Checks whether the vulnerabilities that are identified by Security Center on each ECS instance are fixed. If so, the evaluation result is Compliant.
Scenarios
This rule applies when you need to fix vulnerabilities on each ECS instance at the earliest opportunity. This ensures data security and business continuity.
Risk level
Default risk level: high.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the vulnerabilities that are identified by Security Center on each ECS instance are fixed, the evaluation result is Compliant.
- If a vulnerability that is identified by Security Center on an ECS instance is not fixed, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | ecs-all-updated-security-vul |
| Rule identifier | ecs-all-updated-security-vul |
| Tag | SecurityCenter |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | Alibaba Cloud account |
| Input parameter | None. |
Incompliance remediation
Fix vulnerabilities on an ECS instance. For more information, see Basic security services.