中文(UHIDS 主机安全)
UHIDS 提供主机入侵检测与安全防护能力,用于对云主机/裸金属等主机进行安全监控、威胁检测与告警,帮助你更早发现异常行为并进行处置。
适用场景
- 生产主机安全:异常登录、可疑进程、恶意文件
- 合规要求:需要安全基线与审计留痕
- 运维可视化:关键主机风险与告警统一汇总(可配合 USC)
举例:发现暴力破解 SSH
- 攻击者对 22 端口发起大量登录尝试
- UHIDS 识别异常登录/高频失败并告警
- 建议动作:
- 在安全组限制 SSH 来源 IP
- 改用密钥登录,关闭密码登录
- 必要时封禁 IP,并检查是否已有成功入侵迹象
最佳实践
- 关键主机尽量不暴露公网管理端口
- 与 UAuditHost/USC/UMon 联动,形成“检测—告警—处置”闭环
English (UHIDS)
UHIDS provides host intrusion detection and security monitoring for VMs/bare metal, helping you detect suspicious behaviors early and respond effectively.
Use cases
- Production host security: abnormal logins, suspicious processes, malware
- Compliance baseline and audit evidence
- Unified risk and alert visibility (with USC)
Example: Detect SSH brute-force attempts
- Attackers attempt many SSH logins
- UHIDS detects abnormal login patterns and raises alerts
- Recommended actions: restrict SSH source IPs, use SSH keys, investigate host
