Evaluates whether an Elastic Compute Service (ECS) instance has unfixed vulnerabilities of a specified type or level in Security Center. If no such vulnerabilities exist, the instance is evaluated as Compliant.
Scenarios
Use this rule to ensure that security vulnerabilities on running ECS instances are fixed promptly, improving overall system security.
Risk level
Default risk level: medium.
You can change the risk level based on your business requirements.
Compliance evaluation logic
- If no unfixed vulnerabilities of a specified type or level are detected by Security Center on each ECS instance, the evaluation result is Compliant.
- If an unfixed vulnerability of a specified type or level is detected by Security Center on an ECS instance, the evaluation result is Incompliant. To remediate an incompliant configuration, see Incompliance remediation.
- This rule does not apply to ECS instances that are not in the running state.
Rule details
| Item | Description |
| Rule name | ecs-instance-updated-security-vul |
| Rule identifier | ecs-instance-updated-security-vul |
| Tag | ECS, Instance, and SecurityCenter |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | ECS instance |
| Input parameter |
|
Incompliance remediation
Fix vulnerabilities on the ECS instance. For more information, see Basic security services.
该文章对您有帮助吗?