常见问题解答 - 关于 Azure 安全中心的一般问题FAQ - General questions about Azure Security Center

什么是 Azure 安全中心?What is Azure Security Center?

Azure 安全中心有助于预防、检测和响应威胁,同时增加资源的可见性和安全可控性。Azure Security Center helps you prevent, detect, and respond to threats with increased visibility into and control over the security of your resources. 该服务提供订阅之间的集成安全监视和策略管理,帮助检测可能被忽略的威胁,且适用于广泛的安全解决方案生态系统。It provides integrated security monitoring and policy management across your subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions.

安全中心使用 Log Analytics 代理来收集和存储数据。Security Center uses the Log Analytics agent to collect and store data. 有关详细信息,请参阅 Azure 安全中心中的数据收集For in-depth details, see Data collection in Azure Security Center.

如何获取Azure 安全中心?How do I get Azure Security Center?

Azure 安全中心通过 Microsoft Azure 订阅启用,可从 Azure 门户访问。Azure Security Center is enabled with your Microsoft Azure subscription and accessed from the Azure portal. 若要访问它,请登录门户,选择“浏览”,并滚动到“安全中心” 。To access it, sign in to the portal, select Browse, and scroll to Security Center.

哪些 Azure 资源由 Azure 安全中心监视?Which Azure resources are monitored by Azure Security Center?

Azure 安全中心监视以下 Azure 资源:Azure Security Center monitors the following Azure resources:

  • 虚拟机 (VM)(包括 云服务Virtual machines (VMs) (including Cloud Services)
  • 虚拟机规模集Virtual machine scale sets
  • Azure 虚拟网络Azure Virtual Networks
  • 容器Containers
  • Azure SQL 服务Azure SQL service
  • Azure 存储帐户Azure Storage account
  • 应用服务环境 中的 Azure Web 应用Azure Web Apps (in App Service Environment)
  • 与 Azure 订阅集成的合作伙伴解决方案,例如 VM 和应用服务环境上的 Web 应用程序防火墙Partner solutions integrated with your Azure subscription such as a web application firewall on VMs and on App Service Environment

此外,Azure 安全中心还可以监视非 Azure(包括本地)计算机。In addition, non-Azure (including on-premises) machines can also be monitored by Azure Security Center. 同时支持 Windows 计算机Linux 计算机Both Windows machines and Linux machines are supported.

如何查看 Azure 资源当前安的全状态?How can I see the current security state of my Azure resources?

“安全中心概述”页显示按计算、网络、存储和数据以及应用程序细分的环境的总体安全状况。The Security Center Overview page shows the overall security posture of your environment broken down by Compute, Networking, Storage & data, and Applications. 每种资源类型都有一个指示符,该指示符显示已识别的安全漏洞。Each resource type has an indicator showing identified security vulnerabilities. 单击每个磁贴可显示安全中心发现的安全问题列表和订阅中的资源清单。Clicking each tile displays a list of security issues identified by Security Center, along with an inventory of the resources in your subscription.

什么是安全策略?What is a security policy?

安全策略定义一组控件,这些控件是针对指定订阅中的资源建议的。A security policy defines the set of controls that are recommended for resources within the specified subscription. 在 Azure 安全中心,用户需根据公司安全要求和应用程序类型或每个订阅中数据的敏感性,为 Azure 订阅定义策略。In Azure Security Center, you define policies for your Azure subscriptions according to your company's security requirements and the type of applications or sensitivity of the data in each subscription.

Azure 安全中心中启用的安全策略将使用安全建议和监视。The security policies enabled in Azure Security Center drive security recommendations and monitoring. 若要了解有关安全策略的详细信息,请参阅在 Azure 安全中心进行安全运行状况监视To learn more about security policies, see Security health monitoring in Azure Security Center.

哪些用户可以修改安全策略?Who can modify a security policy?

只有安全管理员或者订阅的所有者或参与者才能修改安全策略。To modify a security policy, you must be a Security Admin or an Owner or Contributor of that subscription.

若要了解如何配置安全策略,请参阅在 Azure 安全中心设置安全策略To learn how to configure a security policy, see Setting security policies in Azure Security Center.

什么是安全建议?What is a security recommendation?

Azure 安全中心可分析 Azure 资源的安全状态。Azure Security Center analyzes the security state of your Azure resources. 发现潜在的安全漏洞后会生成建议。When potential security vulnerabilities are identified, recommendations are created. 建议会对所需控件的整个配置过程提供指导。The recommendations guide you through the process of configuring the needed control. 示例如下:Examples are:

  • 预配反恶意软件可帮助识别和删除恶意软件Provisioning of anti-malware to help identify and remove malicious software
  • 配置网络安全组和规则来控制发送到虚拟机的流量Network security groups and rules to control traffic to virtual machines
  • 设置 web 应用程序防火墙,帮助抵御针对 web 应用程序的攻击Provisioning of a web application firewall to help defend against attacks targeting your web applications
  • 部署缺少的系统更新Deploying missing system updates
  • 解决与推荐基线不匹配的操作系统配置Addressing OS configurations that do not match the recommended baselines

安全策略中仅已启用的推荐操作会显示在此处。Only recommendations that are enabled in Security Policies are shown here.

什么会触发安全警报?What triggers a security alert?

Azure 安全中心自动从 Azure 资源、网络和合作伙伴解决方案(例如恶意软件和防火墙)收集、分析和融合数据。Azure Security Center automatically collects, analyzes, and fuses log data from your Azure resources, the network, and partner solutions like antimalware and firewalls. 检测到威胁时会创建安全警报。When threats are detected, a security alert is created. 示例中包括的检测项:Examples include detection of:

  • 与已知的恶意 IP 地址通信的不符合安全性的虚拟机Compromised virtual machines communicating with known malicious IP addresses
  • 使用 Windows 错误报告检测到的高级恶意软件Advanced malware detected using Windows error reporting
  • 对虚拟机的暴力破解攻击Brute force attacks against virtual machines
  • 来自集成合作伙伴解决方案(例如反恶意软件或 Web 应用程序防火墙)的安全警报Security alerts from integrated partner security solutions such as Anti-Malware or Web Application Firewalls

安全功能分数值为何会有变化?Why did Secure Score values change?

从 2019 年 2 月开始,安全中心调整了某些建议的评分,使之与严重性更相符。As of February 2019, Security Center adjusted the score of a few recommendations, in order to better fit their severity. 做出此项调整后,总体安全功能分数值可能会有变化。As a result of this adjustment, there may be changes in overall Secure Score values. 有关安全功能分数的详细信息,请参阅安全功能分数计算For more information about Secure Score, see Secure Score calculation.

Microsoft 安全响应中心与 Azure 安全中心检测和警示的威胁之间有何区别?What's the difference between threats detected and alerted on by Microsoft Security Response Center versus Azure Security Center?

Microsoft 安全响应中心 (MSRC) 会执行 Azure 网络和基础结构的选择安全监视,并接收来自第三方的威胁情报和恶意投诉。The Microsoft Security Response Center (MSRC) performs select security monitoring of the Azure network and infrastructure and receives threat intelligence and abuse complaints from third parties. MSRC 发现不合法或未经授权的某一方访问客户数据,或者客户对 Azure 的使用不符合可接受的使用条款时,安全事件管理器会通知客户。When MSRC becomes aware that customer data has been accessed by an unlawful or unauthorized party or that the customer's use of Azure does not comply with the terms for Acceptable Use, a security incident manager notifies the customer. 通常会以电子邮件方式向 Azure 安全中心中指定的安全联系人或 Azure 订阅所有者(如果未指定安全联系人)发送通知。Notification typically occurs by sending an email to the security contacts specified in Azure Security Center or the Azure subscription owner if a security contact is not specified.

安全中心作为 Azure 的一项服务,可持续监视客户的 Azure 环境,并应用分析来自动检测各种潜在的恶意活动。Security Center is an Azure service that continuously monitors the customer's Azure environment and applies analytics to automatically detect a wide range of potentially malicious activity. 这些检测结果会作为安全警报显示在安全中心仪表板中。These detections are surfaced as security alerts in the Security Center dashboard.