适用于 SQL 的 Azure Defender 简介Introduction to Azure Defender for SQL

适用于 SQL 的 Azure Defender 包括两个 Azure Defender 计划,这些计划可扩展 Azure 安全中心的数据安全包以保护任何位置的数据库及其数据。Azure Defender for SQL includes two Azure Defender plans that extend Azure Security Center's data security package to secure your databases and their data wherever they're located.

可用性Availability

方面Aspect 详细信息Details
发布状态:Release state: 适用于 Azure SQL 数据库服务器的 Azure Defender - 正式发布 (GA)Azure Defender for Azure SQL database servers - Generally available (GA)
定价:Pricing: 适用于 SQL 的 Azure Defender 包含的两个计划按安全中心定价中所示的定价计费The two plans that form Azure Defender for SQL are billed as shown on Security Center pricing
受保护的 SQL 版本:Protected SQL versions: Azure 虚拟机上的 SQLSQL on Azure virtual machines
Azure SQL 单一数据库弹性池Azure SQL single databases and elastic pools
Azure SQL 托管实例Azure SQL Managed Instance
Azure Synapse Analytics(以前称为 SQL DW)专用 SQL 池Azure Synapse Analytics (formerly SQL DW) dedicated SQL pool
云:Clouds: 是 中国云(部分:SQL Server 的警报和漏洞评估的子集。China cloud(Partial: Subset of alerts and vulnerability assessment for SQL servers. 行为威胁防护功能不可用。)Behavioral threat protections aren't available.)

适用于 SQL 的 Azure Defender 保护了哪些项目?What does Azure Defender for SQL protect?

适用于 SQL 的 Azure Defender 有哪些优点?What are the benefits of Azure Defender for SQL?

这两项计划包括用于识别和减少潜在的数据库漏洞的功能,以及用于检测可能表明数据库有威胁的异常活动的功能:These two plans include functionality for identifying and mitigating potential database vulnerabilities and detecting anomalous activities that could indicate threats to your databases:

  • 漏洞评估 - 一种扫描服务,用于发现、跟踪并帮助修正潜在的数据库漏洞。Vulnerability assessment - The scanning service to discover, track, and help you remediate potential database vulnerabilities. 评估扫描概述了 SQL 计算机的安全状态以及任何安全发现结果的详细信息。Assessment scans provide an overview of your SQL machines' security state, and details of any security findings.

  • 高级威胁防护 -一种检测服务,用于持续监视 SQL 服务器的威胁,例如 SQL 注入、暴力攻击和特权滥用。Advanced threat protection - The detection service that continuously monitors your SQL servers for threats such as SQL injection, brute-force attacks, and privilege abuse. 此服务在 Azure 安全中心提供面向操作的安全警报,其中包括可疑活动的详细信息、有关如何减少威胁的指导。This service provides action-oriented security alerts in Azure Security Center with details of the suspicious activity, guidance on how to mitigate to the threats.

    提示

    在警报参考页中查看 SQL Server 的安全警报列表。View the list of security alerts for SQL servers in the alerts reference page.

适用于 SQL 的 Azure Defender 提供哪种类型的警报?What kind of alerts does Azure Defender for SQL provide?

存在以下情况时,会触发具有大量威胁情报的安全警报:Threat intelligence enriched security alerts are triggered when there's:

  • 潜在的 SQL 注入攻击 - 包括应用程序在数据库中生成错误的 SQL 语句时检测到的漏洞Potential SQL injection attacks - including vulnerabilities detected when applications generate a faulty SQL statement in the database
  • 异常的数据库访问和查询模式 - 例如,使用不同的凭据尝试登陆,但登录失败的次数异常多(强制尝试)Anomalous database access and query patterns - for example, an abnormally high number of failed sign-in attempts with different credentials (a brute force attempt)
  • 可疑的数据库活动 - 例如,合法用户从遭到入侵的计算机访问 SQL Server,而此计算机曾与加密挖掘 C&C 服务器通信Suspicious database activity - for example, a legitimate user accessing an SQL Server from a breached computer which communicated with a crypto-mining C&C server

警报包含触发警报的事件的详细信息,并提供有关如何调查和消除威胁的建议。Alerts include details of the incident that triggered them, as well as recommendations on how to investigate and remediate threats.