Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
Esempi di risultati di controllo in Security Hub
Il formato dei risultati di controllo varia a seconda che tu abbia attivato o meno i risultati di controllo consolidati. Quando attivi questa funzionalità, Security Hub genera un singolo risultato per un controllo di controllo anche quando il controllo si applica a più standard abilitati. Per ulteriori informazioni, consulta Risultati di controllo consolidati.
La sezione seguente mostra esempi di risultati di controllo nel formato AWS Security Finding Format (ASFF). Questi includono i risultati di ogni standard di Security Hub quando i risultati del controllo consolidato sono disattivati nel tuo account e un esempio di risultato di controllo tra gli standard quando è attivato.
Nota
I risultati faranno riferimento a diversi campi e valori nelle regioni e AWS GovCloud (US) nella regione della Cina. Per ulteriori informazioni, consulta Impatto del consolidamento su ASFF campi e valori.
I risultati del controllo consolidato sono disattivati
-
Esempi di risultati relativi allo standard AWS Foundational Security Best Practices () FSBP
-
Esempio di ricerca per Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0
-
Esempio di ricerca per Center for Internet Security (CIS) AWS Foundations Benchmark v1.4.0
-
Esempio di ricerca per Center for Internet Security (CIS) AWS Foundations Benchmark v3.0.0
-
Esempio di risultato per il National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5
-
Esempio di risultato per Service-Managed Standard: AWS Control Tower
I risultati del controllo consolidato sono attivati
Esempio di ricerca per FSBP
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:securityhub:us-east-2:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ProductArn": "arn:aws:securityhub:us-east-2::product/aws/securityhub", "ProductName": "Security Hub", "CompanyName": "AWS", "Region": "us-east-2", "GeneratorId": "aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices" ], "FirstObservedAt": "2020-08-06T02:18:23.076Z", "LastObservedAt": "2021-09-28T16:10:06.956Z", "CreatedAt": "2020-08-06T02:18:23.076Z", "UpdatedAt": "2021-09-28T16:10:00.093Z", "Severity": { "Product": 40, "Label": "MEDIUM", "Normalized": 40, "Original": "MEDIUM" }, "Title": "CloudTrail.2 CloudTrail should have encryption at-rest enabled", "Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.", "Remediation": { "Recommendation": { "Text": "For directions on how to correct this issue, consult the AWS Security Hub controls documentation.", "Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation" } }, "ProductFields": { "StandardsArn": "arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0", "StandardsSubscriptionArn": "arn:aws:securityhub:us-east-2:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0", "ControlId": "CloudTrail.2", "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation", "Related AWS Resources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f", "Related AWS Resources:0/type": "AWS::Config::ConfigRule", "StandardsControlArn": "arn:aws:securityhub:us-east-2:123456789012:control/aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2", "aws/securityhub/ProductName": "Security Hub", "aws/securityhub/CompanyName": "AWS", "Resources:0/Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Resources": [ { "Type": "AwsCloudTrailTrail", "Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "Partition": "aws", "Region": "us-east-2" } ], "Compliance": { "Status": "FAILED", "SecurityControlId": "CloudTrail.2", "AssociatedStandards": [{ "StandardsId": "standards/aws-foundation-best-practices/v/1.0.0" }] }, "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "FindingProviderFields": { "Severity": { "Label": "MEDIUM", "Original": "MEDIUM" }, "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices" ] } }
Esempi di risultati per CIS AWS Foundations Benchmark v3.0.0
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/3.0.0/2.2.1/finding/38a89798-6819-4fae-861f-9cca8034602c", "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub", "ProductName": "Security Hub", "CompanyName": "AWS", "Region": "us-east-1", "GeneratorId": "cis-aws-foundations-benchmark/v/3.0.0/2.2.1", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" ], "FirstObservedAt": "2024-04-18T07:46:18.193Z", "LastObservedAt": "2024-04-23T07:47:01.137Z", "CreatedAt": "2024-04-18T07:46:18.193Z", "UpdatedAt": "2024-04-23T07:46:46.165Z", "Severity": { "Product": 40, "Label": "MEDIUM", "Normalized": 40, "Original": "MEDIUM" }, "Title": "2.2.1 EBS default encryption should be enabled", "Description": "Elastic Compute Cloud (EC2) supports encryption at rest when using the Elastic Block Store (EBS) service. While disabled by default, forcing encryption at EBS volume creation is supported.", "Remediation": { "Recommendation": { "Text": "For information on how to correct this issue, consult the AWS Security Hub controls documentation.", "Url": "https://docs.aws.amazon.com/console/securityhub/EC2.7/remediation" } }, "ProductFields": { "StandardsArn": "arn:aws:securityhub:::standards/cis-aws-foundations-benchmark/v/3.0.0", "StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/3.0.0", "ControlId": "2.2.1", "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/EC2.7/remediation", "RelatedAWSResources:0/name": "securityhub-ec2-ebs-encryption-by-default-2843ed9e", "RelatedAWSResources:0/type": "AWS::Config::ConfigRule", "StandardsControlArn": "arn:aws:securityhub:us-east-1:123456789012:control/cis-aws-foundations-benchmark/v/3.0.0/2.2.1", "aws/securityhub/ProductName": "Security Hub", "aws/securityhub/CompanyName": "AWS", "aws/securityhub/annotation": "EBS Encryption by default is not enabled.", "Resources:0/Id": "arn:aws:iam::123456789012:root", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/3.0.0/2.2.1/finding/38a89798-6819-4fae-861f-9cca8034602c" }, "Resources": [ { "Type": "AwsAccount", "Id": "AWS::::Account:123456789012", "Partition": "aws", "Region": "us-east-1" } ], "Compliance": { "Status": "FAILED", "RelatedRequirements": [ "CIS AWS Foundations Benchmark v3.0.0/2.2.1" ], "SecurityControlId": "EC2.7", "AssociatedStandards": [ { "StandardsId": "standards/cis-aws-foundations-benchmark/v/3.0.0" } ] }, "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "FindingProviderFields": { "Severity": { "Label": "MEDIUM", "Original": "MEDIUM" }, "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" ] }, "ProcessedAt": "2024-04-23T07:47:07.088Z" }
Risultati di esempio per Foundations Benchmark v1.4.0 CIS AWS
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/1.4.0/3.7/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub", "ProductName": "Security Hub", "CompanyName": "AWS", "Region": "us-east-1", "GeneratorId": "cis-aws-foundations-benchmark/v/1.4.0/3.7", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" ], "FirstObservedAt": "2022-10-21T22:14:48.913Z", "LastObservedAt": "2022-12-22T22:24:56.980Z", "CreatedAt": "2022-10-21T22:14:48.913Z", "UpdatedAt": "2022-12-22T22:24:52.409Z", "Severity": { "Product": 40, "Label": "MEDIUM", "Normalized": 40, "Original": "MEDIUM" }, "Title": "3.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs", "Description": "AWS CloudTrail is a web service that records AWS API calls for an account and makes those logs available to users and resources in accordance with IAM policies. AWS Key Management Service (KMS) is a managed service that helps create and control the encryption keys used to encrypt account data, and uses Hardware Security Modules (HSMs) to protect the security of encryption keys. CloudTrail logs can be configured to leverage server side encryption (SSE) and AWS KMS customer created master keys (CMK) to further protect CloudTrail logs. It is recommended that CloudTrail be configured to use SSE-KMS.", "Remediation": { "Recommendation": { "Text": "For directions on how to correct this issue, consult the AWS Security Hub controls documentation.", "Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation" } }, "ProductFields": { "StandardsArn": "arn:aws:securityhub:::standards/cis-aws-foundations-benchmark/v/1.4.0", "StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/1.4.0", "ControlId": "3.7", "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation", "RelatedAWSResources:0/name": "securityhub-cloud-trail-encryption-enabled-855f82d1", "RelatedAWSResources:0/type": "AWS::Config::ConfigRule", "StandardsControlArn": "arn:aws:securityhub:us-east-1:123456789012:control/cis-aws-foundations-benchmark/v/1.4.0/3.7", "aws/securityhub/ProductName": "Security Hub", "aws/securityhub/CompanyName": "AWS", "Resources:0/Id": "arn:aws:cloudtrail:us-west-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/cis-aws-foundations-benchmark/v/1.4.0/3.7/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Resources": [ { "Type": "AwsCloudTrailTrail", "Id": "arn:aws:cloudtrail:us-west-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "Partition": "aws", "Region": "us-east-1" } ], "Compliance": { "Status": "FAILED", "RelatedRequirements": [ "CIS AWS Foundations Benchmark v1.4.0/3.7" ], "SecurityControlId": "CloudTrail.2", "AssociatedStandards": [{ "StandardsId": "standards/cis-aws-foundations-benchmark/v/1.4.0" }] }, "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "FindingProviderFields": { "Severity": { "Label": "MEDIUM", "Original": "MEDIUM" }, "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" ] } }
Risultati di esempio per Foundations Benchmark v1.2.0 CIS AWS
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0/2.7/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ProductArn": "arn:aws:securityhub:us-east-2::product/aws/securityhub", "ProductName": "Security Hub", "CompanyName": "AWS", "Region": "us-east-2", "GeneratorId": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.7", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" ], "FirstObservedAt": "2020-08-29T04:10:06.337Z", "LastObservedAt": "2021-09-28T16:10:05.350Z", "CreatedAt": "2020-08-29T04:10:06.337Z", "UpdatedAt": "2021-09-28T16:10:00.087Z", "Severity": { "Product": 40, "Label": "MEDIUM", "Normalized": 40, "Original": "MEDIUM" }, "Title": "2.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs", "Description": "AWS Key Management Service (KMS) is a managed service that helps create and control the encryption keys used to encrypt account data, and uses Hardware Security Modules (HSMs) to protect the security of encryption keys. CloudTrail logs can be configured to leverage server side encryption (SSE) and KMS customer created master keys (CMK) to further protect CloudTrail logs. It is recommended that CloudTrail be configured to use SSE-KMS.", "Remediation": { "Recommendation": { "Text": "For directions on how to correct this issue, consult the AWS Security Hub controls documentation.", "Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation" } }, "ProductFields": { "StandardsGuideArn": "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0", "StandardsGuideSubscriptionArn": "arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0", "RuleId": "2.7", "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation", "Related AWS Resources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f", "Related AWS Resources:0/type": "AWS::Config::ConfigRule", "StandardsControlArn": "arn:aws:securityhub:us-east-2:123456789012:control/cis-aws-foundations-benchmark/v/1.2.0/2.7", "aws/securityhub/ProductName": "Security Hub", "aws/securityhub/CompanyName": "AWS", "Resources:0/Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0/2.7/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Resources": [ { "Type": "AwsCloudTrailTrail", "Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "Partition": "aws", "Region": "us-east-2" } ], "Compliance": { "Status": "FAILED", "SecurityControlId": "CloudTrail.2", "AssociatedStandards": [{ "StandardsId": "ruleset/cis-aws-foundations-benchmark/v/1.2.0" }] }, "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "FindingProviderFields": { "Severity": { "Label": "MEDIUM", "Original": "MEDIUM" }, "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark" ] } }
Esempio di risultato per NIST SP 800-53 Rev. 5
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:securityhub:us-east-1:123456789012:subscription/nist-800-53/v/5.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub", "ProductName": "Security Hub", "CompanyName": "AWS", "Region": "us-east-1", "GeneratorId": "nist-800-53/v/5.0.0/CloudTrail.2", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards" ], "FirstObservedAt": "2023-02-17T14:22:46.726Z", "LastObservedAt": "2023-02-17T14:22:50.846Z", "CreatedAt": "2023-02-17T14:22:46.726Z", "UpdatedAt": "2023-02-17T14:22:46.726Z", "Severity": { "Product": 40, "Label": "MEDIUM", "Normalized": 40, "Original": "MEDIUM" }, "Title": "CloudTrail.2 CloudTrail should have encryption at-rest enabled", "Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.", "Remediation": { "Recommendation": { "Text": "For directions on how to fix this issue, consult the AWS Security Hub NIST 800-53 R5 documentation.", "Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation" } }, "ProductFields": { "StandardsArn": "arn:aws:securityhub:::standards/nist-800-53/v/5.0.0", "StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:123456789012:subscription/nist-800-53/v/5.0.0", "ControlId": "CloudTrail.2", "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.9/remediation", "RelatedAWSResources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f", "RelatedAWSResources:0/type": "AWS::Config::ConfigRule", "StandardsControlArn": "arn:aws:securityhub:us-east-2:123456789012:control/aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2", "aws/securityhub/ProductName": "Security Hub", "aws/securityhub/CompanyName": "AWS", "Resources:0/Id": "arn:aws:cloudtrail:us-west-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/nist-800-53/v/5.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Resources": [ { "Type": "AwsCloudTrailTrail", "Id": "arn:aws:cloudtrail:us-east-1:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "Partition": "aws", "Region": "us-east-1" } ], "Compliance": { "Status": "FAILED", "RelatedRequirements": [ "NIST.800-53.r5 AU-9", "NIST.800-53.r5 CA-9(1)", "NIST.800-53.r5 CM-3(6)", "NIST.800-53.r5 SC-13", "NIST.800-53.r5 SC-28", "NIST.800-53.r5 SC-28(1)", "NIST.800-53.r5 SC-7(10)", "NIST.800-53.r5 SI-7(6)" ], "SecurityControlId": "CloudTrail.2", "AssociatedStandards": [ { "StandardsId": "standards/nist-800-53/v/5.0.0" } ] }, "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "FindingProviderFields": { "Severity": { "Label": "MEDIUM", "Original": "MEDIUM" }, "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards" ] }, "ProcessedAt": "2023-02-17T14:22:53.572Z" }
Esempio di ricerca per PCI DSS
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:securityhub:us-east-2:123456789012:subscription/pci-dss/v/3.2.1/PCI.CloudTrail.1/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ProductArn": "arn:aws:securityhub:us-east-2::product/aws/securityhub", "ProductName": "Security Hub", "CompanyName": "AWS", "Region": "us-east-2", "GeneratorId": "pci-dss/v/3.2.1/PCI.CloudTrail.1", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards/PCI-DSS" ], "FirstObservedAt": "2020-08-06T02:18:23.089Z", "LastObservedAt": "2021-09-28T16:10:06.942Z", "CreatedAt": "2020-08-06T02:18:23.089Z", "UpdatedAt": "2021-09-28T16:10:00.090Z", "Severity": { "Product": 40, "Label": "MEDIUM", "Normalized": 40, "Original": "MEDIUM" }, "Title": "PCI.CloudTrail.1 CloudTrail logs should be encrypted at rest using AWS KMS CMKs", "Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption by checking if the KmsKeyId is defined.", "Remediation": { "Recommendation": { "Text": "For directions on how to correct this issue, consult the AWS Security Hub controls documentation.", "Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation" } }, "ProductFields": { "StandardsArn": "arn:aws:securityhub:::standards/pci-dss/v/3.2.1", "StandardsSubscriptionArn": "arn:aws:securityhub:us-east-2:123456789012:subscription/pci-dss/v/3.2.1", "ControlId": "PCI.CloudTrail.1", "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation", "Related AWS Resources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f", "Related AWS Resources:0/type": "AWS::Config::ConfigRule", "StandardsControlArn": "arn:aws:securityhub:us-east-2:123456789012:control/pci-dss/v/3.2.1/PCI.CloudTrail.1", "aws/securityhub/ProductName": "Security Hub", "aws/securityhub/CompanyName": "AWS", "Resources:0/Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:subscription/pci-dss/v/3.2.1/PCI.CloudTrail.1/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Resources": [ { "Type": "AwsCloudTrailTrail", "Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "Partition": "aws", "Region": "us-east-2" } ], "Compliance": { "Status": "FAILED", "RelatedRequirements": [ "PCI DSS 3.4" ], "SecurityControlId": "CloudTrail.2", "AssociatedStandards": [{ "StandardsId": "standards/pci-dss/v/3.2.1" }] }, "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "FindingProviderFields": { "Severity": { "Label": "MEDIUM", "Original": "MEDIUM" }, "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards/PCI-DSS" ] } }
Esempio di ricerca per AWS Resource Tagging Standard
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:securityhub:eu-central-1:123456789012:security-control/EC2.44/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ProductArn": "arn:aws:securityhub:eu-central-1::product/aws/securityhub", "ProductName": "Security Hub", "CompanyName": "AWS", "Region": "eu-central-1", "GeneratorId": "security-control/EC2.44", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards" ], "FirstObservedAt": "2024-02-19T21:00:32.206Z", "LastObservedAt": "2024-04-29T13:01:57.861Z", "CreatedAt": "2024-02-19T21:00:32.206Z", "UpdatedAt": "2024-04-29T13:01:41.242Z", "Severity": { "Label": "LOW", "Normalized": 1, "Original": "LOW" }, "Title": "EC2 subnets should be tagged", "Description": "This control checks whether an Amazon EC2 subnet has tags with the specific keys defined in the parameter requiredTagKeys. The control fails if the subnet doesn't have any tag keys or if it doesn't have all the keys specified in the parameter requiredTagKeys. If the parameter requiredTagKeys isn't provided, the control only checks for the existence of a tag key and fails if the subnet isn't tagged with any key. System tags, which are automatically applied and begin with aws:, are ignored.", "Remediation": { "Recommendation": { "Text": "For information on how to correct this issue, consult the AWS Security Hub controls documentation.", "Url": "https://docs.aws.amazon.com/console/securityhub/EC2.44/remediation" } }, "ProductFields": { "RelatedAWSResources:0/name": "securityhub-tagged-ec2-subnet-6ceafede", "RelatedAWSResources:0/type": "AWS::Config::ConfigRule", "aws/securityhub/ProductName": "Security Hub", "aws/securityhub/CompanyName": "AWS", "aws/securityhub/annotation": "No tags are present.", "Resources:0/Id": "arn:aws:ec2:eu-central-1:123456789012:subnet/subnet-1234567890abcdef0", "aws/securityhub/FindingId": "arn:aws:securityhub:eu-central-1::product/aws/securityhub/arn:aws:securityhub:eu-central-1:123456789012:security-control/EC2.44/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Resources": [ { "Type": "AwsEc2Subnet", "Id": "arn:aws:ec2:eu-central-1:123456789012:subnet/subnet-1234567890abcdef0", "Partition": "aws", "Region": "eu-central-1", "Details": { "AwsEc2Subnet": { "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "eu-central-1b", "AvailabilityZoneId": "euc1-az3", "AvailableIpAddressCount": 4091, "CidrBlock": "10.24.34.0/23", "DefaultForAz": true, "MapPublicIpOnLaunch": true, "OwnerId": "123456789012", "State": "available", "SubnetArn": "arn:aws:ec2:eu-central-1:123456789012:subnet/subnet-1234567890abcdef0", "SubnetId": "subnet-1234567890abcdef0", "VpcId": "vpc-021345abcdef6789" } } } ], "Compliance": { "Status": "FAILED", "SecurityControlId": "EC2.44", "AssociatedStandards": [ { "StandardsId": "standards/aws-resource-tagging-standard/v/1.0.0" } ], "SecurityControlParameters": [ { "Name": "requiredTagKeys", "Value": [ "peepoo" ] } ], }, "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "FindingProviderFields": { "Severity": { "Label": "LOW", "Original": "LOW" }, "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards" ] }, "ProcessedAt": "2024-04-29T13:02:03.259Z" }
Esempio di risultato per Service-Managed Standard: AWS Control Tower
Nota
Questo standard è disponibile solo se sei un AWS Control Tower utente che lo ha creato in. AWS Control Tower Per ulteriori informazioni, consulta Standard di gestione dei servizi: AWS Control Tower.
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:securityhub:us-east-1:123456789012:subscription/service-managed-aws-control-tower/v/1.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/securityhub", "ProductName": "Security Hub", "CompanyName": "AWS", "Region": "us-east-1", "GeneratorId": "service-managed-aws-control-tower/v/1.0.0/CloudTrail.2", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards" ], "FirstObservedAt": "2022-11-17T01:25:30.296Z", "LastObservedAt": "2022-11-17T01:25:45.805Z", "CreatedAt": "2022-11-17T01:25:30.296Z", "UpdatedAt": "2022-11-17T01:25:30.296Z", "Severity": { "Product": 40, "Label": "MEDIUM", "Normalized": 40, "Original": "MEDIUM" }, "Title": "CT.CloudTrail.2 CloudTrail should have encryption at-rest enabled", "Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.", "Remediation": { "Recommendation": { "Text": "For information on how to correct this issue, consult the AWS Security Hub controls documentation.", "Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation" } }, "ProductFields": { "StandardsArn": "arn:aws:securityhub:::standards/service-managed-aws-control-tower/v/1.0.0", "StandardsSubscriptionArn": "arn:aws:securityhub:us-east-1:123456789012:subscription/service-managed-aws-control-tower/v/1.0.0", "ControlId": "CT.CloudTrail.2", "RecommendationUrl": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation", "RelatedAWSResources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f", "RelatedAWSResources:0/type": "AWS::Config::ConfigRule", "StandardsControlArn": "arn:aws:securityhub:us-east-1:123456789012:control/service-managed-aws-control-tower/v/1.0.0/CloudTrail.2", "aws/securityhub/ProductName": "Security Hub", "aws/securityhub/CompanyName": "AWS", "Resources:0/Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/service-managed-aws-control-tower/v/1.0.0/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Resources": [ { "Type": "AwsAccount", "Id": "AWS::::Account:123456789012", "Partition": "aws", "Region": "us-east-1" } ], "Compliance": { "Status": "FAILED", "SecurityControlId": "CloudTrail.2", "AssociatedStandards": [{ "StandardsId": "standards/service-managed-aws-control-tower/v/1.0.0" }] }, "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "FindingProviderFields": { "Severity": { "Label": "MEDIUM", "Original": "MEDIUM" }, "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards" ] } }
Ricerca di esempi tra gli standard (quando i risultati del controllo consolidato sono attivati)
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "ProductArn": "arn:aws:securityhub:us-east-2::product/aws/securityhub", "ProductName": "Security Hub", "CompanyName": "AWS", "Region": "us-east-2", "GeneratorId": "security-control/CloudTrail.2", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards" ], "FirstObservedAt": "2022-10-06T02:18:23.076Z", "LastObservedAt": "2022-10-28T16:10:06.956Z", "CreatedAt": "2022-10-06T02:18:23.076Z", "UpdatedAt": "2022-10-28T16:10:00.093Z", "Severity": { "Label": "MEDIUM", "Normalized": "40", "Original": "MEDIUM" }, "Title": "CloudTrail should have encryption at-rest enabled", "Description": "This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.", "Remediation": { "Recommendation": { "Text": "For directions on how to correct this issue, consult the AWS Security Hub controls documentation.", "Url": "https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation" } }, "ProductFields": { "Related AWS Resources:0/name": "securityhub-cloud-trail-encryption-enabled-fe95bf3f", "Related AWS Resources:0/type": "AWS::Config::ConfigRule", "aws/securityhub/ProductName": "Security Hub", "aws/securityhub/CompanyName": "AWS", "Resources:0/Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" } "Resources": [ { "Type": "AwsCloudTrailTrail", "Id": "arn:aws:cloudtrail:us-east-2:123456789012:trail/AWS MacieTrail-DO-NOT-EDIT", "Partition": "aws", "Region": "us-east-2" } ], "Compliance": { "Status": "FAILED", "RelatedRequirements": [ "PCI DSS v3.2.1/3.4", "CIS AWS Foundations Benchmark v1.2.0/2.7", "CIS AWS Foundations Benchmark v1.4.0/3.7" ], "SecurityControlId": "CloudTrail.2", "AssociatedStandards": [ { "StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"}, { "StandardsId": "standards/pci-dss/v/3.2.1"}, { "StandardsId": "ruleset/cis-aws-foundations-benchmark/v/1.2.0"}, { "StandardsId": "standards/cis-aws-foundations-benchmark/v/1.4.0"}, { "StandardsId": "standards/service-managed-aws-control-tower/v/1.0.0"}, ] }, "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "FindingProviderFields": { "Severity": { "Label": "MEDIUM", "Original": "MEDIUM" }, "Types": [ "Software and Configuration Checks/Industry and Regulatory Standards" ] } }
