Azure SQL Database、SQL 受控執行個體和 Azure Synapse Analytics 的 Advanced 威脅防護Advanced Threat Protection for Azure SQL Database, SQL Managed Instance, and Azure Synapse Analytics

適用於: Azure SQL Database Azure SQL 受控執行個體 Azure Synapse Analytics

適用于 Azure SQL DatabaseAzure SQL 受控執行個體Azure Synapse Analytics 的 Advanced 威脅防護會偵測異常活動,指出有不尋常且可能有害的嘗試存取或惡意探索資料庫。Advanced Threat Protection for Azure SQL Database, Azure SQL Managed Instance and Azure Synapse Analytics detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.

Advanced 威脅防護是 Azure Defender FOR SQL 供應專案的一部分,這是適用于 advanced sql 安全性功能的整合套件。Advanced Threat Protection is part of the Azure Defender for SQL offering, which is a unified package for advanced SQL security capabilities. 您可以透過中央 Azure Defender for SQL 入口網站來存取和管理 Advanced 威脅防護。Advanced Threat Protection can be accessed and managed via the central Azure Defender for SQL portal.

概觀Overview

先進的威脅防護提供新的安全性層級,可讓客戶在發生異常活動時,藉由提供安全性警示來偵測和回應潛在威脅。Advanced Threat Protection provides a new layer of security, which enables customers to detect and respond to potential threats as they occur by providing security alerts on anomalous activities. 一旦有可疑活動、潛在弱點、SQL 插入式攻擊以及異常的資料庫存取和查詢模式發生時,使用者就會收到警示。Users receive an alert upon suspicious database activities, potential vulnerabilities, and SQL injection attacks, as well as anomalous database access and queries patterns. 先進的威脅防護會將警示與 Azure 資訊安全中心整合,包括可疑活動的詳細資料,以及如何調查和緩和威脅的建議動作。Advanced Threat Protection integrates alerts with Azure Security Center, which include details of suspicious activity and recommend action on how to investigate and mitigate the threat. 先進的威脅防護可讓您輕鬆地解決資料庫的潛在威脅,而不需要是安全性專家或管理安全性監視系統。Advanced Threat Protection makes it simple to address potential threats to the database without the need to be a security expert or manage advanced security monitoring systems.

如需完整的調查體驗,建議您啟用「審核」,這會將資料庫事件寫入您 Azure 儲存體帳戶中的 audit 記錄檔。For a full investigation experience, it is recommended to enable auditing, which writes database events to an audit log in your Azure storage account. 若要啟用審核,請參閱AZURE SQL 受控執行個體的 Azure SQL Database 和 Azure Synapse 的審核To enable auditing, see Auditing for Azure SQL Database and Azure Synapse or Auditing for Azure SQL Managed Instance.

警示Alerts

適用於 Azure SQL Database 的進階威脅防護會偵測異常活動,這些活動代表有不尋常及可能有害的活動試圖存取或惡意探索資料庫。Advanced Threat Protection for Azure SQL Database detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. 如需 Azure SQL Database 的警示清單,請參閱 Azure 資訊安全中心中 SQL Database 和 Azure Synapse Analytics 的警示For a list of alerts for Azure SQL Database, see the Alerts for SQL Database and Azure Synapse Analytics in Azure Security Center.

探索可疑事件的偵測Explore detection of a suspicious event

偵測到異常資料庫活動時,您會收到電子郵件通知。You receive an email notification upon detection of anomalous database activities. 電子郵件會提供可疑安全性事件的相關資訊,包括異常活動的性質、資料庫名稱、伺服器名稱、應用程式名稱和事件時間。The email provides information on the suspicious security event including the nature of the anomalous activities, database name, server name, application name, and the event time. 此外,該電子郵件還會提供可能原因和建議動作的相關資訊,以協助您調查和減輕資料庫的潛在威脅。In addition, the email provides information on possible causes and recommended actions to investigate and mitigate the potential threat to the database.

異常活動報告

  1. 按一下電子郵件中的 [ 查看最近的 SQL 警示 ] 連結以啟動 Azure 入口網站,並顯示 Azure 資訊安全中心警示] 頁面,其中提供在資料庫上偵測到的作用中威脅的總覽。Click the View recent SQL alerts link in the email to launch the Azure portal and show the Azure Security Center alerts page, which provides an overview of active threats detected on the database.

    活動威脅

  2. 按一下特定警示可取得其他詳細資料和調查此威脅的建議,並對未來的威脅採取補救措施。Click a specific alert to get additional details and actions for investigating this threat and remediating future threats.

    例如,SQL 插入式攻擊是網際網路上最常見的 Web 應用程式安全性問題之一,用於攻擊資料導向應用程式。For example, SQL injection is one of the most common Web application security issues on the Internet that is used to attack data-driven applications. 攻擊者利用應用程式弱點將惡意的 SQL 陳述式插入應用程式輸入欄位,破壞或修改資料庫中的資料。Attackers take advantage of application vulnerabilities to inject malicious SQL statements into application entry fields, breaching or modifying data in the database. 針對 SQL 插入式攻擊,警示的詳細資料會包括已遭利用且有弱點的 SQL 陳述式。For SQL Injection alerts, the alert’s details include the vulnerable SQL statement that was exploited.

    特定警示

探索 Azure 入口網站中的警示Explore alerts in the Azure portal

Advanced 威脅防護會將其警示與 Azure 安全性中心整合。Advanced Threat Protection integrates its alerts with Azure security center. 資料庫中的即時 SQL Advanced 威脅防護圖格和 Azure 入口網站中的 SQL Azure Defender blade 會追蹤作用中威脅的狀態。Live SQL Advanced Threat Protection tiles within the database and SQL Azure Defender blades in the Azure portal track the status of active threats.

按一下 [ Advanced 威脅防護警示 ] 以啟動 [Azure 資訊安全中心警示] 頁面,並概要說明在資料庫上偵測到的作用中 SQL 威脅。Click Advanced Threat Protection alert to launch the Azure Security Center alerts page and get an overview of active SQL threats detected on the database.

資料庫中的 advanced 威脅防護警示總覽

安全性中心的 advanced 威脅防護

後續步驟Next steps