针对已在使用 Azure Monitor 日志的客户的常见问题解答FAQ for customers already using Azure Monitor logs

安全中心是否会覆盖 VM 和工作区之间的任何现有连接?Does Security Center override any existing connections between VMs and workspaces?

如果 VM 已将 Log Analytics 代理作为 Azure 扩展进行安装,则安全中心不会覆盖现有工作区连接。If a VM already has the Log Analytics agent installed as an Azure extension, Security Center does not override the existing workspace connection. 相反,安全中心会使用现有工作区。Instead, Security Center uses the existing workspace. 如果在 VM 向其报告的工作区上安装了“Security”或“SecurityCenterFree”解决方案,则该 VM 将受保护。The VM will be protected provided that the "Security" or "SecurityCenterFree" solution has been installed on the workspace to which it is reporting.

将在“数据收集”屏幕中选择的工作区上安装一个安全中心解决方案(如果尚不存在),而该解决方案只会应用到相关的 VM。A Security Center solution is installed on the workspace selected in the Data Collection screen if not present already, and the solution is applied only to the relevant VMs. 添加解决方案时,默认情况下会自动将它部署到连接到 Log Analytics 工作区的所有 Windows 和 Linux 代理。When you add a solution, it's automatically deployed by default to all Windows and Linux agents connected to your Log Analytics workspace. 解决方案目标可用于限定解决方案的范围。Solution Targeting allows you to apply a scope to your solutions.

提示

如果 Log Analytics 代理直接安装到 VM 上(而不是作为 Azure 扩展进行安装),那么安全中心不会安装 Log Analytics 代理,并且安全监视也会受限。If the Log Analytics agent is installed directly on the VM (not as an Azure extension), Security Center does not install the Log Analytics agent, and security monitoring is limited.

安全中心是否在现有 Log Analytics 工作区上安装解决方案?Does Security Center install solutions on my existing Log Analytics workspaces? 计费会产生什么影响?What are the billing implications?

安全中心确定 VM 已连接到所创建的工作区时,会根据定价配置启用此工作区上的解决方案。When Security Center identifies that a VM is already connected to a workspace you created, Security Center enables solutions on this workspace according to your pricing configuration. 由于解决方案目标,解决方案仅应用于相关的 Azure VM,因此计费保持不变。The solutions are applied only to the relevant Azure VMs, via solution targeting, so the billing remains the same.

  • Azure Defender 关 - 安全中心在工作区中安装“SecurityCenterFree”解决方案。Azure Defender off - Security Center installs the "SecurityCenterFree" solution on the workspace. 系统不会向你收费。You won't be billed.

  • Azure Defender 开 - 安全中心在工作区中安装“Security”解决方案。Azure Defender on - Security Center installs the 'Security' solution on the workspace.

    默认工作区上的解决方案

环境中已存在工作区,是否可以将其用于收集安全数据?I already have workspaces in my environment, can I use them to collect security data?

如果 VM 已将 Log Analytics 代理作为 Azure 扩展进行安装,则安全中心会使用现有的已连接的工作区。If a VM already has the Log Analytics agent installed as an Azure extension, Security Center uses the existing connected workspace. 如果没有安全中心解决方案,则会在工作区安装,并且由于解决方案目标此解决方案仅适用于相关的 VM。A Security Center solution is installed on the workspace if not present already, and the solution is applied only to the relevant VMs via solution targeting.

当安全中心在 VM 上安装 Log Analytics 代理时,如果安全中心未指向现有工作区,则代理会使用安全中心创建的默认工作区。When Security Center installs the Log Analytics agent on VMs, it uses the default workspace(s) created by Security Center if Security Center isn't pointed to an existing workspace.

工作区已存在安全解决方案。I already have security solution on my workspaces. 计费会产生什么影响?What are the billing implications?

安全与审核解决方案用于启用适用于服务器的 Azure Defender。The Security & Audit solution is used to enable Azure Defender for servers. 如果已在工作区上安装“安全性与审核”解决方案,则安全中心会使用现有解决方案。If the Security & Audit solution is already installed on a workspace, Security Center uses the existing solution. 计费方面没有任何更改。There is no change in billing.