Help & Documentation>Cloud Access Management>User Guide>Downloading Security Analysis Report

Downloading Security Analysis Report

Last updated: 2024-02-01 19:19:13

Scenario

You can download the User Credential Report to obtain the status of all Tencent Cloud sub-accounts and their user credentials, including console login passwords, access keys, and account security settings. This report can be used for compliance audits.

Instructions

1. Log in to the Cloud Access Management Console and navigate to the Overview page.
2. In the Security Analysis Report section, click Download User Credential Report. Follow the prompts to authenticate your identity. The system automatically generates the relevant report.
3. After the report is successfully downloaded, you can proceed to view it locally.
Note
A user credential report in CSV format is generated in the console every four hours. If you click Download User Credential Report within four hours after the last report is generated, you will get the same report rather than a new one.

Report Format

The User Credential Report is in CSV file format. You can open the CSV file with common spreadsheet software for analysis, or build an application to programmatically use the CSV file and perform custom analysis. The CSV file contains the following information:
Parameter
Description
Value Description
Account ID
Account ID
Sub-account ID
Username
Username
Sub-account Username
UserType
User type
Sub-user: A sub-user
Collaborator: Co-author
WeWork Sub-user: WeCom Sub-user
Message receiver: recipient of the message. For more details, see User Types.
CreationTime
Creation time
Example: 2019-08-16 9:25:56
PasswordEnabled
Is the console password enabled?
TRUE: Enabled
FALSE: Not enabled. Console access has been disabled, and no login password has been set.
not_supported: N/A. WeWork-Sub-user (WeCom sub-user) logs in by scanning the WeCom QR code and does not have a login password; the message receiver (message recipient) is solely used for receiving messages and does not have a login password; the collaborator logs in using the primary account password and is not applicable to this item.
PasswordLastRotation
Last Password Modification Time
FALSE: Console access has been disabled, and no login password has been set.
not_supported: N/A. WeWork-Sub-user (WeCom sub-user) logs in by scanning the WeCom QR code and does not have a login password; the message receiver (message recipient) is solely used for receiving messages and does not have a login password; the collaborator logs in using the primary account password and is not applicable to this item.
LoginConsoleActive
Support for console login
TRUE: Supported
FALSE: Unsupported
not_supported: N/A. The message receiver is solely used for receiving messages and does not have a login password; the collaborator logs in using the primary account identity and is not applicable to this item.
LoginProtectionActive
Is login protection enabled?
TRUE: Enabled
FALSE: Not enabled
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
OperationProtectionActive
Is operation protection enabled?
TRUE: Enabled
FALSE: Not enabled
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
MFADeviceActive
Is MFA Enabled?
TRUE: Enabled
FALSE: Not enabled
not_supported: N/A. The message receiver is only used for receiving messages and does not have a login password; the Sub-user has not bound any contact methods (mobile, WeChat).
Abnormal LoginsNumWithin30Days
Unusual Logins in the Past 30 Days
TRUE: Unusual logins detected.
FALSE: No unusual login activity detected.
AccessKey1SecretId
SecretId of Key 1
N/A: No key
AccessKey1MayBeAtRisk
Does Key 1 pose a risk of leakage?
TRUE: Exposed to leakage risks
FALSE: No risk
N/A: No Key 1
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
AccessKey1CreationTime
Creation Time of Key 1
N/A: No Key 1
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
AccessKey1Status
Key 1 Status
Active: Enabled
Disable: Disabled
N/A: No Key 1
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
AccessKey1lastUsedDate
Last usage time of Key 1
N/A: No Key 1
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
AccessKey1CreatedOver90Days
Has Key 1 been created for more than 90 days?
N/A: No Key 1
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
AccessKey1CreatedOver30Days
Has Key 1 been created for more than 30 days?
N/A: No Key 1
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
AccessKey2SecretId
SecretId of Key 2
N/A: No second key
AccessKey2MayBeAtRisk
Does Key 2 pose a risk of leakage?
TRUE: Exposed to leakage risks
FALSE: No risk
N/A: No second key
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
AccessKey2CreationTime
Creation Time of Key 2
N/A: No second key
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
AccessKey2Status
Key 2 Status
Active: Enabled
Disable: Disabled
N/A: No second key
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
AccessKey2lastUsedDate
Last usage time of Key 2
N/A: No second key
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
AccessKey2CreatedOver90Days
Has Key 2 been created for more than 90 days?
N/A: No second key
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
AccessKey2CreatedOver30Days
Has Key 2 been created for more than 30 days?
N/A: No second key
not_supported: N/A. The message receiver is solely for receiving messages and does not have a login password.
Last Console Login Time
Last Console Login Time
N/A: No records available
not_supported: Console login not supported