快速入门:设置 Azure 安全中心Quickstart: Setting up Azure Security Center

Azure 安全中心跨混合云工作负荷提供统一的安全管理和威胁防护。Azure Security Center provides unified security management and threat protection across your hybrid cloud workloads. 免费功能只能为 Azure 资源提供有限的安全性,而启用 Azure Defende 能将这些功能扩展到本地和其他云。While the free features offer limited security for your Azure resources only, enabling Azure Defender extends these capabilities to on-premises and other clouds. 借助 Azure Defende,可以查找和修复安全漏洞、应用访问和应用程序控制来阻止恶意活动、使用分析和智能检测威胁,以及在受到攻击时迅速做出响应。Azure Defender helps you find and fix security vulnerabilities, apply access and application controls to block malicious activity, detect threats using analytics and intelligence, and respond quickly when under attack. 可以免费试用 Azure Defender。You can try Azure Defender at no cost. 若要了解详细信息,请参阅定价页To learn more, see the pricing page.

本文介绍如何升级到 Azure Defende 以提高安全性,以及如何在计算机上安装 Log Analytics 代理来监视安全漏洞和威胁。In this article, you upgrade to Azure Defender for added security and install the Log Analytics agent on your machines to monitor for security vulnerabilities and threats.

先决条件Prerequisites

若要开始使用安全中心,必须订阅 Azure。To get started with Security Center, you must have a subscription to Azure. 如果你没有订阅,则可以注册试用版If you do not have a subscription, you can sign up for a Trial.

若要在订阅中启用 Azure Defende,必须拥有“订阅所有者”、“订阅参与者”或“安全管理员”角色。To enable Azure Defender on a subscription, you must be assigned the role of Subscription Owner, Subscription Contributor, or Security Admin.

在 Azure 订阅中启用安全中心Enable Security Center on your Azure subscription

  1. 登录到 Azure 门户Sign into the Azure portal.

  2. 从门户的菜单中,选择“安全中心”。From the portal's menu, select Security Center.

    此时会打开安全中心的“概述”页面。Security Center's overview page opens.

    安全中心的“概述”仪表板

“安全中心 - 概述”提供了统一的视图,用于查看混合云工作负荷的安全态势,可让你发现和评估工作负荷的安全性,以及识别和缓解风险。Security Center - Overview provides a unified view into the security posture of your hybrid cloud workloads, enabling you to discover and assess the security of your workloads and to identify and mitigate risk. 安全中心会自动免费启用以前尚未由你或其他订阅用户加入的所有 Azure 订阅。Security Center automatically, at no cost, enables any of your Azure subscriptions not previously onboarded by you or another subscription user.

可以通过选择“订阅”菜单项来查看和筛选订阅列表。You can view and filter the list of subscriptions by selecting the Subscriptions menu item. 安全中心会调整显示信息,以反映所选订阅的安全状况。Security Center will adjust the display to reflect the security posture of the selected subscriptions.

在首次启动安全中心后的几分钟内,可以看到:Within minutes of launching Security Center the first time, you may see:

  • 有关如何改善已连接资源的安全性的“建议”。Recommendations for ways to improve the security of your connected resources.
  • 当前正在由安全中心评估的资源的清单,以及每个资源的安全状况。An inventory of your resources that are now being assessed by Security Center, along with the security posture of each.

若要充分利用安全中心,需要按以下步骤启用 Azure Defender,并安装 Log Analytics 代理。To take full advantage of Security Center, you need to complete the steps below to enable Azure Defender and install the Log Analytics agent.

提示

若要在管理组中的所有订阅上启用安全中心,请参阅在多个 Azure 订阅上启用安全中心To enable Security Center on all subscriptions within a management group, see Enable Security Center on multiple Azure subscriptions.

启用 Azure DefenderEnable Azure Defender

若要学习安全中心快速入门和教程,需要启用 Azure Defender。For the purpose of the Security Center quickstarts and tutorials you must enable Azure Defender. 可免费试用 30 天。A free 30-day trial is available. 若要了解详细信息,请参阅定价页To learn more, see the pricing page.

  1. 从安全中心的边栏选择“开始使用”。From Security Center's sidebar, select Getting started.

    “入门”页的“升级”选项卡

    “升级”选项卡列出了符合加入条件的订阅和工作区。The Upgrade tab lists subscriptions and workspaces eligible for onboarding.

  2. 从“选择要对其启用 Azure Defender 的工作区”列表中,选择要升级的工作区。From the Select workspaces to enable Azure Defender on list, select the workspaces to upgrade.

    • 如果选择的订阅和工作区不符合试用条件,会在下一步骤中对其进行升级,并开始收费。If you select subscriptions and workspaces that aren't eligible for trial, the next step will upgrade them and charges will begin.
    • 如果你选择了一个符合试用条件的工作区,下一步将开始试用。If you select a workspace that's eligible for a trial, the next step will begin a trial.
  3. 选择“升级”以启用 Azure Defender。Select Upgrade to enable Azure Defender.

启用自动数据收集Enable automatic data collection

安全中心从计算机收集数据,以监视安全漏洞和威胁。Security Center collects data from your machines to monitor for security vulnerabilities and threats. 数据是使用 Log Analytics 代理收集的,该代理从计算机中读取各种与安全相关的配置和事件日志,然后将数据复制到工作区进行分析。Data is collected using the Log Analytics agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. 默认情况下,安全中心会自动创建新工作区。By default, Security Center will create a new workspace for you.

启用自动预配后,安全中心可在所有受支持的计算机以及任何新建的计算机中安装 Log Analytics 代理。When automatic provisioning is enabled, Security Center installs the Log Analytics agent on all supported machines and any new ones that are created. 我们强烈建议启用自动预配。Automatic provisioning is strongly recommended.

若要启用对 Log Analytics 代理的自动预配,请执行以下操作:To enable automatic provisioning of the Log Analytics agent:

  1. 从安全中心的菜单中,选择“定价和设置”。From Security Center's menu, select Pricing & settings.

  2. 选择相关订阅。Select the relevant subscription.

  3. 在“数据收集”页上,将“自动预配”设置为“开启” 。In the Data collection page, set Auto provisioning to On.

  4. 选择“保存”。Select Save.

    启用 Log Analytics 代理的自动预配

提示

如果需要设置工作区,那么代理安装过程可能需要最多 25 分钟的时间。If a workspace needs to be provisioned, agent installation might take up to 25 minutes.

将代理部署到计算机后,安全中心可以提供与系统更新状态、OS 安全配置、终结点保护相关的其他建议,并生成其他安全警报。With the agent deployed to your machines, Security Center can provide additional recommendations related to system update status, OS security configurations, endpoint protection, as well as generate additional security alerts.

备注

将自动预配设置为“关闭”不会从已预配 Log Analytics 代理的 Azure VM 中删除该代理。Setting auto provisioning to Off doesn't remove the Log Analytics agent from Azure VMs where the agent has already been provisioned. 禁用自动设置会限制对资源的安全监视。Disabling automatic provisioning limits security monitoring for your resources.