Security Center:Container asset overview

Scenarios

• Compliance with classified protection requirements

  The network topology of your cloud assets helps you meet the standards of classified protection.

• Visualization

  This feature offers visualization of exposed ports on the Internet and enables you to perform security operations on your assets, such as clusters, containers, images, and applications.

Procedure

1. Log on to the Security Center console. In the upper-left corner of the console, select the region where the assets that you want to protect are located: China or Outside China.

2. In the left-side navigation pane, choose Assets > Overview.

3. On the Overview page, click the Container Asset Overview tab.

4. On the Container Asset Overview tab, view your container assets.

   No.	Description
   ①	View the security score of your asset	The security score, calculated by Security Center, reflects the overall security of your assets. A higher score indicates fewer risks. Click Fix Now to expand the Security Risk panel, where you can handle security risks in your assets.
   ②	View the number of clusters and assets with risks	The black number indicates the number of clusters, and the red number indicates the number of assets with risks. Click the Cluster area to go to the Assets > Container > Cluster tab to view details about the clusters.
   ③	Switch the display of the cluster network topology	Click Internet Perspective or Cluster Perspective above the cluster topology to switch the display perspective.
   ④	View the details and security status of a cluster	In the cluster topology, click the required cluster. In the panel that appears, you can view the information about the cluster on the following tabs: Cluster Information, Cluster Risk, Image Information, and Protection Policy. Cluster Information View the cluster Name and Cluster Type. You can also view the numbers of the following items in the cluster: Namespace, Pod, Work(s), Application, and Image. Cluster Risk View the security risks of the cluster, such as Security Alerts, Baseline Risks, and Application Vul(s). Click Details to the right of Security Alerts. On the details page of the cluster or the vulnerability list of the image security page, view and handle alerts, fix vulnerabilities, and handle detected image risks. Image Information View the list of images in the cluster. Click Add Now on the right side of an image repository that is not added to Security Center to go to the Container Image Scan page. On the Container Image Scan page, you can add image repositories to Security Center. Protection Policy View the Defense Details of the cluster, including Alerts in Previous 7 Days, Rules, and Defense Status. Click Create Rule add protection policies for the cluster.
   ⑤	Set the time range for displaying the cluster network topology	On the Container Asset Overview tab, the data traffic is shown for the past seven days by default. You can customize this range by filtering the data traffic to a specific timeframe within those last seven days based on your needs.
   ⑥	Enable or disable the container network topology for a cluster	The Container Network Topology feature is disabled for all clusters by default. Important Enabling this feature uses a small amount of CPU resources and requires the collection of real-time traffic data, which increases log volume. Note that even with the Global Log Filtering feature enabled, traffic deduplication filtering for container visualization will not apply. As a result, enabling Container Network Topology will require additional log storage space. We recommend enabling this feature only for clusters whose risk status you need to monitor. To enable or disable the Container Network Topology feature: Click the or icon on the right side of Cluster Overview to enable or disable Container Network Topology for All clusters. In the cluster topology, click the icon of the target cluster. In the Cluster Information tab of the panel on the right, click or icon on the right side of Container Network Topology to enable or disable the Container network topology feature for a Single cluster. After enabling the Container Network Topology for a cluster, follow Step 5 below to view the container network topology and see the risk status of each node.
   ⑦	Export the container asset overview	Click the download icon to export the container asset overview in the PNG format.

5. If you have enabled the Container Network Topology feature for a cluster (see step ⑥ for instructions), the topology will display communication links between all containers, with applications represented as nodes. To view the container network topology for a specific cluster, click the icon below the target cluster’s icon. 

   You can also click the cluster icon directly and select View on the right side of Container Network Topology in the Cluster Information tab .

   Note

   For very large clusters, the container asset overview is collapsed by default.

   • You can enable or disable Show only connected applications, Display port information, and Hide lines on the left to display the network topology in the container.

   • The left side of the page also displays all namespaces in the cluster. You can click the or icon on the right side of a namespace to hide or show the namespace. You can also click the or icon to expand or collapse the applications.

     After you expand the applications in a namespace, click an application icon in the container asset overview to view the Pod Information, Image Information, and Network Connection of the application.

     In the Pod Information tab, hover over a pod name to display the pod details dialog box. Click View assets in the dialog box to go to the Assets > Container page to view information such as vulnerability risks and alerts of the pod.