Checks whether the applications of each ECS instance include specified applications. If the applications of each ECS instance include specified applications, the evaluation result is considered compliant. The accuracy of the check result is based on the asset fingerprints of Security Center. Make sure that Security Center Enterprise Edition or Security Center Ultimate is used.
Scenarios
You can check whether specified applications are installed on each ECS instance. This helps meet management and business requirements.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the applications of each ECS instance include specified applications, the evaluation result is considered compliant.
- If the applications of an ECS instance exclude specified applications, the evaluation result is considered incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
- This rule does not apply to ECS instances that are not in the running state.
Rule details
| Item | Description |
|---|---|
| Rule name | ecs-instance-installed-software-check |
| Rule identifier | ecs-instance-installed-software-check |
| Tag | ECS |
| Automatic remediation | Not supported |
| Trigger type | Periodic execution |
| Evaluation frequency | Interval of 24 hours |
| Supported resource type | ECS instance |
| Input parameter | softwareName |
Incompliance remediation
View the name of each installed application on an ECS instance. For more information, see Manage servers.