Skip to content
Nuclei Templates

Security Center Plan - Disabled

ID: security-plan-disabled

Severity: medium

Author: DhiyaneshDK

Tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,security-center

Description

Section titled “Description”

Ensure your Alibaba Cloud Security Center is on the Advanced or Enterprise Edition for enhanced security features like malware detection, webshell identification, and anomaly recognition. Upgrading provides critical protection against undetected threats.

YAML Source

Section titled “YAML Source”
id: security-plan-disabled


info:
  name: Security Center Plan - Disabled
  author: DhiyaneshDK
  severity: medium
  description: |
    Ensure your Alibaba Cloud Security Center is on the Advanced or Enterprise Edition for enhanced security features like malware detection, webshell identification, and anomaly recognition. Upgrading provides critical protection against undetected threats.
  reference:
    - https://www.alibabacloud.com/help/en/security-center/product-overview/upgrade-and-downgrade-security-center
    - https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-SecurityCenter/security-center-plan.html
  metadata:
    max-request: 1
    verified: true
  tags: cloud,devops,aliyun,alibaba,alibaba-cloud-config,security-center


variables:
  region: "cn-hangzhou"


self-contained: true


code:
  - engine:
      - sh
      - bash
    source: |
      aliyun sas DescribeVersionConfig --region $region


    matchers:
      - type: word
        words:
          - '"IsPaidUser": false'
          - '"Version": 1'
        condition: and


    extractors:
      - type: dsl
        dsl:
          - '" Security Center Plan is Not Configured to Enterprise or Advance Edition "'
# digest: 4a0a00473045022100ddf5ad89ed8b0bec452536604f4644db143949178d1a3c98a9e50a1b3b0c0d1c02207ad46afe86a5e613808f1d73c1bb5411e803b114cb49423d6f14d1034de91d25:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "cloud/alibaba/security-center/security-plan-disabled.yaml"

View on Github