This topic describes how to view the check results of configuration assessment for your cloud services and handle the detected configuration risks in the Security Center console. You can view the check items, details of check items, potential impacts caused by the detected configuration risks, and suggestions on how to handle the detected configuration risks. You can handle the detected configuration risks on the Cloud Platform Configuration Assessment page in a centralized manner.

Prerequisites

Configuration assessment is performed on your cloud services. For more information, see Perform configuration assessment on cloud services.

Background information

For more information about the configuration risks that can be detected by Security Center, see Check items.

Only Security Center Enterprise supports configuration assessment.

View check results

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Config Assessment.
  3. On the Cloud Platform Configuration Assessment page, view the details of check results. Cloud Platform Configuration Assessment
    • View the statistics of the check result

      You can view the total number of at-risk items and the numbers of risks at different levels in the At-Risk Items section, and the number of assets on which risks are detected in the Risks section. You can also view the number of disabled check items in the Check item not enabled section, the number of enabled check items in the Checked items enabled section, and the time when the check was last performed in the Last Checked At section.

      You can click the number below Check item not enabled or Checked items enabled to view the disabled or enabled check items.

    • View check items
      You can view the information about the check items in the check item list. The information includes the severities of check items, the number of affected assets, the types of affected assets, the types of check items, and the time when the check was last performed. The severities of check items are displayed in the Severity/Affected Assets column and are identified in different colors. The following list describes the severities:
      • High Risk: The severity of High Risk is displayed in red and indicates that this item poses major threats to your assets. We recommend that you handle this high-risk item at the earliest opportunity.
      • Medium Risk: The severity of Medium Risk is displayed in orange and indicates that this item causes damages to your assets. You can handle this medium-risk item at your convenience.
      • Low Risk: The severity of Low Risk is displayed in gray and indicates that this item is less harmful to your assets. You can temporarily ignore this low-risk item.
      • Secure: The severity of Secure is displayed in green and indicates that no risks are detected.
    • View details of the check result
      You can click the name of the checked item in the Checked Item column to go to the details page. You can view the check description, potential risks, and suggestions on how to manage the risks on the details page. View the details of check results

Manage configuration risks

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Config Assessment.
  3. On the Cloud Platform Configuration Assessment page, handle the detected configuration risks of your cloud services. Handle the detected configuration risks of your cloud services
    You can perform the following operations based on your business requirements:
    • Fix risks

      Click Repair in the Operate column of a check item to go to the details panel of the check item. You can also click the name of a check item in the Checked Item column to go to the details panel of the check item.

      Details panel of the check item

      If affected assets are displayed in the Risks section in the panel, click Fix in the Operate column of an affected asset to go to the Repair panel. In the panel, modify the configurations for which risks are detected by following the provided suggestions.

      Repair
      Note Security Center allows you to handle some configuration risks on the Cloud Platform Configuration Assessment page. To handle these risks, click Repair in the Operate column of a check item.
      • If assets are affected by the risks that are detected for a check item, click Repair in the Operate column of the check item to go to the details panel of the check item. In the panel, perform the preceding operations to fix the configuration risks.
      • If no assets are affected by the risks that are detected for a check item, click Repair in the Operate column to go to the Repair panel. In the panel, modify the configurations for which the risks are detected by following the provided suggestions.
    • Verify
      If you have modified the configurations for which risks are detected, find the check item in the check item list and click Verify in the Operate column to check whether the new configurations are at risk. Verify

      If you have modified the configurations for which multiple check items are involved, select the required check items and click Verify below the check item list. In the Ok message, click OK.

    • Whitelist

      If you trust a check item for which risks are detected, find the check item in the check item list and click Whitelist in the Operate column to add the check item to a whitelist. Then, the state of the check item is displayed as Ignored in the Severity/Affected Assets column. Ignored items will not be counted as part of the At-Risk Items.

      In the check item list, you can click Remove to remove ignored check items from the whitelist. Remove check items from the whitelist
      Note After you add a check item to the whitelist, the risk that is detected for the check item is ignored only for this time. If the risk is detected again, Security Center still displays the check result of this check item.

Export check results

In the upper-right corner of the check item list, click the The Export icon icon to export the check results to your computer. The check results are exported to an Excel file.

Note Only users of the Enterprise and Ultimate editions of Security Center can export the check results. If you use the Basic, Anti-virus, or Advanced edition, you cannot export the check results. If you use the Basic, Anti-virus, or Advanced edition and want to export the check results, upgrade Security Center to the Enterprise or Ultimate edition.