Microsoft Defender 安全中心门户概述Microsoft Defender Security Center portal overview

适用于:Applies to:

想要体验适用于终结点的 Defender?Want to experience Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

企业安全团队可以使用 Microsoft Defender 安全中心监视和协助响应潜在高级永久性威胁活动或数据泄露的警报。Enterprise security teams can use Microsoft Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat activity or data breaches.

可以使用 Microsoft Defender 安全中心You can use Microsoft Defender Security Center to:

  • 查看、排序和会审来自终结点的警报View, sort, and triage alerts from your endpoints
  • 搜索有关观察到的指示器(如文件和 IP 地址)详细信息Search for more information on observed indicators such as files and IP Addresses
  • 更改适用于终结点的 Microsoft Defender 设置,包括时区并查看许可信息Change Microsoft Defender for Endpoint settings, including time zone and review licensing information

Microsoft Defender 安全中心Microsoft Defender Security Center

打开门户时,你将看到:When you open the portal, you'll see:

  • (1) 导航窗格 (选择导航窗格顶部的水平线以显示或隐藏它) (1) Navigation pane (select the horizontal lines at the top of the navigation pane to show or hide it)
  • (2) 搜索, 社区中心, 本地化, 帮助和支持, 反馈(2) Search, Community center, Localization, Help and support, Feedback

适用于终结点的 Microsoft Defender 门户

备注

仅在你的设备将 Microsoft Defender 防病毒用作默认的反恶意软件实时保护产品时,才显示与恶意软件相关的检测。Malware related detections will only appear if your devices are using Microsoft Defender Antivirus as the default real-time protection antimalware product.

可以使用所有部分中可用的菜单选项在门户中导航。You can navigate through the portal using the menu options available in all sections. 有关每个部分的说明,请参阅下表。Refer to the following table for a description of each section.

区域Area 说明Description
(1) 导航窗格(1) Navigation pane 使用导航窗格在仪表板、事件、设备 列表、警报 队列、自动 调查、高级搜寻、报告、合作伙伴 & API、 威胁 &漏洞 管理、评估和教程、服务 运行状况、配置管理和设置之间移动。 Use the navigation pane to move between Dashboards, Incidents, Devices list, Alerts queue, Automated investigations, Advanced hunting, Reports, Partners & APIs, Threat & Vulnerability Management, Evaluation and tutorials, Service health, Configuration management, and Settings. 选择导航窗格顶部的水平线以显示或隐藏它。Select the horizontal lines at the top of the navigation pane to show or hide it.
仪表板Dashboards 访问活动的自动调查、活动警报、自动调查统计信息、处于风险中的设备、处于风险中的用户、传感器问题的设备、服务运行状况、检测源和每日设备报告仪表板。Access the active automated investigations, active alerts, automated investigations statistics, devices at risk, users at risk, devices with sensor issues, service health, detection sources, and daily devices reporting dashboards.
事件Incidents 查看已聚合为事件的警报。View alerts that have been aggregated as incidents.
设备列表Devices list 显示已载入 Defender for Endpoint 的设备列表、有关它们的一些信息及其曝光和风险级别。Displays the list of devices that are onboarded to Defender for Endpoint, some information about them, and their exposure and risk levels.
警报队列Alerts queue 查看从组织中设备生成的警报。View alerts generated from devices in your organizations.
自动调查Automated investigations 显示网络中已进行的自动调查、触发警报、每个调查的状态以及其他详细信息,如调查的开始时间以及调查的持续时间。Displays automated investigations that have been conducted in the network, triggering alert, the status of each investigation and other details such as when the investigation started and the duration of the investigation.
高级搜寻Advanced hunting 借助高级搜寻,可以使用功能强大的搜索和查询工具在组织中主动搜寻和调查。Advanced hunting allows you to proactively hunt and investigate across your organization using a powerful search and query tool.
报表Reports 查看详细介绍威胁防护、设备运行状况和合规性、Web 保护和漏洞的图形。View graphs detailing threat protection, device health and compliance, web protection, and vulnerability.
合作伙伴& APIPartners & APIs 查看受支持的合作伙伴连接,以增强平台的检测、调查和威胁智能功能。View supported partner connections, which enhance the detection, investigation, and threat intelligence capabilities of the platform. 还可以查看连接的应用程序、API 资源管理器、API 使用情况概述和数据导出设置。You can also view connected applications, the API explorer, API usage overview, and data export settings.
威胁&漏洞管理Threat & Vulnerability management 查看你的 Microsoft 设备安全分数、曝光分数、公开的设备、易受攻击的软件,并针对最高安全建议采取措施。View your Microsoft Secure Score for Devices, exposure score, exposed devices, vulnerable software, and take action on top security recommendations.
评估和教程Evaluation and tutorials 管理测试设备、攻击模拟和报告。Manage test devices, attack simulations, and reports. 在试用环境中通过指导性演练了解并体验 Defender for Endpoint 功能。Learn and experience the Defender for Endpoint capabilities through a guided walk-through in a trial environment.
服务运行状况Service health 提供有关 Defender for Endpoint 服务的当前状态的信息。Provides information on the current status of the Defender for Endpoint service. 你将能够验证服务运行状况是否正常或当前是否有问题。You'll be able to verify that the service health is healthy or if there are current issues.
配置管理Configuration management 显示已上线设备、组织的安全基线、预测分析、Web 保护范围,并允许你在设备上执行攻击面管理。Displays on-boarded devices, your organizations' security baseline, predictive analysis, web protection coverage, and allows you to perform attack surface management on your devices.
设置Settings 显示你在载入期间选择的设置,并允许你更新你的行业首选项和保留策略期限。Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. 还可以设置其他配置设置,如权限、API、规则、设备管理、IT 服务管理和网络评估。You can also set other configuration settings such as permissions, APIs, rules, device management, IT service management, and network assessments.
(2) 搜索, 社区中心, 本地化, 帮助和支持, 反馈(2) Search, Community center, Localization, Help and support, Feedback 搜索 - 按设备、文件、用户、URL、IP、漏洞、软件和建议进行搜索。Search - search by device, file, user, URL, IP, vulnerability, software, and recommendation.
社区中心 - 访问社区中心,了解、协作和共享产品体验。Community center - Access the Community center to learn, collaborate, and share experiences about the product.

本地化 - 设置时区。Localization - Set time zones.

帮助和支持 - 访问适用于终结点的 Defender 指南、Microsoft 和 Microsoft Premier 支持、许可证信息、模拟 & 教程、适用于终结点的 Defender 评估实验室,请咨询威胁专家。Help and support - Access the Defender for Endpoint guide, Microsoft and Microsoft Premier support, license information, simulations & tutorials, Defender for Endpoint evaluation lab, consult a threat expert.

反馈 - 提供有关您喜欢或我们可以更好地执行哪些工作的评论。Feedback - Provide comments about what you like or what we can do better.

备注

对于具有高分辨率 DPI 缩放问题的设备,请参阅适用于高 DPI 设备的 Windows 缩放问题,了解可能的解决方案。For devices with high resolution DPI scaling issues, please see Windows scaling issues for high-DPI devices for possible solutions.

Microsoft Defender for Endpoint 图标Microsoft Defender for Endpoint icons

下表提供有关整个门户中使用的图标的信息:The following table provides information on the icons used all throughout the portal:

IconIcon 说明Description
ATP 徽标图标 适用于终结点的 Microsoft Defender 徽标Microsoft Defender for Endpoint logo
警报图标 警报 – 与高级攻击相关的活动指示。Alert – Indication of an activity correlated with advanced attacks.
检测图标 检测 – 恶意软件威胁检测的指示。Detection – Indication of a malware threat detection.
活动威胁图标 活动威胁 – 检测时主动执行的威胁。Active threat – Threats actively executing at the time of detection.
修正图标1 已修复 – 已从设备中删除的威胁。Remediated – Threat removed from the device.
未修复的图标 未修复 – 未从设备中删除的威胁。Not remediated – Threat not removed from the device.
Thunderbolt 图标 指示在警报进程树中触发 警报的事件Indicates events that triggered an alert in the Alert process tree.
设备图标 设备图标Device icon
Microsoft Defender AV 事件图标 Microsoft Defender 防病毒事件Microsoft Defender Antivirus events
应用程序防护事件图标 Windows Defender应用程序防护事件Windows Defender Application Guard events
Device Guard 事件图标 Windows Defender Device Guard 事件Windows Defender Device Guard events
攻击防护事件图标 Windows Defender攻击防护事件Windows Defender Exploit Guard events
SmartScreen 事件图标 Windows Defender SmartScreen 事件Windows Defender SmartScreen events
防火墙事件图标 Windows 防火墙事件Windows Firewall events
响应操作图标 响应操作Response action
进程事件图标 处理事件Process events
网络通信事件图标 网络事件Network events
文件观察到的事件图标 文件事件File events
注册表事件图标 注册表事件Registry events
模块加载 DLL 事件图标 加载 DLL 事件Load DLL events
其他事件图标 其他事件Other events
访问令牌修改图标 访问令牌修改Access token modification
文件创建图标 文件创建File creation
签名者图标 签名者Signer
文件路径图标 文件路径File path
命令行图标 命令行Command line
未签名的文件图标 未签名文件Unsigned file
进程树图标 进程树Process tree
内存分配图标 内存分配Memory allocation
进程注入图标 进程注入Process injection
Powershell 命令运行图标 Powershell 命令运行Powershell command run
社区中心图标 社区中心Community center
通知图标 通知Notifications
未发现威胁 自动调查 - 未找到威胁Automated investigation - no threats found
失败图标 自动调查 - 失败Automated investigation - failed
部分修复的图标 自动调查 - 部分调查Automated investigation - partially investigated
已由系统终止 自动调查 - 由系统终止Automated investigation - terminated by system
挂起图标 自动调查 - 挂起Automated investigation - pending
正在运行图标 自动调查 - 运行Automated investigation - running
修正的图标2 自动调查 - 已修正Automated investigation - remediated
部分调查的图标 自动调查 - 部分修正Automated investigation - partially remediated
威胁见解图标 威胁&漏洞管理 - 威胁见解Threat & Vulnerability Management - threat insights
可能的活动警报图标 威胁&漏洞管理 - 可能的活动警报Threat & Vulnerability Management - possible active alert
建议见解图标 威胁&漏洞管理 - 建议见解Threat & Vulnerability Management - recommendation insights