All assets have the Security Center agent installed
securitycenter_all_assets_agent_installed
Alibaba Cloud Security Center requires an agent to be installed on each endpoint to provide comprehensive endpoint intrusion detection and protection capabilities. The agent enables remote logon detection, webshell detection and removal, anomaly detection of abnormal process behaviors and network connections, and monitoring of changes to key files and suspicious accounts.
Risk
Assets without the Security Center agent installed become blind spots in security monitoring, as they are not protected by endpoint intrusion detection capabilities. This leaves them vulnerable to malware infections, unauthorized access, webshell attacks, and anomalous process execution without any alerts being generated.
prowler alibabacloud --checks securitycenter_all_assets_agent_installed
Recommendation
Install the Security Center agent on all assets to enable comprehensive endpoint intrusion detection and protection, including webshell detection, anomaly detection, and remote logon monitoring.
Remediation
aliyun sas InstallUninstallAegis --InstanceIds <instance_id_1>,<instance_id_2>
- Log on to the Security Center Console
- Select Settings
- Click Agent
- On the
Client to be installedtab, select all items on the list - Click One-click installation to install the agent on all assets
Source Code
Resource Type
ALIYUN::SAS::Instance