Evaluates ECS instances as Compliant if their running processes do not include specified processes.
Scenarios
Use this rule to detect prohibited processes running on ECS instances and enforce unified management policies.
Risk level
Default risk level: medium.
You can change the risk level when you configure this rule.
Compliance evaluation logic
This rule relies on asset fingerprints from Security Center. Make sure that you use Security Center Enterprise Edition or Ultimate.
- If the running processes of an ECS instance do not include specified processes, the evaluation result is Compliant.
- If the running processes of an ECS instance include specified processes, the evaluation result is Incompliant. To remediate this, see Incompliance remediation.
Rule details
| Item | Description |
| Rule name | ecs-instance-running-process-disabled |
| Rule identifier | ecs-instance-running-process-disabled |
| Tag | Process and ECS |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | ECS Instances |
| Input parameter | ProcessName |
Incompliance remediation
Disable the specified processes on the ECS instance. For more information, see Investigate asset fingerprints.