Microsoft Azure Security Center Correlación de datos
El conector de Microsoft Azure Security Center Connected Assets and Risk se puede ejecutar en el clúster de plataforma. El conector sincroniza de forma incremental el contenido de las bases de datos de activos de Microsoft Azure Security Center con los datos gestionados por el servicio Connected Assets and Risk .
En la tabla siguiente se muestra la correlación de datos del conector Connected Assets and Risk con la máquina virtual.
| Vértice/extremo de CAR | Campo de CAR | Azure campo |
|---|---|---|
| Activo | Nombre | VM Resource -> Name |
| Descripción | "VM Image details:" VM Resource -> properties -> storageProfile -> imageReference - > Offer,Sku | |
| ID externo | VM Resource -> id | |
| Nombre de host | _key | Network Resource -> properties -> ipConfigurations -> properties -> fqdn |
| Descripción | Custom Desc | |
| Asset_Hostname | from_external_id | Network Resource -> properties -> virtualMachine -> id |
| _to | Network Resource -> properties -> ipConfigurations -> properties -> fqdn | |
| Activo | TRUE | |
| timestamp | report -> timestamp | |
| origen | source -> _key | |
| informe | report -> _key |
En la tabla siguiente se muestra la correlación de datos del conector Connected Assets and Risk con el perfil de red.
| Vértice/extremo de CAR | Campo de CAR | Azure campo |
|---|---|---|
| Dirección IP (privada) | _key | Network Resource -> properties -> ipConfigurations -> privateIPAddress |
| Direcció IP (pública) | _key | Network Resource -> properties -> ipConfigurations -> publicIPAddress |
| MacAddress | _key | Network Resource -> properties -> macAddress |
| IPAddress_MacAddress | \_from | ipaddress/\_key(ipaddress node) |
| _to | macaddress/_key(macaddress node) | |
| Activo | TRUE | |
| timestamp | report -> timestamp | |
| origen | source -> _key | |
| informe | report -> _key | |
| Asset_IPAddress | from_external_id | external\_id of the asset (basado en tipo de recurso) |
| _to | ipaddress/\_key(ipaddress node) | |
| Activo | TRUE | |
| timestamp | Activity log -> eventTimestamp | |
| origen | source -> _key | |
| informe | report -> _key |
En la tabla siguiente se muestra la correlación de datos del conector Connected Assets and Risk con la aplicación.
| Vértice/extremo de CAR | Campo de CAR | Azure campo |
|---|---|---|
| Aplicación | _key | App Resource -> Name |
| Nombre | App Resource -> Name | |
| Descripción | App Resource -> Name, Type, Location | |
| ID externo | App Resource -> id | |
| Asset_Application | from_external_id | Asset(Application) -> id |
| to_external_id | App Resource -> id | |
| Activo | TRUE | |
| timestamp | report -> timestamp | |
| origen | source -> _key | |
| informe | report -> _key | |
| Asset_ipaddress | from_external_id | Asset(Application) -> id |
| _to | App Resource -> inboundIpAddress | |
| Activo | TRUE | |
| timestamp | report -> timestamp | |
| origen | source -> _key | |
| Asset_hostname | informe | report -> _key |
| from_external_id | Asset(Application) -> id | |
| _to | App Resource -> properties -> hostNames | |
| Activo | TRUE | |
| timestamp | report -> timestamp | |
| origen | source -> _key | |
| informe | report -> _key |
En la tabla siguiente se muestra la correlación de datos del conector Connected Assets and Risk con la base de datos.
| Vértice/extremo de CAR | Campo de CAR | Azure campo |
|---|---|---|
| Base de datos | _key | DB Resource -> name |
| Nombre | DB Resource -> name | |
| Descripción | DB Resource -> name , location | |
| ID externo | DB Resource -> id | |
| Asset_Database | from_external_id | Server Resource -> id |
| to_external_id | DB Resource -> id | |
| Activo | TRUE | |
| timestamp | report -> timestamp | |
| origen | source -> _key | |
| informe | report -> _key | |
| Asset_hostname | from_external_id | Server Resource -> id |
| _to | DB Resource -> properties -> fullyQualifiedDomainName | |
| Activo | TRUE | |
| timestamp | report -> timestamp | |
| origen | source -> _key | |
| informe | report -> _key |
En la tabla siguiente se muestra la correlación de datos del conector de Connected Assets and Risk con vulnerabilidades.
| Vértice/extremo de CAR | Campo de CAR | Azure campo |
|---|---|---|
| Activo | Nombre | VM Resource -> Name |
| Descripción | VM Image details: VM Resource - > properties -> storageProfile -> imageReference - > Offer, Sku | |
| ID externo | VM Resource -> id | |
| Vulnerabilidad | external_id | Security log -> eventDataId |
| nombre | Security log -> eventName -> value | |
| Descripción | Security log -> description | |
| disclosed_on | Security log -> submissionTimestamp | |
| published_on | Security log -> eventTimestamp | |
| Asset_Vulnerability | from_external_id | external\_id of the asset (basado en tipo de recurso) |
| to_external_id | Security log -> eventDataId | |
| Activo | TRUE | |
| timestamp | Security log -> eventTimestamp | |
| origen | source -> _key | |
| informe | report -> _key |