管理在 Azure 安全中心调查中找到的用户数据Manage user data found in an Azure Security Center investigation

本文提供有关如何管理在 Azure 安全中心调查功能中找到的用户数据的信息。This article provides information on how to manage the user data found in Azure Security Center's investigation feature. 调查数据存储在 Azure Monitor 日志中并在安全中心公开。Investigation data is stored in Azure Monitor logs and exposed in Security Center. 管理用户数据包括导出或删除数据的能力。Managing user data includes the ability to delete or export data.

备注

本文介绍如何删除设备或服务中的个人数据,并且可为 GDPR 下的任务提供支持。This article provides steps for how to delete personal data from the device or service and can be used to support your obligations under the GDPR. 如需关于 GDPR 的常规信息,请参阅服务信任门户的 GDPR 部分If you're looking for general info about GDPR, see the GDPR section of the Service Trust portal.

搜索并标识个人数据Searching for and identifying personal data

在 Azure 门户中,可以使用安全中心的调查功能搜索个人数据。In the Azure portal, you can use Security Center's investigation feature to search for personal data. 调查功能在“安全警报”下提供。The investigation feature is available under Security Alerts.

调查功能在“实体”选项卡下显示所有实体、用户信息和数据。The investigation feature shows all entities, user information, and data under the Entities tab.

保护和控制对个人信息的访问Securing and controlling access to personal information

分配了读者、所有者、参与者或帐户管理员角色的安全中心用户可以在该工具中访问客户数据。A Security Center user assigned the role of Reader, Owner, Contributor, or Account Administrator can access customer data within the tool.

若要详细了解读者、所有者和参与者角色,请参阅针对 Azure 基于角色的访问控制的内置角色See Built-in roles for Azure role-based access control to learn more about the Reader, Owner, and Contributor roles.

删除个人数据Deleting personal data

分配了所有者、参与者或帐户管理员角色的安全中心用户可以删除调查信息。A Security Center user assigned the role of Owner, Contributor, or Account Administrator can delete the investigation information.

若要删除调查,可以将 DELETE 请求提交到 Azure 资源管理器 REST API:To delete an investigation, you can submit a DELETE request to the Azure Resource Manager REST API:

DELETE
https://management.chinacloudapi.cn/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/features/security/incidents/{incidentName}

可以通过使用 GET 请求列出所有事件找到 incidentName 输入:The incidentName input can be found by listing all incidents using a GET request:

GET
https://management.chinacloudapi.cn/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/features/security/incidents

导出个人数据Exporting personal data

分配了所有者、参与者或帐户管理员角色的安全中心用户可以导出调查信息。A Security Center user assigned the role of Owner, Contributor, or Account Administrator can export the investigation information. 若要导出调查信息,请转到“实体”选项卡复制和粘贴相关信息。To export investigation information, go to the Entities tab to copy and paste the relevant information.

后续步骤Next steps

有关管理用户数据的详细信息,请参阅管理 Azure 安全中心的用户数据For more information about managing user data, see Manage user data in Azure Security Center. 若要详细了解如何删除 Azure Monitor 日志中的专用数据,请参阅如何导出和删除专用数据To learn more about deleting private data in Azure Monitor logs, see How to export and delete private data.