Control: 4.6 Ensure that the endpoint protection for all Virtual Machines is installed
Description
Install endpoint protection for all virtual machines.
Remediation
Using the Alibaba Cloud Management Console:
- Logon to Security Center Console.
- Select
Settings. - Click
Agent. - On the
Agenttab, select the virtual machines without Security Center agent installed. - Click
Install.
Default Value:
Not installed.
Usage
Run the control in your terminal:
powerpipe control run alicloud_compliance.control.cis_v200_4_6Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run alicloud_compliance.control.cis_v200_4_6 --shareSQL
This control uses a named query:
with instances_with_agent as ( select instance_id, instance_name, client_status, client_version, region, account_id from alicloud_security_center_asset where client_status IN ('online', 'offline'))select arn as resource, case when i.status <> 'Running' then 'skip' when sca.client_status in ('online', 'offline') then 'ok' else 'alarm' end as status, case when i.status <> 'Running' then i.title || ' is not running.' when sca.client_status = 'online' then i.title || ' has Security Center agent installed and online.' when sca.client_status = 'offline' then i.title || ' has Security Center agent installed but is offline.' else i.title || ' does not have Security Center agent installed.' end as reason , i.account_id as account_id, i.region as regionfrom alicloud_ecs_instance i left join instances_with_agent sca on i.instance_id = sca.instance_id and i.region = sca.region and i.account_id = sca.account_id;