Microsoft Azure Security Center Datenzuordnung
Der Microsoft Azure Security Center Connected Assets and Risk -Connector kann im IBM Security QRadar® Suite Software -Cluster ausgeführt werden. Der Connector synchronisiert den Inhalt der Microsoft Azure Security Center -Asset-Datenbanken schrittweise mit den Daten, die vom Connected Assets and Risk -Dienst verwaltet werden.
Die folgende Tabelle zeigt die Zuordnung des Connectors Connected Assets and Risk zu den Daten der virtuellen Maschine.
| CAR vertex/edge | CAR Feld | Azure Feld |
|---|---|---|
| Asset | Ihren Namen | VM Resource -> Name |
| Beschreibung | "VM Image details:" VM Resource -> properties -> storageProfile -> imageReference - > Offer,Sku | |
| externe ID | VM Resource -> id | |
| Hostname | _key | Network Resource -> properties -> ipConfigurations -> properties -> fqdn |
| Beschreibung | Custom Desc | |
| Asset_Hostname | from_external_id | Network Resource -> properties -> virtualMachine -> id |
| _to | Network Resource -> properties -> ipConfigurations -> properties -> fqdn | |
| aktiv | TRUE | |
| timestamp | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key |
Die folgende Tabelle zeigt die Zuordnung des Connectors Connected Assets and Risk zu den Netzwerkprofildaten.
| CAR vertex/edge | CAR Feld | Azure Feld |
|---|---|---|
| IPAddress (Private) | _key | Network Resource -> properties -> ipConfigurations -> privateIPAddress |
| IPAddress (Public) | _key | Network Resource -> properties -> ipConfigurations -> publicIPAddress |
| MacAddress | _key | Network Resource-> properties-> macAddress |
| IPAddress_MacAddress | _from | ipaddress/_key(ipaddress node) |
| _to | macaddress/_key(macaddress node) | |
| aktiv | TRUE | |
| timestamp | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key | |
| Asset_IPAddress | from_external_id | external_id des Assets (basierend auf dem Ressourcentyp) |
| _to | ipaddress/_key(ipaddress node) | |
| aktiv | TRUE | |
| timestamp | Activity log -> eventTimestamp | |
| Quelle | source -> _key | |
| melden | report -> _key |
Die folgende Tabelle zeigt die Verbindung zwischen Connected Assets and Risk und der Anwendungsdatenzuordnung.
| CAR vertex/edge | CAR Feld | Azure Feld |
|---|---|---|
| Anwendung | _key | App Resource -> Name |
| Ihren Namen | App Resource -> Name | |
| Beschreibung | App Resource -> Name, Type, Location | |
| externe ID | App Resource -> id | |
| Asset_Anwendung | from_external_id | Asset(Application) -> id |
| to_external_id | App Resource -> id | |
| aktiv | TRUE | |
| timestamp | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key | |
| Asset_ipaddress | from_external_id | Asset(Application) -> id |
| _to | App Resource -> inboundIpAddress | |
| aktiv | TRUE | |
| timestamp | report -> timestamp | |
| Quelle | source -> _key | |
| Asset_hostname | melden | report -> _key |
| from_external_id | Asset(Application) -> id | |
| _to | App Resource -> properties -> hostNames | |
| aktiv | TRUE | |
| timestamp | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key |
Die folgende Tabelle zeigt die Zuordnung der Daten von Connected Assets and Risk zur Datenbank.
| CAR vertex/edge | CAR Feld | Azure Feld |
|---|---|---|
| Datenbank | _key | DB Resource -> name |
| Ihren Namen | DB Resource -> name | |
| Beschreibung | DB Resource -> name , location | |
| externe ID | DB Resource -> id | |
| Asset_Database | from_external_id | Server Resource -> id |
| to_external_id | DB Resource -> id | |
| aktiv | TRUE | |
| timestamp | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key | |
| Asset_hostname | from_external_id | Server Resource -> id |
| _to | DB Resource -> properties -> fullyQualifiedDomainName | |
| aktiv | TRUE | |
| timestamp | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key |
Die folgende Tabelle zeigt die Verbindung zwischen Connected Assets and Risk und der Datenzuordnung von Schwachstellen.
| CAR vertex/edge | CAR Feld | Azure Feld |
|---|---|---|
| Asset | Ihren Namen | VM Resource -> Name |
| Beschreibung | VM Image details: VM Resource - > properties -> storageProfile -> imageReference - > Offer, Sku | |
| externe ID | VM Resource -> id | |
| Sicherheitslücke | external_id | Security log -> eventDataId |
| Name | Security log -> eventName -> value | |
| Beschreibung | Security log -> description | |
| disclosed_on | Security log -> submissionTimestamp | |
| published_on | Security log -> eventTimestamp | |
| Asset_Vulnerability | from_external_id | external_id des Assets (basierend auf dem Ressourcentyp) |
| to_external_id | Security log -> eventDataId | |
| aktiv | TRUE | |
| timestamp | Security log -> eventTimestamp | |
| Quelle | source -> _key | |
| melden | report -> _key |