Berlangganan pengumuman Amazon SNS GuardDuty - Amazon GuardDuty
Format SNS pesan Amazon

Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

Berlangganan pengumuman Amazon SNS GuardDuty

Bagian ini memberikan informasi tentang berlangganan Amazon SNS (Layanan Pemberitahuan Sederhana) untuk GuardDuty pengumuman untuk menerima pemberitahuan tentang jenis temuan yang baru dirilis, pembaruan untuk jenis temuan yang ada, dan perubahan fungsionalitas lainnya. Pemberitahuan tersedia dalam semua format yang SNS didukung Amazon.

GuardDuty SNSMengirim pengumuman tentang pembaruan ke GuardDuty layanan di seluruh AWS akun berlangganan apa pun. Untuk menerima pemberitahuan tentang temuan dalam akun Anda, lihatMembuat tanggapan khusus terhadap GuardDuty temuan dengan Amazon CloudWatch Events.

catatan

IAMPengguna Anda harus memiliki sns::subscribe izin untuk berlangganan fileSNS.

Anda dapat berlangganan SQS antrian Amazon ke topik notifikasi ini, tetapi Anda harus menggunakan topik ARN yang ada di Wilayah yang sama. Untuk informasi selengkapnya, lihat Tutorial: Berlangganan SQS antrian Amazon ke SNS topik Amazon di panduan pengembang Amazon Simple Queue Service.

Anda juga dapat menggunakan AWS Lambda fungsi untuk memicu peristiwa saat pemberitahuan diterima. Untuk informasi selengkapnya, lihat Memanggil fungsi Lambda menggunakan notifikasi SNS Amazon di panduan pengembang Layanan Antrian Sederhana Amazon.

SNSTopik Amazon ARNs untuk setiap Wilayah ditunjukkan di bawah ini.

AWS Wilayah SNSTopik Amazon ARN
us-east-1 arn:aws:sns:us-east-1:242987662583:GuardDutyAnnouncements
us-east-2 arn:aws:sns:us-east-2:118283430703:GuardDutyAnnouncements
us-west-1 arn:aws:sns:us-west-1:144182107116:GuardDutyAnnouncements
us-west-2 arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements
ca-central-1 arn:aws:sns:ca-central-1:107430051933:GuardDutyAnnouncements
ca-west-1 arn:aws:sns:ca-west-1:440427180217:GuardDutyAnnouncements
eu-north-1 arn:aws:sns:eu-north-1:973841112453:GuardDutyAnnouncements
eu-west-1 arn:aws:sns:eu-west-1:965013871422:GuardDutyAnnouncements
eu-west-2 arn:aws:sns:eu-west-2:506403581195:GuardDutyAnnouncements
eu-west-3 arn:aws:sns:eu-west-3:436163563069:GuardDutyAnnouncements
eu-central-1 arn:aws:sns:eu-central-1:378365507264:GuardDutyAnnouncements
eu-central-2 arn:aws:sns:eu-central-2:383009515534:GuardDutyAnnouncements
ap-east-1 arn:aws:sns:ap-east-1:646602203151:GuardDutyAnnouncements
ap-northeast-1 arn:aws:sns:ap-northeast-1:741172661024:GuardDutyAnnouncements
ap-northeast-2 arn:aws:sns:ap-northeast-2:464168911255:GuardDutyAnnouncements
ap-southeast-1 arn:aws:sns:ap-southeast-1:476419727788:GuardDutyAnnouncements
ap-southeast-2 arn:aws:sns:ap-southeast-2:457615622431:GuardDutyAnnouncements
ap-south-1 arn:aws:sns:ap-south-1:926826061926:GuardDutyAnnouncements
sa-east-1 arn:aws:sns:sa-east-1:955633302743:GuardDutyAnnouncements
us-gov-west-1 arn:aws-us-gov:sns:us-gov-west-1:430639793359:GuardDutyAnnouncements
cn-north-1 arn:aws-cn:sns:cn-north-1:002991280229:GuardDutyAnnouncements
cn-northwest-1 arn:aws-cn:sns:cn-northwest-1:003033775354:GuardDutyAnnouncements
me-south-1 arn:aws:sns:me-south-1:552740612889:GuardDutyAnnouncements
me-central-1 arn:aws:sns:me-central-1:030935290150:GuardDutyAnnouncements
eu-south-1 arn:aws:sns:eu-south-1:188461706213:GuardDutyAnnouncements
eu-south-2 arn:aws:sns:eu-south-2:445632894446:GuardDutyAnnouncements
us-gov-east-1 arn:aws:sns:us-gov-east-1:143972945659:GuardDutyAnnouncements
ap-northeast-3 arn:aws:sns:ap-northeast-3:129086577509:GuardDutyAnnouncements
ap-southeast-3 arn:aws:sns:ap-southeast-3:225965583551:GuardDutyAnnouncements
ap-south-2 arn:aws:sns:ap-south-2:595653072700:GuardDutyAnnouncements
ap-southeast-4 arn:aws:sns:ap-southeast-4:529900636122:GuardDutyAnnouncements
il-central-1 arn:aws:sns:il-central-1:847886274986:GuardDutyAnnouncements
Untuk berlangganan email pemberitahuan GuardDuty pembaruan di AWS Management Console

  1. Buka SNS konsol Amazon di https://console.aws.amazon.com/sns/v3/home.

  2. Dalam daftar Wilayah, pilih Wilayah yang sama dengan topik ARN yang akan dilangganan. Contoh ini menggunakan Wilayah us-west-2.

  3. Di sebelah kiri panel navigasi, pilih Berlangganan, Buat berlangganan.

  4. Di kotak dialog Buat Langganan, untuk Topik ARN, tempel topikARN:arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements.

  5. Untuk Protokol, pilih Email. Untuk Titik Akhir, ketik alamat email yang bisa Anda gunakan untuk menerima notifikasi.

  6. Pilih Buat langganan.

  7. Di aplikasi email Anda, buka pesan dari AWS Pemberitahuan dan buka tautan untuk mengonfirmasi langganan Anda.

    Browser web Anda menampilkan respons konfirmasi dari AmazonSNS.

Untuk berlangganan email pemberitahuan GuardDuty pembaruan dengan AWS CLI

  1. Jalankan perintah berikut dengan AWS CLI:

     aws  sns --region us-west-2 subscribe --topic-arn arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements --protocol email --notification-endpoint your_email@your_domain.com

  2. Di aplikasi email Anda, buka pesan dari AWS Pemberitahuan dan buka tautan untuk mengonfirmasi langganan Anda.

    Browser web Anda menampilkan respons konfirmasi dari AmazonSNS.

Format SNS pesan Amazon

Contoh pesan pemberitahuan GuardDuty umum:

{
    "Type" : "Notification",
    "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc",
    "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements",
    "Message" : "{\"version\":\"1\",\"type\":\"GENERAL\",\"message\":[{\"title\":\"Updated AmazonGuardDutyFullAccess policy\",\"body\":\"Added permission that allows you to pass an IAM role to GuardDuty when you enable Malware Protection for S3.\",\"links\":[\"https://docs.aws.amazon.com//guardduty/latest/ug/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess\"]}]}",
    "Timestamp" : "2018-03-09T00:25:43.483Z",
    "SignatureVersion" : "1",
    "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==",
    "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem",
    "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4"
}

Nilai Pesan yang diuraikan (dengan tanda kutip yang lolos dihapus) ditunjukkan di bawah ini:

{
        "version": "1",
        "type": "GENERAL",
        "message": [
            {
                "title": "Updated AmazonGuardDutyFullAccess policy",
                "body": "Added permission that allows you to pass an IAM role to GuardDuty when you enable Malware Protection for S3.",
                "links": [
                    "https://docs.aws.amazon.com//guardduty/latest/ug/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess"
                ]
             }
        ]
}

Contoh pesan pemberitahuan GuardDuty pembaruan tentang temuan baru ditunjukkan di bawah ini:

{
    "Type" : "Notification",
    "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc",
    "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements",
    "Message" : "{\"version\":\"1\",\"type\":\"NEW_FINDINGS\",\"findingDetails\":[{\"link\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html\",\"findingType\":\"UnauthorizedAccess:EC2/TorClient\",\"findingDescription\":\"This finding informs you that an EC2 instance in your AWS environment is making connections to a Tor Guard or an Authority node. Tor is software for enabling anonymous communication. Tor Guards and Authority nodes act as initial gateways into a Tor network. This traffic can indicate that this EC2 instance is acting as a client on a Tor network. A common use for a Tor client is to circumvent network monitoring and filter for access to unauthorized or illicit content. Tor clients can also generate nefarious Internet traffic, including attacking SSH servers. This activity can indicate that your EC2 instance is compromised.\"}]}",
    "Timestamp" : "2018-03-09T00:25:43.483Z",
    "SignatureVersion" : "1",
    "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==",
    "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem",
    "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4"
}

Nilai Pesan yang diuraikan (dengan tanda kutip yang lolos dihapus) ditunjukkan di bawah ini:

{
    "version": "1",
    "type": "NEW_FINDINGS",
    "findingDetails": [{
        "link": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html",
        "findingType": "UnauthorizedAccess:EC2/TorClient",
        "findingDescription": "This finding informs you that an EC2 instance in your AWS environment is making connections to a Tor Guard or an Authority node. Tor is software for enabling anonymous communication. Tor Guards and Authority nodes act as initial gateways into a Tor network. This traffic can indicate that this EC2 instance is acting as a client on a Tor network. A common use for a Tor client is to circumvent network monitoring and filter for access to unauthorized or illicit content. Tor clients can also generate nefarious Internet traffic, including attacking SSH servers. This activity can indicate that your EC2 instance is compromised."
    }]
}

Contoh pesan pemberitahuan GuardDuty pembaruan tentang pembaruan GuardDuty fungsionalitas ditunjukkan di bawah ini:

{
    "Type" : "Notification",
    "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc",
    "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements",
    "Message" : "{\"version\":\"1\",\"type\":\"NEW_FEATURES\",\"featureDetails\":[{\"featureDescription\":\"Customers with high-volumes of global CloudTrail events should see a net positive impact on their GuardDuty costs.\",\"featureLink\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_data-sources.html#guardduty_controlplane\"}]}",
    "Timestamp" : "2018-03-09T00:25:43.483Z",
    "SignatureVersion" : "1",
    "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==",
    "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem",
    "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4"
}

Nilai Pesan yang diuraikan (dengan tanda kutip yang lolos dihapus) ditunjukkan di bawah ini:

{
    "version": "1",
    "type": "NEW_FEATURES",
    "featureDetails": [{
        "featureDescription": "Customers with high-volumes of global CloudTrail events should see a net positive impact on their GuardDuty costs.",
        "featureLink": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_data-sources.html#guardduty_controlplane"
    }]
}

Contoh pesan pemberitahuan GuardDuty pembaruan tentang temuan yang diperbarui ditunjukkan di bawah ini:

{
    "Type": "Notification",
    "MessageId": "9101dc6b-726f-4df0-8646-ec2f94e674bc",
    "TopicArn": "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements",
    "Message": "{\"version\":\"1\",\"type\":\"UPDATED_FINDINGS\",\"findingDetails\":[{\"link\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html\",\"findingType\":\"UnauthorizedAccess:EC2/TorClient\",\"description\":\"Increased severity value from 5 to 8.\"}]}",
    "Timestamp": "2018-03-09T00:25:43.483Z",
    "SignatureVersion": "1",
    "Signature": "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==",
    "SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem",
    "UnsubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4"
}

Nilai Pesan yang diuraikan (dengan tanda kutip yang lolos dihapus) ditunjukkan di bawah ini:

{
    "version": "1",
    "type": "UPDATED_FINDINGS",
    "findingDetails": [{
        "link": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html",
        "findingType": "UnauthorizedAccess:EC2/TorClient",
        "description": "Increased severity value from 5 to 8."
    }]
}