使用资产清单浏览和管理资源Explore and manage your resources with asset inventory

Azure 安全中心的资产清单页提供了一个页面,用于查看已连接到安全中心的资源的安全状况。The asset inventory page of Azure Security Center provides a single page for viewing the security posture of the resources you've connected to Security Center.

安全中心会定期分析 Azure 资源的安全状态,以识别潜在的安全漏洞。Security Center periodically analyzes the security state of your Azure resources to identify potential security vulnerabilities. 然后会提供有关如何消除这些安全漏洞的建议。It then provides you with recommendations on how to remediate those vulnerabilities.

当任何资源具有未完成的建议时,它们将显示在清单中。When any resource has outstanding recommendations, they'll appear in the inventory.

使用此视图及其筛选器可以解决以下这类问题:Use this view and its filters to address such questions as:

  • 我的哪些启用了 Azure Defender 的订阅具有重要建议?Which of my subscriptions with Azure Defender enabled have outstanding recommendations?
  • 我的哪些标记为“生产”的计算机缺少 Log Analytics 代理?Which of my machines with the tag 'Production' are missing the Log Analytics agent?
  • 我的多少台标记有特定标记的计算机具有重要建议?How many of my machines tagged with a specific tag have outstanding recommendations?
  • 特定资源组中有多少资源具有漏洞评估服务提供的安全结果?How many resources in a specific resource group have security findings from a vulnerability assessment service?

此工具的资产管理可能性很大,并且还在不断增长。The asset management possibilities for this tool are substantial and continue to grow.

提示

资产库存页面上的安全建议与“建议”页面上的安全建议相同,但资产库存页面会根据受影响的资源进行显示。The security recommendations on the asset inventory page are the same as those on the Recommendations page, but here they're shown according to the affected resource. 有关如何解决建议的详细信息,请参阅在 Azure 安全中心实施安全建议For information about how to resolve recommendations, see Implementing security recommendations in Azure Security Center.

可用性Availability

方面Aspect 详细信息Details
发布状态:Release state: 正式发布版 (GA)General Availability (GA)
定价:Pricing: 免费Free
所需角色和权限:Required roles and permissions: 所有用户All users
云:Clouds: 是 中国云China Cloud

资产库存的主要功能是什么?What are the key features of asset inventory?

库存页提供以下工具:The inventory page provides the following tools:

Azure 安全中心内资产清单页的主要功能

1 - 摘要1 - Summaries

在定义任何筛选器之前,会显示库存视图顶部突出的值条带:Before you define any filters, a prominent strip of values at the top of the inventory view shows:

  • 资源总数:连接到安全中心的资源总数。Total resources: The total number of resources connected to Security Center.
  • 不正常的资源:具有有效安全建议的资源。Unhealthy resources: Resources with active security recommendations. 详细了解安全建议Learn more about security recommendations.
  • 未受监视的资源:有代理监视问题的资源 - 已部署 Log Analytics 代理,但代理没有发送数据或有其他运行状况问题。Unmonitored resources: Resources with agent monitoring issues - they have the Log Analytics agent deployed, but the agent isn't sending data or has other health issues.
  • 未注册的订阅:所选作用域中尚未连接到 Azure 安全中心的任何订阅。Unregistered subscriptions: Any subscription in the selected scope that haven't yet been connected to Azure Security Center.

2 - 筛选器2 - Filters

页面顶部的多个筛选器提供一种根据你尝试回答的问题快速优化资源列表的方法。The multiple filters at the top of the page provide a way to quickly refine the list of resources according to the question you're trying to answer. 例如,如果你想回答问题“我的哪台带有“生产”标记的计算机缺少 Log Analytics 代理?”,可以将“代理监视”筛选器与“标记”筛选器组合在一起。 For example, if you wanted to answer the question Which of my machines with the tag 'Production' are missing the Log Analytics agent? you could combine the Agent monitoring filter with the Tags filter.

应用筛选器后,摘要值就会更新为与查询结果相关的值。As soon as you've applied filters, the summary values are updated to relate to the query results.

3 - 导出和资产管理工具3 - Export and asset management tools

导出选项 - 库存提供了将所选筛选器选项的结果导出到 CSV 文件的选项。Export options - Inventory includes an option to export the results of your selected filter options to a CSV file. 还可以将查询本身导出到 Azure Resource Graph 资源管理器,以进一步优化、保存或修改 Kusto 查询语言 (KQL) 查询。You can also export the query itself to Azure Resource Graph Explorer to further refine, save, or modify the Kusto Query Language (KQL) query.

提示

> <span data-ttu-id="b83ee-145">KQL 文档为数据库提供一些示例数据以及一些简单的查询,以获取相应语言的体验。</span><span class="sxs-lookup"><span data-stu-id="b83ee-145">The KQL documentation provides a database with some sample data together with some simple queries to get the "feel" for the language.</span></span> <span data-ttu-id="b83ee-146">[通过此 KQL 教程了解详细信息](/data-explorer/kusto/query/tutorial?pivots=azuredataexplorer)。</span><span class="sxs-lookup"><span data-stu-id="b83ee-146">[Learn more in this KQL tutorial](/data-explorer/kusto/query/tutorial?pivots=azuredataexplorer).</span></span>

资产管理选项 - 通过库存可以执行复杂的发现查询。Asset management options - Inventory lets you perform complex discovery queries. 找到与查询匹配的资源后,库存将提供诸如以下操作的快捷方式:When you've found the resources that match your queries, inventory provides shortcuts for operations such as:

  • 将标签分配给经过筛选的资源 - 选中要标记的资源旁边的复选框。Assign tags to the filtered resources - select the checkboxes alongside the resources you want to tag.
  • 在安全中心中加入新服务器 - 使用“添加非 Azure 服务器”工具栏按钮。Onboard new servers to Security Center - use the Add non-Azure servers toolbar button.
  • 使用 Azure 逻辑应用自动执行工作负载 - 使用“触发逻辑应用”按钮可在一个或多个资源上运行逻辑应用。Automate workloads with Azure Logic Apps - use the Trigger Logic App button to run a logic app on one or more resources. 逻辑应用必须提前准备好,并接受相关的触发器类型(HTTP 请求)。Your logic apps have to be prepared in advance, and accept the relevant trigger type (HTTP request). 详细了解逻辑应用Learn more about logic apps.

资产库存的工作方式?How does asset inventory work?

资产库存利用 Azure Resource Graph (ARG),这种 Azure 服务提供跨多个订阅查询安全中心的安全状况数据的功能。Asset inventory utilizes Azure Resource Graph (ARG), an Azure service that provides the ability to query Security Center's security posture data across multiple subscriptions.

ARG 用于提供高效资源探索,并具有大规模查询的功能。ARG is designed to provide efficient resource exploration with the ability to query at scale.

资产库存可以使用 Kusto 查询语言 (KQL),通过将 ASC 数据与其他资源属性进行交叉引用来快速生成深度见解。Using the Kusto Query Language (KQL), asset inventory can quickly produce deep insights by cross-referencing ASC data with other resource properties.

如何使用资产库存How to use asset inventory

  1. 从安全中心的边栏选择“库存”。From Security Center's sidebar, select Inventory.

  2. 使用“按名称筛选”框可显示特定资源,或以如下所述的方式使用筛选器。Use the Filter by name box to display a specific resource, or use the filters as described below.

  3. 在筛选器中选择相关选项,以创建要执行的特定查询。Select the relevant options in the filters to create the specific query you want to perform.

    默认情况下,资源按有效安全建议的数量排序。By default, the resources are sorted by the number of active security recommendations.

    重要

    每个筛选器中的选项特定于当前选择的订阅中的资源和你在其他筛选器中的选择。The options in each filter are specific to the resources in the currently selected subscriptions and your selections in the other filters.

    例如,如果你仅选择了一个订阅,并且该订阅没有要修正的具有重要安全建议的资源(0 个运行不正常的资源),则“建议”筛选器将没有选项。For example, if you've selected only one subscription, and the subscription has no resources with outstanding security recommendations to remediate (0 unhealthy resources), the Recommendations filter will have no options.

    使用 Azure 安全中心的资产清单中的筛选器选项来筛选不受监视的生产资源

  4. 若要使用“安全发现包含”筛选器,请通过漏洞发现的 ID、安全检查或 CVE 名称输入自由文本以筛选受影响的资源:To use the Security findings contain filter, enter free text from the ID, security check, or CVE name of a vulnerability finding to filter to the affected resources:

    “安全发现包含”筛选器

    提示

    “安全发现包含”和“标记”筛选器仅接受一个值 。The Security findings contain and Tags filters only accept a single value. 若要使用多个筛选器,请使用“添加筛选器”。To filter by more than one, use Add filters.

  5. 若要使用“Azure Defender”筛选器,请选择一个或多个选项(“关”、“开”或“部分”):To use the Azure Defender filter, select one or more options (Off, On, or Partial):

    • 关 - 不受 Azure Defender 计划保护的资源。Off - Resources that aren't protected by an Azure Defender plan. 可以右键单击其中任意一些资源并对其进行升级:You can right-click on any of these and upgrade them:

      通过右键单击将资源升级到 Azure Defender

    • 开 - 受 Azure Defender 计划保护的资源On - Resources that are protected by an Azure Defender plan

    • 部分 - 此选项应用于禁用了某些(但不是全部)Azure Defender 计划的订阅 。Partial - This applies to subscriptions that have some but not all of the Azure Defender plans disabled.

  1. 若要进一步检查查询结果,请选择你感兴趣的资源。To further examine the results of your query, select the resources that interest you.

  2. 若要在 Resource Graph Explorer 中以查询的形式查看当前选定的筛选器选项,请选择“打开查询”。To view the current selected filter options as a query in Resource Graph Explorer, select Open query.

    ARG 中的库存查询

  3. 运行先前定义的逻辑应用To run a previously defined logic app with

  4. 如果已经定义了一些筛选器并使页面保持打开状态,则安全中心不会自动更新结果。If you've defined some filters and left the page open, Security Center won't update the results automatically. 除非手动重新加载页面或选择“刷新”,否则对资源的任何更改都不会影响显示的结果。Any changes to resources won't impact the displayed results unless you manually reload the page or select Refresh.

常见问题解答 - 库存FAQ - Inventory

为什么未显示我的所有订阅、计算机、存储帐户等?Why aren't all of my subscriptions, machines, storage accounts, etc. shown?

库存视图从云安全状况管理 (CSPM) 角度列出了安全中心连接的资源。The inventory view lists your Security Center connected resources from a Cloud Security Posture Management (CSPM) perspective. 筛选器不会返回你环境中的所有资源;只会返回那些具有重要(或“有效”)建议的资源。The filters don't return every resource in your environment; only the ones with outstanding (or 'active') recommendations.

例如,以下屏幕截图显示了一个有权访问 38 个订阅但只有 10 个订阅现在有建议的用户。For example, the following screenshot shows a user with access to 38 subscriptions but only 10 currently have recommendations. 因此,当它们按“资源类型 = 订阅”进行筛选时,库存中仅显示具有有效建议的那 10 个订阅:So when they filter by Resource type = Subscriptions, only those 10 subscriptions with active recommendations appear in the inventory:

在没有有效建议的情况下,并非所有子项都返回

为什么我的一些资源在 Azure Defender 或代理监视列中显示空值?Why do some of my resources show blank values in the Azure Defender or agent monitoring columns?

并非所有受安全中心监视的资源都有代理。Not all Security Center monitored resources have agents. 例如,Azure 存储帐户或 PaaS 资源(如磁盘)。For example, Azure Storage accounts or PaaS resources such as disks.

当定价或代理监视与资源无关时,库存的这些列中将不会显示任何内容。When pricing or agent monitoring isn't relevant for a resource, nothing will be shown in those columns of inventory.

某些资源在代理监视或 Azure Defender 列中显示空白信息

后续步骤Next steps

本文介绍 Azure 安全中心的资产库存页面。This article described the asset inventory page of Azure Security Center.

有关相关工具的详细信息,请参阅以下页面:For more information on related tools, see the following pages: