Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Berlangganan pengumuman Amazon GuardDuty SNS
Bagian ini memberikan informasi tentang berlangganan Amazon SNS (Layanan Pemberitahuan Sederhana) GuardDuty untuk pengumuman menerima pemberitahuan tentang jenis temuan yang baru dirilis, pembaruan untuk jenis temuan yang ada, dan perubahan fungsionalitas lainnya. Notifikasi tersedia dalam semua format yang didukung Amazon SNS.
GuardDuty SNS mengirimkan pengumuman tentang pembaruan ke GuardDuty layanan di seluruh AWS akun berlangganan apa pun. Untuk menerima pemberitahuan tentang temuan dalam akun Anda, lihatMembuat tanggapan khusus terhadap GuardDuty temuan dengan Amazon CloudWatch Events.
catatan
Pengguna IAM Anda harus memiliki sns::subscribe izin untuk berlangganan SNS.
Anda dapat berlangganan antrean Amazon SQS untuk topik notifikasi ini, tetapi Anda harus menggunakan ARN topik yang berada di Wilayah yang sama. Untuk informasi selengkapnya, lihat Tutorial: Berlangganan antrian Amazon SQS ke topik Amazon SNS di panduan pengembang Amazon Simple Queue Service.
Anda juga dapat menggunakan AWS Lambda fungsi untuk memicu peristiwa saat pemberitahuan diterima. Untuk informasi selengkapnya, lihat Memanggil fungsi Lambda menggunakan notifikasi Amazon SNS di panduan pengembang Layanan Antrian Sederhana Amazon.
ARN topik Amazon SNS untuk setiap Wilayah ditunjukkan di bawah ini.
| AWS Wilayah | ARN topik Amazon SNS |
|---|---|
us-east-1 |
arn:aws:sns:us-east-1:242987662583:GuardDutyAnnouncements |
us-east-2 |
arn:aws:sns:us-east-2:118283430703:GuardDutyAnnouncements |
us-west-1 |
arn:aws:sns:us-west-1:144182107116:GuardDutyAnnouncements |
us-west-2 |
arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements |
ca-central-1 |
arn:aws:sns:ca-central-1:107430051933:GuardDutyAnnouncements |
ca-west-1 |
arn:aws:sns:ca-west-1:440427180217:GuardDutyAnnouncements |
eu-north-1 |
arn:aws:sns:eu-north-1:973841112453:GuardDutyAnnouncements |
eu-west-1 |
arn:aws:sns:eu-west-1:965013871422:GuardDutyAnnouncements |
eu-west-2 |
arn:aws:sns:eu-west-2:506403581195:GuardDutyAnnouncements |
eu-west-3 |
arn:aws:sns:eu-west-3:436163563069:GuardDutyAnnouncements |
eu-central-1 |
arn:aws:sns:eu-central-1:378365507264:GuardDutyAnnouncements |
eu-central-2 |
arn:aws:sns:eu-central-2:383009515534:GuardDutyAnnouncements |
ap-east-1 |
arn:aws:sns:ap-east-1:646602203151:GuardDutyAnnouncements |
ap-northeast-1 |
arn:aws:sns:ap-northeast-1:741172661024:GuardDutyAnnouncements |
ap-northeast-2 |
arn:aws:sns:ap-northeast-2:464168911255:GuardDutyAnnouncements |
ap-southeast-1 |
arn:aws:sns:ap-southeast-1:476419727788:GuardDutyAnnouncements |
ap-southeast-2 |
arn:aws:sns:ap-southeast-2:457615622431:GuardDutyAnnouncements |
ap-south-1 |
arn:aws:sns:ap-south-1:926826061926:GuardDutyAnnouncements |
sa-east-1 |
arn:aws:sns:sa-east-1:955633302743:GuardDutyAnnouncements |
us-gov-west-1 |
arn:aws-us-gov:sns:us-gov-west-1:430639793359:GuardDutyAnnouncements |
cn-north-1 |
arn:aws-cn:sns:cn-north-1:002991280229:GuardDutyAnnouncements |
cn-northwest-1 |
arn:aws-cn:sns:cn-northwest-1:003033775354:GuardDutyAnnouncements |
me-south-1 |
arn:aws:sns:me-south-1:552740612889:GuardDutyAnnouncements |
me-central-1 |
arn:aws:sns:me-central-1:030935290150:GuardDutyAnnouncements |
eu-south-1 |
arn:aws:sns:eu-south-1:188461706213:GuardDutyAnnouncements |
eu-south-2 |
arn:aws:sns:eu-south-2:445632894446:GuardDutyAnnouncements |
us-gov-east-1 |
arn:aws:sns:us-gov-east-1:143972945659:GuardDutyAnnouncements |
ap-northeast-3 |
arn:aws:sns:ap-northeast-3:129086577509:GuardDutyAnnouncements |
ap-southeast-3 |
arn:aws:sns:ap-southeast-3:225965583551:GuardDutyAnnouncements |
ap-south-2 |
arn:aws:sns:ap-south-2:595653072700:GuardDutyAnnouncements |
ap-southeast-4 |
arn:aws:sns:ap-southeast-4:529900636122:GuardDutyAnnouncements |
il-central-1 |
arn:aws:sns:il-central-1:847886274986:GuardDutyAnnouncements |
Untuk berlangganan email pemberitahuan GuardDuty pembaruan di AWS Management Console
Buka konsol Amazon SNS di https://console.aws.amazon.com/sns/v3/home
. -
Dalam daftar Wilayah, pilih Wilayah yang sama dengan ARN topik yang akan dijadikan langganan. Contoh ini menggunakan Wilayah
us-west-2. -
Di sebelah kiri panel navigasi, pilih Berlangganan, Buat berlangganan.
-
Pada kotak dialog Buat Langganan, untuk ARN Topik, tempel ARN topik:
arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements. -
Untuk Protokol, pilih Email. Untuk Titik Akhir, ketik alamat email yang bisa Anda gunakan untuk menerima notifikasi.
-
Pilih Buat langganan.
-
Di aplikasi email Anda, buka pesan dari AWS Pemberitahuan dan buka tautan untuk mengonfirmasi langganan Anda.
Browser web Anda menampilkan respons konfirmasi dari Amazon SNS.
Untuk berlangganan email pemberitahuan GuardDuty pembaruan dengan AWS CLI
-
Jalankan perintah berikut dengan AWS CLI:
aws sns --regionus-west-2subscribe --topic-arn arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements --protocolemail--notification-endpointyour_email@your_domain.com -
Di aplikasi email Anda, buka pesan dari AWS Pemberitahuan dan buka tautan untuk mengonfirmasi langganan Anda.
Browser web Anda menampilkan respons konfirmasi dari Amazon SNS.
Format pesan Amazon SNS
Contoh pesan pemberitahuan GuardDuty pembaruan tentang temuan baru ditunjukkan di bawah ini:
{ "Type" : "Notification", "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc", "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements", "Message" : "{\"version\":\"1\",\"type\":\"NEW_FINDINGS\",\"findingDetails\":[{\"link\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html\",\"findingType\":\"UnauthorizedAccess:EC2/TorClient\",\"findingDescription\":\"This finding informs you that an EC2 instance in your AWS environment is making connections to a Tor Guard or an Authority node. Tor is software for enabling anonymous communication. Tor Guards and Authority nodes act as initial gateways into a Tor network. This traffic can indicate that this EC2 instance is acting as a client on a Tor network. A common use for a Tor client is to circumvent network monitoring and filter for access to unauthorized or illicit content. Tor clients can also generate nefarious Internet traffic, including attacking SSH servers. This activity can indicate that your EC2 instance is compromised.\"}]}", "Timestamp" : "2018-03-09T00:25:43.483Z", "SignatureVersion" : "1", "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==", "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem", "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4" }
Nilai Pesan yang diuraikan (dengan tanda kutip yang lolos dihapus) ditunjukkan di bawah ini:
{ "version": "1", "type": "NEW_FINDINGS", "findingDetails": [{ "link": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html", "findingType": "UnauthorizedAccess:EC2/TorClient", "findingDescription": "This finding informs you that an EC2 instance in your AWS environment is making connections to a Tor Guard or an Authority node. Tor is software for enabling anonymous communication. Tor Guards and Authority nodes act as initial gateways into a Tor network. This traffic can indicate that this EC2 instance is acting as a client on a Tor network. A common use for a Tor client is to circumvent network monitoring and filter for access to unauthorized or illicit content. Tor clients can also generate nefarious Internet traffic, including attacking SSH servers. This activity can indicate that your EC2 instance is compromised." }] }
Contoh pesan pemberitahuan GuardDuty pembaruan tentang pembaruan GuardDuty fungsionalitas ditunjukkan di bawah ini:
{ "Type" : "Notification", "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc", "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements", "Message" : "{\"version\":\"1\",\"type\":\"NEW_FEATURES\",\"featureDetails\":[{\"featureDescription\":\"Customers with high-volumes of global CloudTrail events should see a net positive impact on their GuardDuty costs.\",\"featureLink\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_data-sources.html#guardduty_cloudtrail\"}]}", "Timestamp" : "2018-03-09T00:25:43.483Z", "SignatureVersion" : "1", "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==", "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem", "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4" }
Nilai Pesan yang diuraikan (dengan tanda kutip yang lolos dihapus) ditunjukkan di bawah ini:
{ "version": "1", "type": "NEW_FEATURES", "featureDetails": [{ "featureDescription": "Customers with high-volumes of global CloudTrail events should see a net positive impact on their GuardDuty costs.", "featureLink": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_data-sources.html#guardduty_cloudtrail" }] }
Contoh pesan pemberitahuan GuardDuty pembaruan tentang temuan yang diperbarui ditunjukkan di bawah ini:
{ "Type": "Notification", "MessageId": "9101dc6b-726f-4df0-8646-ec2f94e674bc", "TopicArn": "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements", "Message": "{\"version\":\"1\",\"type\":\"UPDATED_FINDINGS\",\"findingDetails\":[{\"link\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html\",\"findingType\":\"UnauthorizedAccess:EC2/TorClient\",\"description\":\"Increased severity value from 5 to 8.\"}]}", "Timestamp": "2018-03-09T00:25:43.483Z", "SignatureVersion": "1", "Signature": "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==", "SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem", "UnsubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4" }
Nilai Pesan yang diuraikan (dengan tanda kutip yang lolos dihapus) ditunjukkan di bawah ini:
{ "version": "1", "type": "UPDATED_FINDINGS", "findingDetails": [{ "link": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html", "findingType": "UnauthorizedAccess:EC2/TorClient", "description": "Increased severity value from 5 to 8." }] }
