Security Center provides the asset fingerprints feature that periodically collects and records the information about the ports, software, processes, accounts, scheduled tasks, and middleware on your servers. This feature allows you to monitor the running status of your assets and trace the sources of security issues. The Security Center console provides an overview of asset fingerprints and the details of the fingerprints. This topic provides an overview of the asset fingerprints feature, including relevant characteristics and the data that the feature collects.

Prerequisites

The asset fingerprints feature is supported by the Enterprise edition only. To use this feature, you must upgrade the Basic, Basic Anti-Virus, or Advanced edition of Security Center to the Enterprise edition. For more information about how to upgrade the Security Center, see Upgrade and downgrade.

Background information

  • The asset fingerprints feature can collect, record, and analyze the following fingerprint information: listened ports, software assets, running progresses, account assets, paths of scheduled tasks, and middleware (system components that can run independently, such as MySQL databases).
  • You can click Settings on the Asset Fingerprints page to set the time interval at which the preceding fingerprint information is collected.
  • You can go to the Assets page to manually run a task that collects fingerprint information about a single asset.

Asset fingerprints

Asset fingerprint Description Scenario
Ports Listened ports. This feature periodically collects information about the listened ports. The information includes:
  • Server information: the server that listens on the port.
  • Process: the server process that listens on the port.
  • IP: the IP address of the network interface controller (NIC) that is associated with the listened port.
  • Latest Collection Time: the last time when Security Center collected information about the listened port.
  • Checks the servers that listen on a specific port.
  • Checks the ports that are open on a specific server.
Software Software assets. This feature periodically collects information about the software installed on your servers. The information includes:
  • Server information: the server where the software is installed.
  • Version: the version of the software.
  • Software Directory: the path where the software is installed.
  • Software Update Time: the time when the software version was updated.
  • Latest Collection Time: the last time when Security Center collected information about the software.
  • Checks software that is installed without your authorization.
  • Checks outdated software.
  • Quickly locates the affected assets when a large number of vulnerabilities are detected.
Processes Running processes. This feature periodically collects information about the processes that are running on your servers. The information includes:
  • Server information: the server where the process is running.
  • Process path: the path of the process.
  • Startup parameters: the starting parameters of the process.
  • Start time: the time when the process was started.
  • Running user: the information about the user who started the process.
  • Run permission: the permissions of the user who started the process.
  • PID: the ID of the process.
  • Parent process: the parent process to which the process belongs.
  • File MD5: the MD5 file of the process.
  • Latest Collection Time: the last time when Security Center collected information about the process.
  • Checks the servers that run a specific process.
  • Checks the processes that are running on a specific server.
Accounts Account assets. This feature periodically collects information about the accounts of your servers. The information includes:
  • Server information: the server to which the account belongs.
  • Logon Permission: whether the account has the logon permission.
  • Root Permission: whether the account has the root permission.
  • User Group: the user group to which the account belongs.
  • Expiration Time: the time when the operation permissions of the account expire.
  • Last Login: the last logon time of the account.
  • Latest Collection Time: the last time when Security Center collected information about the account.
  • Checks the servers where a specific account is created.
  • Checks the accounts that are created on a specific server.
Scheduled tasks This feature periodically collects information about the paths of scheduled tasks that are periodically run on your servers. Information includes:
  • Server Information: the server where the scheduled task is run.
  • Command: the command used to run the scheduled task.
  • Task Cycle: the time interval at which the scheduled task is run.
  • MD5(Path): the MD5 hash value of the path where the scheduled task is run.
  • Account Name: the name of the account that runs the scheduled task.
  • Latest Collection Time: the last time when Security Center collected information about the scheduled task.
  • Checks the servers that contain the specific path of a scheduled task.
  • Checks the scheduled tasks that a specific server contains.
Middleware This feature periodically collects information about the middleware of your servers. Middleware refers to system components that can run independently, such as MySQL databases and Docker. Docker is a container component. Information includes:
  • Server Name: the server to which the middleware belongs.
  • Name: the name of the middleware.
  • Version: the version of the middleware.
  • PID: the PID of the process that is started by the middleware.
  • Container Name: the name of the container to which the middleware belongs.
  • Installation Path: the path where the middleware is installed.
  • Latest Collection Time: the last time when Security Center collects information about the middleware.
  • Image Name: the name of the image to which the middleware belongs.
  • Checks the middleware on a specific server.
  • Checks the servers that contain a specific type of middleware.

Overview

You can log on to the Security Center console and choose Investigation > Asset Fingerprints to view the following information: top five open ports, top five software, top five processes, top five with the same account, top five middleware, and the latest accounts.

Note The Overview tab displays the top five numbers of servers to which the fingerprint information belongs. The top five numbers are displayed in descending order.
The Overview tab

You can click Details in each section to go to the relevant tab that displays more fingerprint details. For more information, see View asset fingerprints data.