创建安全中心数据的丰富交互式报表Create rich, interactive reports of Security Center data

Azure Monitor 工作簿提供灵活的画布来分析数据以及在 Azure 门户中创建丰富的可视报表。Azure Monitor Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal. 使用工作簿可以在整个 Azure 中接入多个数据源,并将其组合成统一的交互式体验。They allow you to tap into multiple data sources from across Azure, and combine them into unified interactive experiences.

工作簿提供了一组丰富的功能以用于将 Azure 数据可视化。Workbooks provide a rich set of capabilities for visualizing your Azure data. 有关每种可视化类型的详细示例,请参阅可视化效果示例和文档For detailed examples of each visualization type, see the visualizations examples and documentation.

在 Azure 安全中心内,你可以访问内置报表来跟踪组织的安全状况。Within Azure Security Center, you can access the built-in reports to track your organization’s security posture. 你还可以生成自定义报表,以查看安全中心或其他受支持的数据源中的各种数据。You can also build custom reports to view a wide range of data from Security Center or other supported data sources.

一段时间内的安全功能分数报告

可用性Availability

方面Aspect 详细信息Details
发布状态:Release state: 预览Preview
The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
定价:Pricing: 免费Free
所需角色和权限:Required roles and permissions: 若要保存工作簿,必须至少对目标资源组具有工作簿参与者权限To save workbooks, you must have at least Workbook Contributor permissions on the target resource group
云:Clouds: 是 中国云China cloud

利用集成的 Azure 工作簿功能,Azure 安全中心可以轻松构建自定义交互式报表。With the integrated Azure Workbooks functionality, Azure Security Center makes it straightforward to build your own custom, interactive reports. 安全中心还包含工作簿库,其中包含可供自定义的下列报表:Security Center also includes a workbook gallery with the following reports ready for your customization:

  • 一段时间内的安全功能分数 - 跟踪订阅的分数以及对资源建议的更改Secure Score Over Time - Track your subscriptions' scores and changes to recommendations for your resources
  • 系统更新 - 按资源、OS 和严重性等查看缺失的系统更新System Updates - View missing system updates by resources, OS, severity, and more
  • 漏洞评估发现结果 - 查看对 Azure 资源进行漏洞扫描的发现结果Vulnerability Assessment Findings - View the findings of vulnerability scans of your Azure resources

Azure 安全中心中内置工作簿的库

选择一个提供的报表或创建自己的报表。Choose one of the supplied reports or create your own.

提示

使用“编辑”按钮自定义提供的任何报表以满足你的需求。Use the Edit button to customize any of the supplied reports to your satisfaction. 完成编辑后,选择“保存”,所做的更改将保存到新工作簿中。When you're done editing, select Save and your changes will be saved to a new workbook.

编辑提供的工作簿以根据特定需求进行自定义

使用“一段时间内的安全功能分数”报表Use the 'Secure Score Over Time' report

此报表使用 Log Analytics 工作区中的安全功能分数数据。This report uses secure score data from your Log Analytics workspace. 需要从连续导出工具中导出该数据,如从 Azure 门户中的安全中心页面配置连续导出中所述。That data needs to be exported from the continuous export tool as described in Configure continuous export from the Security Center pages in Azure portal.

设置连续导出时,请将导出频率设置为“流式传输更新”和“快照” 。When you set up the continuous export, set the export frequency to both streaming updates and snapshots.

对于“一段时间内的安全功能分数”工作簿,需要从连续导出配置中的“导出频率”设置中选择这两个选项

备注

快照每周导出一次,因此你需要等待至少一周的时间来导出第一个快照,然后才能查看此报表中的数据。Snapshots get exported weekly, so you'll need to wait at least one week for the first snapshot to be exported before you can view data in this report.

提示

若要在组织中配置连续导出,请使用“配置大规模连续导出”中所述的 Azure 策略“DeployIfNotExist”策略。To configure continuous export across your organization, use the supplied Azure Policy 'DeployIfNotExist' policies described in Configure continuous export at scale.

“一段时间内的安全功能分数”报表有五个图形,用于向所选工作区报告订阅:The secure score over time report has five graphs for the subscriptions reporting to the selected workspaces:

图形Graph 示例Example
上周和上月的分数趋势Score trends for the last week and month
使用此部分可监视订阅的当前分数和分数的一般趋势。Use this section to monitor the current score and general trends of the scores for your subscriptions.
内置报表的安全功能分数趋势
所有选择的订阅的聚合分数Aggregated score for all selected subscriptions
将鼠标悬停在趋势线上的任意点上,可以查看所选时间范围内任意日期的聚合分数。Hover your mouse over any point in the trend line to see the aggregated score at any date in the selected time range.
所有选择的订阅的聚合分数
导致运行不正常的资源最多的建议Recommendations with the most unhealthy resources
此表可帮助你对所选时间段内使最多资源更改为运行不正常的建议进行会审。This table helps you triage the recommendations that have had the most resources changed to unhealthy over the selected period.
导致运行不正常的资源最多的建议
特定安全控制措施的分数Scores for specific security controls
安全中心的安全控制措施是建议的逻辑分组。Security Center's security controls are logical groupings of recommendations. 此图表一目了然地显示了所有控制措施的每周分数。This chart shows you, at a glance, the weekly scores for all of your controls.
所选时间段内安全控制措施的分数
资源更改Resources changes
此处列出了在所选时间段内导致状态发生更改(正常、不正常或不适用)的资源最多的建议。Recommendations with the most resources that have changed state (healthy, unhealthy, or not applicable) during the selected period are listed here. 从列表中选择任何建议,可以打开列出特定资源的新表。Select any recommendation from the list to open a new table listing the specific resources.
导致运行状况状态发生更改的资源最多的建议

使用“系统更新”报表Use the 'System Updates' report

此报表基于安全建议“应在计算机上安装系统更新”。This report is based on the security recommendation "System updates should be installed on your machines".

该报表有助于识别具有未完成更新的计算机。The report helps you identify machines with outstanding updates.

可以根据以下内容查看所选订阅的情况:You can view the situation for the selected subscriptions according to:

  • 具有未完成更新的资源列表The list of resources with outstanding updates
  • 资源中缺少的更新列表The list of updates missing from your resources

安全中心的系统更新报告(基于缺少的更新安全建议)

使用“漏洞评估结果”报表Use the 'Vulnerability Assessment Findings' report

安全中心在容器注册表中包含容器的漏洞扫描程序。Security Center includes vulnerability scanners for your containers in container registries.

详细了解如何使用这些扫描程序:Learn more about using these scanners:

每个扫描程序的结果都在单独的建议中报告:Findings for each of these scanners are reported in separate recommendations:

  • 应修正 Azure 容器注册表映像中的漏洞(由 Qualys 提供技术支持)Vulnerabilities in Azure Container Registry images should be remediated (powered by Qualys)

此报表收集这些结果,并按严重性、资源类型和类别对其进行整理。This report gathers these findings and organizes them by severity, resource type, and category.

安全中心的漏洞评估结果报表

从其他工作簿库导入工作簿Import workbooks from other workbook galleries

如果已在其他 Azure 服务中生成工作簿,并且想要将其移动到 Azure 安全中心工作簿库中,请按照以下步骤操作:If you've built workbooks in other Azure services and want to move them into your Azure Security Center workbooks gallery:

  1. 打开目标工作簿。Open the target workbook.

  2. 在工具栏中,选择“编辑”。From the toolbar, select Edit.

    编辑 Azure Monitor 工作簿

  3. 在工具栏中,选择 </> 进入高级编辑器。From the toolbar, select </> to enter the Advanced Editor.

    启动高级编辑器以获取库模板 JSON 代码

  4. 复制工作簿的库模板 JSON。Copy the workbook's Gallery Template JSON.

  5. 在安全中心内打开工作簿库,并在菜单栏中选择“新建”。Open workbooks gallery in Security Center and from the menu bar select New.

  6. 选择 </> 以进入高级编辑器。Select the </> to enter the Advanced Editor.

  7. 粘贴整个库模板 JSON。Paste in the entire Gallery Template JSON.

  8. 选择“应用”。Select Apply.

  9. 在工具栏中,选择“另存为”。From the toolbar, select Save As.

    将工作簿保存到安全中心内的库

  10. 输入保存工作簿所需的详细信息:Enter the required details for saving the workbook:

    1. 工作簿的名称A name for the workbook
    2. 所需的区域The desired region
    3. 订阅、资源组和共享(视情况而定)。Subscription, resource group, and sharing as appropriate.

你将在“最近修改的工作簿”类别中找到保存的工作簿。You'll find your saved workbook in the Recently modified workbooks category.

后续步骤Next steps

本文介绍了安全中心的集成式 Azure Monitor 工作簿页面,其中包含内置报表以及用于构建自定义交互式报表的选项。This article described Security Center's integrated Azure Monitor Workbooks page with built-in reports and the option to build your own custom, interactive reports.