Security Center provides an asset overview feature that can periodically collect asset fingerprint data, including port, software, process, and account data. This feature helps you monitor the status of your assets, and trace and analyze issues. The Security Center console provides an overview of asset fingerprints, which are categorized into four types. This topic describes the characteristics of the asset fingerprints feature, the data this feature collects, and the overview of asset fingerprints.

Prerequisites

This feature is supported by the Enterprise edition only. You must upgrade the Basic or Advanced edition to the Enterprise edition before you can use this feature. For more information, see Upgrade Security Center.

Background

  • The asset fingerprints feature collects and records the following types of fingerprints: ports, software, processes, and accounts.
  • You can set the data refresh frequencies of these fingerprints in the settings of this feature.
  • To collect the fingerprint data of individual assets, navigate to the Assets page and manually run a collection task.

Asset fingerprint data

Asset fingerprint Description Scenario
Ports The server ports listened by Security Center. This feature periodically collects the information about the ports listened by Security Center. Information includes:
  • Server Information: The server to which the listened port belongs.
  • Process: The process that uses the ports.
  • IP: The IP address of the network interface card that is associated with the listened port.
  • Latest Collection Time: The last time when the port information is collected.
  • Scans for servers that have a specified port listened by Security Center.
  • Scans for ports that are open on a server.
Software The software assets on a server. This feature periodically collects the information about the software on a server. Information includes:
  • Server Information: The server on which the software is installed.
  • Version: The version of the software.
  • Software Directory: The installation path of the software.
  • Software Update Time: The time when the software is updated.
  • Latest Collection Time: The last time when the software information is collected
  • Scans for software that are installed without your consent.
  • Scans for outdated software.
  • Quickly locates the affected assets when a large number of vulnerabilities are detected.
Processes The processes running on a server. This feature periodically collects the information about processes on a server. Information includes:
  • Server Information: The server that runs the process.
  • Process Path: The path of the process.
  • Startup Parameters: The parameters used to start the process.
  • Start Time: The time when the process is started.
  • Running User: The user that starts the process.
  • Run Permission: The permission of the user that starts the process.
  • PID: The ID of the process.
  • Parent Process: The parent process of the process.
  • File MD5: The MD5 file that is used to run the process.
  • Latest Collection Time: The last time when the process information is collected.
  • Scans for servers that run a specified process.
  • Scans for processes running on a server.
Accounts The accounts created on a server. This feature periodically collects the information about accounts created on a server. Information includes:
  • Server Information: The server to which the account belongs.
  • Logon Permission: Whether the account has the logon permission.
  • Root Permission: Whether the account has the root permission.
  • User Group: The user group to which the account belongs.
  • Expiration Time: The time when the operation permissions of the account expire.
  • Last Login: The last logon time of the account.
  • Latest Collection Time: The last time when the account information is collected.
  • Scans for servers where a specified account is created.
  • Scans for accounts created on a server.

View the overview of asset fingerprints

Log on to the Security Center console, and choose Investigation > Asset Fingerprints in the left-side navigation pane. Select the Overview tab. This tab displays the top five most frequently used ports, software, and processes, the top five accounts that are created on different servers, and the newest accounts.

Note The Overview tab displays the top five items based on the number of servers to which the items belong in descending order.
The overview of asset fingerprints

You can click Details in each section to go to the relevant tab that displays more fingerprint details. For more information, see View asset fingerprint data.