Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
AwsEc2 sumber daya di ASFF
Berikut ini adalah contoh sintaks AWS Security Finding Format (ASFF) untuk AwsEc2
sumber daya.
AWS Security Hub menormalkan temuan dari berbagai sumber menjadi ASFF. Untuk informasi latar belakang tentang ASFF, lihatAWS Format Pencarian Keamanan (ASFF).
AwsEc2ClientVpnEndpoint
AwsEc2ClientVpnEndpoint
Objek memberikan informasi tentang AWS Client VPN titik akhir. Titik akhir Client VPN adalah sumber daya yang Anda buat dan konfigurasikan untuk mengaktifkan dan mengelola sesi VPN klien. Ini adalah titik terminasi untuk semua sesi VPN klien.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2ClientVpnEndpoint
objek. Untuk melihat deskripsi AwsEc2ClientVpnEndpoint
atribut, lihat AwsEc2 ClientVpnEndpointDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2ClientVpnEndpoint": { "AuthenticationOptions": [ { "MutualAuthentication": { "ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Type": "certificate-authentication" } ], "ClientCidrBlock": "10.0.0.0/22", "ClientConnectOptions": { "Enabled": false }, "ClientLoginBannerOptions": { "Enabled": false }, "ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5", "ConnectionLogOptions": { "Enabled": false }, "Description": "test", "DnsServer": ["10.0.0.0"], "ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SecurityGroupIdSet": [ "sg-0f7a177b82b443691" ], "SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5", "SessionTimeoutHours": 24, "SplitTunnel": false, "TransportProtocol": "udp", "VpcId": "vpc-1a2b3c4d5e6f1a2b3", "VpnPort": 443 }
AwsEc2Eip
AwsEc2Eip
Objek memberikan informasi tentang alamat IP Elastis.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2Eip
objek. Untuk melihat deskripsi AwsEc2Eip
atribut, lihat AwsEc2 EipDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2Eip": { "InstanceId": "instance1", "PublicIp": "192.0.2.04", "AllocationId": "eipalloc-example-id-1", "AssociationId": "eipassoc-example-id-1", "Domain": "vpc", "PublicIpv4Pool": "anycompany", "NetworkBorderGroup": "eu-central-1", "NetworkInterfaceId": "eni-example-id-1", "NetworkInterfaceOwnerId": "777788889999", "PrivateIpAddress": "192.0.2.03" }
AwsEc2Instance
AwsEc2Instance
Objek memberikan rincian tentang EC2 instance Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2Instance
objek. Untuk melihat deskripsi AwsEc2Instance
atribut, lihat AwsEc2 InstanceDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2Instance": { "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole", "ImageId": "ami-1234", "IpV4Addresses": [ "1.1.1.1" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "LaunchedAt": "2018-05-08T16:46:19.000Z", "MetadataOptions": { "HttpEndpoint": "enabled", "HttpProtocolIpv6": "enabled", "HttpPutResponseHopLimit": 1, "HttpTokens": "optional", "InstanceMetadataTags": "disabled", }, "Monitoring": { "State": "disabled" }, "NetworkInterfaces": [ { "NetworkInterfaceId": "eni-e5aa89a3" } ], "SubnetId": "subnet-123", "Type": "i3.xlarge", "VpcId": "vpc-123" }
AwsEc2LaunchTemplate
AwsEc2LaunchTemplate
Objek berisi detail tentang template peluncuran Amazon Elastic Compute Cloud yang menentukan informasi konfigurasi instance.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2LaunchTemplate
objek. Untuk melihat deskripsi AwsEc2LaunchTemplate
atribut, lihat AwsEc2 LaunchTemplateDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2LaunchTemplate": { "DefaultVersionNumber": "1", "ElasticGpuSpecifications": ["string"], "ElasticInferenceAccelerators": ["string"], "Id": "lt-0a16e9802800bdd85", "ImageId": "ami-0d5eff06f840b45e9", "LatestVersionNumber": "1", "LaunchTemplateData": { "BlockDeviceMappings": [{ "DeviceName": "/dev/xvda", "Ebs": { "DeleteonTermination": true, "Encrypted": true, "SnapshotId": "snap-01047646ec075f543", "VolumeSize": 8, "VolumeType:" "gp2" } }], "MetadataOptions": { "HttpTokens": "enabled", "HttpPutResponseHopLimit" : 1 }, "Monitoring": { "Enabled": true, "NetworkInterfaces": [{ "AssociatePublicIpAddress" : true, }], "LaunchTemplateName": "string", "LicenseSpecifications": ["string"], "SecurityGroupIds": ["sg-01fce87ad6e019725"], "SecurityGroups": ["string"], "TagSpecifications": ["string"] }
AwsEc2NetworkAcl
AwsEc2NetworkAcl
Objek berisi rincian tentang daftar kontrol akses EC2 jaringan Amazon (ACL).
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2NetworkAcl
objek. Untuk melihat deskripsi AwsEc2NetworkAcl
atribut, lihat AwsEc2 NetworkAclDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2NetworkAcl": { "IsDefault": false, "NetworkAclId": "acl-1234567890abcdef0", "OwnerId": "123456789012", "VpcId": "vpc-1234abcd", "Associations": [{ "NetworkAclAssociationId": "aclassoc-abcd1234", "NetworkAclId": "acl-021345abcdef6789", "SubnetId": "subnet-abcd1234" }], "Entries": [{ "CidrBlock": "10.24.34.0/23", "Egress": true, "IcmpTypeCode": { "Code": 10, "Type": 30 }, "Ipv6CidrBlock": "2001:DB8::/32", "PortRange": { "From": 20, "To": 40 }, "Protocol": "tcp", "RuleAction": "allow", "RuleNumber": 100 }] }
AwsEc2NetworkInterface
AwsEc2NetworkInterface
Objek menyediakan informasi tentang antarmuka EC2 jaringan Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2NetworkInterface
objek. Untuk melihat deskripsi AwsEc2NetworkInterface
atribut, lihat AwsEc2 NetworkInterfaceDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2NetworkInterface": { "Attachment": { "AttachTime": "2019-01-01T03:03:21Z", "AttachmentId": "eni-attach-43348162", "DeleteOnTermination": true, "DeviceIndex": 123, "InstanceId": "i-1234567890abcdef0", "InstanceOwnerId": "123456789012", "Status": 'ATTACHED' }, "SecurityGroups": [ { "GroupName": "my-security-group", "GroupId": "sg-903004f8" }, ], "NetworkInterfaceId": 'eni-686ea200', "SourceDestCheck": false }
AwsEc2RouteTable
AwsEc2RouteTable
Objek memberikan informasi tentang tabel EC2 rute Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2RouteTable
objek. Untuk melihat deskripsi AwsEc2RouteTable
atribut, lihat AwsEc2 RouteTableDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2RouteTable": { "AssociationSet": [{ "AssociationSet": { "State": "associated" }, "Main": true, "RouteTableAssociationId": "rtbassoc-08e706c45de9f7512", "RouteTableId": "rtb-0a59bde9cf2548e34", }], "PropogatingVgwSet": [], "RouteTableId": "rtb-0a59bde9cf2548e34", "RouteSet": [ { "DestinationCidrBlock": "10.24.34.0/23", "GatewayId": "local", "Origin": "CreateRouteTable", "State": "active" }, { "DestinationCidrBlock": "10.24.34.0/24", "GatewayId": "igw-0242c2d7d513fc5d3", "Origin": "CreateRoute", "State": "active" } ], "VpcId": "vpc-0c250a5c33f51d456" }
AwsEc2SecurityGroup
AwsEc2SecurityGroup
Objek tersebut menggambarkan grup EC2 keamanan Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2SecurityGroup
objek. Untuk melihat deskripsi AwsEc2SecurityGroup
atribut, lihat AwsEc2 SecurityGroupDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2SecurityGroup": { "GroupName": "MySecurityGroup", "GroupId": "sg-903004f8", "OwnerId": "123456789012", "VpcId": "vpc-1a2b3c4d", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "UserIdGroupPairs": [ { "UserId": "123456789012", "GroupId": "sg-903004f8" } ], "PrefixListIds": [ {"PrefixListId": "pl-63a5400a"} ] }, { "PrefixListIds": [], "FromPort": 22, "IpRanges": [ { "CidrIp": "203.0.113.0/24" } ], "ToPort": 22, "IpProtocol": "tcp", "UserIdGroupPairs": [] } ] }
AwsEc2Subnet
AwsEc2Subnet
Objek memberikan informasi tentang subnet di Amazon EC2.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2Subnet
objek. Untuk melihat deskripsi AwsEc2Subnet
atribut, lihat AwsEc2 SubnetDetails di Referensi AWS Security Hub API.
Contoh
AwsEc2Subnet: { "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "us-west-2c", "AvailabilityZoneId": "usw2-az3", "AvailableIpAddressCount": 8185, "CidrBlock": "10.0.0.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "OwnerId": "123456789012", "State": "available", "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93", "SubnetId": "subnet-d5436c93", "VpcId": "vpc-153ade70", "Ipv6CidrBlockAssociationSet": [{ "AssociationId": "subnet-cidr-assoc-EXAMPLE", "Ipv6CidrBlock": "2001:DB8::/32", "CidrBlockState": "associated" }] }
AwsEc2TransitGateway
AwsEc2TransitGateway
Objek ini memberikan detail tentang gateway EC2 transit Amazon yang menghubungkan cloud pribadi virtual (VPCs) dan jaringan lokal Anda.
Berikut ini adalah contoh AwsEc2TransitGateway
temuan dalam AWS Security Finding Format (ASFF). Untuk melihat deskripsi AwsEc2TransitGateway
atribut, lihat AwsEc2 TransitGatewayDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2TransitGateway": { "AmazonSideAsn": 65000, "AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "AutoAcceptSharedAttachments": "disable", "DefaultRouteTableAssociation": "enable", "DefaultRouteTablePropagation": "enable", "Description": "sample transit gateway", "DnsSupport": "enable", "Id": "tgw-042ae6bf7a5c126c3", "MulticastSupport": "disable", "PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "TransitGatewayCidrBlocks": ["10.0.0.0/16"], "VpnEcmpSupport": "enable" }
AwsEc2Volume
AwsEc2Volume
Objek memberikan detail tentang EC2 volume Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2Volume
objek. Untuk melihat deskripsi AwsEc2Volume
atribut, lihat AwsEc2 VolumeDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2Volume": { "Attachments": [ { "AttachTime": "2017-10-17T14:47:11Z", "DeleteOnTermination": true, "InstanceId": "i-123abc456def789g", "Status": "attached" } ], "CreateTime": "2020-02-24T15:54:30Z", "Encrypted": true, "KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Size": 80, "SnapshotId": "", "Status": "available" }
AwsEc2Vpc
AwsEc2Vpc
Objek tersebut memberikan detail tentang EC2 VPC Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2Vpc
objek. Untuk melihat deskripsi AwsEc2Vpc
atribut, lihat AwsEc2 VpcDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlock": "192.0.2.0/24", "CidrBlockState": "associated" } ], "DhcpOptionsId": "dopt-4e42ce28", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlockState": "associated", "Ipv6CidrBlock": "192.0.2.0/24" } ], "State": "available" }
AwsEc2VpcEndpointService
AwsEc2VpcEndpointService
Objek berisi rincian tentang konfigurasi layanan untuk layanan titik akhir VPC.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2VpcEndpointService
objek. Untuk melihat deskripsi AwsEc2VpcEndpointService
atribut, lihat AwsEc2 VpcEndpointServiceDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2VpcEndpointService": { "ServiceType": [ { "ServiceType": "Interface" } ], "ServiceId": "vpce-svc-example1", "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1", "ServiceState": "Available", "AvailabilityZones": [ "us-east-1" ], "AcceptanceRequired": true, "ManagesVpcEndpoints": false, "NetworkLoadBalancerArns": [ "arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1" ], "GatewayLoadBalancerArns": [], "BaseEndpointDnsNames": [ "vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com" ], "PrivateDnsName": "my-private-dns" }
AwsEc2VpcPeeringConnection
AwsEc2VpcPeeringConnection
Objek memberikan rincian tentang koneksi jaringan antara dua VPCs.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2VpcPeeringConnection
objek. Untuk melihat deskripsi AwsEc2VpcPeeringConnection
atribut, lihat AwsEc2 VpcPeeringConnectionDetails di Referensi AWS Security Hub API.
Contoh
"AwsEc2VpcPeeringConnection": { "AccepterVpcInfo": { "CidrBlock": "10.0.0.0/28", "CidrBlockSet": [{ "CidrBlock": "10.0.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "ExpirationTime": "2022-02-18T15:31:53.161Z", "RequesterVpcInfo": { "CidrBlock": "192.168.0.0/28", "CidrBlockSet": [{ "CidrBlock": "192.168.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "Status": { "Code": "initiating-request", "Message": "Active" }, "VpcPeeringConnectionId": "pcx-1a2b3c4d" }