Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-alicloud-compliance
Overview
2Dashboards
163Benchmarks
65Queries
2Variables
GitHub

Control: 8.2 Ensure that all assets are installed with security agent

Description

Enable protection on all endpoints.

Remediation

Using the management console:

  1. Logon to Security Center Console.
  2. Select Settings.
  3. Click Agent.
  4. On Client to be installed tab, select all items on the list.
  5. Click One-click installation to install the agent on all assets.

Default Value:

Not installed.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v200_8_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v200_8_2 --share

SQL

This control uses a named query:

select
  'acs:securitycenter:' || region || ':' || account_id || ':asset/' || coalesce(instance_id, uuid) as resource,
  case
    when client_status = 'online' then 'ok'
    else 'alarm'
  end as status,
  case
    when client_status = 'online' then 'Asset ' || uuid || ' has security center agent installed and online.'
    when client_status = 'offline' then 'Asset ' || uuid || ' has security center agent installed but is offline.'
    when client_status = 'uninstall' then 'Asset '|| uuid || ' does not have security center agent installed.'
    when client_status is null then 'Asset ' || uuid || ' security center agent status unknown.'
    else 'Asset ' ||  uuid || ' security center agent status: ' || client_status || '.'
  end as reason
  , account_id as account_id, region as region
from
  alicloud_security_center_asset;

Tags

category = Compliance
cis = true
cis_item_id = 8.2
cis_level = 2
cis_section_id = 8
cis_type = automated
cis_version = v2.0.0
plugin = alicloud
service = AliCloud/SecurityCenter