Checks whether the running processes of each ECS instance include specified processes. If not, the evaluation result is Compliant.
Scenarios
This rule applies when you need to check whether prohibited processes run on an ECS instance. This helps you meet your management and business requirements.
Risk level
Default risk level: medium.
When you configure this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
The accuracy of the check result is based on the asset fingerprints of Security Center. Make sure that Security Center Enterprise Edition or Security Center Ultimate is used.
- If the running processes of each ECS instance does not include specified processes, the evaluation result is Compliant.
- If the running processes of an ECS instance include specified processes, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | ecs-instance-running-process-disabled |
| Rule identifier | ecs-instance-running-process-disabled |
| Tag | Process and ECS |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | ECS Instances |
| Input parameter | ProcessName |
Incompliance remediation
Disable specified processes for an ECS instance. For more information, see Use the asset fingerprints feature.