Security Center scans the source code stored on Github in real time to check whether the usernames and passwords of your assets are leaked. Security Center generates alerts on potential AccessKey leaks to help you minimize risks.

Background information

  • Enterprise employees may upload source code to Github. This may cause leaks of the endpoints and passwords of enterprise databases and the passwords of enterprise servers.
  • The AccessKey leak detection feature uses the threat intelligence collection system to detect source code on Github. In most cases, the source code is uploaded and open to public by enterprise employees. Security Center determines whether the source code contains usernames and passwords of assets such as Elastic Compute Service (ECS) instances, ApsaraDB RDS for MySQL instances, ApsaraDB RDS for Redis instances, and ApsaraDB RDS for MySQL instances. Security Center generates alerts upon potential leaks in real time to help you minimize risks.
  • On the Settings > Notifications page in the Security Center console, you can customize the notification time period of AccessKey leak alerts. Alerts are sent to you during the specified time only. You cannot receive real-time alert notifications upon AccessKey leaks that occur outside this time period.
Note By default, the AccessKey leak detection feature is enabled for all users.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Detection > AccessKey Leak.
  3. You can perform the following operations on the AccessKey Leak page.
    • View information about AccessKey leaks
      You can view the following information about AccessKey leaks detected by Security Center: the number of AccessKey leaks, the number of alerts on suspicious calls of the AccessKey, the alert list, the platform where the detection is performed, and the last detection time.View information about AccessKey leaks
    • Search for a specific AccessKey leak
      You can search for the leak records of a specific AccessKey by entering the AccessKey ID in the search box.Search for a specific AccessKey leak
    • View AccessKey leak details
      Select a record and click Details in the Actions column to view details.View AccessKey leak details
    • Manage AccessKey leaks
      In the Related recommendation section on the details page of an AccessKey leak, you can view the suggestions on how to manage the leak. You can perform the following operations:
      • Log on to the Log Service console. Search for the access log of the corresponding server and determine whether AccessKeys are leaked. For example, you can search for web access logs by setting the URL field to the file path that contains the AccessKey application file.
      • You can manually delete or manually disable the AccessKey, or add the AccessKey to the whitelist as needed.
        On the Leak Detection by AccessKey page, find and click the target leak record and click Processing in the Actions column, and then select a method to manage the leak.Manage AccessKey leaks

        If you add the AccessKey to the whitelist, the status of the leak record becomes Whitelisted and is listed in the Handled list.

        If you want to remove the AccessKey from the whitelist, find the record in the Handled list, go to the details page, and then click Cancel the Whitelist.

        Remove an AccessKey from the whitelist
      Note We recommend that you prohibit employees from uploading source code to public platforms such as Github, or use a private Github code repository to manage code. You can also build an internal system to manage source code. This minimizes the risk of leaking sensitive information.
    • Export AccessKey detection reports
      1. On the Leak Detection by AccessKey page, click the Export icon in the upper-right corner to export a detection report.

        After the report is exported, the Done dialog box appears in the upper-right corner.

      2. Click Download in the Done dialog box to download the report as an Excel file.
      Download the report