Based on the best practices of Alibaba Cloud database security audit, DAS Security Center dynamically calculates health scores across dimensions, such as account security, access control, audit integrity, and risky operations. This topic describes how to calculate health scores.
Overview of scoring rules
On the audit overview page, a dashboard at the top displays the overall risk score (for example, 98, which corresponds to the "Secure" level). In the instance list below, the risk score column shows the individual score for each instance, such as 99 or 100.
The scoring results are divided into following levels:
Secure (green): The security configuration is complete and risks are controllable.
Yellow alerts: Low-risk and medium-risk vulnerabilities are detected. You must handle these issues by using appropriate optimizations.
Red alerts: High-risk vulnerabilities or serious violations are detected. You must immediately terminate the risky operations and resolve the issues.
Risk scores are updated every 30 minutes.
Scoring dimensions and scoring rules
Scoring rules for a single database instance
If a rule is triggered multiple times, an alert is generated.
The health score is calculated by using the following formula: Total score = 100 - Sum of points deducted for each check item. If the result is less than 0, the health score is 0 points.
NoteIf the security audit feature is enabled for the database instance, security risks are detected based on full audit logs and all rules are applied.
If the security audit feature is disabled for the database instance, security risks are detected based on slow query logs. If slow query logs are unavailable, the health score is not displayed.
Score item
Instance status
Check item
Scoring rule
Penalty per item
Maximum penalty
Risk score of a single database instance
Security audit is disabled and slow query logs are used as the scoring source.
Audit alert
High-risk alert
3
30
Medium-risk alert
2
20
Low-risk alert
1
10
Security audit is enabled and full audit logs are used as the scoring source.
Audit alert
High-risk alert
3
30
Medium-risk alert
2
20
Low-risk alert
1
10
-
Scoring rules for multiple database instances
An overall score is generated for multiple database instances within an account.
The health score is calculated by using the following formula: Total score = Average risk score of database instances - Penalty that corresponds to the percentage of database instances for which security audit is enabled (a). If the result is less than 0, the health score is 0 points.
Score item
Check item
Scoring rule
Penalty per item
Overall risk score of multiple database instances
Average risk score of multiple database instances
The risk scores of all database instances are averaged.
N/A
Percentage of database instances for which security audit is enabled (a)
90% ≤ a < 100%
0
70% ≤ a < 90%
5
50% ≤ a < 70%
10
30% ≤ a < 50%
15
20% ≤ a < 30%
20
10% ≤ a < 20%
25
0% ≤ a < 10%
30
a = 0
35