The host list is a core component of the CWPP service, providing a comprehensive, visualized and unified host management interface. It helps security administrators respond to CWPP risks more efficiently. This document will introduce how to access and manage hosts.
Restrictions
Range of Hosts with CWPP Access:
Host Type
Specific Host Types
Linux System
Windows System
Tencent Cloud Host
CVM, Lighthouse, ECM, and CPM 1.0
Supported Architectures: x86, and ARM
Access Methods: VPC, and basic network
Supported Architectures: x86
Access Methods: VPC, and basic network
Non-Tencent Cloud Hosts
Ali ECS, Huawei ECS, Microsoft Azure, DigitalOcean Droplets, Amazon EC2, OracleCloud Compute ... other cloud servers, and local IDC servers
Supported Architectures: x86, ARM
Accessible Methods: Public Network Direct Connection, Public Network Proxy, DC
Supported Architectures: x86
Accessible Methods: Public Network Direct Connection, DC
Multi-cloud Account Host Asset Synchronization Range: Currently, only the ECS machine data under Alibaba Cloud accounts can be synchronized via AccessKey, regardless of the operating system. (Only machine data is synchronized; the CWPP client still needs to be installed manually)
If a host connected via the non-Tencent Cloud host installation method changes its IP, CWPP will check the device code and IP list. If both remain unchanged, it is not considered a new machine; otherwise, a new host data entry will be created.
If a Tencent Cloud host is terminated or a non-Tencent Cloud host is cleared, the original risk data will be deleted.
Protection Status Description
Risky host: The host has security risks.
Ultimate Edition host: The host has installed the CWPP client and is bound with the Ultimate Edition authorization, providing Ultimate Edition protection.
Pro Edition host: The host has installed the CWPP client and is bound with the Pro Edition authorization, providing Pro Edition protection.
Basic Edition host: The host has only installed the CWPP client.
Client not installed (Unprotected): The host is a Tencent Cloud host but the CWPP client is not installed.
Offline:
Tencent Cloud host: The host's CWPP client is offline.
Non-Tencent Cloud host: The host's CWPP client is offline or the host has been shut down.
Note:
Because the status of non-Tencent Cloud hosts being shut down is unknown, they are viewed as being offline.
Shut down: The host is a Tencent Cloud host and is in a shutdown status.
Host Configuration
1. Log in to CWPP Console, and in the left sidebar, choose Asset > Server List.
2. On the Server List page, you can Install Cloud Workload Protection agent, Sync assets, associate tags, Multi-cloud account management, Upgrade Edition, and Asset cleanup.
Install CWPP client: The CWPP client is an official Tencent Cloud security plugin and is a key prerequisite for CWPP protection. You can click Install Cloud Workload Protection agent, select the appropriate installation method, and verify whether the installation is successful.
Sync assets: Click Sync assets to update the latest status of the host list.
Associate tag: CWPP is compatible with Tencent Cloud tag and CWPP tags. Click the tag icon in the tag column to associate the tag with this host.
Tencent Cloud tag (key:value): Can only be associated with Tencent Cloud hosts.
Cloud Workload Protection Tag (value): Can be associated with both Tencent Cloud hosts and non-Tencent Cloud hosts.
Multi-cloud account management: By synchronizing host assets under multi-cloud accounts, you can simplify management, integrate monitoring, and enhance risk visibility and response efficiency.
Upgrade Editions: The free Basic Edition's protection is relatively weak. You can click upgrade edition or go to Bulk Authorization to be redirected to the authorization management page. You can purchase higher-level protection licenses and bind them to basic Edition hosts to upgrade their protection.
Asset cleanup: After a Tencent Cloud host is terminated, it will be automatically cleaned. However, for non-Tencent Cloud hosts, their termination status is undetectable for CWPP. You can set cleaning rules for non-Tencent Cloud hosts. Then, if a non-Tencent Cloud host's client is offline for a certain duration, it will be automatically cleaned.
Server List
On the host list page, you can view the risk status, protection status, and risk situation of each host.
Field Description:
Server Name/Instance ID: Name and instance ID of the host.
IP Address: Public and private IP addresses of the host.
IP List: Network interface IP list.
Operating System: Operating system of the host.
Region/Network: Geographic location and network of the host.
Risk Status:
Unknown: The host does not have the client installed, or the host has the client installed but no risks have been detected (the protection of Basic Edition is weak, and potential risks may exist.).
Risk: The host has detected risks.
Intrusion Detection: Statistics of risks on the host including file scan, unusual log-in, password cracking, malicious requests, high risk commands, local privilege escalation, and reverse shell.
Vulnerabilities: Statistics of risks on the host including Linux software vulnerabilities, Windows system vulnerabilities, Web-CMS vulnerabilities, and application vulnerabilities.
Baseline Risks: Statistics of baseline inspection items not passed by the hosts.
Cyber Risks: Statistics of network attacks detected on the host.
Tag: Host-associated tag information.
Agent Status:
Unprotected: The host is a Tencent Cloud host, but the CWPP client is not installed.
Normal: The host has installed the CWPP client (Basic Edition or higher).
Offline: The client of the Tencent Cloud or non-Tencent Cloud host is offline, or the non-Tencent Cloud host is shut down.
Shut down: The Tencent Cloud host is shut down.
CWPP Edition: Basic, Pro, Ultimate, and - (indicates no protection)
Operation:
Install CWPP Agent: Provides installation guide for unprotected hosts.
Reinstall: Provides installation guide for hosts where the client is offline or shut down.
Uninstall: Provides a quick uninstall option for protected hosts.
License Management : Provides authorization management for hosts with paid protection Editions. Click to jump to authorization management page. You can rebind or unbind authorizations.
Notes: Provides a remark option for unprotected hosts. Remarks are allowed on reasons for not securing the host, facilitating subsequent management (remarks will be invisible if the client is installed later).
Note:
Unprotected hosts and offline hosts that meet the following four conditions can undergo a one-click and quick installation when you click either Install CWPP Agent or Reinstall.
1. The host is a Tencent CVM or Lighthouse.
2. The host is powered on.
3. The host is on a VPC network.
4. The host has TAT automated assistant installed.
Click intrusion detection, vulnerabilities, baseline risks, and cyber risks' numerical value to jump to the risk details.
Click Event investigation to view the attack events.
Operating Instructions:
For the current host, select an alarm data item to display the process execution in the middle of the screen, and to highlight the nodes that trigger the alarm.
Click Alert Node to view related alarms for that node. It supports viewing alarm details and processing of pending alarms.
Yes
No
Was this page helpful?