访问和跟踪安全分数Access and track your secure score

可以通过 Azure 门户或以编程方式查找总体安全功能分数以及每个订阅的分数,如以下各部分所述:You can find your overall secure score, as well as your score per subscription, through the Azure portal or programatically as described in the following sections:

提示

有关如何计算分数的详细说明,请参阅计算 - 了解分数For a detailed explanation of how your scores are calculated, see Calculations - understanding your score.

从门户获取安全功能分数Get your secure score from the portal

安全中心会在门户中突出显示你的分数:这是“安全中心”概述页面中显示的第一个主磁贴。Security Center displays your score prominently in the portal: it's the first main tile the Security Center overview page. 选择此磁贴,会转到专用安全功能分数页,其中显示按订阅细分的分数。Selecting this tile, takes you to the dedicated secure score page, where you'll see the score broken down by subscription. 选择单个订阅可查看重要建议的详细列表,以及实现这些建议将对订阅分数产生的潜在影响。Select a single subscription to see the detailed list of prioritized recommendations and the potential impact that remediating them will have on the subscription's score.

概括而言,你的安全功能分数将显示在安全中心门户页面的以下位置。To recap, your secure score is shown in the following locations in Security Center's portal pages.

  • 在安全中心的“概述”(主仪表板)上的磁贴中:In a tile on Security Center's Overview (main dashboard):

    安全中心仪表板上的安全功能分数

  • 在专用的“安全分数”页中,可以看到订阅和管理组的安全分数:In the dedicated Secure score page you can see the secure score for your subscription and your management groups:

    安全中心的“安全分数”页上订阅的安全分数

    安全中心的“安全分数”页上管理组的安全分数

    备注

    你没有足够权限的任何管理组都会将其分数显示为“受限制”。Any management groups for which you don't have sufficient permissions, will show their score as “Restricted.”

  • 在“建议”页面的顶部:At the top of the Recommendations page:

    安全中心建议页面上的安全功能分数

从 REST API 获取安全功能分数Get your secure score from the REST API

可以通过安全功能分数 API 访问分数。You can access your score via the secure score API. 通过 API 方法,可灵活地查询数据,久而久之构建自己的安全功能分数报告机制。The API methods provide the flexibility to query the data and build your own reporting mechanism of your secure scores over time. 例如,你可以使用安全功能分数 API 来获取特定订阅的分数。For example, you can use the Secure Scores API to get the score for a specific subscription. 此外,你可以使用 API 列出订阅的安全控件和当前分数。In addition, you can use the Secure Score Controls API to list the security controls and the current score of your subscriptions.

正在通过 API 检索单个安全功能分数

有关构建在安全功能分数 API 之上的工具示例,请参阅 GitHub 社区的安全功能分数区域For examples of tools built on top of the secure score API, see the secure score area of our GitHub community.

从 Azure Resource Graph 获取安全分数Get your secure score from Azure Resource Graph

使用 Azure Resource Graph (ARG),可以通过可靠的筛选、分组和排序功能,快速访问你的云环境中的资源信息。Azure Resource Graph provides instant access to resource information across your cloud environments with robust filtering, grouping, and sorting capabilities. 这是以编程方式或从 Azure 门户中查询 Azure 订阅中的信息的一种快速且有效的方式。It's a quick and efficient way to query information across Azure subscriptions programmatically or from within the Azure portal. 详细了解 Azure Resource GraphLearn more about Azure Resource Graph.

若要使用 Azure Resource Graph 访问多个订阅的安全分数,请执行以下操作:To access the secure score for multiple subscriptions with Azure Resource Graph:

  1. 在 Azure 门户中,打开 Azure Resource Graph Explorer。From the Azure portal, open Azure Resource Graph Explorer.

    启动 Azure Resource Graph Explorer 建议页面

  2. 输入你的 Kusto 查询(使用下面的示例作为指导)。Enter your Kusto query (using the examples below for guidance).

    • 此查询返回订阅 ID、当前分数(以分数和百分比表示)以及订阅的最大分数。This query returns the subscription ID, the current score in points and as a percentage, and the maximum score for the subscription.

      SecurityResources 
      | where type == 'microsoft.security/securescores' 
      | extend current = properties.score.current, max = todouble(properties.score.max)
      | project subscriptionId, current, max, percentage = ((current / max)*100)
      
    • 该查询返回所有安全控件的状态。This query returns the status of all the security controls. 对于每个控件,你将获得运行不正常资源的数量、当前分数和最高分数。For each control, you'll get the number of unhealthy resources, the current score, and the maximum score.

      SecurityResources 
      | where type == 'microsoft.security/securescores/securescorecontrols'
      | extend SecureControl = properties.displayName, unhealthy = properties.unhealthyResourceCount, currentscore = properties.score.current, maxscore = properties.score.max
      | project SecureControl , unhealthy, currentscore, maxscore
      
  3. 选择“运行查询”。Select Run query.

跟踪一段时间内的安全评分Tracking your secure score over time

“工作簿”页中的“一段时间内的安全分数”报表Secure Score Over Time report in workbooks page

安全中心的“工作簿”页包括一个现成的报表,用于直观地跟踪订阅、安全控件等的分数。Security Center's workbooks page includes a ready-made report for visually tracking the scores of your subscriptions, security controls, and more. 有关详细信息,请参阅创建安全中心数据的丰富交互式报表Learn more in Create rich, interactive reports of Security Center data.

Azure 安全中心工作簿库中的“一段时间内的安全分数”报表的一部分

Power BI Pro 仪表板Power BI Pro dashboards

如果你是具有 Pro 帐户的 Power BI 用户,则可以使用“一段时间内的安全评分”Power BI 面板跟踪一段时间内的安全评分,并调查任何更改。If you're a Power BI user with a Pro account, you can use the Secure Score Over Time Power BI dashboard to track your secure score over time and investigate any changes.

提示

可以在 GitHub 上 Azure 安全中心社区的专门区域中找到此面板,以及可以通过编程方式使用安全评分的其他工具: https://github.com/Azure/Azure-Security-Center/tree/master/Secure%20ScoreYou can find this dashboard, as well as other tools for working programatically with secure score, in the dedicated area of the Azure Security Center community on GitHub: https://github.com/Azure/Azure-Security-Center/tree/master/Secure%20Score

该面板包含以下两个报表,可帮助你分析安全状态:The dashboard contains the following two reports to help you analyze your security status:

  • 资源摘要 - 提供有关资源运行状况的摘要数据。Resources Summary - provides summarized data regarding your resources’ health.
  • 安全评分摘要 - 提供有关评分进度的摘要数据。Secure Score Summary - provides summarized data regarding your score progress. 使用“每个订阅一段时间内的安全评分”图表查看评分的变化。Use the “Secure score over time per subscription” chart to view changes in the score. 如果发现评分发生了巨大变化,请检查“检测到的可能会影响你安全评分的更改”表,以查找可能引起变化的可能更改。If you notice a dramatic change in your score, check the “detected changes that may affect your secure score” table for possible changes that could have caused the change. 此表显示了已删除的资源、新部署的资源或其安全状态针对其中一项建议发生了更改的资源。This table presents deleted resources, newly deployed resources, or resources that their security status changed for one of the recommendations.

可选的一段时间内的安全评分 Power BI 面板,用于跟踪一段时间内的安全评分并调查更改

后续步骤Next steps

本文介绍了如何访问和跟踪安全分数。This article described how to access and track your secure score. 如需相关材料,请参阅以下文章:For related material, see the following articles: