停用的安全中心功能(2019 年 7 月)Retirement of Security Center features (July 2019)

备注

本文档详细介绍了 2019 年 7 月 31 日从 Azure 安全中心停用的功能列表。This document details the list of features that were retired from Azure Security Center on July 31st, 2019.

在截至 2019 年 7 月的六个月内,我们对 Azure 安全中心进行了多项改进We made several improvements to Azure Security Center over the six months leading up to July 2019. 伴随着这些改进的功能,我们于 2019 年 7 月 31 日从安全中心内删除了一些冗余功能和相关 API。With these improved capabilities, we removed some redundant features and related APIs from Security Center on July 31, 2019.

大多数停用的功能都可以由 Azure 安全中心或 Azure Log Analytics 中的其他功能所替代。Most of these retired features can be replaced with other functionality in Azure Security Center or Azure Log Analytics.

停用的安全中心功能包括:Retired Security Center features include:

本文提供了每个停用功能的详细信息,以及实现替换功能可以采取的步骤。This article provides detailed information for each retired feature and the steps you can take to implement replacement features.

事件仪表板Events dashboard

安全中心使用 Log Analytics 代理收集计算机中各种与安全有关的配置和事件。Security Center uses Log Analytics agent to collect various security-related configurations and events from your machines. 它将这些事件存储在工作区中。It stores these events in your workspaces. 事件仪表板让你能够查看这些数据,并为你提供 Log Analytics 的入口点。The events dashboard lets you view this data and gives you an entry point to Log Analytics.

我们停用了选择工作区时显示的事件仪表板:We retired the events dashboard that appeared when you selected a workspace:

事件仪表板

事件仪表板 - 新体验Events dashboard - the new experience

我们鼓励你使用 Azure Log Analytics 的本机功能来查看工作区中的重要事件。We encouraged you to use the native capabilities of Azure Log Analytics to view notable events on your workspaces.

如果已在安全中心中创建了自定义的重要事件,则可以访问这些事件。If you've created custom notable events in Security Center, they'll be accessible. 在 Log Analytics 中,转到“选择工作区” > “保存的搜索” 。In Log Analytics, go to Select workspace > Saved Searches. 你的数据不会丢失或被修改。Your data won't be lost or modified. Log Analytics 中的同一屏幕也提供了本机的重要事件。Native notable events are also available from the same screen in Log Analytics.

工作区 - 保存的搜索

搜索菜单项Search menu entry

Azure 安全中心目前使用 Azure Monitor 日志搜索来检索和分析安全数据。Azure Security Center currently uses Azure Monitor logs search to retrieve and analyze your security data. 此屏幕用作 Log Analytics 搜索页的窗口,使用户能够在选定的工作区上运行搜索查询。This screen serves as a window to Log Analytics search page, and enables users to run search queries on their selected workspace. 有关详细信息,请参阅 Azure 安全中心搜索For more information, see Azure Security Center search. 我们停用了此搜索窗口:We retired this search window:

“搜索”页

搜索菜单项 - 新体验Search menu entry - the new experience

我们鼓励你使用 Azure Log Analytics 本机功能在工作区上执行搜索查询。We encourage you to use the Azure Log Analytics native capabilities to perform Search queries on your workspaces. 转到 Azure Log Analytics 并选择“日志”。Go to Azure Log Analytics and select Logs.

Log Analytics 日志页

经典标识和访问(预览)Classic Identity & Access (Preview)

安全中心中的经典标识和访问体验当前在 Log Analytics 中显示标识和访问信息的仪表板。The Classic Identity & Access experience in Security Center currently shows a dashboard of identity and access information in Log Analytics. 若要查看此仪表板:To view this dashboard:

  1. 选择“查看经典标识和访问”。Select View classic Identity & Access.

    标识页

  2. 查看“标识和访问仪表板”。View the Identity & Access dashboard.

    标识页 - 工作区选择

  3. 选择工作区,在 Log Analytics 中打开“标识和访问”仪表板以查看工作区上的标识和访问信息。Select a workspace to open the Identity & Access dashboard in Log Analytics to view identity and access information on your workspace.

    标识页面 - 仪表板

我们停用了上述步骤中显示的三个屏幕。We retired all three screens shown in the preceding steps. 你的数据在 Log Analytics 安全解决方案中仍然可用,并且没有被修改或删除。Your data remains available in the Log Analytics security solution and wasn't modified or removed.

经典标识和访问(预览)- 新体验Classic Identity & Access (Preview) - the new experience

Log Analytics 仪表板在单个工作区中显示了见解。The Log Analytics dashboard has shown insights on a single workspace. 但是,本机安全中心功能提供对所有订阅及其关联的所有工作区的可见性。However, native Security Center capabilities provide visibility into all subscriptions and all workspaces associated with them. 你可以访问易于使用的视图,该视图根据安全功能分数对建议进行排序,让你专注于重要事项。You can access an easy-to use view that lets you focus on what's important with recommendations ranked according to their Secure Score.

可以通过在安全中心选择“标识和访问(预览)”来访问 Log Analytics 中的“标识和访问”仪表板的所有功能 。All the features of the Identity & Access dashboard in Log Analytics can be reached by selecting Identity & access (Preview) within Security Center.

标识页 - 经典体验停用

编辑安全策略的安全配置Edit security configurations for security policies

Azure 安全中心应用 150 多种建议的规则来监视安全配置,以便强化 OS。Azure Security Center monitors security configurations by applying a set of over 150 recommended rules for hardening the OS. 这些规则适用于防火墙、审核、密码策略等。These rules pertain to firewalls, auditing, password policies, and more. 如果发现计算机中的某项配置有漏洞,则安全中心会生成安全建议。If a machine is found to have a vulnerable configuration, Security Center generates a security recommendation. 编辑安全配置屏幕使客户能够在安全中心内自定义默认的 OS 安全配置。The Edit security configuration screen allows customers to customize the default OS security configuration in Security Center.

我们停用了此预览功能。We retired this preview feature. 若要在停用日期后将安全配置重置回默认值,请使用以下说明通过 API 和 Powershell 执行此操作。To reset your security configurations back to their default values after the retirement date, do so via the API or Powershell using the following instructions.

编辑安全配置

编辑安全配置 - 新体验Edit security configurations - the new experience

我们打算让安全中心支持来宾配置代理We intend to enable Security Center to support the Guest configuration agent. 这样的更新将实现更丰富的功能集,包括支持更多操作系统,以及为来宾配置集成 Azure 来宾策略。Such an update will allow a much richer feature set, including support for more operating systems and integration of Azure in-guest policies for guest configurations. 启用这些更改后,你还可以大规模控制配置并自动将它们应用于新资源。After these changes are enabled, you'll also have the ability to control configurations at scale and apply them to new resources automatically.

Log Analytics 工作区的安全和审核仪表板Security and audit dashboard for Log Analytics workspaces

安全和审核仪表板最初在 OMS 门户中使用。The security and audit dashboard was originally used in the OMS portal. 在 Log Analytics 中,仪表板提供每个工作区重要安全事件和威胁的概述、威胁情报映射以及保存在工作区中的安全事件的标识和访问评估。In Log Analytics, the dashboard provides a per-workspace overview of notable security events and threats, a threat intelligence map, and an identity-and-access assessment of security events saved in the workspace. 我们删除了该仪表板。We removed the dashboard. 正如仪表板 UI 中提供的建议,我们建议你转到 Azure 安全中心。As we already recommended in the dashboard UI, we advise you to transition to Azure Security Center.

Log Analytics 安全仪表板

安全和审核仪表板 - 新体验Security and audit dashboard - the new experience

建议切换到 Azure 安全中心。We advise you to switch to Azure Security Center. 它跨多个订阅及关联的工作区,提供相同的安全概况以及更丰富的功能集。It provides the same security overview across multiple subscriptions and the workspaces associated with them, plus a richer feature set.

你可以在 GitHub 存储库中获取填充安全和审核仪表板的原始 Log Analytics 查询,并将这些查询用于安全中心。You can get the original Log Analytics queries that populate the security and audit dashboard in the GitHub repository for Security Center.

后续步骤Next steps