AwsEc2 中的资源 ASFF - AWS Security Hub

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

AwsEc2 中的资源 ASFF

以下是AwsEc2资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。

AWS Security Hub 将来自各种来源的发现标准化为ASFF。有关背景信息ASFF,请参阅AWS 安全调查结果格式 (ASFF)

AwsEc2ClientVpnEndpoint

AwsEc2ClientVpnEndpoint对象提供有关 AWS Client VPN 端点的信息。客户端VPN终端节点是您创建和配置的资源,用于启用和管理客户端VPN会话。这是所有客户端VPN会话的终止点。

以下示例显示了AwsEc2ClientVpnEndpoint对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2ClientVpnEndpoint属性的描述,请参阅《AWS Security Hub API参考资料》ClientVpnEndpointDetails中的 AwsEc2

示例

"AwsEc2ClientVpnEndpoint": { "AuthenticationOptions": [ { "MutualAuthentication": { "ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Type": "certificate-authentication" } ], "ClientCidrBlock": "10.0.0.0/22", "ClientConnectOptions": { "Enabled": false }, "ClientLoginBannerOptions": { "Enabled": false }, "ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5", "ConnectionLogOptions": { "Enabled": false }, "Description": "test", "DnsServer": ["10.0.0.0"], "ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SecurityGroupIdSet": [ "sg-0f7a177b82b443691" ], "SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5", "SessionTimeoutHours": 24, "SplitTunnel": false, "TransportProtocol": "udp", "VpcId": "vpc-1a2b3c4d5e6f1a2b3", "VpnPort": 443 }

AwsEc2Eip

AwsEc2Eip 对象提供有关弹性 IP 地址的信息。

以下示例显示了AwsEc2Eip对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2Eip属性的描述,请参阅《AWS Security Hub API参考资料》EipDetails中的 AwsEc2

示例

"AwsEc2Eip": { "InstanceId": "instance1", "PublicIp": "192.0.2.04", "AllocationId": "eipalloc-example-id-1", "AssociationId": "eipassoc-example-id-1", "Domain": "vpc", "PublicIpv4Pool": "anycompany", "NetworkBorderGroup": "eu-central-1", "NetworkInterfaceId": "eni-example-id-1", "NetworkInterfaceOwnerId": "777788889999", "PrivateIpAddress": "192.0.2.03" }

AwsEc2Instance

AwsEc2Instance对象提供有关 Amazon EC2 实例的详细信息。

以下示例显示了AwsEc2Instance对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2Instance属性的描述,请参阅《AWS Security Hub API参考资料》InstanceDetails中的 AwsEc2

示例

"AwsEc2Instance": { "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole", "ImageId": "ami-1234", "IpV4Addresses": [ "1.1.1.1" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "LaunchedAt": "2018-05-08T16:46:19.000Z", "MetadataOptions": { "HttpEndpoint": "enabled", "HttpProtocolIpv6": "enabled", "HttpPutResponseHopLimit": 1, "HttpTokens": "optional", "InstanceMetadataTags": "disabled", }, "Monitoring": { "State": "disabled" }, "NetworkInterfaces": [ { "NetworkInterfaceId": "eni-e5aa89a3" } ], "SubnetId": "subnet-123", "Type": "i3.xlarge", "VpcId": "vpc-123" }

AwsEc2LaunchTemplate

AwsEc2LaunchTemplate 对象包含有关指定实例配置信息的 Amazon Elastic Compute Cloud 启动模板的详细信息。

以下示例显示了AwsEc2LaunchTemplate对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2LaunchTemplate属性的描述,请参阅《AWS Security Hub API参考资料》LaunchTemplateDetails中的 AwsEc2

示例

"AwsEc2LaunchTemplate": { "DefaultVersionNumber": "1", "ElasticGpuSpecifications": ["string"], "ElasticInferenceAccelerators": ["string"], "Id": "lt-0a16e9802800bdd85", "ImageId": "ami-0d5eff06f840b45e9", "LatestVersionNumber": "1", "LaunchTemplateData": { "BlockDeviceMappings": [{ "DeviceName": "/dev/xvda", "Ebs": { "DeleteonTermination": true, "Encrypted": true, "SnapshotId": "snap-01047646ec075f543", "VolumeSize": 8, "VolumeType:" "gp2" } }], "MetadataOptions": { "HttpTokens": "enabled", "HttpPutResponseHopLimit" : 1 }, "Monitoring": { "Enabled": true, "NetworkInterfaces": [{ "AssociatePublicIpAddress" : true, }], "LaunchTemplateName": "string", "LicenseSpecifications": ["string"], "SecurityGroupIds": ["sg-01fce87ad6e019725"], "SecurityGroups": ["string"], "TagSpecifications": ["string"] }

AwsEc2NetworkAcl

AwsEc2NetworkAcl对象包含有关 Amazon EC2 网络访问控制列表 (ACL) 的详细信息。

以下示例显示了AwsEc2NetworkAcl对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2NetworkAcl属性的描述,请参阅《AWS Security Hub API参考资料》NetworkAclDetails中的 AwsEc2

示例

"AwsEc2NetworkAcl": { "IsDefault": false, "NetworkAclId": "acl-1234567890abcdef0", "OwnerId": "123456789012", "VpcId": "vpc-1234abcd", "Associations": [{ "NetworkAclAssociationId": "aclassoc-abcd1234", "NetworkAclId": "acl-021345abcdef6789", "SubnetId": "subnet-abcd1234" }], "Entries": [{ "CidrBlock": "10.24.34.0/23", "Egress": true, "IcmpTypeCode": { "Code": 10, "Type": 30 }, "Ipv6CidrBlock": "2001:DB8::/32", "PortRange": { "From": 20, "To": 40 }, "Protocol": "tcp", "RuleAction": "allow", "RuleNumber": 100 }] }

AwsEc2NetworkInterface

AwsEc2NetworkInterface对象提供有关 Amazon EC2 网络接口的信息。

以下示例显示了AwsEc2NetworkInterface对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2NetworkInterface属性的描述,请参阅《AWS Security Hub API参考资料》NetworkInterfaceDetails中的 AwsEc2

示例

"AwsEc2NetworkInterface": { "Attachment": { "AttachTime": "2019-01-01T03:03:21Z", "AttachmentId": "eni-attach-43348162", "DeleteOnTermination": true, "DeviceIndex": 123, "InstanceId": "i-1234567890abcdef0", "InstanceOwnerId": "123456789012", "Status": 'ATTACHED' }, "SecurityGroups": [ { "GroupName": "my-security-group", "GroupId": "sg-903004f8" }, ], "NetworkInterfaceId": 'eni-686ea200', "SourceDestCheck": false }

AwsEc2RouteTable

AwsEc2RouteTable对象提供有关 Amazon EC2 路由表的信息。

以下示例显示了AwsEc2RouteTable对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2RouteTable属性的描述,请参阅《AWS Security Hub API参考资料》RouteTableDetails中的 AwsEc2

示例

"AwsEc2RouteTable": { "AssociationSet": [{ "AssociationSet": { "State": "associated" }, "Main": true, "RouteTableAssociationId": "rtbassoc-08e706c45de9f7512", "RouteTableId": "rtb-0a59bde9cf2548e34", }], "PropogatingVgwSet": [], "RouteTableId": "rtb-0a59bde9cf2548e34", "RouteSet": [ { "DestinationCidrBlock": "10.24.34.0/23", "GatewayId": "local", "Origin": "CreateRouteTable", "State": "active" }, { "DestinationCidrBlock": "10.24.34.0/24", "GatewayId": "igw-0242c2d7d513fc5d3", "Origin": "CreateRoute", "State": "active" } ], "VpcId": "vpc-0c250a5c33f51d456" }

AwsEc2SecurityGroup

AwsEc2SecurityGroup对象描述了 Amazon EC2 安全组。

以下示例显示了AwsEc2SecurityGroup对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2SecurityGroup属性的描述,请参阅《AWS Security Hub API参考资料》SecurityGroupDetails中的 AwsEc2

示例

"AwsEc2SecurityGroup": { "GroupName": "MySecurityGroup", "GroupId": "sg-903004f8", "OwnerId": "123456789012", "VpcId": "vpc-1a2b3c4d", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "UserIdGroupPairs": [ { "UserId": "123456789012", "GroupId": "sg-903004f8" } ], "PrefixListIds": [ {"PrefixListId": "pl-63a5400a"} ] }, { "PrefixListIds": [], "FromPort": 22, "IpRanges": [ { "CidrIp": "203.0.113.0/24" } ], "ToPort": 22, "IpProtocol": "tcp", "UserIdGroupPairs": [] } ] }

AwsEc2Subnet

AwsEc2Subnet对象提供有关 Amazon 中子网的信息EC2。

以下示例显示了AwsEc2Subnet对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2Subnet属性的描述,请参阅《AWS Security Hub API参考资料》SubnetDetails中的 AwsEc2

示例

AwsEc2Subnet: { "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "us-west-2c", "AvailabilityZoneId": "usw2-az3", "AvailableIpAddressCount": 8185, "CidrBlock": "10.0.0.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "OwnerId": "123456789012", "State": "available", "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93", "SubnetId": "subnet-d5436c93", "VpcId": "vpc-153ade70", "Ipv6CidrBlockAssociationSet": [{ "AssociationId": "subnet-cidr-assoc-EXAMPLE", "Ipv6CidrBlock": "2001:DB8::/32", "CidrBlockState": "associated" }] }

AwsEc2TransitGateway

AwsEc2TransitGateway对象提供有关将您的虚拟私有云 (VPCs) 和本地网络互连的 Amazon EC2 传输网关的详细信息。

以下是 AWS 安全调查结果格式 (ASFF) 中的一个AwsEc2TransitGateway发现示例。要查看AwsEc2TransitGateway属性的描述,请参阅《AWS Security Hub API参考资料》TransitGatewayDetails中的 AwsEc2

示例

"AwsEc2TransitGateway": { "AmazonSideAsn": 65000, "AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "AutoAcceptSharedAttachments": "disable", "DefaultRouteTableAssociation": "enable", "DefaultRouteTablePropagation": "enable", "Description": "sample transit gateway", "DnsSupport": "enable", "Id": "tgw-042ae6bf7a5c126c3", "MulticastSupport": "disable", "PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "TransitGatewayCidrBlocks": ["10.0.0.0/16"], "VpnEcmpSupport": "enable" }

AwsEc2Volume

AwsEc2Volume对象提供有关 Amazon EC2 卷的详细信息。

以下示例显示了AwsEc2Volume对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2Volume属性的描述,请参阅《AWS Security Hub API参考资料》VolumeDetails中的 AwsEc2

示例

"AwsEc2Volume": { "Attachments": [ { "AttachTime": "2017-10-17T14:47:11Z", "DeleteOnTermination": true, "InstanceId": "i-123abc456def789g", "Status": "attached" } ], "CreateTime": "2020-02-24T15:54:30Z", "Encrypted": true, "KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Size": 80, "SnapshotId": "", "Status": "available" }

AwsEc2Vpc

AwsEc2Vpc对象提供了有关 Amazon 的详细信息EC2VPC。

以下示例显示了AwsEc2Vpc对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2Vpc属性的描述,请参阅《AWS Security Hub API参考资料》VpcDetails中的 AwsEc2

示例

"AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlock": "192.0.2.0/24", "CidrBlockState": "associated" } ], "DhcpOptionsId": "dopt-4e42ce28", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlockState": "associated", "Ipv6CidrBlock": "192.0.2.0/24" } ], "State": "available" }

AwsEc2VpcEndpointService

AwsEc2VpcEndpointService对象包含有关VPC终端节点服务的服务配置的详细信息。

以下示例显示了AwsEc2VpcEndpointService对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2VpcEndpointService属性的描述,请参阅《AWS Security Hub API参考资料》VpcEndpointServiceDetails中的 AwsEc2

示例

"AwsEc2VpcEndpointService": { "ServiceType": [ { "ServiceType": "Interface" } ], "ServiceId": "vpce-svc-example1", "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1", "ServiceState": "Available", "AvailabilityZones": [ "us-east-1" ], "AcceptanceRequired": true, "ManagesVpcEndpoints": false, "NetworkLoadBalancerArns": [ "arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1" ], "GatewayLoadBalancerArns": [], "BaseEndpointDnsNames": [ "vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com" ], "PrivateDnsName": "my-private-dns" }

AwsEc2VpcPeeringConnection

AwsEc2VpcPeeringConnection对象提供有关两者之间网络连接的详细信息VPCs。

以下示例显示了AwsEc2VpcPeeringConnection对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsEc2VpcPeeringConnection属性的描述,请参阅《AWS Security Hub API参考资料》VpcPeeringConnectionDetails中的 AwsEc2

示例

"AwsEc2VpcPeeringConnection": { "AccepterVpcInfo": { "CidrBlock": "10.0.0.0/28", "CidrBlockSet": [{ "CidrBlock": "10.0.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "ExpirationTime": "2022-02-18T15:31:53.161Z", "RequesterVpcInfo": { "CidrBlock": "192.168.0.0/28", "CidrBlockSet": [{ "CidrBlock": "192.168.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "Status": { "Code": "initiating-request", "Message": "Active" }, "VpcPeeringConnectionId": "pcx-1a2b3c4d" }