tencent cloud

Feedback

Downloading Security Analysis Report

Last updated: 2024-01-23 17:57:37

    Overview

    You can download a user credential report to view the credential status of all Tencent Cloud sub-accounts and their sub-users, as well as the console login password, access key and account security settings. This report can also be used for compliance audit.

    Directions

    1. Log in to the CAM console, and click Overview in the left sidebar.
    2. In the “Security Analysis Report” module, click Download User Credential Report and complete identity verification as prompted. Then the report will be automatically generated.
    3. After downloading the report, you can view it locally.
    Note:
    A user credential report in CSV format is generated in the console every four hours. If you click Download User Credential Report within four hours after the last report is generated, you will get the same report rather than a new one.

    Report Format

    The user credential report is in CSV format. You can use common spreadsheet software to open the CSV file for further analysis or use the file programmatically and perform custom analysis. The CSV file contains the following information:
    Field
    Description
    Value
    AccountID
    Account ID
    Sub-account ID
    Username
    Username
    Sub-account username
    UserType
    User type
    Sub-user: sub-user
    Collaborator: collaborator
    WeWork-Sub-user: WeCom sub-user
    Message-receiver: message recipient
    CreationTime
    Creation time
    Sample value: 2019/8/16 9:25:56
    PasswordEnabled
    Whether the console login password is enabled
    TRUE: enabled
    FALSE: disabled. Console access is disabled and the login password is not set.
    not_supported: not supported. A WeCom sub-user logs in by scanning the QR code without a password. A message recipient only receives messages and does not have a password. A collaborator logs in as a root account and is not subject to this field.
    PasswordLastRotation
    Time when the password was last modified
    FALSE: Console access is disabled and the login password is not set.
    not_supported: not supported. A WeCom sub-user logs in by scanning the QR code without a password. A message recipient only receives messages and does not have a password. A collaborator logs in as a root account and is not subject to this field.
    LoginConsoleActive
    Whether console login is supported
    TRUE: enabled
    FALSE: disabled
    not_supported: not supported. A message recipient only receives messages and does not have a login password. A collaborator logs in as a root account and is not subject to this field.
    LoginProtectionActive
    Whether login protection is enabled
    TRUE: enabled
    FALSE: disabled
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    OperationProtectionActive
    Whether operation protection is enabled
    TRUE: enabled
    FALSE: disabled
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    MFADeviceActive
    Whether MFA is enabled
    TRUE: enabled
    FALSE: disabled
    not_supported: not supported. A message recipient only receives messages and does not have a login password. The sub-user has not been bound to a mobile number or WeChat account.
    Abnormal LoginsNumWithin30Days
    Whether suspicious login behavior is detected in 30 days
    TRUE: suspicious login behavior detected
    FALSE: suspicious login behavior not detected
    AccessKey1SecretId
    SecretId of key 1
    N/A: no key
    AccessKey1MayBeAtRisk
    Whether key 1 has leakage risk
    TRUE: at risk
    FALSE: no risk
    N/A: no key 1
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    AccessKey1CreationTime
    Creation time of key 1
    N/A: no key 1
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    AccessKey1Status
    Status of key 1
    Active: enabled
    Disable: disabled
    N/A: no key 1
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    AccessKey1lastUsedDate
    Time when key 1 was last used
    N/A: no key 1
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    AccessKey1CreatedOver90Days
    Whether key 1 has been created for over 90 days
    N/A: no key 1
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    AccessKey1CreatedOver30Days
    Whether key 1 has been created for over 30 days
    N/A: no key 1
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    AccessKey2SecretId
    SecretId of key 2
    N/A: no key 2
    AccessKey2MayBeAtRisk
    Whether key 2 has leakage risk
    TRUE: at risk
    FALSE: no risk
    N/A: no key 2
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    AccessKey2CreationTime
    Creation time of key 2
    N/A: no key 2
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    AccessKey2Status
    Status of key 2
    Active: enabled
    Disable: disabled
    N/A: no key 2
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    AccessKey2lastUsedDate
    Time when key 2 was last used
    N/A: no key 2
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    AccessKey2CreatedOver90Days
    Whether key 2 has been created for over 90 days
    N/A: no key 2
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    AccessKey2CreatedOver30Days
    Whether key 2 has been created for over 30 days
    N/A: no key 2
    not_supported: not supported. A message recipient only receives messages and does not have a login password.
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support