Security Center provides the asset fingerprints feature that periodically collects and records the information about the ports, software, processes, accounts, scheduled tasks, and middleware on your servers. This feature allows you to monitor the running status of your assets and trace the sources of security events. You can log on to the Security Center console to view fingerprint information on the Overview tab and the tabs of a specific asset fingerprint. This topic describes the asset fingerprints feature, the Overview tab of the Asset Fingerprints page, and the information that this feature collects.

Limits

Only the Enterprise and Ultimate editions of Security Center support this feature. If you do not use these editions, you must upgrade Security Center to the Enterprise or Ultimate edition before you can use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Feature.

Background information

  • The asset fingerprints feature can collect, record, and analyze fingerprints such as listener ports, software assets, running progresses, account assets, paths of scheduled tasks, and middleware. Middleware refers to system components that can independently run, such as MySQL databases.
  • You can click Settings on the Asset Fingerprints page to set the time interval at which the preceding fingerprint information is collected.
  • You can go to the Assets page to manually run a task that collects fingerprint information about a single asset.

Introduction to the Overview tab of the Asset Fingerprints page

You can log on to the Security Center console and choose Investigation > Asset Fingerprints to open the Asset Fingerprints page. On the Overview tab, you can view the fingerprints based on the following categories: Top 5 Open Ports, Top 5 Software, Top 5 Processes, Top 5 With The Same Account, Middleware TOP5, and Latest Account.

Note The Overview tab displays the top five numbers of servers to which the fingerprints belong. The top five numbers are displayed in descending order.

You can click Details in each section to go to the relevant tab that displays more fingerprint details. For more information, see View asset fingerprints.

Asset fingerprints

Asset fingerprint Description Scenario
Ports Listener ports. This feature periodically collects information about the listener ports. The information includes the following items:
  • Server information: the server that listens on the port.
  • Process: the server process that listens on the port.
  • IP: the IP address of the network interface controller (NIC) that is associated with the listener port.
  • Latest Collection Time: the last time when Security Center collected the information about the listener port.
  • Check the servers that listen on a specific port.
  • Check the ports that are open on a specific server.
Software Software assets. This feature periodically collects information about the software that is installed on your servers. The information includes the following items:
  • Server information: the server on which the software is installed.
  • Version: the version of the software.
  • Software Directory: the path of the software that is installed.
  • Software Update Time: the time when the software version is updated.
  • Latest Collection Time: the last time when Security Center collected the information about the software.
  • Check software that is installed without your authorization.
  • Check outdated software.
  • Locate affected assets when a large number of vulnerabilities are detected.
Processes Running processes. This feature periodically collects information about the processes that are running on your servers. The information includes the following items:
  • Server information: the server on which the process is running.
  • Process path: the path of the process.
  • Startup parameters: the startup parameters of the process.
  • Start time: the time when the process was started.
  • Running user: the information about the user who started the process.
  • Run permission: the permissions of the user who started the process.
  • PID: the ID of the process.
  • Parent process: the parent process to which the process belongs.
  • File MD5: the MD5 file of the process.
  • Latest Collection Time: the last time when Security Center collected the information about the process.
  • Check the servers that run a specific process.
  • Check the processes that are running on a specific server.
Accounts Account assets. This feature periodically collects information about the accounts of your servers. The information includes the following items:
  • Server information: the server in which the account is created.
  • Logon Permission: whether the account is granted the logon permissions.
  • ROOT Permission: whether the account is granted the root permissions.
  • User Group: the user group to which the account belongs.
  • Expiration Time: the time that the operation permissions of the account expire.
  • Last Login: the last logon time of the account.
  • Latest Collection Time: the last time when Security Center collected the information about the account.
  • Check the servers in which a specific account is created.
  • Check the accounts that are created on a specific server.
Scheduled tasks This feature periodically collects information about the paths of scheduled tasks that are run on your servers. The information includes the following items:
  • Server information: the server in which the scheduled task is run.
  • Command: the command used to run the scheduled task.
  • Task Cycle: the time interval at which the scheduled task is run.
  • MD5 (Path): the MD5 hash value for the path of the scheduled task.
  • Account Name: the name of the account that runs the scheduled task.
  • Latest Collection Time: the last time when Security Center collected the information about the scheduled task.
  • Check the servers that contain the specific path of a scheduled task.
  • Check the scheduled tasks that a specific server contains.
Middleware This feature periodically collects information about the middleware of your servers. The middleware refers to system components that can independently run, such as MySQL databases and Docker. Docker is a container component. The information includes the following items:
  • Server Name: the server to which the middleware belongs. This column displays the name and IP address of the server.
  • Version: the version of the middleware.
  • PID: the ID of the process that started the middleware.
  • Installation Path: the path where the middleware is installed.
  • Latest Collection Time: the last time when Security Center collected the information about the middleware.
  • Version Verification: the image that contains the middleware.
  • Parent Process: the ID of the parent process to which the process belongs.
  • Enable User: the user who started the middleware.
  • Check the middleware on a specific server.
  • Check the servers that contain a specific type of middleware.