安全中心的误报:通过密钥库加密的磁盘,标记为未加密吗? [英] false positive for security center: Encrypted disk by keyvault, marked as not encrypted ?
问题描述
问候,
关于IAAS-VM的磁盘未加密的报告,我有点不满.
原因是,这使我担心其配置错误,但是我看不到
为什么.
I am getting a bit of a physical itch from the report that the IAAS-VM's disks is not encrypted.
The reason is, that it makes me worry its wrongly configured but i fail to see
why.
1)启用了磁盘加密扩展名
2)创建密钥库机密.
3)磁盘由BitLocker加密(甚至得到了DiskEncryptionSettings2.json;它告诉我它确实在使用keyvault-secret).
1) The extension for disk-encryption is enabled
2) The key-vault secrets are created.
3) The disks are encrypted by BitLocker (even got the DiskEncryptionSettings2.json; which tells me it is indeed using the keyvault-secret).
运行的命令与文档内联,因为它不高可用性.
Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $ vm.ResourceGroupName -VMName $ vm.Name -DiskEncryptionKeyVaultUrl $ diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $ keyVaultResourceId -KeyEncryptionKeyUrl $ keyEncryptionKeyUrl -KeyEncryptionKeyVaultId
$ keyVaultResourceId;
The command ran was inline with the documentation as its not high-available.
Set-AzureRmVMDiskEncryptionExtension -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $keyVaultResourceId -KeyEncryptionKeyUrl $keyEncryptionKeyUrl -KeyEncryptionKeyVaultId
$keyVaultResourceId;
有人能指出我可能错过的方向吗?
Anyone that can point me in the direction of what i might have missed?
Sebastian
Sebastian
推荐答案
在为虚拟机启用磁盘加密之前,您需要检查是否已检查先决条件.在某些情况下,不支持Azure磁盘加密.请参阅此链接以获得更好的指导.
You need to check whether you checked the prerequisites before enabling disk-encryption for the Virtual machines. There are some scenarios were Azure Disk Encryption is not supported. See this link for better guidance.
https://docs.microsoft.com/zh-CN/azure/security/azure-security-disk-encryption-prerequisites
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-prerequisites
我相信您使用Power Shell执行了所有步骤.
I believe that you performed all the steps using power shell.
https://docs.microsoft.com/zh-cn/azure/security/quick-encrypt-vm-powershell
https://docs.microsoft.com/en-us/azure/security/quick-encrypt-vm-powershell
当安全中心使用连续威胁情报监视来调查威胁时.在检测调整中,对真实的客户数据集运行算法,安全研究人员与客户合作以验证结果.真实且 误报用于完善机器学习算法.
When security center investigate for threats using continuous threat intelligence monitoring. In the detection tuning, were Algorithms are run against real customer data sets and security researchers work with customers to validate the results. True and false positives are used to refine machine learning algorithms.
这些共同的努力最终导致了新的和改进的检测技术,您可以立即受益-没有任何动作供您服用.
These combined efforts culminate in new and improved detection's, which you can benefit from instantly- there's no action for you to take.
这篇关于安全中心的误报:通过密钥库加密的磁盘,标记为未加密吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
