The asset exposure analysis feature automatically analyzes the exposures of your Elastic
Compute Service (ECS) instances on the Internet and visualizes the communication links
between ECS instances and the Internet. It also displays details about the vulnerabilities
in the exposed ECS instances in a centralized manner. The feature helps you identify
abnormal exposures of your assets on the Internet and provides suggestions on vulnerability
fixes. This topic describes how to use the asset exposure analysis feature of Security
Center.
Background information
- The analysis results of asset exposures are automatically refreshed on a daily basis.
You do not need to manually refresh the results.
- You can use the asset exposure analysis feature only in Security Center Enterprise.
If you do not use this edition, you must upgrade Security Center to the Enterprise
edition before you can use this feature.
Limits
- The analysis results of asset exposures only involve the exposures of your ECS instances
on the Internet. The results do not contain the exposures of servers that are not
deployed on Alibaba Cloud on the Internet.
- The asset exposure analysis feature depends on the middleware information collected
in asset fingerprints. To collect the middleware information, perform the following
operations: In the upper-right corner of the Asset Fingerprints page, click Settings. In the Settings dialog box, set Middleware to Collected once an hour, Collected once 3 hours, Collected once 12 hours, or Collected once a day. If you set Middleware to Disable or Collected once every 7 days, the asset exposure analysis feature does not refresh the analysis results on a daily
basis. For more information, see Automatic collection.
Statistics
The Asset Exposure Analysis page displays the exposure statistics of the assets on the Internet and the details
of the exposures. The following table describes the details of the exposures.
Item |
Description |
Exposed Assets |
The total number of servers that are exposed on the Internet. |
Gateways |
The total number of gateway assets that are exposed on the Internet. The gateway assets
include NAT gateways and Server Load Balancer (SLB) instances.
|
Public IP |
The total number of IP addresses that are exposed on the Internet. |
Exposed Ports |
The total number of ports that are exposed on the Internet. |
Exposed Component |
The total number of server components that are exposed on the Internet. The components
include OpenSSL and OpenSSH.
|
Exploitable Vul |
The total number of vulnerabilities that can be exploited by attackers and the numbers
of high-risk, medium-risk, and low-risk vulnerabilities. You can click the number
of high-risk, medium-risk, or low-risk vulnerabilities to go to the Vulnerabilities page. The priorities of vulnerabilities are marked in different colors:
- High-risk vulnerabilities: red. These vulnerabilities pose major threats to your assets.
We recommend that you pay attention to and fix the vulnerabilities at the earliest
opportunity.
- Medium-risk vulnerabilities: orange. These vulnerabilities cause damages to your assets.
We recommend that you fix the vulnerabilities at the earliest opportunity.
- Low-risk vulnerabilities: gray. These vulnerabilities are less harmful to your assets
than the preceding vulnerabilities. You can fix low-risk vulnerabilities at your convenience.
|
View the exposure details about an asset
The asset exposure details panel shows the communication link between assets and the
Internet. You can perform the following operations to view the exposure details about
an asset.
- Log on to the Security Center console.
- In the left-side navigation pane, click Asset Exposure Analysis.
- Specify filter conditions above the exposed asset list to query the assets that you
want to view.
You can query the assets on which vulnerabilities are detected or no vulnerabilities
are detected. You can also filter assets by asset group. Alternatively, you can enter
a public IP address, port number, component name, name of your ECS instance, or ID
of your ECS instance.
In the upper-right corner of the exposed asset list, click the

icon to export and save the exposure details of the assets to your computer. The
exposure details of the assets are exported to an Excel file.
Note The time that requires to export the exposure details varies based on the size of
asset data.
- Find the asset that you want to view and click Exposure Details in the Operation column.
- In the panel that appears, view the communication link topology between the asset
and the Internet, the details of the link, and the details of the vulnerabilities.

If your server accesses the Internet by using multiple methods, the communication
link topology shows multiple paths to access the Internet. For example, if your server
accesses the Internet by using NAT gateways and SLB instances, the communication link
topology shows you the two communication links used to access the Internet. Click
the asset on each access path to switch to the path and view the path details.
Different colors of communication link topologies indicate different priorities of
the vulnerabilities detected in the asset:
- Red: indicates that high-risk vulnerabilities are detected in your asset and can be
exploited by attackers over the Internet.
- Orange: indicates that medium-risk vulnerabilities are detected in your asset and
can be exploited by attackers over the Internet.
- Gray: indicates that low-risk vulnerabilities are detected in your asset and can be
exploited by attackers over the Internet.
- Green: indicates that no vulnerabilities that can be exploited by attackers over the
Internet are detected in your assets.
Note The mappings between the colors of communication link topologies and priorities of
vulnerabilities apply only to your assets. The mappings do not apply to other components
of the communication link topology, such as the Internet. The icon that indicates
the Internet is gray by default.
- Optional:Click a vulnerability name to go to the Application tab of the Vulnerabilities page
and view the details of the application vulnerability detected in the asset.
In the vulnerability list that shows the application vulnerabilities detected in the
asset, you can view the details of the vulnerabilities and manually fix the vulnerabilities
based on the fix suggestions. We recommend that you fix high-risk vulnerabilities
at the earliest opportunity. For more information, see
Application vulnerabilities.