You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/security-center/quick-onboard-linux-computer.md
+4-5Lines changed: 4 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,9 +3,8 @@ title: Azure Security Center Quickstart - Onboard your Linux computers to Securi
3
3
description: This quickstart shows you how to onboard your Linux computers to Security Center.
4
4
services: security-center
5
5
documentationcenter: na
6
-
author: rkarlin
7
-
manager: barbkess
8
-
editor: ''
6
+
author: memildin
7
+
manager: rkarlin
9
8
10
9
ms.assetid: 61e95a87-39c5-48f5-aee6-6f90ddcd336e
11
10
ms.service: security-center
@@ -15,7 +14,7 @@ ms.custom: mvc
15
14
ms.tgt_pltfrm: na
16
15
ms.workload: na
17
16
ms.date: 12/02/2018
18
-
ms.author: rkarlin
17
+
ms.author: memildin
19
18
20
19
---
21
20
# Quickstart: Onboard Linux computers to Azure Security Center
@@ -80,7 +79,7 @@ To remove the agent:
80
79
`sudo sh ./omsagent-<version>.universal.x64.sh --purge`
81
80
82
81
## Next steps
83
-
In this quick start, you provisioned the agent on a Linux computer. To learn more about how to use Security Center, continue to the tutorial for configuring a security policy and assessing the security of your resources.
82
+
In this quickstart, you provisioned the agent on a Linux computer. To learn more about how to use Security Center, continue to the tutorial for configuring a security policy and assessing the security of your resources.
84
83
85
84
> [!div class="nextstepaction"]
86
85
> [Tutorial: Define and assess security policies](tutorial-security-policy.md)
Copy file name to clipboardExpand all lines: articles/security-center/security-center-adaptive-application.md
+10-11Lines changed: 10 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,9 +3,8 @@ title: Adaptive application controls in Azure Security Center | Microsoft Docs
3
3
description: This document helps you to use adaptive application control in Azure Security Center to whitelist applications running in Azure VMs.
4
4
services: security-center
5
5
documentationcenter: na
6
-
author: monhaber
7
-
manager: barbkess
8
-
editor: ''
6
+
author: memildin
7
+
manager: rkarlin
9
8
10
9
ms.assetid: 9268b8dd-a327-4e36-918e-0c0b711e99d2
11
10
ms.service: security-center
@@ -14,14 +13,14 @@ ms.topic: conceptual
14
13
ms.tgt_pltfrm: na
15
14
ms.workload: na
16
15
ms.date: 05/02/2019
17
-
ms.author: v-mohabe
16
+
ms.author: memildin
18
17
19
18
---
20
19
# Adaptive application controls in Azure Security Center
21
20
Learn how to configure application control in Azure Security Center using this walkthrough.
22
21
23
22
## What are adaptive application controls in Security Center?
24
-
Adaptive application control is an intelligent, automated end-to-end application whitelisting solution from Azure Security Center. It helps you control which applications can run on your Azure and non-Azure VMs (Windows and Linux), which, among other benefits, helps harden your VMs against malware. Security Center uses machine learning to analyze the applications running on your VMs and helps you apply the specific whitelisting rules using this intelligence. This capability greatly simplifies the process of configuring and maintaining application whitelisting policies, enabling you to:
23
+
Adaptive application control is an intelligent, automated, end-to-end solution from Azure Security Center which helps you control which applications can run on your Azure and non-Azure VMs (Windows and Linux). Among other benefits, this helps harden your VMs against malware. Security Center uses machine learning to analyze the applications running on your VMs and creates an allow list from this intelligence. This capability greatly simplifies the process of configuring and maintaining application allow list policies, enabling you to:
25
24
26
25
- Block or alert on attempts to run malicious applications, including those that might otherwise be missed by antimalware solutions.
27
26
- Comply with your organization's security policy that dictates the use of only licensed software.
@@ -34,7 +33,7 @@ Adaptive application control is an intelligent, automated end-to-end application
34
33
> For Non-Azure and Linux VMs, adaptive application controls are supported in audit mode only.
35
34
36
35
## How to enable adaptive application controls?
37
-
Adaptive application controls help you define a set of applications that are allowed to run on configured groups of VMs. This feature is available for both Azure and non-Azure Windows (all versions, classic, or Azure Resource Manager) and Linux VMs and servers. The following steps can be used to configure application whitelisting in Security Center:
36
+
Adaptive application controls help you define a set of applications that are allowed to run on configured groups of VMs. This feature is available for both Azure and non-Azure Windows (all versions, classic, or Azure Resource Manager) and Linux VMs and servers. Use the following steps to configure your application allow lists:
38
37
39
38
1. Open the **Security Center** dashboard.
40
39
2. In the left pane, select **Adaptive application controls** located under **Advanced cloud defense**.
@@ -81,11 +80,11 @@ The **Groups of VMs** section contains three tabs:
81
80
82
81
-**NAME**: the certificate information or the full path of an application
83
82
-**FILE TYPES**: the application file type. This can be EXE, Script, MSI, or any permutation of these types.
84
-
-**EXPLOITABLE**: a warning icon indicates if a specific application could be used by an attacker to bypass an application whitelisting solution. It is recommended to review these applications prior to their approval.
83
+
-**EXPLOITABLE**: a warning icon indicates if a specific application could be used by an attacker to bypass an application allow list. It is recommended to review these applications prior to their approval.
85
84
-**USERS**: users that are recommended to be allowed to run an application
86
85
87
86
5. Once you finish your selections, select **Create**. <br>
88
-
After you select Create, Azure Security Center automatically creates the appropriate rules on top of the built-in application whitelisting solution available on Windows servers (AppLocker).
87
+
After you select Create, Azure Security Center automatically creates the appropriate rules on top of the built-in application allow list solution available on Windows servers (AppLocker).
89
88
90
89
> [!NOTE]
91
90
> - Security Center relies on a minimum of two weeks of data in order to create a baseline and populate the unique recommendations per group of VMs. New customers of Security Center standard tier should expect a behavior in which at first their groups of VMs appear under the *no recommendation* tab.
@@ -95,15 +94,15 @@ The **Groups of VMs** section contains three tabs:
95
94
96
95
### Editing and monitoring a group configured with application control
97
96
98
-
1. To edit and monitor a group configured with an application whitelisting policy, return to the **Adaptive application controls** page and select **CONFIGURED** under **Groups of VMs**:
97
+
1. To edit and monitor a group configured with an application allow list policy, return to the **Adaptive application controls** page and select **CONFIGURED** under **Groups of VMs**:
-**Group Name**: the name of the subscription and group
105
104
-**VMs and Computers**: the number of virtual machines in the group
106
-
-**Mode**: Audit mode will log attempts to run non-whitelisted applications; Enforce will not allow non-whitelisted applications to run
105
+
-**Mode**: Audit mode will log attempts to run applications that aren't on the allow list; Enforce will not allow applications to run unless they are on the allow list
107
106
-**Alerts**: any current violations
108
107
109
108
2. Click on a group to make changes in the **Edit application control policy** page.
@@ -120,7 +119,7 @@ The **Groups of VMs** section contains three tabs:
120
119
> - As previously mentioned, by default a new application control policy is always configured in *Audit* mode.
121
120
>
122
121
123
-
4. Under **Policy extension**, add any application path that you want to allow. After you add these paths, Security Center updates the application whitelisting policy on the VMs within the selected group of VMS and creates the appropriate rules for these applications, in addition to the rules that are already in place.
122
+
4. Under **Policy extension**, add any application path that you want to allow. After you add these paths, Security Center updates the application allow list policy on the VMs within the selected group of VMS and creates the appropriate rules for these applications, in addition to the rules that are already in place.
124
123
125
124
5. Review the current violations listed in the **Recent alerts** section. Click on each line to be redirected to the **Alerts** page within Azure Security Center, and view all the alerts that were detected by Azure Security Center on the associated VMs.
0 commit comments