inspection, alert management, log audit, and security orchestration in SecMaster, you need to create at least one workspace first. You can use workspaces to group your resources by application scenario. This will make security operations more efficient.
Prerequisites You have enabled access to HSS and WAF alerts on the Log Audit > Cloud Service Access page. You have enabled the function of automatically converting logs into alerts for HSS. For details, see Enabling Log Access.
The procedure is as follows: In the navigation pane on the left in the target workspace, choose Log Audit > Cloud Service Access. Locate the HSS baseline row in the Host Security Service, click in the Automatically converts alarms column. Click Save.
Figure 1 Workspace management page (Optional) In the navigation pane on the left, choose Log Audit > Cloud Service Access. On the displayed page, locate the row where SecMaster is located, enable the log access to compliance baseline logs in the Logs column.
It can detect and defend against intrusions in real time, control traffic in a unified manner, analyze traffic and visualize results, audit logs, and trace traffic sources. You can scale CFW resources as needed.
Figure 9 Workspace management page In the navigation pane on the left, choose Log Audit > Components. Figure 10 Node management page On the Nodes tab, locate the row that contains the target node and click Edit in the Operation column.
Billing mode: yearly/monthly Edition: Professional edition ECS quota: 50 Value-added package: large screen, log audit, security analysis, and security orchestration The following shows the operation process in this scenario.
Figure 1 Workspace management page In the navigation pane on the left, choose Log Audit > Security Data. Figure 2 Accessing the Security Analysis tab In the data space navigation tree on the left, click a data space name to show the pipeline list. Click a pipeline name.
Figure 1 Workspace management page In the navigation pane on the left, choose Log Audit > Security Data. Figure 2 Accessing the Security Analysis tab In the data space navigation tree on the left, click a data space name to show the pipeline list. Click a pipeline name.
It can detect and defend against intrusions in real time, control traffic in a unified manner, analyze traffic and visualize results, audit logs, and trace traffic sources. You can scale CFW resources as needed.
Log Audit Function description: It collects varied types of log data and stores the collected data for security analysis. You can set New Log for each day and Log Retention Duration.
In the navigation pane on the left, choose Log Audit > Cloud Service Access. On the displayed page, click One-Click Log Integration.
Prerequisites You have enabled access to CTS logs on the Log Audit > Cloud Service Access page in the workspace in SecMaster. For details, see Enabling Log Access. The corresponding O&M defense model has been enabled. For details, see Step 2: Enable the Alert Model.
Log Audit Buy later Security Analysis Buy later Security Orchestration Buy later Tag Tag key: test Tag value: 01 Tags attached to SecMaster to identify resources. For details about tags, see Tag Management Service.
Log audit If you have purchased a pay-per-use SecMaster edition, the security data collection and retention services you buy separately are also billed on a pay-per-use basis.
Log audit If you have purchased a yearly/monthly SecMaster edition, the security data collection and retention services you buy separately are also billed on a yearly/monthly basis.
Yearly/Monthly and pay-per-use billing Yearly/Monthly billing: Large screen - Security situation metric unit price x Required duration Pay-per-use subscriptions: Large screen – Unit price of security situation metrics x Billing duration Log audit If security data collection and storage
/Worm Malicious file Malicious File Malicious file Reverse shell Reverse Shell Reverse shell Trojan Backdoor Trojan Trojan Botnet Botnet Program Botnet Ransomware Ransomware Ransomware Bitcoin Miner Bitcoin Miner Bitcoin Miner Mining software Mining Software Mining software Risk Audit
You can use the following examples to learn how to query a specific trace: Use CTS to audit Elastic Volume Service (EVS) creation and deletion operations from the last two weeks. For details, see Security Auditing.
Table 6 Response body parameters Parameter Type Description count Integer Total records. audit_logs Array of AuditLogInfo objects Audit log list. Table 7 AuditLogInfo Parameter Type Description instance_type String Instance type.
