Ensure your Alibaba Cloud Security Center is on the Advanced or Enterprise Edition for enhanced security features like malware detection, webshell identification, and anomaly recognition. Upgrading provides critical protection against undetected threats.
PoC代码[已公开]
id: security-plan-disabled
info:
name: Security Center Plan - Disabled
author: DhiyaneshDK
severity: medium
description: |
Ensure your Alibaba Cloud Security Center is on the Advanced or Enterprise Edition for enhanced security features like malware detection, webshell identification, and anomaly recognition. Upgrading provides critical protection against undetected threats.
reference:
- https://www.alibabacloud.com/help/en/security-center/product-overview/upgrade-and-downgrade-security-center
- https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-SecurityCenter/security-center-plan.html
metadata:
max-request: 1
verified: true
tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,security-center
variables:
region: "cn-hangzhou"
self-contained: true
code:
- engine:
- sh
- bash
source: |
aliyun sas DescribeVersionConfig --region $region
matchers:
- type: word
words:
- '"IsPaidUser": false'
- '"Version": 1'
condition: and
extractors:
- type: dsl
dsl:
- '" Security Center Plan is Not Configured to Enterprise or Advance Edition "'
# digest: 4a0a00473045022100ddf5ad89ed8b0bec452536604f4644db143949178d1a3c98a9e50a1b3b0c0d1c02207ad46afe86a5e613808f1d73c1bb5411e803b114cb49423d6f14d1034de91d25:922c64590222798bb761d5b6d8e72950