您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure Database for PostgreSQL 中的高级威胁防护-单服务器Advanced Threat Protection in Azure Database for PostgreSQL - Single Server

Azure Database for PostgreSQL 的高级威胁防护可检测异常活动,指出有人在访问或利用数据库时的异常行为和可能有害的尝试。Advanced Threat Protection for Azure Database for PostgreSQL detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.

备注

高级威胁防护是公开预览版。Advanced Threat Protection is in public preview.

威胁防护是高级威胁防护 (ATP) 产品/服务的一部分,后者是一个针对高级安全功能的统一软件包。Threat Protection is part of the Advanced Threat Protection (ATP) offering, which is a unified package for advanced security capabilities. 可以通过Azure 门户或使用REST API来访问和管理高级威胁防护。Advanced Threat Protection can be accessed and managed via the Azure portal or using REST API. 此功能可用于常规用途和内存优化服务器。The feature is available for General Purpose and Memory Optimized servers.

备注

高级威胁防护功能在以下 Azure 政府和主权云区域中不**** 可用:US Gov 德克萨斯州、US Gov 亚利桑那州、US Gov 爱荷华州、US Gov 弗吉尼亚州、US DoD 东部、US DoD 中部、德国中部、德国北部、中国东部、中国东部 2。The Advanced Threat Protection feature is not available in the following Azure government and sovereign cloud regions: US Gov Texas, US Gov Arizona, US Gov Iowa, US, Gov Virginia, US DoD East, US DoD Central, Germany Central, Germany North, China East, China East 2. 请访问各区域的产品可用性,以了解常规产品可用性。Please visit products available by region for general product availability.

什么是高级威胁防护?What is Advanced Threat Protection?

Azure Database for PostgreSQL 高级威胁防护提供了一个新的安全层,它针对异常活动发出安全警报,让客户能够在潜在威胁出现时进行检测和应对。Advanced Threat Protection for Azure Database for PostgreSQL provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities. 出现可疑数据库活动、潜在漏洞以及异常数据库访问和查询模式时,用户将收到警报。Users receive an alert upon suspicious database activities, and potential vulnerabilities, as well as anomalous database access and queries patterns. Azure Database for PostgreSQL 高级威胁防护将警报与 Azure 安全中心集成,其中包含可疑活动的详细信息以及如何调查和缓解威胁的建议操作。Advanced Threat Protection for Azure Database for PostgreSQL integrates alerts with Azure Security Center, which includes details of suspicious activity and recommends action on how to investigate and mitigate the threat. 不必是安全专家,也不需要管理先进的安全监视系统,就能使用 Azure Database for PostgreSQL 高级威胁防护轻松解决数据库的潜在威胁。Advanced Threat Protection for Azure Database for PostgreSQL makes it simple to address potential threats to the database without the need to be a security expert or manage advanced security monitoring systems.

高级威胁防护概念

高级威胁防护警报Advanced Threat Protection alerts

Azure Database for PostgreSQL 高级威胁防护可检测异常活动,指出有人在访问或利用数据库时的异常行为和可能有害的尝试,并可以触发以下警报:Advanced Threat Protection for Azure Database for PostgreSQL detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases and it can trigger the following alerts:

  • 从异常位置访问:当 Azure Database for PostgreSQL 服务器的访问模式发生更改,有人从异常的地理位置登录到 Azure Database for PostgreSQL 服务器时,会触发此警报。Access from unusual location: This alert is triggered when there is a change in the access pattern to the Azure Database for PostgreSQL server, where someone has logged on to the Azure Database for PostgreSQL server from an unusual geographical location. 在某些情况下,警报会检测合法操作(发布新应用程序或开发人员维护)。In some cases, the alert detects a legitimate action (a new application or developer maintenance). 在其他情况下,警报会检测恶意操作(以前的员工、外部攻击者)。In other cases, the alert detects a malicious action (former employee, external attacker).
  • 从异常的 Azure 数据中心访问:当 Azure Database for PostgreSQL 服务器的访问模式发生更改,有人从最近一段时间在此服务器上看到的异常 Azure 数据中心登录到服务器时,会触发此警报。Access from unusual Azure data center: This alert is triggered when there is a change in the access pattern to the Azure Database for PostgreSQL server, where someone has logged on to the server from an unusual Azure data center that was seen on this server during the recent period. 在某些情况下,警报会检测合法操作(在 Azure、Power BI 或 Azure Database for PostgreSQL 查询编辑器中发布新应用程序)。In some cases, the alert detects a legitimate action (your new application in Azure, Power BI, Azure Database for PostgreSQL Query Editor). 在其他情况下,警报会检测通过 Azure 资源/服务执行的恶意操作(以前的员工、外部攻击者)。In other cases, the alert detects a malicious action from an Azure resource/service (former employee, external attacker).
  • 从不熟悉的主体访问:当 Azure Database for PostgreSQL 服务器的访问模式发生更改,有人使用异常主体(Azure Database for PostgreSQL 用户)登录到服务器时,会触发此警报。Access from unfamiliar principal: This alert is triggered when there is a change in the access pattern to the Azure Database for PostgreSQL server, where someone has logged on to the server using an unusual principal (Azure Database for PostgreSQL user). 在某些情况下,警报会检测合法操作(发布新应用程序或开发人员维护)。In some cases, the alert detects a legitimate action (new application, developer maintenance). 在其他情况下,警报会检测恶意操作(以前的员工、外部攻击者)。In other cases, the alert detects a malicious action (former employee, external attacker).
  • 来自可能有害的应用程序的访问:当使用可能有害的应用程序访问数据库时,会触发此警报。Access from a potentially harmful application: This alert is triggered when a potentially harmful application is used to access the database. 在某些情况下,警报会检测操作中的渗透测试。In some cases, the alert detects penetration testing in action. 在其他情况下,警报会检测使用常见攻击工具执行的攻击。In other cases, the alert detects an attack using common attack tools.
  • 暴力破解 Azure Database for PostgreSQL 凭据:当有人使用不同的凭据异常登录失败很多次时,会触发此警报。Brute force Azure Database for PostgreSQL credentials: This alert is triggered when there is an abnormal high number of failed logins with different credentials. 在某些情况下,警报会检测操作中的渗透测试。In some cases, the alert detects penetration testing in action. 在其他情况下,警报会检测暴力破解攻击。In other cases, the alert detects brute force attack.

后续步骤Next steps