ecs-instance-updated-security-vul

更新时间:
复制 MD 格式

Evaluates whether an Elastic Compute Service (ECS) instance has unfixed vulnerabilities of a specified type or level in Security Center. If no such vulnerabilities exist, the instance is evaluated as Compliant.

Scenarios

Use this rule to ensure that security vulnerabilities on running ECS instances are fixed promptly, improving overall system security.

Risk level

Default risk level: medium.

You can change the risk level based on your business requirements.

Compliance evaluation logic

  • If no unfixed vulnerabilities of a specified type or level are detected by Security Center on each ECS instance, the evaluation result is Compliant.
  • If an unfixed vulnerability of a specified type or level is detected by Security Center on an ECS instance, the evaluation result is Incompliant. To remediate an incompliant configuration, see Incompliance remediation.
  • This rule does not apply to ECS instances that are not in the running state.

Rule details

Item Description
Rule name ecs-instance-updated-security-vul
Rule identifier ecs-instance-updated-security-vul
Tag ECS, Instance, and SecurityCenter
Automatic remediation Not supported
Trigger type Periodic execution
Evaluation frequency Interval of 24 hours
Supported resource type ECS instance
Input parameter
  • necessity. Default value: asap.
  • type. Default value: cve.

Incompliance remediation

Fix vulnerabilities on the ECS instance. For more information, see Basic security services.