检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Length: 1 to 10,240 characters. create_by String IAM user ID. create_time Integer Timestamp, in ms. update_by String IAM user ID. update_time Integer Timestamp, in ms.
Figure 3 Obtaining IAM token failed Troubleshooting and solution Check whether the IAM account or username in the command is correct.
Length: 1 to 10,240 characters. owner String IAM user ID. script_params Array of AnalysisScriptParam objects Analysis script parameters. create_by String IAM user ID. create_time Integer Timestamp, in ms. update_by String IAM user ID. update_time Integer Timestamp, in ms.
IAM ReadOnlyAccess Read-only permissions for IAM. SecMaster_Agency Used to obtain IAM usernames for executing playbook workflows of batch blocking or unblocking IAM users. WAF Administrator WAF administrator, who has all permissions for WAF.
create_time Integer Timestamp, in ms. update_by String IAM user ID. update_time Integer Timestamp, in ms.
Domain_name domain_name string domain_name Yes Domain name of the IAM user You need to specify Domain_name only when you set Type to Tenant in IAM authentication scenario. User_name user_name string user_name Yes Username of the IAM user.
Create a non-administrator IAM account. IAM authentication is used for tenant log collection. So you need to create an IAM user (machine-machine account) with the minimum permission to access SecMaster APIs. MFA must be disabled for the IAM user.
Length: 1 to 10,240 characters. create_by String IAM user ID. create_time Integer Timestamp, in ms. update_by String IAM user ID. update_time Integer Timestamp, in ms.
Length: 1 to 10,240 characters. create_by String IAM user ID. create_time Integer Timestamp, in ms. update_by String IAM user ID. update_time Integer Timestamp, in ms.
Length: 1 to 10,240 characters. create_by String IAM user ID. create_time Integer Timestamp, in ms. update_by String IAM user ID. update_time Integer Timestamp, in ms.
For a policy to be delivered to IAM, each time a maximum of 500 IAM users can be added as blocked objects by each account.
Create a non-administrator IAM account. IAM authentication is used for tenant log collection. So you need to create an IAM user (machine-machine account) with the minimum permission to access SecMaster APIs. MFA must be disabled for the IAM user.
How Do I Grant Permissions to an IAM User?
Log in to the console as the IAM administrator. Click in the upper left corner of the management console, select a region or project, click in the upper left corner of the page, and choose Compute > Elastic Cloud Server.
Create a non-administrator IAM account. IAM authentication is used for tenant log collection. So you need to create an IAM user (machine-machine account) with the minimum permission to access SecMaster APIs. MFA must be disabled for the IAM user.
You can obtain it by calling the IAM API for obtaining a user token. The user token is the value of X-Subject-Token in the response header.
account creation Suspicious IAM Account Create Suspicious IAM account creation IAM permission escalation IAM Permissions Escalation IAM permission escalation ECS login through brute-force attack ECS BruteForce Login ECS login through brute-force attack IAM login through brute-force
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
Preparations Creating an IAM user with the minimum permission IAM is used for data collection authorization. You need to create an IAM user with the minimum permission to access SecMaster APIs and disable verification rules such as MFA for the user.
You can call the IAM API to obtain a user token. The value of X-Subject-Token in the response header is the user token. X-Language No String Language.
