ASFF 中的 AwsCloudWatch 资源 - AWS Security Hub
AwsCloudWatchAlarm

ASFF 中的 AwsCloudWatch 资源

以下是 AwsCloudWatch 资源的 AWS 安全调查发现格式(ASFF)的示例。

AWS Security Hub 会将各种来源的调查发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 AWS安全调查发现格式 (ASFF)

AwsCloudWatchAlarm

AwsCloudWatchAlarm 对象提供有关 Amazon CloudWatch 警报的详细信息,这些警报会监视指标或在警报状态发生变化时执行操作。

以下示例显示了 AwsCloudWatchAlarm 对象的 AWS 安全调查发现格式 (ASFF)。要查看 AwsCloudWatchAlarm 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsCloudWatchAlarmDetails

示例

"AwsCloudWatchAlarm": { 
	"ActionsEnabled": true,
	"AlarmActions": [
		"arn:aws:automate:region:ec2:stop",
		"arn:aws:automate:region:ec2:terminate"
	],
	"AlarmArn": "arn:aws:cloudwatch:us-west-2:012345678910:alarm:sampleAlarm",
	"AlarmConfigurationUpdatedTimestamp": "2022-02-18T15:31:53.161Z",
	"AlarmDescription": "Alarm Example",
	"AlarmName": "Example",
	"ComparisonOperator": "GreaterThanOrEqualToThreshold",
	"DatapointsToAlarm": 1,
	"Dimensions": [{
		"Name": "InstanceId",
		"Value": "i-1234567890abcdef0"
	}],
	"EvaluateLowSampleCountPercentile": "evaluate",
	"EvaluationPeriods": 1,
	"ExtendedStatistic": "p99.9",
	"InsufficientDataActions": [
		"arn:aws:automate:region:ec2:stop"
	],
	"MetricName": "Sample Metric",
	"Namespace": "YourNamespace",
	"OkActions": [
		"arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0"
	],
	"Period": 1,
	"Statistic": "SampleCount",
	"Threshold": 12.3,
	"ThresholdMetricId": "t1",
	"TreatMissingData": "notBreaching",
	"Unit": "Kilobytes/Second"
}