기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
Amazon SNS GuardDuty 공지 구독하기
이 섹션에서는 새로 릴리스된 검색 결과 유형에 대한 알림 수신, 기존 검색 결과 유형에 대한 업데이트 및 기타 기능 변경 GuardDuty 사항에 대한 알림을 받기 위한 Amazon SNS (Simple Notification Service) 구독에 대한 정보를 제공합니다. 알림은 Amazon SNS에서 지원하는 모든 형식으로 사용할 수 있습니다.
GuardDuty SNS는 구독한 모든 계정을 통해 GuardDuty 서비스 업데이트에 대한 AWS 공지를 전송합니다. 계정 내 결과에 대한 알림을 받으려면 Amazon CloudWatch Events를 사용하여 GuardDuty 결과에 대한 사용자 지정 응답 생성 섹션을 참조하세요.
참고
IAM 사용자에 sns::subscribe 권한이 있어야 SNS 구독이 가능합니다.
알림 주제에 대해 Amazon SQS 대기열을 구독할 수 있지만 동일한 리전에 있는 주제 ARN을 사용해야 합니다. 자세한 내용은 Amazon Simple Queue Service 개발자 안내서에서 자습서: Subscribing an Amazon SQS queue to an Amazon SNS topic 섹션을 참조하세요.
알림이 수신되면 AWS Lambda 함수를 사용하여 이벤트를 트리거할 수도 있습니다. 자세한 내용은 Amazon Simple Queue Service 개발자 안내서에서 Invoking Lambda functions using Amazon SNS notifications 섹션을 참조하세요.
각 리전에 대한 Amazon SNS 주제 ARN은 다음과 같습니다.
| AWS 지역 | Amazon SNS 주제 ARN |
|---|---|
us-east-1 |
arn:aws:sns:us-east-1:242987662583:GuardDutyAnnouncements |
us-east-2 |
arn:aws:sns:us-east-2:118283430703:GuardDutyAnnouncements |
us-west-1 |
arn:aws:sns:us-west-1:144182107116:GuardDutyAnnouncements |
us-west-2 |
arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements |
ca-central-1 |
arn:aws:sns:ca-central-1:107430051933:GuardDutyAnnouncements |
ca-west-1 |
arn:aws:sns:ca-west-1:440427180217:GuardDutyAnnouncements |
eu-north-1 |
arn:aws:sns:eu-north-1:973841112453:GuardDutyAnnouncements |
eu-west-1 |
arn:aws:sns:eu-west-1:965013871422:GuardDutyAnnouncements |
eu-west-2 |
arn:aws:sns:eu-west-2:506403581195:GuardDutyAnnouncements |
eu-west-3 |
arn:aws:sns:eu-west-3:436163563069:GuardDutyAnnouncements |
eu-central-1 |
arn:aws:sns:eu-central-1:378365507264:GuardDutyAnnouncements |
eu-central-2 |
arn:aws:sns:eu-central-2:383009515534:GuardDutyAnnouncements |
ap-east-1 |
arn:aws:sns:ap-east-1:646602203151:GuardDutyAnnouncements |
ap-northeast-1 |
arn:aws:sns:ap-northeast-1:741172661024:GuardDutyAnnouncements |
ap-northeast-2 |
arn:aws:sns:ap-northeast-2:464168911255:GuardDutyAnnouncements |
ap-southeast-1 |
arn:aws:sns:ap-southeast-1:476419727788:GuardDutyAnnouncements |
ap-southeast-2 |
arn:aws:sns:ap-southeast-2:457615622431:GuardDutyAnnouncements |
ap-south-1 |
arn:aws:sns:ap-south-1:926826061926:GuardDutyAnnouncements |
sa-east-1 |
arn:aws:sns:sa-east-1:955633302743:GuardDutyAnnouncements |
us-gov-west-1 |
arn:aws-us-gov:sns:us-gov-west-1:430639793359:GuardDutyAnnouncements |
cn-north-1 |
arn:aws-cn:sns:cn-north-1:002991280229:GuardDutyAnnouncements |
cn-northwest-1 |
arn:aws-cn:sns:cn-northwest-1:003033775354:GuardDutyAnnouncements |
me-south-1 |
arn:aws:sns:me-south-1:552740612889:GuardDutyAnnouncements |
me-central-1 |
arn:aws:sns:me-central-1:030935290150:GuardDutyAnnouncements |
eu-south-1 |
arn:aws:sns:eu-south-1:188461706213:GuardDutyAnnouncements |
eu-south-2 |
arn:aws:sns:eu-south-2:445632894446:GuardDutyAnnouncements |
us-gov-east-1 |
arn:aws:sns:us-gov-east-1:143972945659:GuardDutyAnnouncements |
ap-northeast-3 |
arn:aws:sns:ap-northeast-3:129086577509:GuardDutyAnnouncements |
ap-southeast-3 |
arn:aws:sns:ap-southeast-3:225965583551:GuardDutyAnnouncements |
ap-south-2 |
arn:aws:sns:ap-south-2:595653072700:GuardDutyAnnouncements |
ap-southeast-4 |
arn:aws:sns:ap-southeast-4:529900636122:GuardDutyAnnouncements |
il-central-1 |
arn:aws:sns:il-central-1:847886274986:GuardDutyAnnouncements |
GuardDuty 업데이트 알림 이메일을 구독하려면 AWS Management Console
https://console.aws.amazon.com/sns/v3/home
에서 Amazon SNS 콘솔을 엽니다. -
리전 목록에서 구독할 주제 ARN과 동일한 리전을 선택합니다. 이 예에서는
us-west-2리전을 사용합니다. -
왼쪽 탐색 창에서 구독과 구독 생성을 선택합니다.
-
구독 생성 대화 상자의 주제 ARN에 업데이트 주제 ARN:
arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements를 붙여 넣습니다. -
프로토콜에서 이메일을 선택합니다. 엔드포인트에서 알림을 받는 데 사용할 수 있는 이메일 주소를 입력합니다.
-
구독 생성을 선택합니다.
-
이메일 애플리케이션에서 AWS 알림의 메시지를 열고 링크를 열어 구독을 확인합니다.
웹 브라우저에 Amazon SNS의 확인 응답이 표시됩니다.
다음을 포함하는 GuardDuty 업데이트 알림 이메일을 구독하려면 AWS CLI
-
AWS CLI와 함께 다음 명령을 실행합니다.
aws sns --regionus-west-2subscribe --topic-arn arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements --protocolemail--notification-endpointyour_email@your_domain.com -
이메일 애플리케이션에서 AWS 알림의 메시지를 열고 링크를 열어 구독을 확인합니다.
웹 브라우저에 Amazon SNS의 확인 응답이 표시됩니다.
Amazon SNS 메시지 형식
새로운 결과에 대한 GuardDuty 업데이트 알림 메시지의 예는 다음과 같습니다.
{ "Type" : "Notification", "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc", "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements", "Message" : "{\"version\":\"1\",\"type\":\"NEW_FINDINGS\",\"findingDetails\":[{\"link\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html\",\"findingType\":\"UnauthorizedAccess:EC2/TorClient\",\"findingDescription\":\"This finding informs you that an EC2 instance in your AWS environment is making connections to a Tor Guard or an Authority node. Tor is software for enabling anonymous communication. Tor Guards and Authority nodes act as initial gateways into a Tor network. This traffic can indicate that this EC2 instance is acting as a client on a Tor network. A common use for a Tor client is to circumvent network monitoring and filter for access to unauthorized or illicit content. Tor clients can also generate nefarious Internet traffic, including attacking SSH servers. This activity can indicate that your EC2 instance is compromised.\"}]}", "Timestamp" : "2018-03-09T00:25:43.483Z", "SignatureVersion" : "1", "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==", "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem", "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4" }
구문 분석 메시지 값(이스케이프된 따옴표 제거)은 다음과 같습니다.
{ "version": "1", "type": "NEW_FINDINGS", "findingDetails": [{ "link": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html", "findingType": "UnauthorizedAccess:EC2/TorClient", "findingDescription": "This finding informs you that an EC2 instance in your AWS environment is making connections to a Tor Guard or an Authority node. Tor is software for enabling anonymous communication. Tor Guards and Authority nodes act as initial gateways into a Tor network. This traffic can indicate that this EC2 instance is acting as a client on a Tor network. A common use for a Tor client is to circumvent network monitoring and filter for access to unauthorized or illicit content. Tor clients can also generate nefarious Internet traffic, including attacking SSH servers. This activity can indicate that your EC2 instance is compromised." }] }
GuardDuty 기능 GuardDuty 업데이트에 대한 업데이트 알림 메시지의 예는 다음과 같습니다.
{ "Type" : "Notification", "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc", "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements", "Message" : "{\"version\":\"1\",\"type\":\"NEW_FEATURES\",\"featureDetails\":[{\"featureDescription\":\"Customers with high-volumes of global CloudTrail events should see a net positive impact on their GuardDuty costs.\",\"featureLink\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_data-sources.html#guardduty_cloudtrail\"}]}", "Timestamp" : "2018-03-09T00:25:43.483Z", "SignatureVersion" : "1", "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==", "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem", "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4" }
구문 분석 메시지 값(이스케이프된 따옴표 제거)은 다음과 같습니다.
{ "version": "1", "type": "NEW_FEATURES", "featureDetails": [{ "featureDescription": "Customers with high-volumes of global CloudTrail events should see a net positive impact on their GuardDuty costs.", "featureLink": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_data-sources.html#guardduty_cloudtrail" }] }
업데이트된 결과에 대한 GuardDuty 업데이트 알림 메시지의 예는 다음과 같습니다.
{ "Type": "Notification", "MessageId": "9101dc6b-726f-4df0-8646-ec2f94e674bc", "TopicArn": "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements", "Message": "{\"version\":\"1\",\"type\":\"UPDATED_FINDINGS\",\"findingDetails\":[{\"link\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html\",\"findingType\":\"UnauthorizedAccess:EC2/TorClient\",\"description\":\"Increased severity value from 5 to 8.\"}]}", "Timestamp": "2018-03-09T00:25:43.483Z", "SignatureVersion": "1", "Signature": "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==", "SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem", "UnsubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4" }
구문 분석 메시지 값(이스케이프된 따옴표 제거)은 다음과 같습니다.
{ "version": "1", "type": "UPDATED_FINDINGS", "findingDetails": [{ "link": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html", "findingType": "UnauthorizedAccess:EC2/TorClient", "description": "Increased severity value from 5 to 8." }] }
