Asset fingerprints accurately identify IT resource characteristics, allowing users to understand asset status, locate security vulnerabilities, and block intrusion threats. Security Center offers the asset fingerprints feature, which collects various fingerprints from server assets, including accounts, ports, and processes. This topic explains how to use the asset fingerprints feature to collect and view server fingerprints.

Limits on editions

Subscription: You must purchase a subscription instance and select the Edition as Ultimate or Enterprise.
Pay-as-you-go: You must purchase a feature (pay-as-you-go) and set Host and Container Security as Yes. Bind the Ultimate or Enterprise edition quota to at least one server.

Note

This feature is available only for servers bound to the Ultimate or Enterprise edition.

Collection methods

Security Center does not automatically collect server fingerprints. You must configure automatic periodic collection tasks or run manual tasks to gather the latest fingerprints.

Collection method	Description
Configure periodic automatic collection	Security Center supports the automatic collection of fingerprints from all servers. You can configure the collection frequency according to your business needs.
Manually collect the latest fingerprints of all servers	To view the fingerprints of all servers, click Collect Latest Data to gather the latest fingerprints with just a few clicks.
Manually collect the latest fingerprints of a specific server	To view the fingerprints of a specific server, click Collect Data Now to gather the latest fingerprints with just a few clicks.

Collect the fingerprints of servers

Prerequisites

The server from which you want to collect data has Security Center Agent installed and the agent is online.

Configure periodic automatic collection

Log on to the Security Center console. In the upper-left corner of the console, select the region where your assets are located: China or Outside China.
In the left-side navigation pane, choose Assets > Host.
On the Assets > Host > Account tab, click Configuration Management.
In the Configuration Management dialog box, set the collection frequency for each type of fingerprint, and click OK.
Important
- Security Center does not automatically collect the latest fingerprints of any type; the default collection frequency for all types is set to Disable. You can configure different collection frequencies for each type of fingerprint.
- The collection frequencies for Middleware, Database, Web Service, and AI Component fingerprints are based on the frequency for the Middleware.

After configuring the collection frequencies, Security Center automatically runs collection tasks and synchronizes the collected fingerprints to the corresponding tabs for viewing.

Manually collect the latest fingerprints of all servers

On the Assets > Host > Account tab, click Collect Latest Data.
In the Collect Latest Data dialog box, select the asset fingerprints that you want to collect and click OK.
Note
The system requires approximately 1 to 5 minutes to collect the fingerprints.

Manually collect the latest fingerprints of a specific server

In the server list of the Assets > Host > Server tab, find the server whose fingerprints you want to collect and click View in the Actions column.
On the details page, click the Asset Fingerprints tab. Then, click the tab of the required fingerprint type.
Important
The Asset Fingerprints tab is displayed in the Security Center console only if the edition of your Security Center is Enterprise or Ultimate.
In the upper-right corner, click Collect Data Now. In the Collect data message, click OK.

Note

The system requires approximately 1 to 5 minutes to collect the fingerprints.

View the fingerprints of servers

Log on to the Security Center console. In the upper-left corner of the console, select the region where your assets are located: China or Outside China.
In the left-side navigation pane, choose Assets > Host.
On the Host page, view fingerprints.
- View the fingerprints of all servers
  On the Host page, click the tab of the required fingerprint type, such as the Account tab.
  - Section 1 provides a fingerprint list. The list includes all fingerprints and the number of servers related to each fingerprint.
  - Section 2 provides a list of fingerprint details. In the fingerprint list of the section 1, you can click a fingerprint such as an account name to view the details of the fingerprint in this section.
  - Section 3 provides a filter and a search box. You can configure the filter and enter search conditions in the search box to search for a fingerprint. Fuzzy match is supported.
- View the fingerprints of a specific server
  1. In the server list of the Server tab, find the server whose fingerprints you want to view and click View in the Actions column.
  2. On the details page, click the Asset Fingerprints tab, and then click the tab of the required fingerprint type. On the tab, view the fingerprints.
    Important
    The Asset Fingerprints tab is displayed in the Security Center console only if the edition of your Security Center is Enterprise or Ultimate.

Fingerprints that the feature collects

Fingerprint type	Description
Account	The information about the account of your server. Security Center periodically collects information about the account of your server. The information includes the following items: Server information: the server in which the account is created. Account: the name of the account. ROOT Permission: whether the account is granted the root permissions. User Group: the user group to which the account belongs. Expiration Time: the time when the password of the account expires. Password Expired: whether the password of the account expires. Password Locked: whether the password of the account is locked. Account Expired: whether the account expires. Sudo Account: whether the account is granted the sudo permissions. Interactive Logon Account: whether the account is granted the logon permissions. Last Login: the last logon time of the account. Latest Collection Time: the last time when Security Center collected information from the server.
Port	The information about the listener port of your server. Security Center periodically collects information about the listener port of your server. The information includes the following items: Server information: the server to which the listener port belongs. This column displays the name and IP address of the server. Port: the port number of the listener port. Protocol: the network protocol of the listener port. PID: the ID of the server process that monitors the listener port. Process: the server process that monitors the listener port. IP: the IP address of the network interface controller (NIC) that is associated with the listener port. Latest Collection Time: the last time when Security Center collected the information about the listener port.
Process	The information about the process that runs on your server. Security Center periodically collects information about the process that runs on your server. The information includes the following items: Server information: the server on which the process in running. This column displays the name and IP address of the server. Process name: the name of the process. Process path: the path from which the process is started. Startup parameters: the startup parameters of the process. Start time: the time when the process was started. Running user: the user who started the process. Run permission: the permissions of the user who started the process. PID: the ID of the process. Parent process PID: the ID of the parent process to which the process belongs. File MD5: the MD5 hash value of the process file. Package Process Installation: whether the process is installed by using a package. Process Status: the status of the process. Latest Collection Time: the last time when Security Center collected information from the server.
Middleware	The information about the middleware that runs on your server. Security Center periodically collects information about the middleware of your server. The middleware refers to system components that can independently run, such as MySQL databases and Docker. Docker is a container component. The information includes the following items: Server Information: the server on which the middleware is run. This column displays the name and IP address of the server. Middleware: the name of the middleware. Type: the type of the middleware. Runtime Environment Version: the runtime environment version of the middleware. Version: the version of the middleware. PID: the ID of the process that started the middleware. Process Startup Path: the path from which the middleware is started. Version Verification: the method that is used to obtain the version of the middleware. Parent Process PID: the ID of the parent process that started the middleware. Enable User: the user who started the middleware. Listening IP Address: the listener IP address of the started middleware. Listening Port: the listener port of the started middleware. Listener Status: the status of the listener. Listening Port Protocol: the network protocol of the listener port for the middleware. Process Startup Time: the time when the middleware was started. Process Startup Command: the startup parameters of the middleware. Container Name: the name of the container to which the middleware belongs. Image Name: the name of the image to which the middleware belongs. Configure Path: the absolute path of the startup configurations for the middleware. Latest Collection Time: the last time when Security Center collected information from the server.
AI Component	The information about the AI components on your server. AI components refer to the basic functional modules that constitute an artificial intelligence system, such as data modules, model modules, and inference modules. The information includes the following items: Server Information: the server on which the AI component is installed. The information includes the server name and IP address. AI Component: the name of the AI component. Type: the type of the AI component. Version: the version of the AI component. PID: the ID of the AI component process. Startup Path: the startup path of the AI component. Version Verification: the verification method and source of the AI component version. Parent Process PID: the ID of the parent process that started the AI component. Enable User: the system user account to which the process that started the AI component belongs. Listening IP: the network address to which the AI component is bound. A value of 0.0.0.0 indicates that the service listens to the specified port on all IPv4 network interfaces. A value of :: indicates that the service listens to the specified port on all IPv6 network interfaces. Listening Port: the port to which the AI component listens. Listener Status: the current listening status of the AI component. Listening Port Protocol: the network protocol of the port to which the AI component listens. Start Time: the time when the AI component was started. Process Startup Command: the complete process startup command and parameters of the AI component. Container Name: the name of the container in which the AI component is installed. Image Name: the full path identifier of the image repository for the AI component. Configure Path: the list of absolute paths to key configuration files for the AI component. Last Scan Time: the last time when Security Center collected this type of information from the server.
Database	The information about the database that runs on your server. Security Center periodically collects information about the database that runs on your server. The information includes the following items: Server Information: the server on which the database is run. This column displays the name and IP address of the server. Database Name: the name of the database. Type: the type of the database. Version: the version of the database. PID: the ID of the process that started the database. Process Startup Path: the path from which the database is started. Version Verification: the method that is used to obtain the version of the database. Parent Process PID: the ID of the parent process that started the database. Enable User: the user who started the database. Listening IP Address: the listener IP address of the started database. Listening Port: the listener port of the started database. Listener Status: the status of the listener. Listening Port Protocol: the network protocol of the listener port for the database. Process Startup Time: the time when the database was started. Process Startup Command: the startup parameters of the database. Container Name: the name of the container to which the database belongs. Image Name: the name of the image to which the database belongs. Configure Path: the absolute path of the startup configurations for the database. Latest Collection Time: the last time when Security Center collected information from the server.
Web Service	The information about the web service of your server. Security Center periodically collects information about the web service of the server. The information includes the following items: Server Information: the server on which the web service is run. This column displays the name and IP address of the server. Web Service Name: the name of the web service. Type: the type of the web service. Runtime Environment Version: the Java Development Kit (JDK) version. JDK is the runtime of the web service. Version: the version of the web service. PID: the ID of the process that started the web service. Process Startup Path: the path from which the web service is started. Version Verification: the method that is used to obtain the version of the web service. Parent Process PID: the ID of the parent process that started the web service. Enable User: the user who started the web service. Listening IP Address: the listener IP address of the started web service. Listening Port: the listener port of the started web service. Listener Status: the status of the listener. Listening Port Protocol: the network protocol of the listener port for the web service. Process Startup Time: the time when the website was started. Process Startup Command: the startup parameters of the web service. Container Name: the name of the container to which the web service belongs. Image Name: the name of the image to which the web service belongs. Configure Path: the absolute path of the startup configurations for the web service. Web Directory: the path of the web configuration page. Latest Collection Time: the last time when Security Center collected information from the server.
Software	The information about the software that is installed on your server. Security Center periodically collects information about the software that is installed on your server. The information includes the following items: Server information: the server on which the software is installed This column displays the name and IP address of the server. Software Name: the name of the software. Version: the version of the software. Software Startup Path: the path from which the software is started. Software Update Time: the time when the software version is updated. Latest Collection Time: the last time when Security Center collected the information about the software.
Scheduled Task	The information about the scheduled task on your server. Security Center periodically collects information about the path of the scheduled task that is run on your server. The information includes the following items: Server information: the server on which the scheduled task is run. This column displays the name and IP address of the server. Command: the command in the scheduled task. Task Cycle: the interval at which the scheduled task is run. MD5: the MD5 hash value of the process for the scheduled task. Account Name: the name of the account that is used to start the scheduled task. Latest Collection Time: the last time when Security Center collected information from the server.
Startup Item	The information about the startup item of your server. Security Center periodically collects information about the startup item of your server. The information includes the following items: Server information: the server on which the startup item is enabled. This column displays the name and IP address of the server. Startup Item Path: the path to the startup item. Latest Collection Time: the last time when Security Center collected information from the server.
Kernel Module	The information about the kernel module of your server. Security Center periodically collects information about the kernel module of your server. The information includes the following items: Server information: the server to which the kernel module belongs. This column displays the name and IP address of the server. Module Name: the name of the kernel module. Module Size: the size of the kernel module file. Module File Path: the path to the kernel module file. Total Submodules: the number of dependent modules. Latest Collection Time: the last time when Security Center collected information from the server.
Website	The information about the website on your server. Security Center periodically collects information about the website on your server. The information includes the following items: Server information: the server on which the website is deployed. This column displays the name and IP address of the server. Domain Name: the domain name of the website. Website Type: the type of the software that is used by the website. Port: the listener port of the website. Web Path: the path to the home directory of the website. Web Root Path: the path of the root directory in the web configuration. User: the user who started the website. Directory Permission: the permissions on the web directory. Monitoring Protocol: the listener protocol of the website. PID: the ID of the process. Process Startup Time: the time when the website was started. Image Name: the name of the image to which the website belongs. Container Name: the name of the container to which the website belongs. Latest Collection Time: the last time when Security Center collected information from the server.

References

If you want to view detailed information about the security status of an asset, view it on the Assets page.
To use IDC probe, see Add assets in data centers to Security Center.