- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Cloud Workload Protection Description
- Best Practices
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Intrusion Detection APIs
- TrustMalwares
- RecoverMalwares
- MisAlarmNonlocalLoginPlaces
- DescribeNonlocalLoginPlaces
- DescribeMalwares
- DescribeBruteAttacks
- DeleteMalwares
- UntrustMalwares
- SeparateMalwares
- UntrustMaliciousRequest
- TrustMaliciousRequest
- ExportMaliciousRequests
- DescribeMaliciousRequests
- DeleteMaliciousRequests
- ModifyLoginWhiteList
- ExportNonlocalLoginPlaces
- ExportMalwares
- ExportBruteAttacks
- DescribeLoginWhiteList
- DeleteLoginWhiteList
- AddLoginWhiteList
- Overview Statistics-Related APIs
- Vulnerability Management-Related APIs
- Setting Center-Related APIs
- Asset Management APIs
- DescribeProcesses
- DescribeProcessTaskStatus
- DescribeProcessStatistics
- DescribeHistoryAccounts
- DescribeComponents
- DescribeComponentStatistics
- DescribeComponentInfo
- DescribeAccounts
- DescribeAccountStatistics
- CreateProcessTask
- EditTags
- DescribeTags
- DescribeTagMachines
- DescribeOpenPortTaskStatus
- DeleteMachineTag
- AddMachineTag
- CreateOpenPortTask
- Other APIs
- DescribeUsualLoginPlaces
- DeleteUsualLoginPlaces
- DeleteNonlocalLoginPlaces
- DeleteMachine
- DeleteBruteAttacks
- CreateUsualLoginPlaces
- CloseProVersion
- DescribeWeeklyReports
- DescribeWeeklyReportVuls
- DescribeWeeklyReportNonlocalLoginPlaces
- DescribeWeeklyReportMalwares
- DescribeWeeklyReportInfo
- DescribeWeeklyReportBruteAttacks
- DescribeOpenPorts
- DescribeOpenPortStatistics
- RenewProVersion
- OpenProVersionPrepaid
- ModifyProVersionRenewFlag
- InquiryPriceOpenProVersionPrepaid
- OpenProVersion
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- CWPP Policy
- Contact Us
- Glossary
- Release Notes and Announcements
- Product Introduction
- Purchase Guide
- Quick Start
- Operation Guide
- Cloud Workload Protection Description
- Best Practices
- Troubleshooting
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Intrusion Detection APIs
- TrustMalwares
- RecoverMalwares
- MisAlarmNonlocalLoginPlaces
- DescribeNonlocalLoginPlaces
- DescribeMalwares
- DescribeBruteAttacks
- DeleteMalwares
- UntrustMalwares
- SeparateMalwares
- UntrustMaliciousRequest
- TrustMaliciousRequest
- ExportMaliciousRequests
- DescribeMaliciousRequests
- DeleteMaliciousRequests
- ModifyLoginWhiteList
- ExportNonlocalLoginPlaces
- ExportMalwares
- ExportBruteAttacks
- DescribeLoginWhiteList
- DeleteLoginWhiteList
- AddLoginWhiteList
- Overview Statistics-Related APIs
- Vulnerability Management-Related APIs
- Setting Center-Related APIs
- Asset Management APIs
- DescribeProcesses
- DescribeProcessTaskStatus
- DescribeProcessStatistics
- DescribeHistoryAccounts
- DescribeComponents
- DescribeComponentStatistics
- DescribeComponentInfo
- DescribeAccounts
- DescribeAccountStatistics
- CreateProcessTask
- EditTags
- DescribeTags
- DescribeTagMachines
- DescribeOpenPortTaskStatus
- DeleteMachineTag
- AddMachineTag
- CreateOpenPortTask
- Other APIs
- DescribeUsualLoginPlaces
- DeleteUsualLoginPlaces
- DeleteNonlocalLoginPlaces
- DeleteMachine
- DeleteBruteAttacks
- CreateUsualLoginPlaces
- CloseProVersion
- DescribeWeeklyReports
- DescribeWeeklyReportVuls
- DescribeWeeklyReportNonlocalLoginPlaces
- DescribeWeeklyReportMalwares
- DescribeWeeklyReportInfo
- DescribeWeeklyReportBruteAttacks
- DescribeOpenPorts
- DescribeOpenPortStatistics
- RenewProVersion
- OpenProVersionPrepaid
- ModifyProVersionRenewFlag
- InquiryPriceOpenProVersionPrepaid
- OpenProVersion
- Data Types
- Error Codes
- FAQs
- Service Level Agreement
- CWPP Policy
- Contact Us
- Glossary
The features of different CWPP editions are listed below.
Category | Feature | Description | CWPP Basic
Free of charge | CWPP Pro
Monthly subscription: 12 USD/license/month | CWPP Ultimate
Monthly subscription: 27 USD/license/month | Value-Added Service (Billed Independently) |
Security Dashboard | Security Dashboard | Displays the health score, protection status, pending risks, risk trend, and new security incidents in real time. | ✓ | ✓ | ✓ | - |
Asset Management | Asset Dashboard | Displays the statistics of all servers and asset fingerprints, as well as top 5 accounts, ports, processes, software applications, databases, Web applications, Web services, Web frameworks, and Web sites. | ✓ | ✓ | ✓ | - |
| Server List | Displays the information of all servers connected to CWPP, helping you get a full picture of the security status of your assets. | ✓ | ✓ | ✓ | - |
| Asset Fingerprint | Provides detailed asset inventory data about server resource monitoring, accounts, ports, and processes and helps you quickly investigate the risks of security events that have occurred. | × | ✓
Supports 10 kinds of fingerprints | ✓
Supports 15 kinds of fingerprints | - |
Intrusion Detection | Malicious File Scan | Webshell detection: Detects common web script Trojans and backdoors, covering various script languages such as ASP, PHP, JSP, and Python. Binary virus and Trojan detection: Detects binary executable viruses and Trojans such as DDoS Trojans, remote control, and mining software on .exe, .ddl, and .bin files, and sends alarms. | ✓
Detects at most 5 risks for free | ✓
Supports detection (no auto isolation) | ✓
Supports detection, and auto isolation | - |
| Password Cracking | Supports real-time detection, alarm, and blocking of brute force attacks on SSH and RDP, and login allowlist configuration. Supports user-defined blocking rules for brute force attacks, such as rules to detect brute force attacks 5 times within 1 minute and block the attacks detected for 15 minutes. Records events, including the cracking status, server, attacker IP, attack source, login username, attack time, number of attack attempts and blocking status. | ✓
Supports detection only (no blocking) | ✓
Supports detection and auto blocking | ✓
Supports detection and auto blocking | - |
| Unusual Login | Detects logins in real time, and automatically identifies non-allowlist IP logins and malicious logins. Supports allowlist configuration in terms of login source, source IP, server, login username and login time. | ✓ | ✓ | ✓ | - |
| Malicious Requests | Detects the server's internal or external connection requests with malicious domain names in real time, provides threat source information and event records, and sends alarms automatically to users. | × | ✓ | ✓ | - |
| Local Privilege Escalation | Supports real-time alarms for local privilege escalation, and allowlist configuration. Records events, including the server name, privilege escalation user, privilege escalation process, parent process, parent process user, discovery time, file path and process tree. | × | ✓ | ✓ | - |
| Reverse Shell | Supports real-time alarms for reverse shells, and allowlist configuration. Records events, including the server name, connection process, parent process, target server, target port, discovery time, file path, process tree and execution commands. | × | ✓ | ✓ | - |
| High-risk Commands | Records the bash command executed on the CVM, and monitors potentially dangerous operations aligning with the audit rules in real time. Provides default rules and user-defined rules. Records events, including the server name, matched rule name, threat level, command content, login user and operation time. | × | ✓ | ✓ | - |
Vulnerability Management | Urgent Vulnerability | Detects recent urgent vulnerabilities (such as zero-day attacks). Displays vulnerability details, including the vulnerability description, vulnerability type, threat level, fix scheme, reference link, disclosure event, CVE number, CVSS score, and radar chart. |
✓
Detects at most 5 risks for free
| ✓ Supports detection (no fixing) | ✓ Supports detection and partial fixing | - |
| Linux Software Vulnerability | Detects gnutls resource management errors and other common Linux software vulnerabilities and provides fix schemes. Displays vulnerability details, including the vulnerability description, vulnerability type, threat level, fix scheme, reference link, disclosure event, CVE number, CVSS score, and radar chart. | | | | - |
| Windows System Vulnerability | Detects and provides fix schemes for Windows system vulnerabilities by syncing the patch sources on Microsoft's official website in real time, to prevent hackers from attacking or threatening your server through the vulnerabilities. Displays vulnerability details, including the vulnerability description, vulnerability type, threat level, fix scheme, reference link, disclosure event, CVE number, CVSS score, and radar chart. | | | | - |
| Web-CMS Vulnerability | Checks phpMyAdmin, WordPress and other web components for common Web vulnerabilities and provides fix schemes. Displays vulnerability details, including the vulnerability description, vulnerability type, threat level, fix scheme, reference link, disclosure event, CVE number, CVSS score, and radar chart. | | | | - |
| Application Vulnerability | Provides weak password detection for system services, as well as vulnerability detection for system and application services. Displays vulnerability details, including the vulnerability description, vulnerability type, threat level, fix scheme, reference link, disclosure event, CVE number, CVSS score, and radar chart. | | | | - |
Security Baseline | CIS Baseline Standard | Supports baseline checks against CIS and weak passwords, and provides fix schemes. Displays check results, including the check server, check items, baseline pass rate, top 5 baseline check items and top 5 server risks, and supports periodic and quick checks. | ✓ Detects at most 5 risks for free | ✓ Supports detection (no customization) | ✓ Supports detection and customization | - |
| Tencent Cloud Baseline Standard | | | | | - |
| Weak Password Baseline | | | | | - |
Advanced Defense | Core File Monitoring | You can configure monitoring rules for core files and view and process monitoring events. You can also configure the allowlist to allow permitted access to files. (Only operating systems with Linux kernel 3.10 or above are supported.) | × | × | ✓ | - |
Value-Added Service | Log Analysis | View the details of all stored traffic logs. Log search and query based on search statements are supported. Report and statistical analysis services are provided. | × Value-added billing | × Value-added billing | × Value-added billing | Independent billing: 0.13 USD/GB/month |
Settings | Alarm Notification | Supports alarm notifications via SMS and email, and lists of alarm events. | ✓ | ✓ | ✓ | - |
| License Management | If you have purchased the CWPP Pro or CWPP Ultimate, you can bind the server to upgrade its protection level on the License Management page. You can also unbind an upgraded server. | ✓ | ✓ | ✓ | - |
Performance | Resource Consumption | Each agent requires low resource usage with CPU usage below 5% and memory below 30 MB, which does not affect the system performance. | ✓ | ✓ | ✓ | - |
| High Stability | With a high-reliability and high-stability system, CVM can implement mechanisms such as downgrade or suicide to ensure the availability of your business. | ✓ | ✓ | ✓ | - |
| Multi-Operating System Support | Compatible with major operating systems such as Windows, CentOS, Debian, and RedHat. | ✓ | ✓ | ✓ | - |
Yes
No
Was this page helpful?