Azure安全性安全基准规定 [英] Azure Security security baseline regulation ??

问题描述

在Azure基础结构上实施Azure安全中心后，我遇到了这些问题.感谢是否有人帮助我澄清了这些问题.

After implementing Azure Security Center on my Azure infrastructure I came across these questions.appreciate if anyone helps me to clarify these.

推荐答案

Hi,

安全策略定义了所需的策略您的配置 工作负载，并有助于确保符合公司或法规的安全要求.在安全中心"中，可以为Azure订阅定义策略，可以根据工作负载类型或数据敏感性来定制策略.

Security Center automatically creates a default security policy for each of your Azure subscriptions. You can edit the policy in Security Center or use Azure Policy to create new definitions, define additional policies, and assign policies across Management Groups (which can represent the entire organization, a business unit in it etc.), and monitor compliance to these policies across these scopes. A security policy defines the desired configuration of your workloads and helps ensure compliance with company or regulatory security requirements. In Security Center, you can define policies for your Azure subscriptions, which can be tailored to the type of workload or the sensitivity of data.

列表.

To understand the policy definitions that are available in the default security policy, refer to this list.

数据收集层，但这只会影响安全事件在Log Analytics中的存储 工作区.要检查 文章.

Security Center collects data from your Azure virtual machines (VMs) and non-Azure computers to monitor for security vulnerabilities and threats. Data is collected using the Microsoft Monitoring Agent, which reads various security-related configurations and event logs from the machine and copies the data to your workspace for analysis. You can select a data collection tier in Azure Security Center but that will only affect the storage of security events in your Log Analytics workspace. To check on effective footprint is for these security monitoring components on a VM refer to this article.

为每个订阅设置工作区配置，许多订阅可能使用相同的工作区.

Data collected by Security Center is stored in Log Analytics workspace(s). You can select to have data collected from Azure VMs stored in workspaces created by Security Center or in an existing workspace you created. Workspace configuration is set per subscription, and many subscriptions may use the same workspace. The free plan sets a daily cap of 500 MB per workspace. The standard and premium plans have no limit on the amount of data that is uploaded. As a cloud service, Log Analytics is designed to automatically scale up to handle the volume coming from a customer – even if it is terabytes per day.

这篇关于Azure安全性安全基准规定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！