Security Center:ChangeSecurityScoreRule

The deduction item of the deduction module. The following list describes the deduction modules and their deduction items:

• SS_REINFORCE: issue in key feature configuration

  • XPRESS_INSTALL: Security Center is not authorized.
  • REINFORCE_SUSPICIOUS: The anti-virus feature is disabled.
  • RANSOMWARE: The anti-ransomware policy is disabled.
  • WEB_LOCK: The web tamper proofing feature is disabled.
  • VIRUS_SCHEDULE_SCAN: The periodic virus scan policy is disabled.
  • IMAGE_REPO_SCAN: The container image scan range is not configured.
  • IMAGE_SCAN_TASK: The feature of one-click scan of container images for security risks is not performed.

• SS_ALARM: unhandled alert

  • ALARM_SERIOUS: An unhandled high-risk alert event is detected.
  • ALARM_SUSPICIOUS: An unhandled medium-risk alarm event is detected.
  • ALARM_REMIND: An unhandled low-risk alarm event is detected.

• SS_VUL: unfixed vulnerability

  • CMS_UNFIX: An unfixed Web-CMS vulnerability is detected.
  • WIN_UNFIX: An unfixed Windows host vulnerability is detected.
  • CVE_UNFIX: An unfixed Linux host vulnerability is detected.
  • ERM_UNFIX: An unfixed emergency vulnerability is detected.
  • ERM_UNCHECK: An undetected emergency vulnerability exists.

• SS_HC: baseline risk

  • WEAK_EXPLOIT: Weak passwords are exposed to the Internet.
  • WEAK_PASSWORD: Weak passwords exist.
  • HC_EXPLOIT: The data source may be hacked.
  • HC_OTHER_WARNING: Security configuration risks exist.

• SS_CLOUD_HC: Cloud platform configuration check item problem.

  • CSPM_CIEM_NOT_PASS: A CIEM check item failed the check.
  • CSPM_RISK_NOT_PASS: A security risk check item failed the check.
  • CSPM_COMPLIANCE_NOT_PASS: A compliance check item failed the check.

• SS_AK: risk of AccessKey pair leaks

The threshold for the deduction item.

The penalty point of the deduction item.

The deducted module that is supported by the security score feature. The type of the sub-deduction item. Valid values:

• SS_SAS_WEAK_PW: unhandled weak password risk.
• SS_SAS_ALARM: unhandled alert in Security Center.
• SS_SAS_EMG_VUL: unfixed urgent vulnerability.
• SS_SAS_APP_VUL: unfixed application vulnerability.
• SS_SAS_SYS_VUL: unfixed system vulnerability.
• SS_SAS_CLOUD_HC: unhandled cloud security posture management (CSPM) risk.
• SS_SDDP_DATA_RISK: unhandled data security risk.
• SS_WAF_API_RISK: unhandled API security risk.
• SS_DDOS_BH_ASSET: asset on which blackhole filtering is triggered.
• SS_SAS_AK_LEAK: unhandled AK/SK leak event.
• SS_PRODUCT_CONNECT: security service not integrated.
• SS_KEY_CONFIG: key feature configuration.
• SS_PRODUCT_EXPIRE: service that is about to expire.
• SS_AI_RISK: AI application risk.

The threshold of deduction for the security score rule type.

The sub-deduction items of the security score rule.