- Product Introduction
- Purchase Guide
- Operation Guide
- Best Practice
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Report Download APIs
- Scan Task APIs
- Risk Center APIs
- DescribeRiskCenterAssetViewCFGRiskList
- DescribeRiskCenterAssetViewPortRiskList
- DescribeRiskCenterAssetViewVULRiskList
- DescribeRiskCenterAssetViewWeakPasswordRiskList
- DescribeRiskCenterPortViewPortRiskList
- DescribeRiskCenterVULViewVULRiskList
- DescribeRiskCenterWebsiteRiskList
- DescribeScanReportList
- ModifyRiskCenterRiskStatus
- DescribeRiskCenterServerRiskList
- Asset Center APIs
- Solid Protection APIs
- Cloud Security Center Overview APIs
- Data Types
- Error Codes
- Product Introduction
- Purchase Guide
- Operation Guide
- Best Practice
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Report Download APIs
- Scan Task APIs
- Risk Center APIs
- DescribeRiskCenterAssetViewCFGRiskList
- DescribeRiskCenterAssetViewPortRiskList
- DescribeRiskCenterAssetViewVULRiskList
- DescribeRiskCenterAssetViewWeakPasswordRiskList
- DescribeRiskCenterPortViewPortRiskList
- DescribeRiskCenterVULViewVULRiskList
- DescribeRiskCenterWebsiteRiskList
- DescribeScanReportList
- ModifyRiskCenterRiskStatus
- DescribeRiskCenterServerRiskList
- Asset Center APIs
- Solid Protection APIs
- Cloud Security Center Overview APIs
- Data Types
- Error Codes
Feature overview
Cloud Security Center (CSC) provides security health checks to discover six types of major risks on your cloud assets. This helps address the challenges of network attacks and data breaches, and enhance the security capabilities of enterprises.
Use cases
Routine security health checks
Customers can initiate security health checks on a periodic basis to assess their enterprise security status, identify potential security issues, and take appropriate measures to enhance the security level of the enterprise.
Feature details
Health check items
Item | Description | Related product |
Port risks | Detect port risks on public IPs and domains utilizing the port exposure detection capability provided by CSC and CFW. | CSC |
Vulnerabilities | Scan for vulnerabilities based on a rich vulnerability database. It covers OWASP TOP 10 vulnerabilities, such as SQL injection, XSS, CSRF, and weak passwords. The system can also detect zero-day/one-day/n-day vulnerabilities. | CSC, CWPP and TCSS |
Weak passwords | Check weak passwords on servers, public IPs and domains. | CSC, CWPP |
Configuration risks | Check for configuration risks on CVM, TKE, COS, TencentDB and CLB instances. | CSC, CWPP and TCSS |
Risk exposure | Provide an internet attack surface mapping feature to identify exposed ports, services, and components of cloud assets visible on the Internet. | CSC |
Website content risks | Identify sensitive images and texts on websites, and support detection of trojans, hidden links, spam advertisements, mining pools and more. | CSC |
Note:
To detect vulnerabilities, weak passwords, and exposed risky services, we need to scan ports of the target system. For example, if port 80 (HTTP services) is found open on the target server, it may be exposed to web application vulnerabilities.
Checked assets
Asset | Item |
CVM, Lighthouse, Edge Computing Machine (ECM) | Vulnerabilities, weak passwords, configuration risks |
Authorized local images and repository images | Vulnerabilities |
Cluster with the scanner running properly | Vulnerabilities, configuration risks |
Public IPs, domain names | Ports, vulnerabilities, weak passwords, website content risks |
CLB, subnets, TencentDB for MySQL, TencentDB for Redis, TencentDB for MariaDB, TencentDB for PostgreSQL, TencentDB for MongoDB, CBS, COS, Elasticsearch Service | Configuration risks |
Note:
Risk exposure is available on CSC Enterprise and Ultimate.It does not consume the health check quota. Also, the detection of configuration risks on subnets and CBS instances does not consume the health check quota.
Quota consumption
Asset | Item | Consumed quota |
Public IPs, domain names | Vulnerabilities, weak passwords, website content risks | Quota consumed per health check = Number of checked assets |
CVM, CLB, TencentDB for MySQL, TencentDB for Redis, TencentDB for MariaDB, TencentDB for PostgreSQL, TencentDB for MongoDB, Elasticsearch Service, COS | Configuration risks | |
Comparison of CSC editions
Item | Free edition | Premium edition | Enterprise edition | Ultimate edition |
Port risks | ✅ | ✅ | ✅ | ✅ |
Emergency vulnerabilities | ✅ | ✅ | ✅ | ✅ |
Vulnerabilities | - | ✅ | ✅ | ✅ |
Weak passwords | - | ✅ | ✅ | ✅ |
Configuration risks | - | ✅ | ✅ | ✅ |
Risk exposure | - | - | ✅ | ✅ |
Website content risks | - | - | ✅ | ✅ |
Health check quota | 20 times | 400 times/month (scalable) | 1,200 times/month (scalable) | 4,800 times/month (scalable) |
Task quota | 1 task | 10 tasks | 20 tasks | 50 tasks (scalable to unlimited) |
CSC provides different check items for different editions. Each security check consumes different quota usage.
Yes
No
Was this page helpful?