If a brute-force attack protection rule is created for the Elastic Compute Service (ECS) instance in the Security Center console, the evaluation result is Compliant.
Scenarios
The feature of protection against brute-force attacks can prevent the password of your server from being cracked.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If a brute-force attack protection rule is created for the ECS instance in the Security Center console, the evaluation result is Compliant.
- If a brute-force attack protection rule is not created for the ECS instance in the Security Center console, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see the "Incompliance remediation" section of this topic.
Rule details
| Parameter | Description |
|---|---|
| Rule name | ecs-instance-enable-security-center-anti-rule |
| Rule identifier | ecs-instance-enable-security-center-anti-rule |
| Tag | ECS, Instance, and SecurityCenter |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | ECS instances |
| Input parameter | None |
Incompliance remediation
Create brute-force attack protection rules for the ECS instances in the Security Center console. For more information, see Configure common features (simplified).