Tip: ASAC check units adopt a modular design, with each unit working independently while cooperating with each other. It is recommended to select the appropriate combination of check units based on actual requirements to achieve the best security detection results.
| Code | Name | Description |
|---|
ASAC800000_0 | Get ASAC800000 Basic Info | Get system and BIOS model |
ASAC800000_1 | Check VM Feature Keywords | Check virtual machine system feature keywords |
ASAC800000_2 | Check VM System Feature Files | Check virtual machine system feature files |
ASAC800000_3 | Check VM System Feature Processes | Check virtual machine system feature processes |
ASAC800000_4 | Check VM System Registry Keys | Check virtual machine system registry keys |
ASAC800000_5 | ADV Check DMI Table Info | Check DMI table information |
Usage Suggestion: When performing security detection in virtualized environments, it is recommended to enable complete virtual machine feature checks, including file, process, and registry level detection, which can effectively identify common virtualization escape behaviors.
| Code | Name | Description |
|---|
ASAC800001_0 | Get System Activity Logs | Get system activity logs |
ASAC800001_1 | Check Suspicious Program Running Logs | Check suspicious program running logs in system activity info |
ASAC800001_2 | Check Suspicious Path Activity Logs | Check suspicious path activity logs in system activity info |
ASAC800001_3 | Check Suspicious Software Signature Logs | Check suspicious software signature logs in system activity info |
Note: System activity logs may contain a large amount of data. It is recommended to combine time range filtering for analysis to improve investigation efficiency.
| Code | Name | Description |
|---|
ASAC800002_0 | Get USB Device List | Get list of currently connected USB devices |
ASAC800002_1 | Check USB Device Insertion Records | Check USB device insertion and removal records |
ASAC800002_2 | Check USB Device Status | Check USB device connection status |
Usage Suggestion: USB device monitoring helps track device connections and can detect suspicious external device connections.
| Code | Name | Description |
|---|
ASAC800003_0 | Get PCIe Device List | Get list of currently connected PCIe devices |
ASAC800003_1 | Check PCIe Device Insertion Records | Check PCIe device insertion and removal records |
Usage Suggestion: PCIe device monitoring can detect hardware device changes and identify potential hardware-level threats.
| Code | Name | Description |
|---|
ASAC800004_0 | Get ACPI Device List | Get list of ACPI devices |
ASAC800004_1 | Check ACPI Device Status | Check ACPI device status |
| Code | Name | Description |
|---|
ASAC800005_0 | Get Bluetooth Device List | Get list of currently connected Bluetooth devices |
ASAC800005_1 | Check Bluetooth Device Insertion Records | Check Bluetooth device insertion and removal records |
| Code | Name | Description |
|---|
ASAC800006_0 | Get HID Device List | Get list of HID (Human Interface Device) devices |
| Code | Name | Description |
|---|
ASAC800007_0 | Get System Boot Records | Get system boot/shutdown records |
ASAC800007_1 | Check Unexpected Shutdown Count | Check count of unexpected shutdowns |
ASAC800007_2 | Check Current Uptime | Check current system uptime |
Usage Suggestion: Boot/shutdown record analysis can detect system anomalies and identify potential tampering behaviors.
| Code | Name | Description |
|---|
ASAC800008_0 | Get DLL Registration Info | Get DLL file registration information |
ASAC800008_1 | Check DLL Creation Time | Check DLL file creation time |
ASAC800008_2 | Check DLL Modification Time | Check DLL file modification time |
ASAC800008_3 | Check DLL Registration Time | Check DLL file registration time |
Usage Suggestion: DLL file analysis helps detect suspicious DLL injection and unauthorized modifications.
| Code | Name | Description |
|---|
ASAC800009_0 | Get Driver Registration Info | Get system driver registration information |
ASAC800009_1 | Check Driver Installation Time | Check driver installation time |
ASAC800009_2 | Check Driver Digital Signature | Check driver digital signature validity |
Usage Suggestion: Driver analysis can detect unauthorized drivers and potential rootkit threats.
