检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Create a non-administrator IAM account. IAM authentication is used for tenant log collection. So you need to create an IAM user (machine-machine account) with the minimum permission to access SecMaster APIs. MFA must be disabled for the IAM user.
Log in to the console as the IAM administrator. Click in the upper left corner of the management console, select a region or project, click in the upper left corner of the page, and choose Compute > Elastic Cloud Server.
Create a non-administrator IAM account. IAM authentication is used for tenant log collection. So you need to create an IAM user (machine-machine account) with the minimum permission to access SecMaster APIs. MFA must be disabled for the IAM user.
account creation Suspicious IAM Account Create Suspicious IAM account creation IAM permission escalation IAM Permissions Escalation IAM permission escalation ECS login through brute-force attack ECS BruteForce Login ECS login through brute-force attack IAM login through brute-force
Preparations Creating an IAM user with the minimum permission IAM is used for data collection authorization. You need to create an IAM user with the minimum permission to access SecMaster APIs and disable verification rules such as MFA for the user.
For details about the relationship between IAM identities and operators and the operator username format, see Relationship Between IAM Identities and Operators.
Preparing for the Upgrade IAM is used for data collection authorization. You need to create an IAM user with the minimum permission to access SecMaster APIs and disable verification rules such as MFA for the user. Log in to the SecMaster console.
You have obtained a non-administrator IAM account to log in to SecMaster as a tenant.
Procedure (Optional) Step 1: Buy an ECS (Optional) Step 2: Buy a Data Disk (Optional) Step 3: Attach a Data Disk Step 4: Create a Non-administrator IAM User Step 5: Configure Network Connection Step 6: Install the Component Controller (isap-agent) Step 7: Install the Log Collection
Prerequisites You have obtained the IAM administrator account information. Buying an ECS View the ECS information. Log in to the console as the IAM administrator.
Prerequisites Only IAM users with the Agent Operator, Tenant Administrator, and Security Administrator permissions can use the security governance function. For details, see Creating a User and Granting Permissions.
Identity security Identity Defense Alarms Are Associated With Historical Handling Information Associates new IAM alerts with IAM alerts handled earlier and adds historical handling details to the comment area for the new alerts.
Database Connections Vulnerability handling HSS Isolation and Killing of Malware Automatic Renaming of Alert Names CIS_PostgreSQL Enabling the Backup Function and Configuring a Backup Policy CIS_PostgreSQL Disabling Default Ports CIS_DDS Enabling Database Audit Log CIS_Ensuring IAM
advised not to set access keys for IAM users who have console passwords when setting initial IAM users.
Enter the domain name, username, and password of the machine-machine account created in Step 4: Create a Non-administrator IAM User as prompted. If install isap-agent successfully is displayed, the component controller is installed.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication.
Step 4: Create a Non-administrator IAM Account Use this account to access SecMaster for the log collector on the tenant side. Step 5: Configure Network Connection Establish the connection between the customer VPC and SecMaster.
Log in to the console as the IAM administrator. Click in the upper left corner of the management console, select a region or project, click in the upper left corner of the page, and choose Storage > Elastic Volume Service.
It can be obtained by calling the IAM API used to obtain a user token.
For security purposes, create IAM users under the account and grant them permissions for routine management. User A user is created using a domain to use cloud services. Each user has its own identity credentials (password and access keys).
