本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AwsNetworkFirewall 中的资源 ASFF
以下是AwsNetworkFirewall资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub 将来自各种来源的发现标准化为ASFF。有关背景信息ASFF,请参阅AWS 安全调查结果格式 (ASFF)。
AwsNetworkFirewallFirewall
AwsNetworkFirewallFirewall 对象包含有关 AWS Network Firewall 防火墙的详细信息。
以下示例显示了AwsNetworkFirewallFirewall对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsNetworkFirewallFirewall属性的描述,请参阅AWS Security Hub API参考文献AwsNetworkFirewallFirewallDetails中的。
示例
"AwsNetworkFirewallFirewall": { "DeleteProtection": false, "FirewallArn": "arn:aws:network-firewall:us-east-1:024665936331:firewall/testfirewall", "FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall", "FirewallId": "dea7d8e9-ae38-4a8a-b022-672a830a99fa", "FirewallName": "testfirewall", "FirewallPolicyChangeProtection": false, "SubnetChangeProtection": false, "SubnetMappings": [ { "SubnetId": "subnet-0183481095e588cdc" }, { "SubnetId": "subnet-01f518fad1b1c90b0" } ], "VpcId": "vpc-40e83c38" }
AwsNetworkFirewallFirewallPolicy
AwsNetworkFirewallFirewallPolicy 对象提供有关防火墙策略的详细信息。防火墙策略定义网络防火墙的行为。
以下示例显示了AwsNetworkFirewallFirewallPolicy对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsNetworkFirewallFirewallPolicy属性的描述,请参阅AWS Security Hub API参考文献AwsNetworkFirewallFirewallPolicyDetails中的。
示例
"AwsNetworkFirewallFirewallPolicy": { "FirewallPolicy": { "StatefulRuleGroupReferences": [ { "ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/PatchesOnly" } ], "StatelessDefaultActions": [ "aws:forward_to_sfe" ], "StatelessFragmentDefaultActions": [ "aws:forward_to_sfe" ], "StatelessRuleGroupReferences": [ { "Priority": 1, "ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1" } ] }, "FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall", "FirewallPolicyId": "9ceeda22-6050-4048-a0ca-50ce47f0cc65", "FirewallPolicyName": "InitialFirewall", "Description": "Initial firewall" }
AwsNetworkFirewallRuleGroup
AwsNetworkFirewallRuleGroup 对象提供有关 AWS Network Firewall 规则组的详细信息。规则组用于检查和控制网络流量。无状态规则组适用于各个数据包。有状态规则组适用于其流量上下文中的数据包。
规则组在防火墙策略中引用。
以下示例显示了AwsNetworkFirewallRuleGroup对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsNetworkFirewallRuleGroup属性的描述,请参阅AWS Security Hub API参考文献AwsNetworkFirewallRuleGroupDetails中的。
示例——无状态规则组
"AwsNetworkFirewallRuleGroup": { "Capacity": 600, "RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1", "RuleGroupId": "fb13c4df-b6da-4c1e-91ec-84b7a5487493", "RuleGroupName": "Stateless-1" "Description": "Example of a stateless rule group", "Type": "STATELESS", "RuleGroup": { "RulesSource": { "StatelessRulesAndCustomActions": { "CustomActions": [], "StatelessRules": [ { "Priority": 1, "RuleDefinition": { "Actions": [ "aws:pass" ], "MatchAttributes": { "DestinationPorts": [ { "FromPort": 443, "ToPort": 443 } ], "Destinations": [ { "AddressDefinition": "192.0.2.0/24" } ], "Protocols": [ 6 ], "SourcePorts": [ { "FromPort": 0, "ToPort": 65535 } ], "Sources": [ { "AddressDefinition": "198.51.100.0/24" } ] } } } ] } } } }
示例——有状态规则组
"AwsNetworkFirewallRuleGroup": { "Capacity": 100, "RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/tupletest", "RuleGroupId": "38b71c12-da80-4643-a6c5-03337f8933e0", "RuleGroupName": "ExampleRuleGroup", "Description": "Example of a stateful rule group", "Type": "STATEFUL", "RuleGroup": { "RuleSource": { "StatefulRules": [ { "Action": "PASS", "Header": { "Destination": "Any", "DestinationPort": "443", "Direction": "ANY", "Protocol": "TCP", "Source": "Any", "SourcePort": "Any" }, "RuleOptions": [ { "Keyword": "sid:1" } ] } ] } } }
以下是 AwsNetworkFirewallRuleGroup 属性的有效值示例列表:
-
Action有效值:
PASS|DROP|ALERT -
Protocol有效值:
IP|TCP|UDP|ICMP|HTTP|FTP|TLS|SMB|DNS|DCERPC|SSH|SMTP|IMAP|MSN|KRB5|IKEV2|TFTP|NTP|DHCP -
Flags有效值:
FIN|SYN|RST|PSH|ACK|URG|ECE|CWR -
Masks有效值:
FIN|SYN|RST|PSH|ACK|URG|ECE|CWR
