在 Azure 安全中心修正建议Remediate recommendations in Azure Security Center

建议提供了有关如何更好地保护资源的意见。Recommendations give you suggestions on how to better secure your resources. 可以按照建议中提供的修正步骤来实施建议。You implement a recommendation by following the remediation steps provided in the recommendation.

修正步骤Remediation steps

在查看完所有建议后,决定先修正哪一建议。After reviewing all the recommendations, decide which one to remediate first. 我们建议你优先考虑最有可能增加安全功能分数的安全控制措施。We recommend that you prioritize the security controls with the highest potential to increase your secure score.

  1. 从列表中选择一条建议。From the list, select a recommendation.

  2. 按照“修正步骤”部分中的说明进行操作。Follow the instructions in the Remediation steps section. 每个建议都有其自己的一组指令。Each recommendation has its own set of instructions. 以下屏幕截图显示了一些修正步骤,这些步骤用于将应用程序配置为仅允许通过 HTTPS 传输的流量。The following screenshot shows remediation steps for configuring applications to only allow traffic over HTTPS.

    建议的手动修正步骤

  3. 完成后,将显示一条通知,告知你问题是否已解决。Once completed, a notification appears informing you whether the issue is resolved.

快速修复修正Quick fix remediation

为了简化修正并提高环境的安全性(并增加安全功能分数),许多建议都包括一个快速修复选项。To simplify remediation and improve your environment's security (and increase your secure score), many recommendations include a quick fix option.

快速修复可帮助你针对多个资源快速修正某个建议。Quick fix helps you to quickly remediate a recommendation on multiple resources.

提示

快速修复解决方案仅可用于特定的建议。Quick fix solutions are only available for specific recommendations. 若要查找具有可用快速修复的建议,请对建议列表使用“响应操作”筛选器:To find the recommendations that have an available quick fix, use the Response actions filter for the list of recommendations:

使用建议列表上方的筛选器查找具有快速修复选项的建议

若要实现“快速修复”解决方案,请执行以下操作:To implement a quick fix solution:

  1. 在带有“快速修复!”标签的建议的列表中,From the list of recommendations that have the Quick Fix! 选择一条建议。label, select a recommendation.

    选择“快速修复!”Select Quick Fix!

  2. 从“不正常的资源”选项卡上,选择要对其实施建议的资源,然后选择“修正”。From the Unhealthy resources tab, select the resources that you want to implement the recommendation on, and select Remediate.

    备注

    列出的某些资源可能已禁用,因为你没有相应的权限,无法修改它们。Some of the listed resources might be disabled, because you don't have the appropriate permissions to modify them.

  3. 在确认框中,阅读修正详细信息和影响。In the confirmation box, read the remediation details and implications.

    快速修复

    备注

    影响在单击“修正”后打开的“修正资源”窗口的灰色框中列出。The implications are listed in the grey box in the Remediate resources window that opens after clicking Remediate. 其中列出了在继续进行“快速修复”修正时会发生哪些更改。They list what changes happen when proceeding with the quick fix remediation.

  4. 请插入相关参数(如有必要),并批准修正。Insert the relevant parameters if necessary, and approve the remediation.

    备注

    修正完成后可能需要几分钟时间,才能在“正常的资源”选项卡中看到资源。若要查看修正操作,请查阅活动日志It can take several minutes after remediation completes to see the resources in the Healthy resources tab. To view the remediation actions, check the activity log.

  5. 完成后,将显示一条通知,告知你修正是否成功。Once completed, a notification appears informing you if the remediation succeeded.

活动日志中的“快速修复”修正日志记录 Quick fix remediation logging in the activity log

修正操作使用模板部署或 REST PATCH API 调用,将配置应用于资源。The remediation operation uses a template deployment or REST PATCH API call to apply the configuration on the resource. 这些操作记录在 Azure 活动日志中。These operations are logged in Azure activity log.

后续步骤Next steps

在本文档中,已向你介绍了如何在安全中心修正建议。In this document, you were shown how to remediate recommendations in Security Center. 若要了解有关安全中心的详细信息,请参阅以下页面:To learn more about Security Center, see the following pages: