本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AwsEc2 中的资源 ASFF
以下是AwsEc2
资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub 将来自各种来源的发现标准化为ASFF。有关背景信息ASFF,请参阅AWS 安全调查结果格式 (ASFF)。
AwsEc2ClientVpnEndpoint
该AwsEc2ClientVpnEndpoint
对象提供有关 AWS Client VPN 端点的信息。客户端VPN终端节点是您创建和配置的资源,用于启用和管理客户端VPN会话。这是所有客户端VPN会话的终止点。
以下示例显示了AwsEc2ClientVpnEndpoint
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2ClientVpnEndpoint
属性的描述,请参阅《AWS Security Hub API参考资料》ClientVpnEndpointDetails中的 AwsEc2。
示例
"AwsEc2ClientVpnEndpoint": { "AuthenticationOptions": [ { "MutualAuthentication": { "ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Type": "certificate-authentication" } ], "ClientCidrBlock": "10.0.0.0/22", "ClientConnectOptions": { "Enabled": false }, "ClientLoginBannerOptions": { "Enabled": false }, "ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5", "ConnectionLogOptions": { "Enabled": false }, "Description": "test", "DnsServer": ["10.0.0.0"], "ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SecurityGroupIdSet": [ "sg-0f7a177b82b443691" ], "SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5", "SessionTimeoutHours": 24, "SplitTunnel": false, "TransportProtocol": "udp", "VpcId": "vpc-1a2b3c4d5e6f1a2b3", "VpnPort": 443 }
AwsEc2Eip
AwsEc2Eip
对象提供有关弹性 IP 地址的信息。
以下示例显示了AwsEc2Eip
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2Eip
属性的描述,请参阅《AWS Security Hub API参考资料》EipDetails中的 AwsEc2。
示例
"AwsEc2Eip": { "InstanceId": "instance1", "PublicIp": "192.0.2.04", "AllocationId": "eipalloc-example-id-1", "AssociationId": "eipassoc-example-id-1", "Domain": "vpc", "PublicIpv4Pool": "anycompany", "NetworkBorderGroup": "eu-central-1", "NetworkInterfaceId": "eni-example-id-1", "NetworkInterfaceOwnerId": "777788889999", "PrivateIpAddress": "192.0.2.03" }
AwsEc2Instance
该AwsEc2Instance
对象提供有关 Amazon EC2 实例的详细信息。
以下示例显示了AwsEc2Instance
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2Instance
属性的描述,请参阅《AWS Security Hub API参考资料》InstanceDetails中的 AwsEc2。
示例
"AwsEc2Instance": { "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole", "ImageId": "ami-1234", "IpV4Addresses": [ "1.1.1.1" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "LaunchedAt": "2018-05-08T16:46:19.000Z", "MetadataOptions": { "HttpEndpoint": "enabled", "HttpProtocolIpv6": "enabled", "HttpPutResponseHopLimit": 1, "HttpTokens": "optional", "InstanceMetadataTags": "disabled", }, "Monitoring": { "State": "disabled" }, "NetworkInterfaces": [ { "NetworkInterfaceId": "eni-e5aa89a3" } ], "SubnetId": "subnet-123", "Type": "i3.xlarge", "VpcId": "vpc-123" }
AwsEc2LaunchTemplate
AwsEc2LaunchTemplate
对象包含有关指定实例配置信息的 Amazon Elastic Compute Cloud 启动模板的详细信息。
以下示例显示了AwsEc2LaunchTemplate
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2LaunchTemplate
属性的描述,请参阅《AWS Security Hub API参考资料》LaunchTemplateDetails中的 AwsEc2。
示例
"AwsEc2LaunchTemplate": { "DefaultVersionNumber": "1", "ElasticGpuSpecifications": ["string"], "ElasticInferenceAccelerators": ["string"], "Id": "lt-0a16e9802800bdd85", "ImageId": "ami-0d5eff06f840b45e9", "LatestVersionNumber": "1", "LaunchTemplateData": { "BlockDeviceMappings": [{ "DeviceName": "/dev/xvda", "Ebs": { "DeleteonTermination": true, "Encrypted": true, "SnapshotId": "snap-01047646ec075f543", "VolumeSize": 8, "VolumeType:" "gp2" } }], "MetadataOptions": { "HttpTokens": "enabled", "HttpPutResponseHopLimit" : 1 }, "Monitoring": { "Enabled": true, "NetworkInterfaces": [{ "AssociatePublicIpAddress" : true, }], "LaunchTemplateName": "string", "LicenseSpecifications": ["string"], "SecurityGroupIds": ["sg-01fce87ad6e019725"], "SecurityGroups": ["string"], "TagSpecifications": ["string"] }
AwsEc2NetworkAcl
该AwsEc2NetworkAcl
对象包含有关 Amazon EC2 网络访问控制列表 (ACL) 的详细信息。
以下示例显示了AwsEc2NetworkAcl
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2NetworkAcl
属性的描述,请参阅《AWS Security Hub API参考资料》NetworkAclDetails中的 AwsEc2。
示例
"AwsEc2NetworkAcl": { "IsDefault": false, "NetworkAclId": "acl-1234567890abcdef0", "OwnerId": "123456789012", "VpcId": "vpc-1234abcd", "Associations": [{ "NetworkAclAssociationId": "aclassoc-abcd1234", "NetworkAclId": "acl-021345abcdef6789", "SubnetId": "subnet-abcd1234" }], "Entries": [{ "CidrBlock": "10.24.34.0/23", "Egress": true, "IcmpTypeCode": { "Code": 10, "Type": 30 }, "Ipv6CidrBlock": "2001:DB8::/32", "PortRange": { "From": 20, "To": 40 }, "Protocol": "tcp", "RuleAction": "allow", "RuleNumber": 100 }] }
AwsEc2NetworkInterface
该AwsEc2NetworkInterface
对象提供有关 Amazon EC2 网络接口的信息。
以下示例显示了AwsEc2NetworkInterface
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2NetworkInterface
属性的描述,请参阅《AWS Security Hub API参考资料》NetworkInterfaceDetails中的 AwsEc2。
示例
"AwsEc2NetworkInterface": { "Attachment": { "AttachTime": "2019-01-01T03:03:21Z", "AttachmentId": "eni-attach-43348162", "DeleteOnTermination": true, "DeviceIndex": 123, "InstanceId": "i-1234567890abcdef0", "InstanceOwnerId": "123456789012", "Status": 'ATTACHED' }, "SecurityGroups": [ { "GroupName": "my-security-group", "GroupId": "sg-903004f8" }, ], "NetworkInterfaceId": 'eni-686ea200', "SourceDestCheck": false }
AwsEc2RouteTable
该AwsEc2RouteTable
对象提供有关 Amazon EC2 路由表的信息。
以下示例显示了AwsEc2RouteTable
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2RouteTable
属性的描述,请参阅《AWS Security Hub API参考资料》RouteTableDetails中的 AwsEc2。
示例
"AwsEc2RouteTable": { "AssociationSet": [{ "AssociationSet": { "State": "associated" }, "Main": true, "RouteTableAssociationId": "rtbassoc-08e706c45de9f7512", "RouteTableId": "rtb-0a59bde9cf2548e34", }], "PropogatingVgwSet": [], "RouteTableId": "rtb-0a59bde9cf2548e34", "RouteSet": [ { "DestinationCidrBlock": "10.24.34.0/23", "GatewayId": "local", "Origin": "CreateRouteTable", "State": "active" }, { "DestinationCidrBlock": "10.24.34.0/24", "GatewayId": "igw-0242c2d7d513fc5d3", "Origin": "CreateRoute", "State": "active" } ], "VpcId": "vpc-0c250a5c33f51d456" }
AwsEc2SecurityGroup
该AwsEc2SecurityGroup
对象描述了 Amazon EC2 安全组。
以下示例显示了AwsEc2SecurityGroup
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2SecurityGroup
属性的描述,请参阅《AWS Security Hub API参考资料》SecurityGroupDetails中的 AwsEc2。
示例
"AwsEc2SecurityGroup": { "GroupName": "MySecurityGroup", "GroupId": "sg-903004f8", "OwnerId": "123456789012", "VpcId": "vpc-1a2b3c4d", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "UserIdGroupPairs": [ { "UserId": "123456789012", "GroupId": "sg-903004f8" } ], "PrefixListIds": [ {"PrefixListId": "pl-63a5400a"} ] }, { "PrefixListIds": [], "FromPort": 22, "IpRanges": [ { "CidrIp": "203.0.113.0/24" } ], "ToPort": 22, "IpProtocol": "tcp", "UserIdGroupPairs": [] } ] }
AwsEc2Subnet
该AwsEc2Subnet
对象提供有关 Amazon 中子网的信息EC2。
以下示例显示了AwsEc2Subnet
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2Subnet
属性的描述,请参阅《AWS Security Hub API参考资料》SubnetDetails中的 AwsEc2。
示例
AwsEc2Subnet: { "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "us-west-2c", "AvailabilityZoneId": "usw2-az3", "AvailableIpAddressCount": 8185, "CidrBlock": "10.0.0.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "OwnerId": "123456789012", "State": "available", "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93", "SubnetId": "subnet-d5436c93", "VpcId": "vpc-153ade70", "Ipv6CidrBlockAssociationSet": [{ "AssociationId": "subnet-cidr-assoc-EXAMPLE", "Ipv6CidrBlock": "2001:DB8::/32", "CidrBlockState": "associated" }] }
AwsEc2TransitGateway
该AwsEc2TransitGateway
对象提供有关将您的虚拟私有云 (VPCs) 和本地网络互连的 Amazon EC2 传输网关的详细信息。
以下是 AWS 安全调查结果格式 (ASFF) 中的AwsEc2TransitGateway
查找结果示例。要查看AwsEc2TransitGateway
属性的描述,请参阅《AWS Security Hub API参考资料》TransitGatewayDetails中的 AwsEc2。
示例
"AwsEc2TransitGateway": { "AmazonSideAsn": 65000, "AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "AutoAcceptSharedAttachments": "disable", "DefaultRouteTableAssociation": "enable", "DefaultRouteTablePropagation": "enable", "Description": "sample transit gateway", "DnsSupport": "enable", "Id": "tgw-042ae6bf7a5c126c3", "MulticastSupport": "disable", "PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "TransitGatewayCidrBlocks": ["10.0.0.0/16"], "VpnEcmpSupport": "enable" }
AwsEc2Volume
该AwsEc2Volume
对象提供有关 Amazon EC2 卷的详细信息。
以下示例显示了AwsEc2Volume
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2Volume
属性的描述,请参阅《AWS Security Hub API参考资料》VolumeDetails中的 AwsEc2。
示例
"AwsEc2Volume": { "Attachments": [ { "AttachTime": "2017-10-17T14:47:11Z", "DeleteOnTermination": true, "InstanceId": "i-123abc456def789g", "Status": "attached" } ], "CreateTime": "2020-02-24T15:54:30Z", "Encrypted": true, "KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Size": 80, "SnapshotId": "", "Status": "available" }
AwsEc2Vpc
该AwsEc2Vpc
对象提供了有关 Amazon 的详细信息EC2VPC。
以下示例显示了AwsEc2Vpc
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2Vpc
属性的描述,请参阅《AWS Security Hub API参考资料》VpcDetails中的 AwsEc2。
示例
"AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlock": "192.0.2.0/24", "CidrBlockState": "associated" } ], "DhcpOptionsId": "dopt-4e42ce28", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlockState": "associated", "Ipv6CidrBlock": "192.0.2.0/24" } ], "State": "available" }
AwsEc2VpcEndpointService
该AwsEc2VpcEndpointService
对象包含有关VPC终端节点服务的服务配置的详细信息。
以下示例显示了AwsEc2VpcEndpointService
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2VpcEndpointService
属性的描述,请参阅《AWS Security Hub API参考资料》VpcEndpointServiceDetails中的 AwsEc2。
示例
"AwsEc2VpcEndpointService": { "ServiceType": [ { "ServiceType": "Interface" } ], "ServiceId": "vpce-svc-example1", "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1", "ServiceState": "Available", "AvailabilityZones": [ "us-east-1" ], "AcceptanceRequired": true, "ManagesVpcEndpoints": false, "NetworkLoadBalancerArns": [ "arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1" ], "GatewayLoadBalancerArns": [], "BaseEndpointDnsNames": [ "vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com" ], "PrivateDnsName": "my-private-dns" }
AwsEc2VpcPeeringConnection
该AwsEc2VpcPeeringConnection
对象提供有关两者之间网络连接的详细信息VPCs。
以下示例显示了AwsEc2VpcPeeringConnection
对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2VpcPeeringConnection
属性的描述,请参阅《AWS Security Hub API参考资料》VpcPeeringConnectionDetails中的 AwsEc2。
示例
"AwsEc2VpcPeeringConnection": { "AccepterVpcInfo": { "CidrBlock": "10.0.0.0/28", "CidrBlockSet": [{ "CidrBlock": "10.0.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "ExpirationTime": "2022-02-18T15:31:53.161Z", "RequesterVpcInfo": { "CidrBlock": "192.168.0.0/28", "CidrBlockSet": [{ "CidrBlock": "192.168.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "Status": { "Code": "initiating-request", "Message": "Active" }, "VpcPeeringConnectionId": "pcx-1a2b3c4d" }