AwsNetworkFirewall 中的资源 ASFF - AWS Security Hub

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

AwsNetworkFirewall 中的资源 ASFF

以下是AwsNetworkFirewall资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。

AWS Security Hub 将来自各种来源的发现标准化为ASFF。有关背景信息ASFF,请参阅AWS 安全调查结果格式 (ASFF)

AwsNetworkFirewallFirewall

AwsNetworkFirewallFirewall 对象包含有关 AWS Network Firewall 防火墙的详细信息。

以下示例显示了AwsNetworkFirewallFirewall对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsNetworkFirewallFirewall属性的描述,请参阅 “AWS Security Hub API参考AwsNetworkFirewallFirewallDetails中的。

示例

"AwsNetworkFirewallFirewall": { "DeleteProtection": false, "FirewallArn": "arn:aws:network-firewall:us-east-1:024665936331:firewall/testfirewall", "FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall", "FirewallId": "dea7d8e9-ae38-4a8a-b022-672a830a99fa", "FirewallName": "testfirewall", "FirewallPolicyChangeProtection": false, "SubnetChangeProtection": false, "SubnetMappings": [ { "SubnetId": "subnet-0183481095e588cdc" }, { "SubnetId": "subnet-01f518fad1b1c90b0" } ], "VpcId": "vpc-40e83c38" }

AwsNetworkFirewallFirewallPolicy

AwsNetworkFirewallFirewallPolicy 对象提供有关防火墙策略的详细信息。防火墙策略定义网络防火墙的行为。

以下示例显示了AwsNetworkFirewallFirewallPolicy对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsNetworkFirewallFirewallPolicy属性的描述,请参阅 “AWS Security Hub API参考AwsNetworkFirewallFirewallPolicyDetails中的。

示例

"AwsNetworkFirewallFirewallPolicy": { "FirewallPolicy": { "StatefulRuleGroupReferences": [ { "ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/PatchesOnly" } ], "StatelessDefaultActions": [ "aws:forward_to_sfe" ], "StatelessFragmentDefaultActions": [ "aws:forward_to_sfe" ], "StatelessRuleGroupReferences": [ { "Priority": 1, "ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1" } ] }, "FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall", "FirewallPolicyId": "9ceeda22-6050-4048-a0ca-50ce47f0cc65", "FirewallPolicyName": "InitialFirewall", "Description": "Initial firewall" }

AwsNetworkFirewallRuleGroup

AwsNetworkFirewallRuleGroup 对象提供有关 AWS Network Firewall 规则组的详细信息。规则组用于检查和控制网络流量。无状态规则组适用于各个数据包。有状态规则组适用于其流量上下文中的数据包。

规则组在防火墙策略中引用。

以下示例显示了AwsNetworkFirewallRuleGroup对象 AWS 的安全调查结果格式 (ASFF)。要查看AwsNetworkFirewallRuleGroup属性的描述,请参阅 “AWS Security Hub API参考AwsNetworkFirewallRuleGroupDetails中的。

示例——无状态规则组

"AwsNetworkFirewallRuleGroup": { "Capacity": 600, "RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1", "RuleGroupId": "fb13c4df-b6da-4c1e-91ec-84b7a5487493", "RuleGroupName": "Stateless-1" "Description": "Example of a stateless rule group", "Type": "STATELESS", "RuleGroup": { "RulesSource": { "StatelessRulesAndCustomActions": { "CustomActions": [], "StatelessRules": [ { "Priority": 1, "RuleDefinition": { "Actions": [ "aws:pass" ], "MatchAttributes": { "DestinationPorts": [ { "FromPort": 443, "ToPort": 443 } ], "Destinations": [ { "AddressDefinition": "192.0.2.0/24" } ], "Protocols": [ 6 ], "SourcePorts": [ { "FromPort": 0, "ToPort": 65535 } ], "Sources": [ { "AddressDefinition": "198.51.100.0/24" } ] } } } ] } } } }

示例——有状态规则组

"AwsNetworkFirewallRuleGroup": { "Capacity": 100, "RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/tupletest", "RuleGroupId": "38b71c12-da80-4643-a6c5-03337f8933e0", "RuleGroupName": "ExampleRuleGroup", "Description": "Example of a stateful rule group", "Type": "STATEFUL", "RuleGroup": { "RuleSource": { "StatefulRules": [ { "Action": "PASS", "Header": { "Destination": "Any", "DestinationPort": "443", "Direction": "ANY", "Protocol": "TCP", "Source": "Any", "SourcePort": "Any" }, "RuleOptions": [ { "Keyword": "sid:1" } ] } ] } } }

以下是 AwsNetworkFirewallRuleGroup 属性的有效值示例列表:

  • Action

    有效值:PASS |DROP |ALERT

  • Protocol

    有效值:IP | TCP | UDP | ICMP | HTTP | FTP | TLS | SMB | DNS | DCERPC | SSH | SMTP | IMAP | MSN | KRB5 | IKEV2 | TFTP | NTP | DHCP

  • Flags

    有效值:FIN | SYN | RST | PSH | ACK | URG | ECE | CWR

  • Masks

    有效值:FIN | SYN | RST | PSH | ACK | URG | ECE | CWR