How do I view the security information about container assets? - Security Center

Security Center provides you with integrated capabilities to protect your containers, and prevents and detects threats to containers in real time. The threats include vulnerabilities, configuration compliance risks, attacks, and intrusions. After you add your container assets to Security Center, you can use Security Center to manage the container assets in a centralized manner. This topic describes how to view the security information about container assets.

Limits

Only the Ultimate edition of Security Center supports this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center.

Prerequisites

Your container assets are added to Security Center. For more information, see Add image repositories to Security Center and Connect a self-managed Kubernetes cluster to Security Center.
If you want to view the alerts on container clusters, you must enable the threat detection feature for Kubernetes containers. For more information, see Enable features on the Container Protection Settings tab.

Synchronize the information about the most recent container assets

Before you view the information about container assets, you must synchronize the information about the most recent container assets. This ensures that the information about newly added container assets is displayed in the asset list.

Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose Assets > Container.
On the Container page, click the Cluster or Image tab, and click Synchronize Asset.
Optional. In the upper-right corner of the Container page, click Task management. On the Container Asset Synchronization and Synchronize Image Asset tabs of the Task management panel, view the progress, status, and details of a synchronization task.

Manage a cluster

View cluster information

Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose Assets > Container.
On the Cluster tab of the Container page, view the number of connected clusters, the number of at-risk clusters, and a list of connected clusters.
- Search for a cluster
  You can specify a search condition in the search box above the list to search for a cluster. The search conditions include the cluster ID and cluster type.
- View the risk details of a cluster
  Click the name of the cluster or click View in the Actions column to go to the risk details page of the cluster. You can view the statistics of alerts, vulnerabilities, baseline risks, and alerts generated by the container firewall feature. You can also view the list of corresponding risks.

Perform exposure analysis on a cluster

If the port of a container is exposed to the Internet, your business may encounter security risks, such as network attacks and data leaks. Security Center provides the port exposure analysis feature for container clusters. You can use the feature to check whether the public port of a container cluster is exposed and prevent the security risks that may occur due to the exposed port.

Note

The port exposure analysis feature is available for Container Service for Kubernetes (ACK) managed clusters and ACK dedicated clusters.

Perform exposure analysis.
You can use one of the following methods to perform exposure analysis on a cluster:
- Automatic exposure analysis: After a Kubernetes cluster is connected, Security Center automatically synchronizes full data in the cluster in the early morning every day and performs exposure analysis on all connected clusters.
- Manual exposure analysis:You can go to the Cluster tab of the Container page, find the required cluster, and then click Exposure Analysis in the Actions column.
Optional. In the upper-right corner of the Container page, click Task management. On the Container Exposure tab of the Task management panel, view the progress and details of the exposure analysis task.
View the execution result of the exposure analysis task.
1. On the Container page, click the name of the current cluster.
2. On the page that appears, select Container from the drop-down list and set Exposed to Yes.
3. Move the pointer over the icon in the Exposed column to view the exposed port of the container cluster.
  If you no long require the port that is exposed to the Internet, we recommend that you disable the port at the earliest opportunity to reduce security risks.

Manage an image

View image information

Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose Assets > Container.
On the Image tab of the Container page, view the image information.
- View overview information about images
  In the section that displays overview information about images, you can view the information such as the number of at-risk images and the remaining quota on container image scan.
  - You can click Add authorization in the License(s) section to increase the quota on container image scan. For more information, see Upgrade and downgrade Security Center.
  - You can click Integrate in the Third-party Image Warehouse section to add private image repositories. For more information, see Add image repositories to Security Center.
- View the list of image repositories
  The list of image repositories displays the information about all image repositories that are added to Security Center. The information includes names, regions, types, and security status of image repositories. You can perform the following operations:
  - Search for an image repository
    You can specify a search condition in the search box above the list to search for an image repository. The search conditions include Instance ID and Namespace.
  - View information about an image repository
    Click the name of the image repository or click View in the Actions column of the image repository. On the details page of the image repository, you can view the names, versions, sizes, and risk statuses of all images in the image repository.
  - Synchronize Container Registry assets
    Click Synchronize in the Actions column to enable automatic synchronization of assets in a Container Registry Enterprise Edition instance. After you enable automatic synchronization, the assets that are added to the Container Registry Enterprise Edition instance are automatically synchronized to the image list of Security Center.

Scan a container image

Security Center provides the container image scan feature to help you detect vulnerabilities, baseline risks, malicious samples, and sensitive files in your images. This ensures the security of the image runtime environment.

Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.
In the left-side navigation pane, choose Assets > Container.
On the Image tab of the Container page, click Scan Now in the Container Image Scan section.
In the One-Click Scan dialog box, select an image type and configure the scan scope based on your business requirements. Then, click Determine.
For more information about how to configure the scan scope, see Scan images.
Optional. In the upper-right corner of the Container page, click Task management. In the Task management panel, click the Mirror scan, Mirror repair, and Container Runtime Image Scan tabs to view the information about image scans and image repairing tasks.

References

Use the container asset overview feature

Enable features on the Container Protection Settings tab

Use the container signature feature

View image scan results

Use security monitoring capabilities