Security Center provides detailed baseline check results and suggestions on how to manage baseline risks. This topic describes how to view baseline check results and manage baseline risks in the Security Center console. Security Center provides the following baseline check details: affected assets, checked items, and suggestions on how to manage baseline risks.

Prerequisites

Security Center has run a baseline check. For more information, see Baseline check.

Background information

After you enable the baseline check feature, Security Center runs baseline checks on all assets based on the default baseline check policy. You can also create custom baseline check policies to customize baseline checks for specific assets. For more information, see Create and configure a baseline check policy.

View the summary of baseline check results

  1. Login Cloud security center console.
  2. In the left-side navigation pane, click Protection > Baseline Check.
  3. On the Baseline Check page, you can view the summary of baseline check results. You can filter data by policy.
    Summary of baseline check results

    You can select a policy from the Select Policy drop-down list to view the following information.

    • Checked Servers: The number of servers on which the baseline check runs. These servers are the ones specified in the selected baseline check policy.
    • Check Items: The number of baselines specified in the selected baseline check policy.
    • Last Pass Rate: The pass rate of the last baseline check.

      If the number under Last Pass Rate is green, the pass rate of the checked servers is high. If this number is red, a large number of baseline risks have been detected on the checked servers. We recommend that you view the check result details and manage the failed check items.

      For more information about baseline check risks, see View failed check items.

      For more information about managing baseline check risks, see Manage failed check items.

View all check items

  1. Login Cloud security center console.
  2. In the left-side navigation pane, click Protection > Baseline Check.
  3. Select All from the Select Policy drop-down list.
    Baseline check
    The Baseline Check page displays information about all baseline check items, including the name of each Baseline, the Category, the time of the Last Check, the Check Items, and the Failed Items/Affected Servers.
    Note You can also select a baseline check policy from the Select Policy drop-down list to view the check items specified in this policy.

View baseline check details

  1. Login Cloud security center console.
  2. In the left-side navigation pane, click Protection > Baseline Check.
  3. In the Baseline column, click the target baseline to view the baseline check details.
    Baseline check details
    Baseline check details include the checked assets, and the Passed Items and At-Risk Items of the assets.
  4. Manage detected baseline risks on the baseline check details page.
    • Find the target asset, and click View in the Actions column to go to the At-Risk Items page. For more information, see View failed check items.
    • You can click Verify in the Actions column of an asset to check whether failed check items have been managed for the asset. If the verification passes, the number of At-Risk Items is reduced accordingly. The status of the check item also becomes Passed.
    • You can click Undo Fix in the Actions column of an asset, select a snapshot, and then click OK to roll back to the selected snapshot. Risk management operations will be undone.
      Note If service interruptions occur due to risk fix failures, and the asset has a snapshot, Security Center allows you to Undo operations performed on the asset. After operations are undone, the asset is rolled back to the specified snapshot.

View failed check items

  1. On the baseline check details page, find the target asset and click View in the Actions column to view failed check items.
    The list of failed check itemsYou can view the check items of the asset and the status of the check items (Passed or Failed).
  2. Click Details in the Actions column to view the description, result, and suggestion for this check item.
    Details of a failed check item
Note We recommend that you follow the suggestions to manage Failed check items at the earliest opportunity, especially the high-risk check items. For more information, see Manage failed check items.

Manage failed check items

On the At-Risk Items page, manage failed check items as needed.

Manage failed check items
  • Fix baseline risks
    Find the target failed check item, and click Fix in the Actions column. In the Repair Risk Check Item dialog box that appears, set the parameters and click Fix Now.Fix baseline risks
    • Batch Configuration: Click Details on the right side of Batch Configuration. Assets that have this risk are listed. Select the assets to which you want to apply the selected Repair Method.
    • Repair Method: Select a Repair Method.
      Note Different risks require different fixes. Select a method to fix risks based on the actual scenario.
    • Risk Protection: Select whether to automatically create snapshots. We recommend that you select the Create snapshots automatically and fix check box.
      Note Services may be interrupted if the system fails at fixing the risk. We recommend that you create a snapshot of the system before you fix the risk. By using snapshots, you can undo operations and roll back your workload to the previous state.
    Note After the fix operation is completed, you can manually check whether the risk is fixed. Security Center also automatically checks whether risks are fixed based on the detection interval specified in the policies.
  • Add a check item to the whitelist
    If you want to disable alerts for a check item, click Whitelist to add the check item to the whitelist. Check items added to the whitelist no longer trigger alerts. For more information, see Add a check item to the whitelist.Add a check item to the whitelist
    Note You can also select multiple check items and click Whitelist in the lower-left corner to add the check items to the whitelist at the same time.
  • Remove a check item from the whitelist
    If you want to enable alerts for a check item in the whitelist, you can Remove the check item from the whitelist. You can remove one or more check items from the whitelist at a time. After a check item is removed from the whitelist, the check item triggers alerts again.Remove a check item from the whitelist
  • Verify fixed risks

    After you fix a baseline risk, click Verify to check whether the risk has been fixed. After you click Verify, the status of the check item becomes Verifying.

    Verifying

    If you do not manually perform verification, Security Center automatically verifies the check item based on the detection interval specified in the policies.

    After the verification passes, the Status of the check item becomes Passed.