Checks whether the Security Center agent is installed on each ECS instance in the current Alibaba Cloud account. If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to install the Security Center agent on each Elastic Compute Service (ECS) instance. You can use the Security Center agent to check abnormal logons, scan vulnerabilities, and check baseline configurations. This helps you identify security issues on an ECS instance.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the Security Center agent is installed on each ECS instance in the current Alibaba Cloud account, the evaluation result is Compliant.
- If the Security Center agent is not installed on an ECS instance in the current Alibaba Cloud account, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | ecs-all-enabled-security-protection |
| Rule identifier | ecs-all-enabled-security-protection |
| Tag | SecurityCenter |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Input parameter | None. |
Incompliance remediation
ecs-all-enabled-security-protection For more information, see Basic security services.