Security Center provides the asset fingerprints feature that periodically collects and records information about the ports, software, processes, accounts, scheduled tasks, and middleware on your servers. This feature allows you to monitor the running status of your assets and trace the sources of security events. You can log on to the Security Center console to view fingerprint information on the Overview tab and the tabs of a specific asset fingerprint. This topic provides an overview of the asset fingerprints feature, including relevant characteristics and the data that the feature collects.

Prerequisites

The asset fingerprints feature is supported only by the Enterprise edition. To use this feature, you must upgrade the Basic, Basic Anti-Virus, or Advanced edition of Security Center to the Enterprise edition. For more information about how to upgrade an edition of Security Center, see Upgrade and downgrade Security Center.

Background information

  • The asset fingerprints feature can collect, record, and analyze the following fingerprint information: listened ports, software assets, running progresses, account assets, paths of scheduled tasks, and middleware. The middleware refers to system components that can run independently, such as MySQL databases.
  • You can click Settings on the Asset Fingerprints page to set the time interval at which the preceding fingerprint information is collected.
  • You can go to the Assets page to manually run a task that collects fingerprint information about a single asset.

Introduction to the Overview tab of the Asset Fingerprints page

You can log on to the Security Center console and choose Investigation > Asset Fingerprints to open the Asset Fingerprints page. On the Overview tab, you can view fingerprint information in the following sections: Top 5 Open Ports, Top 5 Software, Top 5 Processes, Top 5 With The Same Account, Middleware TOP5, and Latest Account.

Note The Overview tab displays the top five numbers of servers to which the fingerprint information belongs. The top five numbers are displayed in descending order.
The Overview tab

You can click Details in each section to go to the relevant tab that displays more fingerprint details. For more information, see View asset fingerprints data.

Asset fingerprints

Asset fingerprint Description Application scenario
Ports Listened ports. This feature periodically collects information about the listened ports. The information includes the following items:
  • Server information: the server that listens on the port.
  • Process: the server process that listens on the port.
  • IP: the IP address of the network interface controller (NIC) that is associated with the listened port.
  • Latest Collection Time: the last time when Security Center collected information about the listened port.
  • Check the servers that listen on a specific port.
  • Check the ports that are open on a specific server.
Software Software assets. This feature periodically collects information about the software that is installed on your servers. The information includes the following items:
  • Server information: the server where the software is installed.
  • Version: the version of the software.
  • Software Directory: the path where the software is installed.
  • Software Update Time: the time when the software version was updated.
  • Latest Collection Time: the last time when Security Center collected information about the software.
  • Check software that is installed without your authorization.
  • Check outdated software.
  • Locate affected assets when a large number of vulnerabilities are detected.
Processes Running processes. This feature periodically collects information about the processes that are running on your servers. The information includes the following items:
  • Server information: the server where the process is running.
  • Process path: the path of the process.
  • Startup parameters: the starting parameters of the process.
  • Start time: the time when the process was started.
  • Running user: the information about the user who started the process.
  • Run permission: the permissions of the user who started the process.
  • PID: the ID of the process.
  • Parent process: the parent process to which the process belongs.
  • File MD5: the MD5 file of the process.
  • Latest Collection Time: the last time when Security Center collected information about the process.
  • Check the servers that run a specific process.
  • Check the processes that are running on a specific server.
Accounts Account assets. This feature periodically collects information about the accounts of your servers. The information includes the following items:
  • Server information: the server where the account is created.
  • Logon Permission: whether the account has the logon permission.
  • ROOT Permission: whether the account has the root permission.
  • User Group: the user group to which the account belongs.
  • Expiration Time: the time when the operation permissions of the account expire.
  • Last Login: the last logon time of the account.
  • Latest Collection Time: the last time when Security Center collected information about the account.
  • Check the servers where a specific account is created.
  • Check the accounts that are created on a specific server.
Scheduled tasks This feature periodically collects information about the paths of scheduled tasks that are run on your servers. The information includes the following items:
  • Server information: the server where the scheduled task is run.
  • Command: the command used to run the scheduled task.
  • Task Cycle: the time interval at which the scheduled task is run.
  • MD5 (Path): the MD5 hash value for the path of the scheduled task.
  • Account Name: the name of the account that runs the scheduled task.
  • Latest Collection Time: the last time when Security Center collected information about the scheduled task.
  • Check the servers that contain the specific path of a scheduled task.
  • Check the scheduled tasks that a specific server contains.
Middleware This feature periodically collects information about the middleware of your servers. The middleware refers to system components that can run independently, such as MySQL databases and Docker. Docker is a container component. The information includes the following items:
  • Server Name: the server to which the middleware belongs. This column displays the name and IP addresses of the server.
  • Version: the version of the middleware.
  • PID: the ID of the process that started the middleware.
  • Installation Path: the path where the middleware is installed.
  • Latest Collection Time: the last time when Security Center collected information about the middleware.
  • Version Verification: the image that contains the middleware.
  • Parent Process: the ID of the parent process to which the process belongs.
  • Enable User: the user who started the middleware.
  • Check the middleware on a specific server.
  • Check the servers that contain a specific type of middleware.