本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# AWS 安全调查结果格式 (ASFF)
AWS Security Hub CSPM 使用和汇总来自集成 AWS 服务 和第三方产品的发现。Security Hub CSPM 使用一种称为 *AWS 安全调查发现格式(ASFF)*的标准调查发现格式来处理这些调查发现,无需进行耗时的数据转换工作。
本页提供了 AWS 安全调查结果格式 (ASFF) 中查找结果的 JSON 的完整概述。该格式源自 [JSON 架构](https://json-schema.org/)。选择链接对象的名称,以查看该对象的调查发现示例。将 Security Hub CSPM 调查发现与此处显示的资源和示例进行比较,以帮助您解释调查发现。
有关各个 ASFF 属性的描述,请参阅[必需的顶级 ASFF 属性](asff-required-attributes.md)和[可选顶级 ASFF 属性](asff-top-level-attributes.md)。
```
"Findings": [
{
"Action": {
"ActionType": "string",
"AwsApiCallAction": {
"AffectedResources": {
"string": "string"
},
"Api": "string",
"CallerType": "string",
"DomainDetails": {
"Domain": "string"
},
"FirstSeen": "string",
"LastSeen": "string",
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"IpAddressV4": "string",
"Geolocation": {
"Lat": number,
"Lon": number
},
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
},
"ServiceName": "string"
},
"DnsRequestAction": {
"Blocked": boolean,
"Domain": "string",
"Protocol": "string"
},
"NetworkConnectionAction": {
"Blocked": boolean,
"ConnectionDirection": "string",
"LocalPortDetails": {
"Port": number,
"PortName": "string"
},
"Protocol": "string",
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"IpAddressV4": "string",
"Geolocation": {
"Lat": number,
"Lon": number
},
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
},
"RemotePortDetails": {
"Port": number,
"PortName": "string"
}
},
"PortProbeAction": {
"Blocked": boolean,
"PortProbeDetails": [{
"LocalIpDetails": {
"IpAddressV4": "string"
},
"LocalPortDetails": {
"Port": number,
"PortName": "string"
},
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"GeoLocation": {
"Lat": number,
"Lon": number
},
"IpAddressV4": "string",
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
}
}]
}
},
"AwsAccountId": "string",
"AwsAccountName": "string",
"CompanyName": "string",
"Compliance": {
"AssociatedStandards": [{
"StandardsId": "string"
}],
"RelatedRequirements": ["string"],
"SecurityControlId": "string",
"SecurityControlParameters": [
{
"Name": "string",
"Value": ["string"]
}
],
"Status": "string",
"StatusReasons": [
{
"Description": "string",
"ReasonCode": "string"
}
]
},
"Confidence": number,
"CreatedAt": "string",
"Criticality": number,
"Description": "string",
"Detection": {
"Sequence": {
"Uid": "string",
"Actors": [{
"Id": "string",
"Session": {
"Uid": "string",
"MfAStatus": "string",
"CreatedTime": "string",
"Issuer": "string"
},
"User": {
"CredentialUid": "string",
"Name": "string",
"Type": "string",
"Uid": "string",
"Account": {
"Uid": "string",
"Name": "string"
}
}
}],
"Endpoints": [{
"Id": "string",
"Ip": "string",
"Domain": "string",
"Port": number,
"Location": {
"City": "string",
"Country": "string",
"Lat": number,
"Lon": number
},
"AutonomousSystem": {
"Name": "string",
"Number": number
},
"Connection": {
"Direction": "string"
}
}],
"Signals": [{
"Id": "string",
"Title": "string",
"ActorIds": ["string"],
"Count": number,
"FirstSeenAt": number,
"SignalIndicators": [
{
"Key": "string",
"Title": "string",
"Values": ["string"]
},
{
"Key": "string",
"Title": "string",
"Values": ["string"]
}
],
"LastSeenAt": number,
"Name": "string",
"ResourceIds": ["string"],
"Type": "string"
}],
"SequenceIndicators": [
{
"Key": "string",
"Title": "string",
"Values": ["string"]
},
{
"Key": "string",
"Title": "string",
"Values": ["string"]
}
]
}
},
"FindingProviderFields": {
"Confidence": number,
"Criticality": number,
"RelatedFindings": [{
"ProductArn": "string",
"Id": "string"
}],
"Severity": {
"Label": "string",
"Normalized": number,
"Original": "string"
},
"Types": ["string"]
},
"FirstObservedAt": "string",
"GeneratorId": "string",
"Id": "string",
"LastObservedAt": "string",
"Malware": [{
"Name": "string",
"Path": "string",
"State": "string",
"Type": "string"
}],
"Network": {
"DestinationDomain": "string",
"DestinationIpV4": "string",
"DestinationIpV6": "string",
"DestinationPort": number,
"Direction": "string",
"OpenPortRange": {
"Begin": integer,
"End": integer
},
"Protocol": "string",
"SourceDomain": "string",
"SourceIpV4": "string",
"SourceIpV6": "string",
"SourceMac": "string",
"SourcePort": number
},
"NetworkPath": [{
"ComponentId": "string",
"ComponentType": "string",
"Egress": {
"Destination": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
},
"Protocol": "string",
"Source": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
}
},
"Ingress": {
"Destination": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
},
"Protocol": "string",
"Source": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
}
}
}],
"Note": {
"Text": "string",
"UpdatedAt": "string",
"UpdatedBy": "string"
},
"PatchSummary": {
"FailedCount": number,
"Id": "string",
"InstalledCount": number,
"InstalledOtherCount": number,
"InstalledPendingReboot": number,
"InstalledRejectedCount": number,
"MissingCount": number,
"Operation": "string",
"OperationEndTime": "string",
"OperationStartTime": "string",
"RebootOption": "string"
},
"Process": {
"LaunchedAt": "string",
"Name": "string",
"ParentPid": number,
"Path": "string",
"Pid": number,
"TerminatedAt": "string"
},
"ProductArn": "string",
"ProductFields": {
"string": "string"
},
"ProductName": "string",
"RecordState": "string",
"Region": "string",
"RelatedFindings": [{
"Id": "string",
"ProductArn": "string"
}],
"Remediation": {
"Recommendation": {
"Text": "string",
"Url": "string"
}
},
"Resources": [{
"ApplicationArn": "string",
"ApplicationName": "string",
"DataClassification": {
"DetailedResultsLocation": "string",
"Result": {
"AdditionalOccurrences": boolean,
"CustomDataIdentifiers": {
"Detections": [{
"Arn": "string",
"Count": integer,
"Name": "string",
"Occurrences": {
"Cells": [{
"CellReference": "string",
"Column": integer,
"ColumnName": "string",
"Row": integer
}],
"LineRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"OffsetRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"Pages": [{
"LineRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"OffsetRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"PageNumber": integer
}],
"Records": [{
"JsonPath": "string",
"RecordIndex": integer
}]
}
}],
"TotalCount": integer
},
"MimeType": "string",
"SensitiveData": [{
"Category": "string",
"Detections": [{
"Count": integer,
"Occurrences": {
"Cells": [{
"CellReference": "string",
"Column": integer,
"ColumnName": "string",
"Row": integer
}],
"LineRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"OffsetRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"Pages": [{
"LineRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"OffsetRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"PageNumber": integer
}],
"Records": [{
"JsonPath": "string",
"RecordIndex": integer
}]
},
"Type": "string"
}],
"TotalCount": integer
}],
"SizeClassified": integer,
"Status": {
"Code": "string",
"Reason": "string"
}
}
},
"Details": {
"AwsAmazonMQBroker": {
"AutoMinorVersionUpgrade": boolean,
"BrokerArn": "string",
"BrokerId": "string",
"BrokerName": "string",
"Configuration": {
"Id": "string",
"Revision": integer
},
"DeploymentMode": "string",
"EncryptionOptions": {
"UseAwsOwnedKey": boolean
},
"EngineType": "string",
"EngineVersion": "string",
"HostInstanceType": "string",
"Logs": {
"Audit": boolean,
"AuditLogGroup": "string",
"General": boolean,
"GeneralLogGroup": "string"
},
"MaintenanceWindowStartTime": {
"DayOfWeek": "string",
"TimeOfDay": "string",
"TimeZone": "string"
},
"PubliclyAccessible": boolean,
"SecurityGroups": [
"string"
],
"StorageType": "string",
"SubnetIds": [
"string",
"string"
],
"Users": [{
"Username": "string"
}]
},
"AwsApiGatewayRestApi": {
"ApiKeySource": "string",
"BinaryMediaTypes": [" string"],
"CreatedDate": "string",
"Description": "string",
"EndpointConfiguration": {
"Types": ["string"]
},
"Id": "string",
"MinimumCompressionSize": number,
"Name": "string",
"Version": "string"
},
"AwsApiGatewayStage": {
"AccessLogSettings": {
"DestinationArn": "string",
"Format": "string"
},
"CacheClusterEnabled": boolean,
"CacheClusterSize": "string",
"CacheClusterStatus": "string",
"CanarySettings": {
"DeploymentId": "string",
"PercentTraffic": number,
"StageVariableOverrides": [{
"string": "string"
}],
"UseStageCache": boolean
},
"ClientCertificateId": "string",
"CreatedDate": "string",
"DeploymentId": "string",
"Description": "string",
"DocumentationVersion": "string",
"LastUpdatedDate": "string",
"MethodSettings": [{
"CacheDataEncrypted": boolean,
"CachingEnabled": boolean,
"CacheTtlInSeconds": number,
"DataTraceEnabled": boolean,
"HttpMethod": "string",
"LoggingLevel": "string",
"MetricsEnabled": boolean,
"RequireAuthorizationForCacheControl": boolean,
"ResourcePath": "string",
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number,
"UnauthorizedCacheControlHeaderStrategy": "string"
}],
"StageName": "string",
"TracingEnabled": boolean,
"Variables": {
"string": "string"
},
"WebAclArn": "string"
},
"AwsApiGatewayV2Api": {
"ApiEndpoint": "string",
"ApiId": "string",
"ApiKeySelectionExpression": "string",
"CorsConfiguration": {
"AllowCredentials": boolean,
"AllowHeaders": ["string"],
"AllowMethods": ["string"],
"AllowOrigins": ["string"],
"ExposeHeaders": ["string"],
"MaxAge": number
},
"CreatedDate": "string",
"Description": "string",
"Name": "string",
"ProtocolType": "string",
"RouteSelectionExpression": "string",
"Version": "string"
},
"AwsApiGatewayV2Stage": {
"AccessLogSettings": {
"DestinationArn": "string",
"Format": "string"
},
"ApiGatewayManaged": boolean,
"AutoDeploy": boolean,
"ClientCertificateId": "string",
"CreatedDate": "string",
"DefaultRouteSettings": {
"DataTraceEnabled": boolean,
"DetailedMetricsEnabled": boolean,
"LoggingLevel": "string",
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number
},
"DeploymentId": "string",
"Description": "string",
"LastDeploymentStatusMessage": "string",
"LastUpdatedDate": "string",
"RouteSettings": {
"DetailedMetricsEnabled": boolean,
"LoggingLevel": "string",
"DataTraceEnabled": boolean,
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number
},
"StageName": "string",
"StageVariables": [{
"string": "string"
}]
},
"AwsAppSyncGraphQLApi": {
"AwsAppSyncGraphQlApi": {
"AdditionalAuthenticationProviders": [
{
"AuthenticationType": "string",
"LambdaAuthorizerConfig": {
"AuthorizerResultTtlInSeconds": integer,
"AuthorizerUri": "string"
}
},
{
"AuthenticationType": "string"
}
],
"ApiId": "string",
"Arn": "string",
"AuthenticationType": "string",
"Id": "string",
"LogConfig": {
"CloudWatchLogsRoleArn": "string",
"ExcludeVerboseContent": boolean,
"FieldLogLevel": "string"
},
"Name": "string",
"XrayEnabled": boolean
}
},
"AwsAthenaWorkGroup": {
"Description": "string",
"Name": "string",
"WorkgroupConfiguration": {
"ResultConfiguration": {
"EncryptionConfiguration": {
"EncryptionOption": "string",
"KmsKey": "string"
}
}
},
"State": "string"
},
"AwsAutoScalingAutoScalingGroup": {
"AvailabilityZones": [{
"Value": "string"
}],
"CreatedTime": "string",
"HealthCheckGracePeriod": integer,
"HealthCheckType": "string",
"LaunchConfigurationName": "string",
"LoadBalancerNames": ["string"],
"LaunchTemplate": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"MixedInstancesPolicy": {
"InstancesDistribution": {
"OnDemandAllocationStrategy": "string",
"OnDemandBaseCapacity": number,
"OnDemandPercentageAboveBaseCapacity": number,
"SpotAllocationStrategy": "string",
"SpotInstancePools": number,
"SpotMaxPrice": "string"
},
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"CapacityRebalance": boolean,
"Overrides": [{
"InstanceType": "string",
"WeightedCapacity": "string"
}]
}
}
},
"AwsAutoScalingLaunchConfiguration": {
"AssociatePublicIpAddress": boolean,
"BlockDeviceMappings": [{
"DeviceName": "string",
"Ebs": {
"DeleteOnTermination": boolean,
"Encrypted": boolean,
"Iops": number,
"SnapshotId": "string",
"VolumeSize": number,
"VolumeType": "string"
},
"NoDevice": boolean,
"VirtualName": "string"
}],
"ClassicLinkVpcId": "string",
"ClassicLinkVpcSecurityGroups": ["string"],
"CreatedTime": "string",
"EbsOptimized": boolean,
"IamInstanceProfile": "string"
},
"ImageId": "string",
"InstanceMonitoring": {
"Enabled": boolean
},
"InstanceType": "string",
"KernelId": "string",
"KeyName": "string",
"LaunchConfigurationName": "string",
"MetadataOptions": {
"HttpEndPoint": "string",
"HttpPutReponseHopLimit": number,
"HttpTokens": "string"
},
"PlacementTenancy": "string",
"RamdiskId": "string",
"SecurityGroups": ["string"],
"SpotPrice": "string",
"UserData": "string"
},
"AwsBackupBackupPlan": {
"BackupPlan": {
"AdvancedBackupSettings": [{
"BackupOptions": {
"WindowsVSS":"string"
},
"ResourceType":"string"
}],
"BackupPlanName": "string",
"BackupPlanRule": [{
"CompletionWindowMinutes": integer,
"CopyActions": [{
"DestinationBackupVaultArn": "string",
"Lifecycle": {
"DeleteAfterDays": integer,
"MoveToColdStorageAfterDays": integer
}
}],
"Lifecycle": {
"DeleteAfterDays": integer
},
"RuleName": "string",
"ScheduleExpression": "string",
"StartWindowMinutes": integer,
"TargetBackupVault": "string"
}]
},
"BackupPlanArn": "string",
"BackupPlanId": "string",
"VersionId": "string"
},
"AwsBackupBackupVault": {
"AccessPolicy": {
"Statement": [{
"Action": ["string"],
"Effect": "string",
"Principal": {
"AWS": "string"
},
"Resource": "string"
}],
"Version": "string"
},
"BackupVaultArn": "string",
"BackupVaultName": "string",
"EncryptionKeyArn": "string",
"Notifications": {
"BackupVaultEvents": ["string"],
"SNSTopicArn": "string"
}
},
"AwsBackupRecoveryPoint": {
"BackupSizeInBytes": integer,
"BackupVaultName": "string",
"BackupVaultArn": "string",
"CalculatedLifecycle": {
"DeleteAt": "string",
"MoveToColdStorageAt": "string"
},
"CompletionDate": "string",
"CreatedBy": {
"BackupPlanArn": "string",
"BackupPlanId": "string",
"BackupPlanVersion": "string",
"BackupRuleId": "string"
},
"CreationDate": "string",
"EncryptionKeyArn": "string",
"IamRoleArn": "string",
"IsEncrypted": boolean,
"LastRestoreTime": "string",
"Lifecycle": {
"DeleteAfterDays": integer,
"MoveToColdStorageAfterDays": integer
},
"RecoveryPointArn": "string",
"ResourceArn": "string",
"ResourceType": "string",
"SourceBackupVaultArn": "string",
"Status": "string",
"StatusMessage": "string",
"StorageClass": "string"
},
"AwsCertificateManagerCertificate": {
"CertificateAuthorityArn": "string",
"CreatedAt": "string",
"DomainName": "string",
"DomainValidationOptions": [{
"DomainName": "string",
"ResourceRecord": {
"Name": "string",
"Type": "string",
"Value": "string"
},
"ValidationDomain": "string",
"ValidationEmails": ["string"],
"ValidationMethod": "string",
"ValidationStatus": "string"
}],
"ExtendedKeyUsages": [{
"Name": "string",
"OId": "string"
}],
"FailureReason": "string",
"ImportedAt": "string",
"InUseBy": ["string"],
"IssuedAt": "string",
"Issuer": "string",
"KeyAlgorithm": "string",
"KeyUsages": [{
"Name": "string"
}],
"NotAfter": "string",
"NotBefore": "string",
"Options": {
"CertificateTransparencyLoggingPreference": "string"
},
"RenewalEligibility": "string",
"RenewalSummary": {
"DomainValidationOptions": [{
"DomainName": "string",
"ResourceRecord": {
"Name": "string",
"Type": "string",
"Value": "string"
},
"ValidationDomain": "string",
"ValidationEmails": ["string"],
"ValidationMethod": "string",
"ValidationStatus": "string"
}],
"RenewalStatus": "string",
"RenewalStatusReason": "string",
"UpdatedAt": "string"
},
"Serial": "string",
"SignatureAlgorithm": "string",
"Status": "string",
"Subject": "string",
"SubjectAlternativeNames": ["string"],
"Type": "string"
},
"AwsCloudFormationStack": {
"Capabilities": ["string"],
"CreationTime": "string",
"Description": "string",
"DisableRollback": boolean,
"DriftInformation": {
"StackDriftStatus": "string"
},
"EnableTerminationProtection": boolean,
"LastUpdatedTime": "string",
"NotificationArns": ["string"],
"Outputs": [{
"Description": "string",
"OutputKey": "string",
"OutputValue": "string"
}],
"RoleArn": "string",
"StackId": "string",
"StackName": "string",
"StackStatus": "string",
"StackStatusReason": "string",
"TimeoutInMinutes": number
},
"AwsCloudFrontDistribution": {
"CacheBehaviors": {
"Items": [{
"ViewerProtocolPolicy": "string"
}]
},
"DefaultCacheBehavior": {
"ViewerProtocolPolicy": "string"
},
"DefaultRootObject": "string",
"DomainName": "string",
"Etag": "string",
"LastModifiedTime": "string",
"Logging": {
"Bucket": "string",
"Enabled": boolean,
"IncludeCookies": boolean,
"Prefix": "string"
},
"OriginGroups": {
"Items": [{
"FailoverCriteria": {
"StatusCodes": {
"Items": [number],
"Quantity": number
}
}
}]
},
"Origins": {
"Items": [{
"CustomOriginConfig": {
"HttpPort": number,
"HttpsPort": number,
"OriginKeepaliveTimeout": number,
"OriginProtocolPolicy": "string",
"OriginReadTimeout": number,
"OriginSslProtocols": {
"Items": ["string"],
"Quantity": number
}
},
"DomainName": "string",
"Id": "string",
"OriginPath": "string",
"S3OriginConfig": {
"OriginAccessIdentity": "string"
}
}]
},
"Status": "string",
"ViewerCertificate": {
"AcmCertificateArn": "string",
"Certificate": "string",
"CertificateSource": "string",
"CloudFrontDefaultCertificate": boolean,
"IamCertificateId": "string",
"MinimumProtocolVersion": "string",
"SslSupportMethod": "string"
},
"WebAclId": "string"
},
"AwsCloudTrailTrail": {
"CloudWatchLogsLogGroupArn": "string",
"CloudWatchLogsRoleArn": "string",
"HasCustomEventSelectors": boolean,
"HomeRegion": "string",
"IncludeGlobalServiceEvents": boolean,
"IsMultiRegionTrail": boolean,
"IsOrganizationTrail": boolean,
"KmsKeyId": "string",
"LogFileValidationEnabled": boolean,
"Name": "string",
"S3BucketName": "string",
"S3KeyPrefix": "string",
"SnsTopicArn": "string",
"SnsTopicName": "string",
"TrailArn": "string"
},
"AwsCloudWatchAlarm": {
"ActionsEnabled": boolean,
"AlarmActions": ["string"],
"AlarmArn": "string",
"AlarmConfigurationUpdatedTimestamp": "string",
"AlarmDescription": "string",
"AlarmName": "string",
"ComparisonOperator": "string",
"DatapointsToAlarm": number,
"Dimensions": [{
"Name": "string",
"Value": "string"
}],
"EvaluateLowSampleCountPercentile": "string",
"EvaluationPeriods": number,
"ExtendedStatistic": "string",
"InsufficientDataActions": ["string"],
"MetricName": "string",
"Namespace": "string",
"OkActions": ["string"],
"Period": number,
"Statistic": "string",
"Threshold": number,
"ThresholdMetricId": "string",
"TreatMissingData": "string",
"Unit": "string"
},
"AwsCodeBuildProject": {
"Artifacts": [{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}],
"SecondaryArtifacts": [{
"ArtifactIdentifier": "string",
"Type": "string",
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"Packaging": "string",
"Path": "string",
"EncryptionDisabled": boolean,
"OverrideArtifactName": boolean
}],
"EncryptionKey": "string",
"Certificate": "string",
"Environment": {
"Certificate": "string",
"EnvironmentVariables": [{
"Name": "string",
"Type": "string",
"Value": "string"
}],
"ImagePullCredentialsType": "string",
"PrivilegedMode": boolean,
"RegistryCredential": {
"Credential": "string",
"CredentialProvider": "string"
},
"Type": "string"
},
"LogsConfig": {
"CloudWatchLogs": {
"GroupName": "string",
"Status": "string",
"StreamName": "string"
},
"S3Logs": {
"EncryptionDisabled": boolean,
"Location": "string",
"Status": "string"
}
},
"Name": "string",
"ServiceRole": "string",
"Source": {
"Type": "string",
"Location": "string",
"GitCloneDepth": integer
},
"VpcConfig": {
"VpcId": "string",
"Subnets": ["string"],
"SecurityGroupIds": ["string"]
}
},
"AwsDmsEndpoint": {
"CertificateArn": "string",
"DatabaseName": "string",
"EndpointArn": "string",
"EndpointIdentifier": "string",
"EndpointType": "string",
"EngineName": "string",
"KmsKeyId": "string",
"Port": integer,
"ServerName": "string",
"SslMode": "string",
"Username": "string"
},
"AwsDmsReplicationInstance": {
"AllocatedStorage": integer,
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZone": "string",
"EngineVersion": "string",
"KmsKeyId": "string",
"MultiAZ": boolean,
"PreferredMaintenanceWindow": "string",
"PubliclyAccessible": boolean,
"ReplicationInstanceClass": "string",
"ReplicationInstanceIdentifier": "string",
"ReplicationSubnetGroup": {
"ReplicationSubnetGroupIdentifier": "string"
},
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "string"
}
]
},
"AwsDmsReplicationTask": {
"CdcStartPosition": "string",
"Id": "string",
"MigrationType": "string",
"ReplicationInstanceArn": "string",
"ReplicationTaskIdentifier": "string",
"ReplicationTaskSettings": {
"string": "string"
},
"SourceEndpointArn": "string",
"TableMappings": {
"string": "string"
},
"TargetEndpointArn": "string"
},
"AwsDynamoDbTable": {
"AttributeDefinitions": [{
"AttributeName": "string",
"AttributeType": "string"
}],
"BillingModeSummary": {
"BillingMode": "string",
"LastUpdateToPayPerRequestDateTime": "string"
},
"CreationDateTime": "string",
"DeletionProtectionEnabled": boolean,
"GlobalSecondaryIndexes": [{
"Backfilling": boolean,
"IndexArn": "string",
"IndexName": "string",
"IndexSizeBytes": number,
"IndexStatus": "string",
"ItemCount": number,
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"Projection": {
"NonKeyAttributes": ["string"],
"ProjectionType": "string"
},
"ProvisionedThroughput": {
"LastDecreaseDateTime": "string",
"LastIncreaseDateTime": "string",
"NumberOfDecreasesToday": number,
"ReadCapacityUnits": number,
"WriteCapacityUnits": number
}
}],
"GlobalTableVersion": "string",
"ItemCount": number,
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"LatestStreamArn": "string",
"LatestStreamLabel": "string",
"LocalSecondaryIndexes": [{
"IndexArn": "string",
"IndexName": "string",
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"Projection": {
"NonKeyAttributes": ["string"],
"ProjectionType": "string"
}
}],
"ProvisionedThroughput": {
"LastDecreaseDateTime": "string",
"LastIncreaseDateTime": "string",
"NumberOfDecreasesToday": number,
"ReadCapacityUnits": number,
"WriteCapacityUnits": number
},
"Replicas": [{
"GlobalSecondaryIndexes": [{
"IndexName": "string",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": number
}
}],
"KmsMasterKeyId": "string",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": number
},
"RegionName": "string",
"ReplicaStatus": "string",
"ReplicaStatusDescription": "string"
}],
"RestoreSummary": {
"RestoreDateTime": "string",
"RestoreInProgress": boolean,
"SourceBackupArn": "string",
"SourceTableArn": "string"
},
"SseDescription": {
"InaccessibleEncryptionDateTime": "string",
"KmsMasterKeyArn": "string",
"SseType": "string",
"Status": "string"
},
"StreamSpecification": {
"StreamEnabled": boolean,
"StreamViewType": "string"
},
"TableId": "string",
"TableName": "string",
"TableSizeBytes": number,
"TableStatus": "string"
},
"AwsEc2ClientVpnEndpoint": {
"AuthenticationOptions": [
{
"MutualAuthentication": {
"ClientRootCertificateChainArn": "string"
},
"Type": "string"
}
],
"ClientCidrBlock": "string",
"ClientConnectOptions": {
"Enabled": boolean
},
"ClientLoginBannerOptions": {
"Enabled": boolean
},
"ClientVpnEndpointId": "string",
"ConnectionLogOptions": {
"Enabled": boolean
},
"Description": "string",
"DnsServer": ["string"],
"ServerCertificateArn": "string",
"SecurityGroupIdSet": [
"string"
],
"SelfServicePortalUrl": "string",
"SessionTimeoutHours": "integer",
"SplitTunnel": boolean,
"TransportProtocol": "string",
"VpcId": "string",
"VpnPort": integer
},
"AwsEc2Eip": {
"AllocationId": "string",
"AssociationId": "string",
"Domain": "string",
"InstanceId": "string",
"NetworkBorderGroup": "string",
"NetworkInterfaceId": "string",
"NetworkInterfaceOwnerId": "string",
"PrivateIpAddress": "string",
"PublicIp": "string",
"PublicIpv4Pool": "string"
},
"AwsEc2Instance": {
"IamInstanceProfileArn": "string",
"ImageId": "string",
"IpV4Addresses": ["string"],
"IpV6Addresses": ["string"],
"KeyName": "string",
"LaunchedAt": "string",
"MetadataOptions": {
"HttpEndpoint": "string",
"HttpProtocolIpv6": "string",
"HttpPutResponseHopLimit": number,
"HttpTokens": "string",
"InstanceMetadataTags": "string"
},
"Monitoring": {
"State": "string"
},
"NetworkInterfaces": [{
"NetworkInterfaceId": "string"
}],
"SubnetId": "string",
"Type": "string",
"VirtualizationType": "string",
"VpcId": "string"
},
"AwsEc2LaunchTemplate": {
"DefaultVersionNumber": "string",
"ElasticGpuSpecifications": ["string"],
"ElasticInferenceAccelerators": ["string"],
"Id": "string",
"ImageId": "string",
"LatestVersionNumber": "string",
"LaunchTemplateData": {
"BlockDeviceMappings": [{
"DeviceName": "string",
"Ebs": {
"DeleteonTermination": boolean,
"Encrypted": boolean,
"SnapshotId": "string",
"VolumeSize": number,
"VolumeType": "string"
}
}],
"MetadataOptions": {
"HttpTokens": "string",
"HttpPutResponseHopLimit" : number
},
"Monitoring": {
"Enabled": boolean
},
"NetworkInterfaces": [{
"AssociatePublicIpAddress" : boolean
}]
},
"LaunchTemplateName": "string",
"LicenseSpecifications": ["string"],
"SecurityGroupIds": ["string"],
"SecurityGroups": ["string"],
"TagSpecifications": ["string"]
},
"AwsEc2NetworkAcl": {
"Associations": [{
"NetworkAclAssociationId": "string",
"NetworkAclId": "string",
"SubnetId": "string"
}],
"Entries": [{
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string",
"RuleNumber": number
}],
"IsDefault": boolean,
"NetworkAclId": "string",
"OwnerId": "string",
"VpcId": "string"
},
"AwsEc2NetworkInterface": {
"Attachment": {
"AttachmentId": "string",
"AttachTime": "string",
"DeleteOnTermination": boolean,
"DeviceIndex": number,
"InstanceId": "string",
"InstanceOwnerId": "string",
"Status": "string"
},
"Ipv6Addresses": [{
"Ipv6Address": "string"
}],
"NetworkInterfaceId": "string",
"PrivateIpAddresses": [{
"PrivateDnsName": "string",
"PrivateIpAddress": "string"
}],
"PublicDnsName": "string",
"PublicIp": "string",
"SecurityGroups": [{
"GroupId": "string",
"GroupName": "string"
}],
"SourceDestCheck": boolean
},
"AwsEc2RouteTable": {
"AssociationSet": [{
"AssociationState": {
"State": "string"
},
"Main": boolean,
"RouteTableAssociationId": "string",
"RouteTableId": "string"
}],
"PropogatingVgwSet": [],
"RouteTableId": "string",
"RouteSet": [
{
"DestinationCidrBlock": "string",
"GatewayId": "string",
"Origin": "string",
"State": "string"
},
{
"DestinationCidrBlock": "string",
"GatewayId": "string",
"Origin": "string",
"State": "string"
}
],
"VpcId": "string"
},
"AwsEc2SecurityGroup": {
"GroupId": "string",
"GroupName": "string",
"IpPermissions": [{
"FromPort": number,
"IpProtocol": "string",
"IpRanges": [{
"CidrIp": "string"
}],
"Ipv6Ranges": [{
"CidrIpv6": "string"
}],
"PrefixListIds": [{
"PrefixListId": "string"
}],
"ToPort": number,
"UserIdGroupPairs": [{
"GroupId": "string",
"GroupName": "string",
"PeeringStatus": "string",
"UserId": "string",
"VpcId": "string",
"VpcPeeringConnectionId": "string"
}]
}],
"IpPermissionsEgress": [{
"FromPort": number,
"IpProtocol": "string",
"IpRanges": [{
"CidrIp": "string"
}],
"Ipv6Ranges": [{
"CidrIpv6": "string"
}],
"PrefixListIds": [{
"PrefixListId": "string"
}],
"ToPort": number,
"UserIdGroupPairs": [{
"GroupId": "string",
"GroupName": "string",
"PeeringStatus": "string",
"UserId": "string",
"VpcId": "string",
"VpcPeeringConnectionId": "string"
}]
}],
"OwnerId": "string",
"VpcId": "string"
},
"AwsEc2Subnet": {
"AssignIpv6AddressOnCreation": boolean,
"AvailabilityZone": "string",
"AvailabilityZoneId": "string",
"AvailableIpAddressCount": number,
"CidrBlock": "string",
"DefaultForAz": boolean,
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "string",
"Ipv6CidrBlock": "string",
"CidrBlockState": "string"
}],
"MapPublicIpOnLaunch": boolean,
"OwnerId": "string",
"State": "string",
"SubnetArn": "string",
"SubnetId": "string",
"VpcId": "string"
},
"AwsEc2TransitGateway": {
"AmazonSideAsn": number,
"AssociationDefaultRouteTableId": "string",
"AutoAcceptSharedAttachments": "string",
"DefaultRouteTableAssociation": "string",
"DefaultRouteTablePropagation": "string",
"Description": "string",
"DnsSupport": "string",
"Id": "string",
"MulticastSupport": "string",
"PropagationDefaultRouteTableId": "string",
"TransitGatewayCidrBlocks": ["string"],
"VpnEcmpSupport": "string"
},
"AwsEc2Volume": {
"Attachments": [{
"AttachTime": "string",
"DeleteOnTermination": boolean,
"InstanceId": "string",
"Status": "string"
}],
"CreateTime": "string",
"DeviceName": "string",
"Encrypted": boolean,
"KmsKeyId": "string",
"Size": number,
"SnapshotId": "string",
"Status": "string",
"VolumeId": "string",
"VolumeScanStatus": "string",
"VolumeType": "string"
},
"AwsEc2Vpc": {
"CidrBlockAssociationSet": [{
"AssociationId": "string",
"CidrBlock": "string",
"CidrBlockState": "string"
}],
"DhcpOptionsId": "string",
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "string",
"CidrBlockState": "string",
"Ipv6CidrBlock": "string"
}],
"State": "string"
},
"AwsEc2VpcEndpointService": {
"AcceptanceRequired": boolean,
"AvailabilityZones": ["string"],
"BaseEndpointDnsNames": ["string"],
"ManagesVpcEndpoints": boolean,
"GatewayLoadBalancerArns": ["string"],
"NetworkLoadBalancerArns": ["string"],
"PrivateDnsName": "string",
"ServiceId": "string",
"ServiceName": "string",
"ServiceState": "string",
"ServiceType": [{
"ServiceType": "string"
}]
},
"AwsEc2VpcPeeringConnection": {
"AccepterVpcInfo": {
"CidrBlock": "string",
"CidrBlockSet": [{
"CidrBlock": "string"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "string"
}],
"OwnerId": "string",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": boolean,
"AllowEgressFromLocalClassicLinkToRemoteVpc": boolean,
"AllowEgressFromLocalVpcToRemoteClassicLink": boolean
},
"Region": "string",
"VpcId": "string"
},
"ExpirationTime": "string",
"RequesterVpcInfo": {
"CidrBlock": "string",
"CidrBlockSet": [{
"CidrBlock": "string"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "string"
}],
"OwnerId": "string",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": boolean,
"AllowEgressFromLocalClassicLinkToRemoteVpc": boolean,
"AllowEgressFromLocalVpcToRemoteClassicLink": boolean
},
"Region": "string",
"VpcId": "string"
},
"Status": {
"Code": "string",
"Message": "string"
},
"VpcPeeringConnectionId": "string"
},
"AwsEcrContainerImage": {
"Architecture": "string",
"ImageDigest": "string",
"ImagePublishedAt": "string",
"ImageTags": ["string"],
"RegistryId": "string",
"RepositoryName": "string"
},
"AwsEcrRepository": {
"Arn": "string",
"ImageScanningConfiguration": {
"ScanOnPush": boolean
},
"ImageTagMutability": "string",
"LifecyclePolicy": {
"LifecyclePolicyText": "string",
"RegistryId": "string"
},
"RepositoryName": "string",
"RepositoryPolicyText": "string"
},
"AwsEcsCluster": {
"ActiveServicesCount": number,
"CapacityProviders": ["string"],
"ClusterArn": "string",
"ClusterName": "string",
"ClusterSettings": [{
"Name": "string",
"Value": "string"
}],
"Configuration": {
"ExecuteCommandConfiguration": {
"KmsKeyId": "string",
"LogConfiguration": {
"CloudWatchEncryptionEnabled": boolean,
"CloudWatchLogGroupName": "string",
"S3BucketName": "string",
"S3EncryptionEnabled": boolean,
"S3KeyPrefix": "string"
},
"Logging": "string"
}
},
"DefaultCapacityProviderStrategy": [{
"Base": number,
"CapacityProvider": "string",
"Weight": number
}],
"RegisteredContainerInstancesCount": number,
"RunningTasksCount": number,
"Status": "string"
},
"AwsEcsContainer": {
"Image": "string",
"MountPoints": [{
"ContainerPath": "string",
"SourceVolume": "string"
}],
"Name": "string",
"Privileged": boolean
},
"AwsEcsService": {
"CapacityProviderStrategy": [{
"Base": number,
"CapacityProvider": "string",
"Weight": number
}],
"Cluster": "string",
"DeploymentConfiguration": {
"DeploymentCircuitBreaker": {
"Enable": boolean,
"Rollback": boolean
},
"MaximumPercent": number,
"MinimumHealthyPercent": number
},
"DeploymentController": {
"Type": "string"
},
"DesiredCount": number,
"EnableEcsManagedTags": boolean,
"EnableExecuteCommand": boolean,
"HealthCheckGracePeriodSeconds": number,
"LaunchType": "string",
"LoadBalancers": [{
"ContainerName": "string",
"ContainerPort": number,
"LoadBalancerName": "string",
"TargetGroupArn": "string"
}],
"Name": "string",
"NetworkConfiguration": {
"AwsVpcConfiguration": {
"AssignPublicIp": "string",
"SecurityGroups": ["string"],
"Subnets": ["string"]
}
},
"PlacementConstraints": [{
"Expression": "string",
"Type": "string"
}],
"PlacementStrategies": [{
"Field": "string",
"Type": "string"
}],
"PlatformVersion": "string",
"PropagateTags": "string",
"Role": "string",
"SchedulingStrategy": "string",
"ServiceArn": "string",
"ServiceName": "string",
"ServiceRegistries": [{
"ContainerName": "string",
"ContainerPort": number,
"Port": number,
"RegistryArn": "string"
}],
"TaskDefinition": "string"
},
"AwsEcsTask": {
"CreatedAt": "string",
"ClusterArn": "string",
"Group": "string",
"StartedAt": "string",
"StartedBy": "string",
"TaskDefinitionArn": "string",
"Version": number,
"Volumes": [{
"Name": "string",
"Host": {
"SourcePath": "string"
}
}],
"Containers": [{
"Image": "string",
"MountPoints": [{
"ContainerPath": "string",
"SourceVolume": "string"
}],
"Name": "string",
"Privileged": boolean
}]
},
"AwsEcsTaskDefinition": {
"ContainerDefinitions": [{
"Command": ["string"],
"Cpu": number,
"DependsOn": [{
"Condition": "string",
"ContainerName": "string"
}],
"DisableNetworking": boolean,
"DnsSearchDomains": ["string"],
"DnsServers": ["string"],
"DockerLabels": {
"string": "string"
},
"DockerSecurityOptions": ["string"],
"EntryPoint": ["string"],
"Environment": [{
"Name": "string",
"Value": "string"
}],
"EnvironmentFiles": [{
"Type": "string",
"Value": "string"
}],
"Essential": boolean,
"ExtraHosts": [{
"Hostname": "string",
"IpAddress": "string"
}],
"FirelensConfiguration": {
"Options": {
"string": "string"
},
"Type": "string"
},
"HealthCheck": {
"Command": ["string"],
"Interval": number,
"Retries": number,
"StartPeriod": number,
"Timeout": number
},
"Hostname": "string",
"Image": "string",
"Interactive": boolean,
"Links": ["string"],
"LinuxParameters": {
"Capabilities": {
"Add": ["string"],
"Drop": ["string"]
},
"Devices": [{
"ContainerPath": "string",
"HostPath": "string",
"Permissions": ["string"]
}],
"InitProcessEnabled": boolean,
"MaxSwap": number,
"SharedMemorySize": number,
"Swappiness": number,
"Tmpfs": [{
"ContainerPath": "string",
"MountOptions": ["string"],
"Size": number
}]
},
"LogConfiguration": {
"LogDriver": "string",
"Options": {
"string": "string"
},
"SecretOptions": [{
"Name": "string",
"ValueFrom": "string"
}]
},
"Memory": number,
"MemoryReservation": number,
"MountPoints": [{
"ContainerPath": "string",
"ReadOnly": boolean,
"SourceVolume": "string"
}],
"Name": "string",
"PortMappings": [{
"ContainerPort": number,
"HostPort": number,
"Protocol": "string"
}],
"Privileged": boolean,
"PseudoTerminal": boolean,
"ReadonlyRootFilesystem": boolean,
"RepositoryCredentials": {
"CredentialsParameter": "string"
},
"ResourceRequirements": [{
"Type": "string",
"Value": "string"
}],
"Secrets": [{
"Name": "string",
"ValueFrom": "string"
}],
"StartTimeout": number,
"StopTimeout": number,
"SystemControls": [{
"Namespace": "string",
"Value": "string"
}],
"Ulimits": [{
"HardLimit": number,
"Name": "string",
"SoftLimit": number
}],
"User": "string",
"VolumesFrom": [{
"ReadOnly": boolean,
"SourceContainer": "string"
}],
"WorkingDirectory": "string"
}],
"Cpu": "string",
"ExecutionRoleArn": "string",
"Family": "string",
"InferenceAccelerators": [{
"DeviceName": "string",
"DeviceType": "string"
}],
"IpcMode": "string",
"Memory": "string",
"NetworkMode": "string",
"PidMode": "string",
"PlacementConstraints": [{
"Expression": "string",
"Type": "string"
}],
"ProxyConfiguration": {
"ContainerName": "string",
"ProxyConfigurationProperties": [{
"Name": "string",
"Value": "string"
}],
"Type": "string"
},
"RequiresCompatibilities": ["string"],
"Status": "string",
"TaskRoleArn": "string",
"Volumes": [{
"DockerVolumeConfiguration": {
"Autoprovision": boolean,
"Driver": "string",
"DriverOpts": {
"string": "string"
},
"Labels": {
"string": "string"
},
"Scope": "string"
},
"EfsVolumeConfiguration": {
"AuthorizationConfig": {
"AccessPointId": "string",
"Iam": "string"
},
"FilesystemId": "string",
"RootDirectory": "string",
"TransitEncryption": "string",
"TransitEncryptionPort": number
},
"Host": {
"SourcePath": "string"
},
"Name": "string"
}]
},
"AwsEfsAccessPoint": {
"AccessPointId": "string",
"Arn": "string",
"ClientToken": "string",
"FileSystemId": "string",
"PosixUser": {
"Gid": "string",
"SecondaryGids": ["string"],
"Uid": "string"
},
"RootDirectory": {
"CreationInfo": {
"OwnerGid": "string",
"OwnerUid": "string",
"Permissions": "string"
},
"Path": "string"
}
},
"AwsEksCluster": {
"Arn": "string",
"CertificateAuthorityData": "string",
"ClusterStatus": "string",
"Endpoint": "string",
"Logging": {
"ClusterLogging": [{
"Enabled": boolean,
"Types": ["string"]
}]
},
"Name": "string",
"ResourcesVpcConfig": {
"EndpointPublicAccess": boolean,
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
},
"RoleArn": "string",
"Version": "string"
},
"AwsElasticBeanstalkEnvironment": {
"ApplicationName": "string",
"Cname": "string",
"DateCreated": "string",
"DateUpdated": "string",
"Description": "string",
"EndpointUrl": "string",
"EnvironmentArn": "string",
"EnvironmentId": "string",
"EnvironmentLinks": [{
"EnvironmentName": "string",
"LinkName": "string"
}],
"EnvironmentName": "string",
"OptionSettings": [{
"Namespace": "string",
"OptionName": "string",
"ResourceName": "string",
"Value": "string"
}],
"PlatformArn": "string",
"SolutionStackName": "string",
"Status": "string",
"Tier": {
"Name": "string",
"Type": "string",
"Version": "string"
},
"VersionLabel": "string"
},
"AwsElasticSearchDomain": {
"AccessPolicies": "string",
"DomainStatus": {
"DomainId": "string",
"DomainName": "string",
"Endpoint": "string",
"Endpoints": {
"string": "string"
}
},
"DomainEndpointOptions": {
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"ElasticsearchClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"ElasticsearchVersion": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VPCOptions": {
"AvailabilityZones": [
"string"
],
"SecurityGroupIds": [
"string"
],
"SubnetIds": [
"string"
],
"VPCId": "string"
}
},
"AwsElbLoadBalancer": {
"AvailabilityZones": ["string"],
"BackendServerDescriptions": [{
"InstancePort": number,
"PolicyNames": ["string"]
}],
"CanonicalHostedZoneName": "string",
"CanonicalHostedZoneNameID": "string",
"CreatedTime": "string",
"DnsName": "string",
"HealthCheck": {
"HealthyThreshold": number,
"Interval": number,
"Target": "string",
"Timeout": number,
"UnhealthyThreshold": number
},
"Instances": [{
"InstanceId": "string"
}],
"ListenerDescriptions": [{
"Listener": {
"InstancePort": number,
"InstanceProtocol": "string",
"LoadBalancerPort": number,
"Protocol": "string",
"SslCertificateId": "string"
},
"PolicyNames": ["string"]
}],
"LoadBalancerAttributes": {
"AccessLog": {
"EmitInterval": number,
"Enabled": boolean,
"S3BucketName": "string",
"S3BucketPrefix": "string"
},
"ConnectionDraining": {
"Enabled": boolean,
"Timeout": number
},
"ConnectionSettings": {
"IdleTimeout": number
},
"CrossZoneLoadBalancing": {
"Enabled": boolean
},
"AdditionalAttributes": [{
"Key": "string",
"Value": "string"
}]
},
"LoadBalancerName": "string",
"Policies": {
"AppCookieStickinessPolicies": [{
"CookieName": "string",
"PolicyName": "string"
}],
"LbCookieStickinessPolicies": [{
"CookieExpirationPeriod": number,
"PolicyName": "string"
}],
"OtherPolicies": ["string"]
},
"Scheme": "string",
"SecurityGroups": ["string"],
"SourceSecurityGroup": {
"GroupName": "string",
"OwnerAlias": "string"
},
"Subnets": ["string"],
"VpcId": "string"
},
"AwsElbv2LoadBalancer": {
"AvailabilityZones": {
"SubnetId": "string",
"ZoneName": "string"
},
"CanonicalHostedZoneId": "string",
"CreatedTime": "string",
"DNSName": "string",
"IpAddressType": "string",
"LoadBalancerAttributes": [{
"Key": "string",
"Value": "string"
}],
"Scheme": "string",
"SecurityGroups": ["string"],
"State": {
"Code": "string",
"Reason": "string"
},
"Type": "string",
"VpcId": "string"
},
"AwsEventSchemasRegistry": {
"Description": "string",
"RegistryArn": "string",
"RegistryName": "string"
},
"AwsEventsEndpoint": {
"Arn": "string",
"Description": "string",
"EndpointId": "string",
"EndpointUrl": "string",
"EventBuses": [
{
"EventBusArn": "string"
},
{
"EventBusArn": "string"
}
],
"Name": "string",
"ReplicationConfig": {
"State": "string"
},
"RoleArn": "string",
"RoutingConfig": {
"FailoverConfig": {
"Primary": {
"HealthCheck": "string"
},
"Secondary": {
"Route": "string"
}
}
},
"State": "string"
},
"AwsEventsEventBus": {
"Arn": "string",
"Name": "string",
"Policy": "string"
},
"AwsGuardDutyDetector": {
"FindingPublishingFrequency": "string",
"ServiceRole": "string",
"Status": "string",
"DataSources": {
"CloudTrail": {
"Status": "string"
},
"DnsLogs": {
"Status": "string"
},
"FlowLogs": {
"Status": "string"
},
"S3Logs": {
"Status": "string"
},
"Kubernetes": {
"AuditLogs": {
"Status": "string"
}
},
"MalwareProtection": {
"ScanEc2InstanceWithFindings": {
"EbsVolumes": {
"Status": "string"
}
},
"ServiceRole": "string"
}
}
},
"AwsIamAccessKey": {
"AccessKeyId": "string",
"AccountId": "string",
"CreatedAt": "string",
"PrincipalId": "string",
"PrincipalName": "string",
"PrincipalType": "string",
"SessionContext": {
"Attributes": {
"CreationDate": "string",
"MfaAuthenticated": boolean
},
"SessionIssuer": {
"AccountId": "string",
"Arn": "string",
"PrincipalId": "string",
"Type": "string",
"UserName": "string"
}
},
"Status": "string"
},
"AwsIamGroup": {
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"GroupId": "string",
"GroupName": "string",
"GroupPolicyList": [{
"PolicyName": "string"
}],
"Path": "string"
},
"AwsIamPolicy": {
"AttachmentCount": number,
"CreateDate": "string",
"DefaultVersionId": "string",
"Description": "string",
"IsAttachable": boolean,
"Path": "string",
"PermissionsBoundaryUsageCount": number,
"PolicyId": "string",
"PolicyName": "string",
"PolicyVersionList": [{
"CreateDate": "string",
"IsDefaultVersion": boolean,
"VersionId": "string"
}],
"UpdateDate": "string"
},
"AwsIamRole": {
"AssumeRolePolicyDocument": "string",
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"InstanceProfileList": [{
"Arn": "string",
"CreateDate": "string",
"InstanceProfileId": "string",
"InstanceProfileName": "string",
"Path": "string",
"Roles": [{
"Arn": "string",
"AssumeRolePolicyDocument": "string",
"CreateDate": "string",
"Path": "string",
"RoleId": "string",
"RoleName": "string"
}]
}],
"MaxSessionDuration": number,
"Path": "string",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "string",
"PermissionsBoundaryType": "string"
},
"RoleId": "string",
"RoleName": "string",
"RolePolicyList": [{
"PolicyName": "string"
}]
},
"AwsIamUser": {
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"GroupList": ["string"],
"Path": "string",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "string",
"PermissionsBoundaryType": "string"
},
"UserId": "string",
"UserName": "string",
"UserPolicyList": [{
"PolicyName": "string"
}]
},
"AwsKinesisStream": {
"Arn": "string",
"Name": "string",
"RetentionPeriodHours": number,
"ShardCount": number,
"StreamEncryption": {
"EncryptionType": "string",
"KeyId": "string"
}
},
"AwsKmsKey": {
"AWSAccountId": "string",
"CreationDate": "string",
"Description": "string",
"KeyId": "string",
"KeyManager": "string",
"KeyRotationStatus": boolean,
"KeyState": "string",
"Origin": "string"
},
"AwsLambdaFunction": {
"Architectures": [
"string"
],
"Code": {
"S3Bucket": "string",
"S3Key": "string",
"S3ObjectVersion": "string",
"ZipFile": "string"
},
"CodeSha256": "string",
"DeadLetterConfig": {
"TargetArn": "string"
},
"Environment": {
"Variables": {
"Stage": "string"
},
"Error": {
"ErrorCode": "string",
"Message": "string"
}
},
"FunctionName": "string",
"Handler": "string",
"KmsKeyArn": "string",
"LastModified": "string",
"Layers": {
"Arn": "string",
"CodeSize": number
},
"PackageType": "string",
"RevisionId": "string",
"Role": "string",
"Runtime": "string",
"Timeout": integer,
"TracingConfig": {
"Mode": "string"
},
"Version": "string",
"VpcConfig": {
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
},
"MasterArn": "string",
"MemorySize": number
},
"AwsLambdaLayerVersion": {
"CompatibleRuntimes": [
"string"
],
"CreatedDate": "string",
"Version": number
},
"AwsMskCluster": {
"ClusterInfo": {
"ClientAuthentication": {
"Sasl": {
"Scram": {
"Enabled": boolean
},
"Iam": {
"Enabled": boolean
}
},
"Tls": {
"CertificateAuthorityArnList": [],
"Enabled": boolean
},
"Unauthenticated": {
"Enabled": boolean
}
},
"ClusterName": "string",
"CurrentVersion": "string",
"EncryptionInfo": {
"EncryptionAtRest": {
"DataVolumeKMSKeyId": "string"
},
"EncryptionInTransit": {
"ClientBroker": "string",
"InCluster": boolean
}
},
"EnhancedMonitoring": "string",
"NumberOfBrokerNodes": integer
}
},
"AwsNetworkFirewallFirewall": {
"DeleteProtection": boolean,
"Description": "string",
"FirewallArn": "string",
"FirewallId": "string",
"FirewallName": "string",
"FirewallPolicyArn": "string",
"FirewallPolicyChangeProtection": boolean,
"SubnetChangeProtection": boolean,
"SubnetMappings": [{
"SubnetId": "string"
}],
"VpcId": "string"
},
"AwsNetworkFirewallFirewallPolicy": {
"Description": "string",
"FirewallPolicy": {
"StatefulRuleGroupReferences": [{
"ResourceArn": "string"
}],
"StatelessCustomActions": [{
"ActionDefinition": {
"PublishMetricAction": {
"Dimensions": [{
"Value": "string"
}]
}
},
"ActionName": "string"
}],
"StatelessDefaultActions": ["string"],
"StatelessFragmentDefaultActions": ["string"],
"StatelessRuleGroupReferences": [{
"Priority": number,
"ResourceArn": "string"
}]
},
"FirewallPolicyArn": "string",
"FirewallPolicyId": "string",
"FirewallPolicyName": "string"
},
"AwsNetworkFirewallRuleGroup": {
"Capacity": number,
"Description": "string",
"RuleGroup": {
"RulesSource": {
"RulesSourceList": {
"GeneratedRulesType": "string",
"Targets": ["string"],
"TargetTypes": ["string"]
},
"RulesString": "string",
"StatefulRules": [{
"Action": "string",
"Header": {
"Destination": "string",
"DestinationPort": "string",
"Direction": "string",
"Protocol": "string",
"Source": "string",
"SourcePort": "string"
},
"RuleOptions": [{
"Keyword": "string",
"Settings": ["string"]
}]
}],
"StatelessRulesAndCustomActions": {
"CustomActions": [{
"ActionDefinition": {
"PublishMetricAction": {
"Dimensions": [{
"Value": "string"
}]
}
},
"ActionName": "string"
}],
"StatelessRules": [{
"Priority": number,
"RuleDefinition": {
"Actions": ["string"],
"MatchAttributes": {
"DestinationPorts": [{
"FromPort": number,
"ToPort": number
}],
"Destinations": [{
"AddressDefinition": "string"
}],
"Protocols": [number],
"SourcePorts": [{
"FromPort": number,
"ToPort": number
}],
"Sources": [{
"AddressDefinition": "string"
}],
"TcpFlags": [{
"Flags": ["string"],
"Masks": ["string"]
}]
}
}
}]
}
},
"RuleVariables": {
"IpSets": {
"Definition": ["string"]
},
"PortSets": {
"Definition": ["string"]
}
}
},
"RuleGroupArn": "string",
"RuleGroupId": "string",
"RuleGroupName": "string",
"Type": "string"
},
"AwsOpenSearchServiceDomain": {
"AccessPolicies": "string",
"AdvancedSecurityOptions": {
"Enabled": boolean,
"InternalUserDatabaseEnabled": boolean,
"MasterUserOptions": {
"MasterUserArn": "string",
"MasterUserName": "string",
"MasterUserPassword": "string"
}
},
"Arn": "string",
"ClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"WarmCount": number,
"WarmEnabled": boolean,
"WarmType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"DomainEndpoint": "string",
"DomainEndpointOptions": {
"CustomEndpoint": "string",
"CustomEndpointCertificateArn": "string",
"CustomEndpointEnabled": boolean,
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"DomainEndpoints": {
"string": "string"
},
"DomainName": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"EngineVersion": "string",
"Id": "string",
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"OptionalDeployment": boolean,
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VpcOptions": {
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
}
},
"AwsRdsDbCluster": {
"ActivityStreamStatus": "string",
"AllocatedStorage": number,
"AssociatedRoles": [{
"RoleArn": "string",
"Status": "string"
}],
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZones": ["string"],
"BackupRetentionPeriod": integer,
"ClusterCreateTime": "string",
"CopyTagsToSnapshot": boolean,
"CrossAccountClone": boolean,
"CustomEndpoints": ["string"],
"DatabaseName": "string",
"DbClusterIdentifier": "string",
"DbClusterMembers": [{
"DbClusterParameterGroupStatus": "string",
"DbInstanceIdentifier": "string",
"IsClusterWriter": boolean,
"PromotionTier": integer
}],
"DbClusterOptionGroupMemberships": [{
"DbClusterOptionGroupName": "string",
"Status": "string"
}],
"DbClusterParameterGroup": "string",
"DbClusterResourceId": "string",
"DbSubnetGroup": "string",
"DeletionProtection": boolean,
"DomainMemberships": [{
"Domain": "string",
"Fqdn": "string",
"IamRoleName": "string",
"Status": "string"
}],
"EnabledCloudwatchLogsExports": ["string"],
"Endpoint": "string",
"Engine": "string",
"EngineMode": "string",
"EngineVersion": "string",
"HostedZoneId": "string",
"HttpEndpointEnabled": boolean,
"IamDatabaseAuthenticationEnabled": boolean,
"KmsKeyId": "string",
"MasterUsername": "string",
"MultiAz": boolean,
"Port": integer,
"PreferredBackupWindow": "string",
"PreferredMaintenanceWindow": "string",
"ReaderEndpoint": "string",
"ReadReplicaIdentifiers": ["string"],
"Status": "string",
"StorageEncrypted": boolean,
"VpcSecurityGroups": [{
"Status": "string",
"VpcSecurityGroupId": "string"
}]
},
"AwsRdsDbClusterSnapshot": {
"AllocatedStorage": integer,
"AvailabilityZones": ["string"],
"ClusterCreateTime": "string",
"DbClusterIdentifier": "string",
"DbClusterSnapshotAttributes": [{
"AttributeName": "string",
"AttributeValues": ["string"]
}],
"DbClusterSnapshotIdentifier": "string",
"Engine": "string",
"EngineVersion": "string",
"IamDatabaseAuthenticationEnabled": boolean,
"KmsKeyId": "string",
"LicenseModel": "string",
"MasterUsername": "string",
"PercentProgress": integer,
"Port": integer,
"SnapshotCreateTime": "string",
"SnapshotType": "string",
"Status": "string",
"StorageEncrypted": boolean,
"VpcId": "string"
},
"AwsRdsDbInstance": {
"AllocatedStorage": number,
"AssociatedRoles": [{
"RoleArn": "string",
"FeatureName": "string",
"Status": "string"
}],
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZone": "string",
"BackupRetentionPeriod": number,
"CACertificateIdentifier": "string",
"CharacterSetName": "string",
"CopyTagsToSnapshot": boolean,
"DBClusterIdentifier": "string",
"DBInstanceClass": "string",
"DBInstanceIdentifier": "string",
"DbInstancePort": number,
"DbInstanceStatus": "string",
"DbiResourceId": "string",
"DBName": "string",
"DbParameterGroups": [{
"DbParameterGroupName": "string",
"ParameterApplyStatus": "string"
}],
"DbSecurityGroups": ["string"],
"DbSubnetGroup": {
"DbSubnetGroupArn": "string",
"DbSubnetGroupDescription": "string",
"DbSubnetGroupName": "string",
"SubnetGroupStatus": "string",
"Subnets": [{
"SubnetAvailabilityZone": {
"Name": "string"
},
"SubnetIdentifier": "string",
"SubnetStatus": "string"
}],
"VpcId": "string"
},
"DeletionProtection": boolean,
"Endpoint": {
"Address": "string",
"Port": number,
"HostedZoneId": "string"
},
"DomainMemberships": [{
"Domain": "string",
"Fqdn": "string",
"IamRoleName": "string",
"Status": "string"
}],
"EnabledCloudwatchLogsExports": ["string"],
"Engine": "string",
"EngineVersion": "string",
"EnhancedMonitoringResourceArn": "string",
"IAMDatabaseAuthenticationEnabled": boolean,
"InstanceCreateTime": "string",
"Iops": number,
"KmsKeyId": "string",
"LatestRestorableTime": "string",
"LicenseModel": "string",
"ListenerEndpoint": {
"Address": "string",
"HostedZoneId": "string",
"Port": number
},
"MasterUsername": "admin",
"MaxAllocatedStorage": number,
"MonitoringInterval": number,
"MonitoringRoleArn": "string",
"MultiAz": boolean,
"OptionGroupMemberships": [{
"OptionGroupName": "string",
"Status": "string"
}],
"PendingModifiedValues": {
"AllocatedStorage": number,
"BackupRetentionPeriod": number,
"CaCertificateIdentifier": "string",
"DbInstanceClass": "string",
"DbInstanceIdentifier": "string",
"DbSubnetGroupName": "string",
"EngineVersion": "string",
"Iops": number,
"LicenseModel": "string",
"MasterUserPassword": "string",
"MultiAZ": boolean,
"PendingCloudWatchLogsExports": {
"LogTypesToDisable": ["string"],
"LogTypesToEnable": ["string"]
},
"Port": number,
"ProcessorFeatures": [{
"Name": "string",
"Value": "string"
}],
"StorageType": "string"
},
"PerformanceInsightsEnabled": boolean,
"PerformanceInsightsKmsKeyId": "string",
"PerformanceInsightsRetentionPeriod": number,
"PreferredBackupWindow": "string",
"PreferredMaintenanceWindow": "string",
"ProcessorFeatures": [{
"Name": "string",
"Value": "string"
}],
"PromotionTier": number,
"PubliclyAccessible": boolean,
"ReadReplicaDBClusterIdentifiers": ["string"],
"ReadReplicaDBInstanceIdentifiers": ["string"],
"ReadReplicaSourceDBInstanceIdentifier": "string",
"SecondaryAvailabilityZone": "string",
"StatusInfos": [{
"Message": "string",
"Normal": boolean,
"Status": "string",
"StatusType": "string"
}],
"StorageEncrypted": boolean,
"TdeCredentialArn": "string",
"Timezone": "string",
"VpcSecurityGroups": [{
"VpcSecurityGroupId": "string",
"Status": "string"
}]
},
"AwsRdsDbSecurityGroup": {
"DbSecurityGroupArn": "string",
"DbSecurityGroupDescription": "string",
"DbSecurityGroupName": "string",
"Ec2SecurityGroups": [{
"Ec2SecurityGroupuId": "string",
"Ec2SecurityGroupName": "string",
"Ec2SecurityGroupOwnerId": "string",
"Status": "string"
}],
"IpRanges": [{
"CidrIp": "string",
"Status": "string"
}],
"OwnerId": "string",
"VpcId": "string"
},
"AwsRdsDbSnapshot": {
"AllocatedStorage": integer,
"AvailabilityZone": "string",
"DbInstanceIdentifier": "string",
"DbiResourceId": "string",
"DbSnapshotIdentifier": "string",
"Encrypted": boolean,
"Engine": "string",
"EngineVersion": "string",
"IamDatabaseAuthenticationEnabled": boolean,
"InstanceCreateTime": "string",
"Iops": number,
"KmsKeyId": "string",
"LicenseModel": "string",
"MasterUsername": "string",
"OptionGroupName": "string",
"PercentProgress": integer,
"Port": integer,
"ProcessorFeatures": [],
"SnapshotCreateTime": "string",
"SnapshotType": "string",
"SourceDbSnapshotIdentifier": "string",
"SourceRegion": "string",
"Status": "string",
"StorageType": "string",
"TdeCredentialArn": "string",
"Timezone": "string",
"VpcId": "string"
},
"AwsRdsEventSubscription": {
"CustomerAwsId": "string",
"CustSubscriptionId": "string",
"Enabled": boolean,
"EventCategoriesList": ["string"],
"EventSubscriptionArn": "string",
"SnsTopicArn": "string",
"SourceIdsList": ["string"],
"SourceType": "string",
"Status": "string",
"SubscriptionCreationTime": "string"
},
"AwsRedshiftCluster": {
"AllowVersionUpgrade": boolean,
"AutomatedSnapshotRetentionPeriod": number,
"AvailabilityZone": "string",
"ClusterAvailabilityStatus": "string",
"ClusterCreateTime": "string",
"ClusterIdentifier": "string",
"ClusterNodes": [{
"NodeRole": "string",
"PrivateIPAddress": "string",
"PublicIPAddress": "string"
}],
"ClusterParameterGroups": [{
"ClusterParameterStatusList": [{
"ParameterApplyErrorDescription": "string",
"ParameterApplyStatus": "string",
"ParameterName": "string"
}],
"ParameterApplyStatus": "string",
"ParameterGroupName": "string"
}],
"ClusterPublicKey": "string",
"ClusterRevisionNumber": "string",
"ClusterSecurityGroups": [{
"ClusterSecurityGroupName": "string",
"Status": "string"
}],
"ClusterSnapshotCopyStatus": {
"DestinationRegion": "string",
"ManualSnapshotRetentionPeriod": number,
"RetentionPeriod": number,
"SnapshotCopyGrantName": "string"
},
"ClusterStatus": "string",
"ClusterSubnetGroupName": "string",
"ClusterVersion": "string",
"DBName": "string",
"DeferredMaintenanceWindows": [{
"DeferMaintenanceEndTime": "string",
"DeferMaintenanceIdentifier": "string",
"DeferMaintenanceStartTime": "string"
}],
"ElasticIpStatus": {
"ElasticIp": "string",
"Status": "string"
},
"ElasticResizeNumberOfNodeOptions": "string",
"Encrypted": boolean,
"Endpoint": {
"Address": "string",
"Port": number
},
"EnhancedVpcRouting": boolean,
"ExpectedNextSnapshotScheduleTime": "string",
"ExpectedNextSnapshotScheduleTimeStatus": "string",
"HsmStatus": {
"HsmClientCertificateIdentifier": "string",
"HsmConfigurationIdentifier": "string",
"Status": "string"
},
"IamRoles": [{
"ApplyStatus": "string",
"IamRoleArn": "string"
}],
"KmsKeyId": "string",
"LoggingStatus":{
"BucketName": "string",
"LastFailureMessage": "string",
"LastFailureTime": "string",
"LastSuccessfulDeliveryTime": "string",
"LoggingEnabled": boolean,
"S3KeyPrefix": "string"
},
"MaintenanceTrackName": "string",
"ManualSnapshotRetentionPeriod": number,
"MasterUsername": "string",
"NextMaintenanceWindowStartTime": "string",
"NodeType": "string",
"NumberOfNodes": number,
"PendingActions": ["string"],
"PendingModifiedValues": {
"AutomatedSnapshotRetentionPeriod": number,
"ClusterIdentifier": "string",
"ClusterType": "string",
"ClusterVersion": "string",
"EncryptionType": "string",
"EnhancedVpcRouting": boolean,
"MaintenanceTrackName": "string",
"MasterUserPassword": "string",
"NodeType": "string",
"NumberOfNodes": number,
"PubliclyAccessible": "string"
},
"PreferredMaintenanceWindow": "string",
"PubliclyAccessible": boolean,
"ResizeInfo": {
"AllowCancelResize": boolean,
"ResizeType": "string"
},
"RestoreStatus": {
"CurrentRestoreRateInMegaBytesPerSecond": number,
"ElapsedTimeInSeconds": number,
"EstimatedTimeToCompletionInSeconds": number,
"ProgressInMegaBytes": number,
"SnapshotSizeInMegaBytes": number,
"Status": "string"
},
"SnapshotScheduleIdentifier": "string",
"SnapshotScheduleState": "string",
"VpcId": "string",
"VpcSecurityGroups": [{
"Status": "string",
"VpcSecurityGroupId": "string"
}]
},
"AwsRoute53HostedZone": {
"HostedZone": {
"Id": "string",
"Name": "string",
"Config": {
"Comment": "string"
}
},
"NameServers": ["string"],
"QueryLoggingConfig": {
"CloudWatchLogsLogGroupArn": {
"CloudWatchLogsLogGroupArn": "string",
"Id": "string",
"HostedZoneId": "string"
}
},
"Vpcs": [
{
"Id": "string",
"Region": "string"
}
]
},
"AwsS3AccessPoint": {
"AccessPointArn": "string",
"Alias": "string",
"Bucket": "string",
"BucketAccountId": "string",
"Name": "string",
"NetworkOrigin": "string",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"VpcConfiguration": {
"VpcId": "string"
}
},
"AwsS3AccountPublicAccessBlock": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"AwsS3Bucket": {
"AccessControlList": "string",
"BucketLifecycleConfiguration": {
"Rules": [{
"AbortIncompleteMultipartUpload": {
"DaysAfterInitiation": number
},
"ExpirationDate": "string",
"ExpirationInDays": number,
"ExpiredObjectDeleteMarker": boolean,
"Filter": {
"Predicate": {
"Operands": [{
"Prefix": "string",
"Type": "string"
},
{
"Tag": {
"Key": "string",
"Value": "string"
},
"Type": "string"
}
],
"Type": "string"
}
},
"Id": "string",
"NoncurrentVersionExpirationInDays": number,
"NoncurrentVersionTransitions": [{
"Days": number,
"StorageClass": "string"
}],
"Prefix": "string",
"Status": "string",
"Transitions": [{
"Date": "string",
"Days": number,
"StorageClass": "string"
}]
}]
},
"BucketLoggingConfiguration": {
"DestinationBucketName": "string",
"LogFilePrefix": "string"
},
"BucketName": "string",
"BucketNotificationConfiguration": {
"Configurations": [{
"Destination": "string",
"Events": ["string"],
"Filter": {
"S3KeyFilter": {
"FilterRules": [{
"Name": "string",
"Value": "string"
}]
}
},
"Type": "string"
}]
},
"BucketVersioningConfiguration": {
"IsMfaDeleteEnabled": boolean,
"Status": "string"
},
"BucketWebsiteConfiguration": {
"ErrorDocument": "string",
"IndexDocumentSuffix": "string",
"RedirectAllRequestsTo": {
"HostName": "string",
"Protocol": "string"
},
"RoutingRules": [{
"Condition": {
"HttpErrorCodeReturnedEquals": "string",
"KeyPrefixEquals": "string"
},
"Redirect": {
"HostName": "string",
"HttpRedirectCode": "string",
"Protocol": "string",
"ReplaceKeyPrefixWith": "string",
"ReplaceKeyWith": "string"
}
}]
},
"CreatedAt": "string",
"ObjectLockConfiguration": {
"ObjectLockEnabled": "string",
"Rule": {
"DefaultRetention": {
"Days": integer,
"Mode": "string",
"Years": integer
}
}
},
"OwnerAccountId": "string",
"OwnerId": "string",
"OwnerName": "string",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"ServerSideEncryptionConfiguration": {
"Rules": [{
"ApplyServerSideEncryptionByDefault": {
"KMSMasterKeyID": "string",
"SSEAlgorithm": "string"
}
}]
}
},
"AwsS3Object": {
"ContentType": "string",
"ETag": "string",
"LastModified": "string",
"ServerSideEncryption": "string",
"SSEKMSKeyId": "string",
"VersionId": "string"
},
"AwsSagemakerNotebookInstance": {
"DirectInternetAccess": "string",
"InstanceMetadataServiceConfiguration": {
"MinimumInstanceMetadataServiceVersion": "string"
},
"InstanceType": "string",
"LastModifiedTime": "string",
"NetworkInterfaceId": "string",
"NotebookInstanceArn": "string",
"NotebookInstanceName": "string",
"NotebookInstanceStatus": "string",
"PlatformIdentifier": "string",
"RoleArn": "string",
"RootAccess": "string",
"SecurityGroups": ["string"],
"SubnetId": "string",
"Url": "string",
"VolumeSizeInGB": number
},
"AwsSecretsManagerSecret": {
"Deleted": boolean,
"Description": "string",
"KmsKeyId": "string",
"Name": "string",
"RotationEnabled": boolean,
"RotationLambdaArn": "string",
"RotationOccurredWithinFrequency": boolean,
"RotationRules": {
"AutomaticallyAfterDays": integer
}
},
"AwsSnsTopic": {
"ApplicationSuccessFeedbackRoleArn": "string",
"FirehoseFailureFeedbackRoleArn": "string",
"FirehoseSuccessFeedbackRoleArn": "string",
"HttpFailureFeedbackRoleArn": "string",
"HttpSuccessFeedbackRoleArn": "string",
"KmsMasterKeyId": "string",
"Owner": "string",
"SqsFailureFeedbackRoleArn": "string",
"SqsSuccessFeedbackRoleArn": "string",
"Subscription": {
"Endpoint": "string",
"Protocol": "string"
},
"TopicName": "string"
},
"AwsSqsQueue": {
"DeadLetterTargetArn": "string",
"KmsDataKeyReusePeriodSeconds": number,
"KmsMasterKeyId": "string",
"QueueName": "string"
},
"AwsSsmPatchCompliance": {
"Patch": {
"ComplianceSummary": {
"ComplianceType": "string",
"CompliantCriticalCount": integer,
"CompliantHighCount": integer,
"CompliantInformationalCount": integer,
"CompliantLowCount": integer,
"CompliantMediumCount": integer,
"CompliantUnspecifiedCount": integer,
"ExecutionType": "string",
"NonCompliantCriticalCount": integer,
"NonCompliantHighCount": integer,
"NonCompliantInformationalCount": integer,
"NonCompliantLowCount": integer,
"NonCompliantMediumCount": integer,
"NonCompliantUnspecifiedCount": integer,
"OverallSeverity": "string",
"PatchBaselineId": "string",
"PatchGroup": "string",
"Status": "string"
}
}
},
"AwsStepFunctionStateMachine": {
"StateMachineArn": "string",
"Name": "string",
"Status": "string",
"RoleArn": "string",
"Type": "string",
"LoggingConfiguration": {
"Level": "string",
"IncludeExecutionData": boolean
},
"TracingConfiguration": {
"Enabled": boolean
}
},
"AwsWafRateBasedRule": {
"MatchPredicates": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"MetricName": "string",
"Name": "string",
"RateKey": "string",
"RateLimit": number,
"RuleId": "string"
},
"AwsWafRegionalRateBasedRule": {
"MatchPredicates": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"MetricName": "string",
"Name": "string",
"RateKey": "string",
"RateLimit": number,
"RuleId": "string"
},
"AwsWafRegionalRule": {
"MetricName": "string",
"Name": "string",
"RuleId": "string",
"PredicateList": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}]
},
"AwsWafRegionalRuleGroup": {
"MetricName": "string",
"Name": "string",
"RuleGroupId": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}]
},
"AwsWafRegionalWebAcl": {
"DefaultAction": "string",
"MetricName" : "string",
"Name": "string",
"RulesList" : [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string",
"ExcludedRules": [{
"ExclusionType": "string",
"RuleId": "string"
}],
"OverrideAction": {
"Type": "string"
}
}],
"WebAclId": "string"
},
"AwsWafRule": {
"MetricName": "string",
"Name": "string",
"PredicateList": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"RuleId": "string"
},
"AwsWafRuleGroup": {
"MetricName": "string",
"Name": "string",
"RuleGroupId": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}]
},
"AwsWafv2RuleGroup": {
"Arn": "string",
"Capacity": number,
"Description": "string",
"Id": "string",
"Name": "string",
"Rules": [{
"Action": {
"Allow": {
"CustomRequestHandling": {
"InsertHeaders": [
{
"Name": "string",
"Value": "string"
},
{
"Name": "string",
"Value": "string"
}
]
}
}
},
"Name": "string",
"Priority": number,
"VisibilityConfig": {
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string",
"SampledRequestsEnabled": boolean
}
}],
"VisibilityConfig": {
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string",
"SampledRequestsEnabled": boolean
}
},
"AwsWafWebAcl": {
"DefaultAction": "string",
"Name": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"ExcludedRules": [{
"RuleId": "string"
}],
"OverrideAction": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}],
"WebAclId": "string"
},
"AwsWafv2WebAcl": {
"Arn": "string",
"Capacity": number,
"CaptchaConfig": {
"ImmunityTimeProperty": {
"ImmunityTime": number
}
},
"DefaultAction": {
"Block": {}
},
"Description": "string",
"ManagedbyFirewallManager": boolean,
"Name": "string",
"Rules": [{
"Action": {
"RuleAction": {
"Block": {}
}
},
"Name": "string",
"Priority": number,
"VisibilityConfig": {
"SampledRequestsEnabled": boolean,
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string"
}
}],
"VisibilityConfig": {
"SampledRequestsEnabled": boolean,
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string"
}
},
"AwsXrayEncryptionConfig": {
"KeyId": "string",
"Status": "string",
"Type": "string"
},
"CodeRepository": {
"CodeSecurityIntegrationArn": "string",
"ProjectName": "string",
"ProviderType": "string"
},
"Container": {
"ContainerRuntime": "string",
"ImageId": "string",
"ImageName": "string",
"LaunchedAt": "string",
"Name": "string",
"Privileged": boolean,
"VolumeMounts": [{
"Name": "string",
"MountPath": "string"
}]
},
"Other": {
"string": "string"
},
"Id": "string",
"Partition": "string",
"Region": "string",
"ResourceRole": "string",
"Tags": {
"string": "string"
},
"Type": "string"
}],
"SchemaVersion": "string",
"Severity": {
"Label": "string",
"Normalized": number,
"Original": "string"
},
"Sample": boolean,
"SourceUrl": "string",
"Threats": [{
"FilePaths": [{
"FileName": "string",
"FilePath": "string",
"Hash": "string",
"ResourceId": "string"
}],
"ItemCount": number,
"Name": "string",
"Severity": "string"
}],
"ThreatIntelIndicators": [{
"Category": "string",
"LastObservedAt": "string",
"Source": "string",
"SourceUrl": "string",
"Type": "string",
"Value": "string"
}],
"Title": "string",
"Types": ["string"],
"UpdatedAt": "string",
"UserDefinedFields": {
"string": "string"
},
"VerificationState": "string",
"Vulnerabilities": [{
"CodeVulnerabilities": [{
"Cwes": [
"string",
"string"
],
"FilePath": {
"EndLine": integer,
"FileName": "string",
"FilePath": "string",
"StartLine": integer
},
"SourceArn":"string"
}],
"Cvss": [{
"Adjustments": [{
"Metric": "string",
"Reason": "string"
}],
"BaseScore": number,
"BaseVector": "string",
"Source": "string",
"Version": "string"
}],
"EpssScore": number,
"ExploitAvailable": "string",
"FixAvailable": "string",
"Id": "string",
"LastKnownExploitAt": "string",
"ReferenceUrls": ["string"],
"RelatedVulnerabilities": ["string"],
"Vendor": {
"Name": "string",
"Url": "string",
"VendorCreatedAt": "string",
"VendorSeverity": "string",
"VendorUpdatedAt": "string"
},
"VulnerablePackages": [{
"Architecture": "string",
"Epoch": "string",
"FilePath": "string",
"FixedInVersion": "string",
"Name": "string",
"PackageManager": "string",
"Release": "string",
"Remediation": "string",
"SourceLayerArn": "string",
"SourceLayerHash": "string",
"Version": "string"
}]
}],
"Workflow": {
"Status": "string"
},
"WorkflowState": "string"
}
]
```
# 合并对 ASFF 字段和值的影响
AWS Security Hub CSPM 为控制提供了两种类型的整合:
+ **整合控件视图** – 通过这种类型的整合,每个控件在所有标准中都有一个标识符。此外,在 Security Hub CSPM 控制台上,**控件**页面显示所有标准的所有控件。
+ **整合的控件调查发现** – 通过这种整合,Security Hub CSPM 可以为控件生成一个调查发现,即使该控件适用于多个已启用标准也是如此。这样可以减少调查发现噪音。
您无法启用或禁用整合控件视图。如果您在 2023 年 2 月 23 日当天或之后启用 Security Hub CSPM,则默认情况下会启用整合的控件调查发现。否则,默认情况下禁用。但是,对于组织,只有当为管理员账户启用整合的控件调查发现时,Security Hub CSPM 成员帐户才能启用该功能。要了解有关整合的控件调查发现的更多信息,请参阅[生成和更新控件调查发现](controls-findings-create-update.md)。
这两种类型的整合都会影响 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md) 安全调查发现格式(ASFF)中控件调查发现的字段和值。
**Topics**
+ [整合的控件视图——ASFF 变更](#securityhub-findings-format-consolidated-controls-view)
+ [整合的控件调查发现——ASFF 的变化](#securityhub-findings-format-consolidated-control-findings)
+ [启用整合控制结果 IDs 之前和之后的生成器](#securityhub-findings-format-changes-generator-ids)
+ [整合如何影响控制权 IDs 和所有权](#securityhub-findings-format-changes-ids-titles)
+ [更新工作流以进行整合。](#securityhub-findings-format-changes-prepare)
## 整合的控件视图——ASFF 变更
整合的控件视图功能对 ASFF 中的控件调查发现的字段和值进行了以下更改。如果您的工作流不依赖于这些 ASFF 字段的值,则无需执行任何操作。如果有工作流依赖于这些字段的特定值,请更新工作流以使用当前值。
| ASFF 字段 | 整合的控件视图之前的样本值 | 整合的控件视图后的样本值以及更改描述 |
| --- | --- | --- |
| 合规。 SecurityControlId | 不适用(新字段) | EC2.2 引入各类标准的单一控件 ID。`ProductFields.RuleId` 仍然为 CIS v1.2.0 控件提供基于标准的控件 ID。`ProductFields.ControlId` 仍然为其他标准中的控件提供基于标准的控件 ID。 |
| 合规。 AssociatedStandards | 不适用(新字段) | [\$1” StandardsId “:” standards/aws-foundational-security-best-practices/v /1.0.0 “\$1] 显示启用控件的标准。 |
| ProductFields。 ArchivalReasons:0/描述 | 不适用(新字段) | “调查发现处于已存档状态,因为整合的控件调查发现已开启或关闭。这会导致在生成新调查发现时存档先前状态的调查发现。” 描述 Security Hub CSPM 为何对现有调查发现进行存档。 |
| ProductFields。 ArchivalReasons:0/ ReasonCode | 不适用(新字段) | "CONSOLIDATED\$1CONTROL\$1FINDINGS\$1UPDATE" 提供 Security Hub CSPM 存档现有调查发现的原因。 |
| ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此字段不再引用标准。 |
| Remediation.Recommendation.Text | “有关如何解决此问题的说明,请查阅 Sec AWS urity Hub CSPM PCI DSS 文档。” | “有关如何更正此问题的说明,请参阅 Sec AWS urity Hub CSPM 控制文档。” 此字段不再引用标准。 |
| Remediation.Recommendation.Url | https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此字段不再引用标准。 |
## 整合的控件调查发现——ASFF 的变化
如果您启用整合的控件调查发现,则可能会受到 ASFF 中的控件调查发现的字段和值的以下更改影响。这些更改是对整合的控件视图功能引入的更改的补充。如果您的工作流不依赖于这些 ASFF 字段的值,则无需执行任何操作。如果有工作流依赖于这些字段的特定值,请更新工作流以使用当前值。
**提示**
如果您在 [AWS v2.0.0 上使用自动安全响应](https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/)解决方案,请注意它支持整合的控制结果。这意味着,如果您启用整合的控件调查发现,则可以保持当前的工作流。
| ASFF 字段 | 启用整合的控件调查发现之前的示例值 | 启用整合的控件调查发现后的示例值和更改的描述 |
| --- | --- | --- |
| GeneratorId | aws-foundational-security-best-practices/v/1.0.0/Config .1 | security-control/Config.1 此字段不再引用标准。 |
| 标题 | 应该启用 pci.config.1 AWS Config | AWS Config 应该启用 该字段将不再引用特定于标准的信息。 |
| Id | arn: aws: securityhub: eu-central-1:123456789012:6d6a26-a156-48f0-9403-115983e5a956 subscription/pci-dss/v/3.2.1/PCI.IAM.5/finding/ab | arn: aws: securityhub: eu-central-1:123456789012: security-6d6a26-a156-48f0-9403-115983e5a956 control/iam.9/finding/ab 此字段不再引用标准。 |
| ProductFields.ControlId | PCI.EC2.2 | 已删除。请改而参阅 `Compliance.SecurityControlId`。 该字段已被删除,取而代之的是单一的、与标准无关的控制 ID。 |
| ProductFields.RuleId | 1.3 | 已删除。请改而参阅 `Compliance.SecurityControlId`。 该字段已被删除,取而代之的是单一的、与标准无关的控制 ID。 |
| 说明 | 此 PCI DSS 控件检查当前账户和地区 AWS Config 是否已启用。 | 此 AWS 控件检查当前账户和区域中 AWS Config 是否已启用。此字段不再引用标准。 |
| 严重性 | "Severity": \$1 “产品”:90, “标签”:“重大”, “标准化”:90, “原始”:“重大” \$1 | "Severity": \$1 “标签”:“重大”, “标准化”:90, “原始”:“重大” \$1 Security Hub CSPM 将不再使用“产品”字段描述调查发现的严重性。 |
| 类型 | [“软件、配置 Checks/Industry 和监管标准/PCI-DSS”] | [“软件和配置 Checks/Industry 及监管标准”] 此字段不再引用标准。 |
| 合规。 RelatedRequirements | ["PCI DSS 10.5.2", "PCI DSS 11.5", “独联体 AWS 基金会 2.5"] | ["PCI DSS v3.2.1/10.5.2", "PCI DSS v3.2.1/11.5", “独联体 AWS 基金会基准测试 v1.2.0/2.5"] 该字段将显示所有启用标准中的相关要求。 |
| CreatedAt | 2022-05-05T08:18:13.138Z | 2022-09-25T08:18:13.138Z 格式将保持不变,但是当您打开整合的控件调查发现时,值将重置。 |
| FirstObservedAt | 2022-05-07T08:18:13.138Z | 2022-09-28T08:18:13.138Z 格式将保持不变,但是当您打开整合的控件调查发现时,值将重置。 |
| ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation | 已删除。请改而参阅 `Remediation.Recommendation.Url`。 |
| ProductFields.StandardsArn | arn: aws: securityhub:: /1.0.0 standards/aws-foundational-security-best-practices/v | 已删除。请改而参阅 `Compliance.AssociatedStandards`。 |
| ProductFields.StandardsControlArn | arn: aws: securityhub: us-east-1:123456789012: .1 control/aws-foundational-security-best-practices/v/1.0.0/Config | 已删除。Security Hub CSPM 针对各标准的安全检查生成调查发现。 |
| ProductFields.StandardsGuideArn | arn: aws: securityhub:: /1.2.0 ruleset/cis-aws-foundations-benchmark/v | 已删除。请改而参阅 `Compliance.AssociatedStandards`。 |
| ProductFields.StandardsGuideSubscriptionArn | arn: aws: securityhub: us-east-2:123456789012: /1.2.0 subscription/cis-aws-foundations-benchmark/v | 已删除。Security Hub CSPM 针对各标准的安全检查生成调查发现。 |
| ProductFields.StandardsSubscriptionArn | arn: aws: securityhub: us-east-1:123456789012: /1.0.0 subscription/aws-foundational-security-best-practices/v | 已删除。Security Hub CSPM 针对各标准的安全检查生成调查发现。 |
| ProductFields.aws/securityhub/FindingId | arn: aws: securityhub: us-east-1:: /751c2173-7372-4e12-8656-a5210dfb1dfb1d67 product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/Config.1/finding | arn: aws: securityhub: us-east-1:: /751c2173-7372-4e12-8656-a5210dfb1dfb1d67 product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:security-control/Config.1/finding 此字段不再引用标准。 |
### 启用整合的控件调查发现后,客户提供的 ASFF 字段的值
如果您启用整合的控件调查发现,Security Hub CSPM 会生成一个各类标准的调查发现并存档原始调查发现(每个标准都有单独的调查发现)。
使用 Security Hub CSPM 控制台或 [https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html) 操作对原始调查发现所做的更新将不会保留在新调查发现中。如有必要,您可以参考存档的调查发现来恢复此数据。要查看已存档的调查发现,您可以使用 Security Hub CSPM 控制台上的**调查发现**页面,并将**记录状态**筛选条件设置为 **ARCHIVED**。或者,您可以使用 Security Hub CSPM API 的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) 操作。
| 客户提供的 ASFF 字段 | 启用整合的控件调查发现后的更改的描述 |
| --- | --- |
| 置信度 | 重置为空状态。 |
| 严重性 | 重置为空状态。 |
| 备注 | 重置为空状态。 |
| RelatedFindings | 重置为空状态。 |
| 严重性 | 调查发现的默认严重性(与控件的严重性相匹配)。 |
| 类型 | 重置为与标准无关的值。 |
| UserDefinedFields | 重置为空状态。 |
| VerificationState | 重置为空状态。 |
| 工作流 | 新的失败调查发现的默认值为 NEW。新通过的调查发现的默认值为 RESOLVED。 |
## 启用整合控制结果 IDs 之前和之后的生成器
下表列出了启用整合的控件调查发现时控件的生成器 ID 值的变化。这些更改适用于自 2023 年 2 月 15 日起 Security Hub CSPM 支持的控件。
| 启用整合的控件调查发现之前的生成器 ID | 启用整合的控件调查发现之后的生成器 ID |
| --- | --- |
| arn: aws: securityhub:: /1.1 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .1 CloudWatch |
| arn: aws: securityhub:: /1.10 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.16 |
| arn: aws: securityhub:: /1.11 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.17 |
| arn: aws: securityhub:: /1.12 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.4 |
| arn: aws: securityhub:: /1.13 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.9 |
| arn: aws: securityhub:: /1.14 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.6 |
| arn: aws: securityhub:: /1.16 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.2 |
| arn: aws: securityhub:: /1.2 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.5 |
| arn: aws: securityhub:: /1.20 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.18 |
| arn: aws: securityhub:: /1.22 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.1 |
| arn: aws: securityhub::: /1.3 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.8 |
| arn: aws: securityhub:: /1.4 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.3 |
| arn: aws: securityhub:: /1.5 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.11 |
| arn: aws: securityhub:: /1.6 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.12 |
| arn: aws: securityhub::: /1.7 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.13 |
| arn: aws: securityhub:: /1.8 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.14 |
| arn: aws: securityhub:: /1.9 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.15 |
| arn: aws: securityhub:: /2.1 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .1 CloudTrail |
| arn: aws: securityhub:: /2.2 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .4 CloudTrail |
| arn: aws: securityhub:: /2.3 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .6 CloudTrail |
| arn: aws: securityhub:: /2.4 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .5 CloudTrail |
| arn: aws: securityhub::: /2.5 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/Config.1 |
| arn: aws: securityhub:: /2.6 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .7 CloudTrail |
| arn: aws: securityhub:: /2.7 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .2 CloudTrail |
| arn: aws: securityhub::: /2.8 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/KMS.4 |
| arn: aws: securityhub:: /2.9 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/EC2.6 |
| arn: aws: securityhub:: /3.1 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .2 CloudWatch |
| arn: aws: securityhub:: /3.2 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .3 CloudWatch |
| arn: aws: securityhub:: /3.3 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .1 CloudWatch |
| arn: aws: securityhub:: /3.4 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .4 CloudWatch |
| arn: aws: securityhub::: /3.5 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .5 CloudWatch |
| arn: aws: securityhub:: /3.6 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .6 CloudWatch |
| arn: aws: securityhub:: /3.7 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .7 CloudWatch |
| arn: aws: securityhub:: /3.8 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .8 CloudWatch |
| arn: aws: securityhub:: /3.9 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .9 CloudWatch |
| arn: aws: securityhub:: /3.10 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .10 CloudWatch |
| arn: aws: securityhub:: /3.11 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .11 CloudWatch |
| arn: aws: securityhub::: /3.12 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .12 CloudWatch |
| arn: aws: securityhub:: /3.13 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .13 CloudWatch |
| arn: aws: securityhub:: /3.14 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .14 CloudWatch |
| arn: aws: securityhub:: /4.1 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/EC2.13 |
| arn: aws: securityhub::: /4.2 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/EC2.14 |
| arn: aws: securityhub:: /4.3 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/EC2.2 |
| cis-aws-foundations-benchmark/v/1.4.0/1.10 | security-control/IAM.5 |
| cis-aws-foundations-benchmark/v/1.4.0/1.14 | security-control/IAM.3 |
| cis-aws-foundations-benchmark/v/1.4.0/1.16 | security-control/IAM.1 |
| cis-aws-foundations-benchmark/v/1.4.0/1.17 | security-control/IAM.18 |
| cis-aws-foundations-benchmark/v/1.4.0/1.4 | security-control/IAM.4 |
| cis-aws-foundations-benchmark/v/1.4.0/1.5 | security-control/IAM.9 |
| cis-aws-foundations-benchmark/v/1.4.0/1.6 | security-control/IAM.6 |
| cis-aws-foundations-benchmark/v/1.4.0/1.7 | 安全控制/ .1 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/1.8 | security-control/IAM.15 |
| cis-aws-foundations-benchmark/v/1.4.0/1.9 | security-control/IAM.16 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.2 | security-control/S3.5 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.5.1 | security-control/S3.1 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.5.2 | security-control/S3.8 |
| cis-aws-foundations-benchmark/v/1.4.0/2.2.1 | security-control/EC2.7 |
| cis-aws-foundations-benchmark/v/1.4.0/2.3.1 | security-control/RDS.3 |
| cis-aws-foundations-benchmark/v/1.4.0/3.1 | 安全控制/ .1 CloudTrail |
| cis-aws-foundations-benchmark/v/1.4.0/3.2 | 安全控制/ .4 CloudTrail |
| cis-aws-foundations-benchmark/v/1.4.0/3.4 | 安全控制/ .5 CloudTrail |
| cis-aws-foundations-benchmark/v/1.4.0/3.5 | security-control/Config.1 |
| cis-aws-foundations-benchmark/v/1.4.0/3.6 | security-control/S3.9 |
| cis-aws-foundations-benchmark/v/1.4.0/3.7 | 安全控制/ .2 CloudTrail |
| cis-aws-foundations-benchmark/v/1.4.0/3.8 | security-control/KMS.4 |
| cis-aws-foundations-benchmark/v/1.4.0/3.9 | security-control/EC2.6 |
| cis-aws-foundations-benchmark/v/1.4.0/4.3 | 安全控制/ .1 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.4 | 安全控制/ .4 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.5 | 安全控制/ .5 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.6 | 安全控制/ .6 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.7 | 安全控制/ .7 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.8 | 安全控制/ .8 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.9 | 安全控制/ .9 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.10 | 安全控制/ .10 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.11 | 安全控制/ .11 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.12 | 安全控制/ .12 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.13 | 安全控制/ .13 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.14 | 安全控制/ .14 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/5.1 | security-control/EC2.21 |
| cis-aws-foundations-benchmark/v/1.4.0/5.3 | security-control/EC2.2 |
| aws-foundational-security-best-practices/v/1.0.0/Account .1 | security-control/Account.1 |
| aws-foundational-security-best-practices/v/1.0.0/ACM .1 | security-control/ACM.1 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .1 | 安全控制/ .1 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .2 | 安全控制/ .2 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .3 | 安全控制/ .3 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .4 | 安全控制/ .4 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .5 | 安全控制/ .5 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .8 | 安全控制/ .8 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .9 | 安全控制/ .9 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling .1 | 安全控制/ .1 AutoScaling |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling .2 | 安全控制/ .2 AutoScaling |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling .3 | 安全控制/ .3 AutoScaling |
| aws-foundational-security-best-practices/v/1.0.0/Autoscaling .5 | security-control/Autoscaling.5 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling .6 | 安全控制/ .6 AutoScaling |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling .9 | 安全控制/ .9 AutoScaling |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .1 | 安全控制/ .1 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .3 | 安全控制/ .3 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .4 | 安全控制/ .4 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .5 | 安全控制/ .5 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .6 | 安全控制/ .6 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .7 | 安全控制/ .7 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .8 | 安全控制/ .8 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .9 | 安全控制/ .9 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .10 | 安全控制/ .10 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .12 | 安全控制/ .12 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail .1 | 安全控制/ .1 CloudTrail |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail .2 | 安全控制/ .2 CloudTrail |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail .4 | 安全控制/ .4 CloudTrail |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail .5 | 安全控制/ .5 CloudTrail |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild .1 | 安全控制/ .1 CodeBuild |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild .2 | 安全控制/ .2 CodeBuild |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild .3 | 安全控制/ .3 CodeBuild |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild .4 | 安全控制/ .4 CodeBuild |
| aws-foundational-security-best-practices/v/1.0.0/Config .1 | security-control/Config.1 |
| aws-foundational-security-best-practices/v/1.0.0/DMS .1 | security-control/DMS.1 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB .1 | security-control/DynamoDB.1 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB .2 | security-control/DynamoDB.2 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB .3 | security-control/DynamoDB.3 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.1 | security-control/EC2.1 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.3 | security-control/EC2.3 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.4 | security-control/EC2.4 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.6 | security-control/EC2.6 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.7 | security-control/EC2.7 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.8 | security-control/EC2.8 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.9 | security-control/EC2.9 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.10 | security-control/EC2.10 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.15 | security-control/EC2.15 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.16 | security-control/EC2.16 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.17 | security-control/EC2.17 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.18 | security-control/EC2.18 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.19 | security-control/EC2.19 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.2 | security-control/EC2.2 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.20 | security-control/EC2.20 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.21 | security-control/EC2.21 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.23 | security-control/EC2.23 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.24 | security-control/EC2.24 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.25 | security-control/EC2.25 |
| aws-foundational-security-best-practices/v/1.0.0/ECR .1 | security-control/ECR.1 |
| aws-foundational-security-best-practices/v/1.0.0/ECR .2 | security-control/ECR.2 |
| aws-foundational-security-best-practices/v/1.0.0/ECR .3 | security-control/ECR.3 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .1 | security-control/ECS.1 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .10 | security-control/ECS.10 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .12 | security-control/ECS.12 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .2 | security-control/ECS.2 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .3 | security-control/ECS.3 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .4 | security-control/ECS.4 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .5 | security-control/ECS.5 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .8 | security-control/ECS.8 |
| aws-foundational-security-best-practices/v/1.0.0/EFS .1 | security-control/EFS.1 |
| aws-foundational-security-best-practices/v/1.0.0/EFS .2 | security-control/EFS.2 |
| aws-foundational-security-best-practices/v/1.0.0/EFS .3 | security-control/EFS.3 |
| aws-foundational-security-best-practices/v/1.0.0/EFS .4 | security-control/EFS.4 |
| aws-foundational-security-best-practices/v/1.0.0/EKS .2 | security-control/EKS.2 |
| aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk .1 | 安全控制/ .1 ElasticBeanstalk |
| aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk .2 | 安全控制/ .2 ElasticBeanstalk |
| aws-foundational-security-best-practices/v/1.0.0/ELBv 2.1 | security-control/ELB.1 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .2 | security-control/ELB.2 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .3 | security-control/ELB.3 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .4 | security-control/ELB.4 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .5 | security-control/ELB.5 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .6 | security-control/ELB.6 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .7 | security-control/ELB.7 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .8 | security-control/ELB.8 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .9 | security-control/ELB.9 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .10 | security-control/ELB.10 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .11 | security-control/ELB.11 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .12 | security-control/ELB.12 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .13 | security-control/ELB.13 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .14 | security-control/ELB.14 |
| aws-foundational-security-best-practices/v/1.0.0/EMR .1 | security-control/EMR.1 |
| aws-foundational-security-best-practices/v/1.0.0/ES .1 | security-control/ES.1 |
| aws-foundational-security-best-practices/v/1.0.0/ES .2 | security-control/ES.2 |
| aws-foundational-security-best-practices/v/1.0.0/ES .3 | security-control/ES.3 |
| aws-foundational-security-best-practices/v/1.0.0/ES .4 | security-control/ES.4 |
| aws-foundational-security-best-practices/v/1.0.0/ES .5 | security-control/ES.5 |
| aws-foundational-security-best-practices/v/1.0.0/ES .6 | security-control/ES.6 |
| aws-foundational-security-best-practices/v/1.0.0/ES .7 | security-control/ES.7 |
| aws-foundational-security-best-practices/v/1.0.0/ES .8 | security-control/ES.8 |
| aws-foundational-security-best-practices/v/1.0.0/GuardDuty .1 | 安全控制/ .1 GuardDuty |
| aws-foundational-security-best-practices/v/1.0.0/IAM .1 | security-control/IAM.1 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .2 | security-control/IAM.2 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .21 | security-control/IAM.21 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .3 | security-control/IAM.3 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .4 | security-control/IAM.4 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .5 | security-control/IAM.5 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .6 | security-control/IAM.6 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .7 | security-control/IAM.7 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .8 | security-control/IAM.8 |
| aws-foundational-security-best-practices/v/1.0.0/Kinesis .1 | security-control/Kinesis.1 |
| aws-foundational-security-best-practices/v/1.0.0/KMS .1 | security-control/KMS.1 |
| aws-foundational-security-best-practices/v/1.0.0/KMS .2 | security-control/KMS.2 |
| aws-foundational-security-best-practices/v/1.0.0/KMS .3 | security-control/KMS.3 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda .1 | security-control/Lambda.1 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda .2 | security-control/Lambda.2 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda .5 | security-control/Lambda.5 |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall .3 | 安全控制/ .3 NetworkFirewall |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall .4 | 安全控制/ .4 NetworkFirewall |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall .5 | 安全控制/ .5 NetworkFirewall |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall .6 | 安全控制/ .6 NetworkFirewall |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .1 | security-control/Opensearch.1 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .2 | security-control/Opensearch.2 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .3 | security-control/Opensearch.3 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .4 | security-control/Opensearch.4 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .5 | security-control/Opensearch.5 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .6 | security-control/Opensearch.6 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .7 | security-control/Opensearch.7 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .8 | security-control/Opensearch.8 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .1 | security-control/RDS.1 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .10 | security-control/RDS.10 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .11 | security-control/RDS.11 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .12 | security-control/RDS.12 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .13 | security-control/RDS.13 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .14 | security-control/RDS.14 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .15 | security-control/RDS.15 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .16 | security-control/RDS.16 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .17 | security-control/RDS.17 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .19 | security-control/RDS.19 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .2 | security-control/RDS.2 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .20 | security-control/RDS.20 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .21 | security-control/RDS.21 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .22 | security-control/RDS.22 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .23 | security-control/RDS.23 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .24 | security-control/RDS.24 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .25 | security-control/RDS.25 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .3 | security-control/RDS.3 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .4 | security-control/RDS.4 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .5 | security-control/RDS.5 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .6 | security-control/RDS.6 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .7 | security-control/RDS.7 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .8 | security-control/RDS.8 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .9 | security-control/RDS.9 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .1 | security-control/Redshift.1 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .2 | security-control/Redshift.2 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .3 | security-control/Redshift.3 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .4 | security-control/Redshift.4 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .6 | security-control/Redshift.6 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .7 | security-control/Redshift.7 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .8 | security-control/Redshift.8 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .9 | security-control/Redshift.9 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.1 | security-control/S3.1 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.12 | security-control/S3.12 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.13 | security-control/S3.13 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.2 | security-control/S3.2 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.3 | security-control/S3.3 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.5 | security-control/S3.5 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.6 | security-control/S3.6 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.8 | security-control/S3.8 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.9 | security-control/S3.9 |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker .1 | 安全控制/ .1 SageMaker |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker .2 | 安全控制/ .2 SageMaker |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker .3 | 安全控制/ .3 SageMaker |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager .1 | 安全控制/ .1 SecretsManager |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager .2 | 安全控制/ .2 SecretsManager |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager .3 | 安全控制/ .3 SecretsManager |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager .4 | 安全控制/ .4 SecretsManager |
| aws-foundational-security-best-practices/v/1.0.0/SQS .1 | security-control/SQS.1 |
| aws-foundational-security-best-practices/v/1.0.0/SSM .1 | security-control/SSM.1 |
| aws-foundational-security-best-practices/v/1.0.0/SSM .2 | security-control/SSM.2 |
| aws-foundational-security-best-practices/v/1.0.0/SSM .3 | security-control/SSM.3 |
| aws-foundational-security-best-practices/v/1.0.0/SSM .4 | security-control/SSM.4 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .1 | security-control/WAF.1 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .2 | security-control/WAF.2 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .3 | security-control/WAF.3 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .4 | security-control/WAF.4 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .6 | security-control/WAF.6 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .7 | security-control/WAF.7 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .8 | security-control/WAF.8 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .10 | security-control/WAF.10 |
| pci-dss/v/3.2.1/PCI。 AutoScaling.1 | 安全控制/ .1 AutoScaling |
| pci-dss/v/3.2.1/PCI。 CloudTrail.1 | 安全控制/ .2 CloudTrail |
| pci-dss/v/3.2.1/PCI。 CloudTrail.2 | 安全控制/ .3 CloudTrail |
| pci-dss/v/3.2.1/PCI。 CloudTrail.3 | 安全控制/ .4 CloudTrail |
| pci-dss/v/3.2.1/PCI。 CloudTrail.4 | 安全控制/ .5 CloudTrail |
| pci-dss/v/3.2.1/PCI。 CodeBuild.1 | 安全控制/ .1 CodeBuild |
| pci-dss/v/3.2.1/PCI。 CodeBuild.2 | 安全控制/ .2 CodeBuild |
| pci-dss/v/3.2.1/PCI .Config.1 | security-control/Config.1 |
| pci-.CW.1 dss/v/3.2.1/PCI | 安全控制/ .1 CloudWatch |
| pci-dss/v/3.2.1/PCI .DMS.1 | security-control/DMS.1 |
| pci-.EC2.1 dss/v/3.2.1/PCI | security-control/EC2.1 |
| pci-.ec2.2 dss/v/3.2.1/PCI | security-control/EC2.2 |
| pci-.ec2.4 dss/v/3.2.1/PCI | security-control/EC2.12 |
| pci-.EC2.5 dss/v/3.2.1/PCI | security-control/EC2.13 |
| pci-.ec2.6 dss/v/3.2.1/PCI | security-control/EC2.6 |
| pci-dss/v/3.2.1/PCI。 ELBv2.1 | security-control/ELB.1 |
| pci-.ES.1 dss/v/3.2.1/PCI | security-control/ES.2 |
| pci-.ES.2 dss/v/3.2.1/PCI | security-control/ES.1 |
| pci-dss/v/3.2.1/PCI。 GuardDuty.1 | 安全控制/ .1 GuardDuty |
| pci-.IAM.1 dss/v/3.2.1/PCI | security-control/IAM.4 |
| pci-.IAM.2 dss/v/3.2.1/PCI | security-control/IAM.2 |
| pci-.IAM.3 dss/v/3.2.1/PCI | security-control/IAM.1 |
| pci-.IAM.4 dss/v/3.2.1/PCI | security-control/IAM.6 |
| pci-.IAM.5 dss/v/3.2.1/PCI | security-control/IAM.9 |
| pci-.IAM.6 dss/v/3.2.1/PCI | security-control/IAM.19 |
| pci-.IAM.7 dss/v/3.2.1/PCI | security-control/IAM.8 |
| pci-.IAM.8 dss/v/3.2.1/PCI | security-control/IAM.10 |
| pci-dss/v/3.2.1/PCI .KMS.1 | security-control/KMS.4 |
| pci-dss/v/3.2.1/PCI .Lambda.1 | security-control/Lambda.1 |
| pci-dss/v/3.2.1/PCI .Lambda.2 | security-control/Lambda.3 |
| pci-dss/v/3.2.1/PCI .Opensearch.1 | security-control/Opensearch.2 |
| pci-dss/v/3.2.1/PCI .Opensearch.2 | security-control/Opensearch.1 |
| pci-dss/v/3.2.1/PCI .rds.1 | security-control/RDS.1 |
| pci-dss/v/3.2.1/PCI .rds.2 | security-control/RDS.2 |
| pci-dss/v/3.2.1/PCI .redshift.1 | security-control/Redshift.1 |
| pci-dss/v/3.2.1/PCI .s3.1 | security-control/S3.3 |
| pci-dss/v/3.2.1/PCI .s3.2 | security-control/S3.2 |
| pci-dss/v/3.2.1/PCI .s3.3 | security-control/S3.7 |
| pci-dss/v/3.2.1/PCI .s3.5 | security-control/S3.5 |
| pci-dss/v/3.2.1/PCI .s3.6 | security-control/S3.1 |
| pci-dss/v/3.2.1/PCI。 SageMaker.1 | 安全控制/ .1 SageMaker |
| pci-dss/v/3.2.1/PCI .SSM.1 | security-control/SSM.2 |
| pci-dss/v/3.2.1/PCI .SSM.2 | security-control/SSM.3 |
| pci-dss/v/3.2.1/PCI .SSM.3 | security-control/SSM.1 |
| service-managed-aws-control-tower/v/1.0.0/ACM .1 | security-control/ACM.1 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway .1 | 安全控制/ .1 APIGateway |
| service-managed-aws-control-tower/v/1.0.0/APIGateway .2 | 安全控制/ .2 APIGateway |
| service-managed-aws-control-tower/v/1.0.0/APIGateway .3 | 安全控制/ .3 APIGateway |
| service-managed-aws-control-tower/v/1.0.0/APIGateway .4 | 安全控制/ .4 APIGateway |
| service-managed-aws-control-tower/v/1.0.0/APIGateway .5 | 安全控制/ .5 APIGateway |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .1 | 安全控制/ .1 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .2 | 安全控制/ .2 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .3 | 安全控制/ .3 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .4 | 安全控制/ .4 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/Autoscaling .5 | security-control/Autoscaling.5 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .6 | 安全控制/ .6 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .9 | 安全控制/ .9 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail .1 | 安全控制/ .1 CloudTrail |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail .2 | 安全控制/ .2 CloudTrail |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail .4 | 安全控制/ .4 CloudTrail |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail .5 | 安全控制/ .5 CloudTrail |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild .1 | 安全控制/ .1 CodeBuild |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild .2 | 安全控制/ .2 CodeBuild |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild .4 | 安全控制/ .4 CodeBuild |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild .5 | 安全控制/ .5 CodeBuild |
| service-managed-aws-control-tower/v/1.0.0/DMS .1 | security-control/DMS.1 |
| service-managed-aws-control-tower/v/1.0.0/DynamoDB .1 | security-control/DynamoDB.1 |
| service-managed-aws-control-tower/v/1.0.0/DynamoDB .2 | security-control/DynamoDB.2 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.1 | security-control/EC2.1 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.2 | security-control/EC2.2 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.3 | security-control/EC2.3 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.4 | security-control/EC2.4 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.6 | security-control/EC2.6 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.7 | security-control/EC2.7 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.8 | security-control/EC2.8 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.9 | security-control/EC2.9 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.10 | security-control/EC2.10 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.15 | security-control/EC2.15 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.16 | security-control/EC2.16 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.17 | security-control/EC2.17 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.18 | security-control/EC2.18 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.19 | security-control/EC2.19 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.20 | security-control/EC2.20 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.21 | security-control/EC2.21 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.22 | security-control/EC2.22 |
| service-managed-aws-control-tower/v/1.0.0/ECR .1 | security-control/ECR.1 |
| service-managed-aws-control-tower/v/1.0.0/ECR .2 | security-control/ECR.2 |
| service-managed-aws-control-tower/v/1.0.0/ECR .3 | security-control/ECR.3 |
| service-managed-aws-control-tower/v/1.0.0/ECS .1 | security-control/ECS.1 |
| service-managed-aws-control-tower/v/1.0.0/ECS .2 | security-control/ECS.2 |
| service-managed-aws-control-tower/v/1.0.0/ECS .3 | security-control/ECS.3 |
| service-managed-aws-control-tower/v/1.0.0/ECS .4 | security-control/ECS.4 |
| service-managed-aws-control-tower/v/1.0.0/ECS .5 | security-control/ECS.5 |
| service-managed-aws-control-tower/v/1.0.0/ECS .8 | security-control/ECS.8 |
| service-managed-aws-control-tower/v/1.0.0/ECS .10 | security-control/ECS.10 |
| service-managed-aws-control-tower/v/1.0.0/ECS .12 | security-control/ECS.12 |
| service-managed-aws-control-tower/v/1.0.0/EFS .1 | security-control/EFS.1 |
| service-managed-aws-control-tower/v/1.0.0/EFS .2 | security-control/EFS.2 |
| service-managed-aws-control-tower/v/1.0.0/EFS .3 | security-control/EFS.3 |
| service-managed-aws-control-tower/v/1.0.0/EFS .4 | security-control/EFS.4 |
| service-managed-aws-control-tower/v/1.0.0/EKS .2 | security-control/EKS.2 |
| service-managed-aws-control-tower/v/1.0.0/ELB .2 | security-control/ELB.2 |
| service-managed-aws-control-tower/v/1.0.0/ELB .3 | security-control/ELB.3 |
| service-managed-aws-control-tower/v/1.0.0/ELB .4 | security-control/ELB.4 |
| service-managed-aws-control-tower/v/1.0.0/ELB .5 | security-control/ELB.5 |
| service-managed-aws-control-tower/v/1.0.0/ELB .6 | security-control/ELB.6 |
| service-managed-aws-control-tower/v/1.0.0/ELB .7 | security-control/ELB.7 |
| service-managed-aws-control-tower/v/1.0.0/ELB .8 | security-control/ELB.8 |
| service-managed-aws-control-tower/v/1.0.0/ELB .9 | security-control/ELB.9 |
| service-managed-aws-control-tower/v/1.0.0/ELB .10 | security-control/ELB.10 |
| service-managed-aws-control-tower/v/1.0.0/ELB .12 | security-control/ELB.12 |
| service-managed-aws-control-tower/v/1.0.0/ELB .13 | security-control/ELB.13 |
| service-managed-aws-control-tower/v/1.0.0/ELB .14 | security-control/ELB.14 |
| service-managed-aws-control-tower/v/1.0.0/ELBv 2.1 | 安全控制/ .1 ELBv2 |
| service-managed-aws-control-tower/v/1.0.0/EMR .1 | security-control/EMR.1 |
| service-managed-aws-control-tower/v/1.0.0/ES .1 | security-control/ES.1 |
| service-managed-aws-control-tower/v/1.0.0/ES .2 | security-control/ES.2 |
| service-managed-aws-control-tower/v/1.0.0/ES .3 | security-control/ES.3 |
| service-managed-aws-control-tower/v/1.0.0/ES .4 | security-control/ES.4 |
| service-managed-aws-control-tower/v/1.0.0/ES .5 | security-control/ES.5 |
| service-managed-aws-control-tower/v/1.0.0/ES .6 | security-control/ES.6 |
| service-managed-aws-control-tower/v/1.0.0/ES .7 | security-control/ES.7 |
| service-managed-aws-control-tower/v/1.0.0/ES .8 | security-control/ES.8 |
| service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk .1 | 安全控制/ .1 ElasticBeanstalk |
| service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk .2 | 安全控制/ .2 ElasticBeanstalk |
| service-managed-aws-control-tower/v/1.0.0/GuardDuty .1 | 安全控制/ .1 GuardDuty |
| service-managed-aws-control-tower/v/1.0.0/IAM .1 | security-control/IAM.1 |
| service-managed-aws-control-tower/v/1.0.0/IAM .2 | security-control/IAM.2 |
| service-managed-aws-control-tower/v/1.0.0/IAM .3 | security-control/IAM.3 |
| service-managed-aws-control-tower/v/1.0.0/IAM .4 | security-control/IAM.4 |
| service-managed-aws-control-tower/v/1.0.0/IAM .5 | security-control/IAM.5 |
| service-managed-aws-control-tower/v/1.0.0/IAM .6 | security-control/IAM.6 |
| service-managed-aws-control-tower/v/1.0.0/IAM .7 | security-control/IAM.7 |
| service-managed-aws-control-tower/v/1.0.0/IAM .8 | security-control/IAM.8 |
| service-managed-aws-control-tower/v/1.0.0/IAM .21 | security-control/IAM.21 |
| service-managed-aws-control-tower/v/1.0.0/Kinesis .1 | security-control/Kinesis.1 |
| service-managed-aws-control-tower/v/1.0.0/KMS .1 | security-control/KMS.1 |
| service-managed-aws-control-tower/v/1.0.0/KMS .2 | security-control/KMS.2 |
| service-managed-aws-control-tower/v/1.0.0/KMS .3 | security-control/KMS.3 |
| service-managed-aws-control-tower/v/1.0.0/Lambda .1 | security-control/Lambda.1 |
| service-managed-aws-control-tower/v/1.0.0/Lambda .2 | security-control/Lambda.2 |
| service-managed-aws-control-tower/v/1.0.0/Lambda .5 | security-control/Lambda.5 |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall .3 | 安全控制/ .3 NetworkFirewall |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall .4 | 安全控制/ .4 NetworkFirewall |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall .5 | 安全控制/ .5 NetworkFirewall |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall .6 | 安全控制/ .6 NetworkFirewall |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .1 | security-control/Opensearch.1 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .2 | security-control/Opensearch.2 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .3 | security-control/Opensearch.3 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .4 | security-control/Opensearch.4 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .5 | security-control/Opensearch.5 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .6 | security-control/Opensearch.6 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .7 | security-control/Opensearch.7 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .8 | security-control/Opensearch.8 |
| service-managed-aws-control-tower/v/1.0.0/RDS .1 | security-control/RDS.1 |
| service-managed-aws-control-tower/v/1.0.0/RDS .2 | security-control/RDS.2 |
| service-managed-aws-control-tower/v/1.0.0/RDS .3 | security-control/RDS.3 |
| service-managed-aws-control-tower/v/1.0.0/RDS .4 | security-control/RDS.4 |
| service-managed-aws-control-tower/v/1.0.0/RDS .5 | security-control/RDS.5 |
| service-managed-aws-control-tower/v/1.0.0/RDS .6 | security-control/RDS.6 |
| service-managed-aws-control-tower/v/1.0.0/RDS .8 | security-control/RDS.8 |
| service-managed-aws-control-tower/v/1.0.0/RDS .9 | security-control/RDS.9 |
| service-managed-aws-control-tower/v/1.0.0/RDS .10 | security-control/RDS.10 |
| service-managed-aws-control-tower/v/1.0.0/RDS .11 | security-control/RDS.11 |
| service-managed-aws-control-tower/v/1.0.0/RDS .13 | security-control/RDS.13 |
| service-managed-aws-control-tower/v/1.0.0/RDS .17 | security-control/RDS.17 |
| service-managed-aws-control-tower/v/1.0.0/RDS .18 | security-control/RDS.18 |
| service-managed-aws-control-tower/v/1.0.0/RDS .19 | security-control/RDS.19 |
| service-managed-aws-control-tower/v/1.0.0/RDS .20 | security-control/RDS.20 |
| service-managed-aws-control-tower/v/1.0.0/RDS .21 | security-control/RDS.21 |
| service-managed-aws-control-tower/v/1.0.0/RDS .22 | security-control/RDS.22 |
| service-managed-aws-control-tower/v/1.0.0/RDS .23 | security-control/RDS.23 |
| service-managed-aws-control-tower/v/1.0.0/RDS .25 | security-control/RDS.25 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .1 | security-control/Redshift.1 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .2 | security-control/Redshift.2 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .4 | security-control/Redshift.4 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .6 | security-control/Redshift.6 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .7 | security-control/Redshift.7 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .8 | security-control/Redshift.8 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .9 | security-control/Redshift.9 |
| service-managed-aws-control-tower/v/1.0.0/S 3.1 | security-control/S3.1 |
| service-managed-aws-control-tower/v/1.0.0/S 3.2 | security-control/S3.2 |
| service-managed-aws-control-tower/v/1.0.0/S 3.3 | security-control/S3.3 |
| service-managed-aws-control-tower/v/1.0.0/S 3.5 | security-control/S3.5 |
| service-managed-aws-control-tower/v/1.0.0/S 3.6 | security-control/S3.6 |
| service-managed-aws-control-tower/v/1.0.0/S 3.8 | security-control/S3.8 |
| service-managed-aws-control-tower/v/1.0.0/S 3.9 | security-control/S3.9 |
| service-managed-aws-control-tower/v/1.0.0/S 3.12 | security-control/S3.12 |
| service-managed-aws-control-tower/v/1.0.0/S 3.13 | security-control/S3.13 |
| service-managed-aws-control-tower/v/1.0.0/SageMaker .1 | 安全控制/ .1 SageMaker |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager .1 | 安全控制/ .1 SecretsManager |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager .2 | 安全控制/ .2 SecretsManager |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager .3 | 安全控制/ .3 SecretsManager |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager .4 | 安全控制/ .4 SecretsManager |
| service-managed-aws-control-tower/v/1.0.0/SQS .1 | security-control/SQS.1 |
| service-managed-aws-control-tower/v/1.0.0/SSM .1 | security-control/SSM.1 |
| service-managed-aws-control-tower/v/1.0.0/SSM .2 | security-control/SSM.2 |
| service-managed-aws-control-tower/v/1.0.0/SSM .3 | security-control/SSM.3 |
| service-managed-aws-control-tower/v/1.0.0/SSM .4 | security-control/SSM.4 |
| service-managed-aws-control-tower/v/1.0.0/WAF .2 | security-control/WAF.2 |
| service-managed-aws-control-tower/v/1.0.0/WAF .3 | security-control/WAF.3 |
| service-managed-aws-control-tower/v/1.0.0/WAF .4 | security-control/WAF.4 |
## 整合如何影响控制权 IDs 和所有权
整合的控制视图和整合的控制结果标准化了跨标准的控制 IDs 和标题。*安全控件 ID* 和*安全控件标题*这两个术语是指这些与标准无关的值。
无论您的账户启用还是禁用了整合控制结果,Security Hub CSPM 控制台都会显示与标准无关的安全控制 IDs 和安全控制标题。但是,如果您的账户禁用了整合的控件调查发现,则 Security Hub CSPM 调查发现包含针对 PCI DSS 和 CIS v1.2.0 的特定于标准的控件标题。此外,Security Hub CSPM 调查发现包含特定于标准的控件 ID 和安全控件 ID。有关整合如何影响控件调查发现的示例,请参阅[控件调查发现示例](sample-control-findings.md)。
对于属于 [AWS Control Tower 服务托管标准](service-managed-standard-aws-control-tower.md)一部分的控件,启用整合的控件调查发现后,将从调查发现的控件 ID 和标题中删除前缀 `CT.`。
要在 Security Hub CSPM 中禁用安全控件,必须禁用与该安全控件对应的所有标准控件。下表显示了安全控制 IDs 和标题与特定标准的控制和标题的映射 IDs 。 IDs 而且,属于 AWS 基础安全最佳实践 (FSBP) 标准的控件的标题已经与标准无关。有关控件与 Center for Internet Security(CIS)v3.0.0 要求的映射,请参阅 [将控件映射到每个版本中的 CIS 要求](cis-aws-foundations-benchmark.md#cis-version-comparison)。要在此表上运行您自己的脚本,您可以[将其下载为 .csv 文件](samples/Consolidation_ID_Title_Changes.csv.zip)。
| 标准 | 标准控件 ID 和标题 | 安全控件 ID 和标题 |
| --- | --- | --- |
| CIS v1.2.0 | 1.1 避免使用根用户 | [[CloudWatch.1] “root” 用户应有日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-1) |
| CIS v1.2.0 | 1.10 确保 IAM 密码策略阻止重复使用密码 | [[IAM.16] 确保 IAM 密码策略阻止重复使用密码](iam-controls.md#iam-16) |
| CIS v1.2.0 | 1.11 确保 IAM 密码策略使密码在 90 天或更短时间内失效 | [[IAM.17] 确保 IAM 密码策略使密码在 90 天或更短时间内失效](iam-controls.md#iam-17) |
| CIS v1.2.0 | 1.12 确保不存在根用户访问密钥 | [[IAM.4] 不应存在 IAM 根用户访问密钥](iam-controls.md#iam-4) |
| CIS v1.2.0 | 1.13 确保为根用户启用 MFA | [[IAM.9] 应为根用户启用 MFA](iam-controls.md#iam-9) |
| CIS v1.2.0 | 1.14 确保为根用户启用硬件 MFA | [[IAM.6] 应该为根用户启用硬件 MFA](iam-controls.md#iam-6) |
| CIS v1.2.0 | 1.16 确保 IAM policy 仅附加到组或角色 | [[IAM.2] IAM 用户不应附加 IAM policy](iam-controls.md#iam-2) |
| CIS v1.2.0 | 1.2 确保为拥有控制台密码的所有 IAM 用户启用多重身份验证(MFA) | [[IAM.5] 应为拥有控制台密码的所有 IAM 用户启用 MFA](iam-controls.md#iam-5) |
| CIS v1.2.0 | 1.20 确保创建支持角色来管理涉及 支持的事务 | [[IAM.18] 确保已创建支持角色来管理事件 AWS 支持](iam-controls.md#iam-18) |
| CIS v1.2.0 | 1.22 确保未创建允许完全“\$1.\$1”管理权限的 IAM policy | [[IAM.1] IAM policy 不应允许完整的“\$1”管理权限](iam-controls.md#iam-1) |
| CIS v1.2.0 | 1.3 确保禁用 90 天或更长时间未使用的凭证 | [[IAM.8] 应移除未使用的 IAM 用户凭证](iam-controls.md#iam-8) |
| CIS v1.2.0 | 1.4 确保访问密钥每 90 天或更短时间轮换一次 | [[IAM.3] IAM 用户访问密钥应每 90 天或更短时间轮换一次](iam-controls.md#iam-3) |
| CIS v1.2.0 | 1.5 确保 IAM 密码策略要求包含至少一个大写字母 | [[IAM.11] 确保 IAM 密码策略要求包含至少一个大写字母](iam-controls.md#iam-11) |
| CIS v1.2.0 | 1.6 确保 IAM 密码策略要求包含至少一个小写字母 | [[IAM.12] 确保 IAM 密码策略要求包含至少一个小写字母](iam-controls.md#iam-12) |
| CIS v1.2.0 | 1.7 确保 IAM 密码策略要求包含至少一个符号 | [[IAM.13] 确保 IAM 密码策略要求包含至少一个符号](iam-controls.md#iam-13) |
| CIS v1.2.0 | 1.8 确保 IAM 密码策略要求包含至少一个数字 | [[IAM.14] 确保 IAM 密码策略要求包含至少一个数字](iam-controls.md#iam-14) |
| CIS v1.2.0 | 1.9 确保 IAM 密码策略要求最短密码长度不低于 14 | [[IAM.15] 确保 IAM 密码策略要求最短密码长度不低于 14](iam-controls.md#iam-15) |
| CIS v1.2.0 | 2.1 确保 CloudTrail 在所有地区都已启用 | [[CloudTrail.1] CloudTrail 应启用并配置至少一条包含读写管理事件的多区域跟踪](cloudtrail-controls.md#cloudtrail-1) |
| CIS v1.2.0 | 2.2 确保已启用 CloudTrail 日志文件验证 | [[CloudTrail.4] 应启用 CloudTrail 日志文件验证](cloudtrail-controls.md#cloudtrail-4) |
| CIS v1.2.0 | 2.3 确保用于存储 CloudTrail 日志的 S3 存储桶不可公开访问 | [[CloudTrail.6] 确保用于存储 CloudTrail 日志的 S3 存储桶不可公开访问](cloudtrail-controls.md#cloudtrail-6) |
| CIS v1.2.0 | 2.4 确保 CloudTrail 跟踪与 CloudWatch 日志集成 | [[CloudTrail.5] 应将 CloudTrail 跟踪与 Amazon CloudWatch 日志集成](cloudtrail-controls.md#cloudtrail-5) |
| CIS v1.2.0 | 2.5 确保 AWS Config 已启用 | [AWS Config 应启用 [Config.1] 并使用服务相关角色进行资源记录](config-controls.md#config-1) |
| CIS v1.2.0 | 2.6 确保在 S3 存储桶上启用 CloudTrail S3 存储桶访问日志记录 | [[CloudTrail.7] 确保在 S3 存储桶上启用 S CloudTrail 3 存储桶访问日志记录](cloudtrail-controls.md#cloudtrail-7) |
| CIS v1.2.0 | 2.7 确保使用 KMS 对 CloudTrail 日志进行静态加密 CMKs | [[CloudTrail.2] CloudTrail 应该启用静态加密](cloudtrail-controls.md#cloudtrail-2) |
| CIS v1.2.0 | 2.8 确保为创建的客户 CMKs 启用轮换 | [[KMS.4] 应启用 AWS KMS 密钥轮换](kms-controls.md#kms-4) |
| CIS v1.2.0 | 2.9 确保全部启用 VPC 流量记录 VPCs | [[EC2.6] 应全部启用 VPC 流量记录 VPCs](ec2-controls.md#ec2-6) |
| CIS v1.2.0 | 3.1 确保存在关于未经授权的 API 调用的日志指标筛选条件和警报 | [[CloudWatch.2] 确保存在针对未经授权的 API 调用的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-2) |
| CIS v1.2.0 | 3.10 确保存在关于安全组更改的日志指标筛选条件和警报 | [[CloudWatch.10] 确保存在针对安全组更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-10) |
| CIS v1.2.0 | 3.11 确保存在关于网络访问控制列表(NACL)更改的日志指标筛选条件和警报 | [[CloudWatch.11] 确保存在针对网络访问控制列表 (NACL) 更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-11) |
| CIS v1.2.0 | 3.12 确保存在关于网络网关更改的日志指标筛选条件和警报 | [[CloudWatch.12] 确保存在针对网络网关更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-12) |
| CIS v1.2.0 | 3.13 确保存在关于路由表更改的日志指标筛选条件和警报 | [[CloudWatch.13] 确保存在针对路由表更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-13) |
| CIS v1.2.0 | 3.14 确保存在关于 VPC 更改的日志指标筛选条件和警报 | [[CloudWatch.14] 确保存在针对 VPC 更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-14) |
| CIS v1.2.0 | 3.2 确保存在关于无 MFA 的管理控制台登录的日志指标筛选条件和警报 | [[CloudWatch.3] 确保在没有 MFA 的情况下登录管理控制台时存在日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-3) |
| CIS v1.2.0 | 3.3 确保存在关于使用根用户的日志指标筛选条件和警报 | [[CloudWatch.1] “root” 用户应有日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-1) |
| CIS v1.2.0 | 3.4 确保存在关于 IAM policy 更改的日志指标筛选条件和警报 | [[CloudWatch.4] 确保存在针对 IAM 策略更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-4) |
| CIS v1.2.0 | 3.5 确保存在针对 CloudTrail 配置更改的日志指标筛选器和警报 | [[CloudWatch.5] 确保存在 CloudTrail 配置更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-5) |
| CIS v1.2.0 | 3.6 确保存在针对 AWS 管理控制台 身份验证失败的日志指标筛选器和警报 | [[CloudWatch.6] 确保存在针对 AWS 管理控制台 身份验证失败的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-6) |
| CIS v1.2.0 | 3.7 确保存在日志指标筛选器和警报,用于禁用或计划删除已创建的客户 CMKs | [[CloudWatch.7] 确保存在用于禁用或计划删除客户托管密钥的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-7) |
| CIS v1.2.0 | 3.8 确保存在关于 S3 存储桶策略更改的日志指标筛选条件和警报 | [[CloudWatch.8] 确保存在针对 S3 存储桶策略更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-8) |
| CIS v1.2.0 | 3.9 确保存在 AWS Config 配置更改的日志指标筛选器和警报 | [[CloudWatch.9] 确保存在 AWS Config 配置更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-9) |
| CIS v1.2.0 | 4.1 确保没有安全组允许从 0.0.0.0/0 到端口 22 的传入流量 | [[EC2.13] 安全组不应允许从 0.0.0.0/0 或 ::/0 到端口 22 的入口流量](ec2-controls.md#ec2-13) |
| CIS v1.2.0 | 4.2 确保没有安全组允许从 0.0.0.0/0 到端口 3389 的传入流量 | [[EC2.14] 安全组不应允许从 0.0.0.0/0 或 ::/0 到端口 3389 的入口流量](ec2-controls.md#ec2-14) |
| CIS v1.2.0 | 4.3 确保每个 VPC 的默认安全组限制所有流量 | [[EC2.2] VPC 默认安全组不应允许入站或出站流量](ec2-controls.md#ec2-2) |
| CIS v1.4.0 | 1.10 确保为拥有控制台密码的所有 IAM 用户启用多重身份验证(MFA) | [[IAM.5] 应为拥有控制台密码的所有 IAM 用户启用 MFA](iam-controls.md#iam-5) |
| CIS v1.4.0 | 1.14 确保访问密钥每 90 天或更短时间轮换一次 | [[IAM.3] IAM 用户访问密钥应每 90 天或更短时间轮换一次](iam-controls.md#iam-3) |
| CIS v1.4.0 | 1.16 确保未附加的允许完全“\$1.\$1”管理权限的 IAM policy | [[IAM.1] IAM policy 不应允许完整的“\$1”管理权限](iam-controls.md#iam-1) |
| CIS v1.4.0 | 1.17 确保创建支持角色来管理涉及 支持的事务 | [[IAM.18] 确保已创建支持角色来管理事件 AWS 支持](iam-controls.md#iam-18) |
| CIS v1.4.0 | 1.4 确保不存在根用户账户访问密钥 | [[IAM.4] 不应存在 IAM 根用户访问密钥](iam-controls.md#iam-4) |
| CIS v1.4.0 | 1.5 确保为根用户账户启用 MFA | [[IAM.9] 应为根用户启用 MFA](iam-controls.md#iam-9) |
| CIS v1.4.0 | 1.6 确保为根用户账户启用硬件 MFA | [[IAM.6] 应该为根用户启用硬件 MFA](iam-controls.md#iam-6) |
| CIS v1.4.0 | 1.7 避免使用根用户执行管理和日常任务 | [[CloudWatch.1] “root” 用户应有日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-1) |
| CIS v1.4.0 | 1.8 确保 IAM 密码策略要求最短长度不低于 14 | [[IAM.15] 确保 IAM 密码策略要求最短密码长度不低于 14](iam-controls.md#iam-15) |
| CIS v1.4.0 | 1.9 确保 IAM 密码策略阻止重复使用密码 | [[IAM.16] 确保 IAM 密码策略阻止重复使用密码](iam-controls.md#iam-16) |
| CIS v1.4.0 | 2.1.2 确保 S3 存储桶策略设置为拒绝 HTTP 请求 | [[S3.5] S3 通用存储桶应需要请求才能使用 SSL](s3-controls.md#s3-5) |
| CIS v1.4.0 | 2.1.5.1 应启用 S3 阻止公有访问设置 | [[S3.1] S3 通用存储桶应启用屏蔽公共访问权限设置](s3-controls.md#s3-1) |
| CIS v1.4.0 | 2.1.5.2 应在存储桶级别启用 S3 阻止公有访问设置 | [[S3.8] S3 通用存储桶应屏蔽公共访问权限](s3-controls.md#s3-8) |
| CIS v1.4.0 | 2.2.1 确保启用 EBS 卷加密 | [[EC2.7] 应启用 EBS 默认加密](ec2-controls.md#ec2-7) |
| CIS v1.4.0 | 2.3.1 确保已为 RDS 实例启用加密 | [[RDS.3] RDS 数据库实例应启用静态加密](rds-controls.md#rds-3) |
| CIS v1.4.0 | 3.1 确保 CloudTrail 在所有地区都已启用 | [[CloudTrail.1] CloudTrail 应启用并配置至少一条包含读写管理事件的多区域跟踪](cloudtrail-controls.md#cloudtrail-1) |
| CIS v1.4.0 | 3.2 确保已启用 CloudTrail 日志文件验证 | [[CloudTrail.4] 应启用 CloudTrail 日志文件验证](cloudtrail-controls.md#cloudtrail-4) |
| CIS v1.4.0 | 3.4 确保 CloudTrail 跟踪与 CloudWatch 日志集成 | [[CloudTrail.5] 应将 CloudTrail 跟踪与 Amazon CloudWatch 日志集成](cloudtrail-controls.md#cloudtrail-5) |
| CIS v1.4.0 | 3.5 确保 AWS Config 在所有地区都已启用 | [AWS Config 应启用 [Config.1] 并使用服务相关角色进行资源记录](config-controls.md#config-1) |
| CIS v1.4.0 | 3.6 确保在 S3 存储桶上启用 CloudTrail S3 存储桶访问日志记录 | [[CloudTrail.7] 确保在 S3 存储桶上启用 S CloudTrail 3 存储桶访问日志记录](cloudtrail-controls.md#cloudtrail-7) |
| CIS v1.4.0 | 3.7 确保使用 KMS 对 CloudTrail 日志进行静态加密 CMKs | [[CloudTrail.2] CloudTrail 应该启用静态加密](cloudtrail-controls.md#cloudtrail-2) |
| CIS v1.4.0 | 3.8 确保为创建的客户 CMKs 启用轮换 | [[KMS.4] 应启用 AWS KMS 密钥轮换](kms-controls.md#kms-4) |
| CIS v1.4.0 | 3.9 确保全部启用 VPC 流量记录 VPCs | [[EC2.6] 应全部启用 VPC 流量记录 VPCs](ec2-controls.md#ec2-6) |
| CIS v1.4.0 | 4.4 确保存在关于 IAM policy 更改的日志指标筛选条件和警报 | [[CloudWatch.4] 确保存在针对 IAM 策略更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-4) |
| CIS v1.4.0 | 4.5 确保存在针对 CloudTrail 配置更改的日志指标筛选器和警报 | [[CloudWatch.5] 确保存在 CloudTrail 配置更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-5) |
| CIS v1.4.0 | 4.6 确保存在针对 AWS 管理控制台 身份验证失败的日志指标筛选器和警报 | [[CloudWatch.6] 确保存在针对 AWS 管理控制台 身份验证失败的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-6) |
| CIS v1.4.0 | 4.7 确保存在日志指标筛选器和警报,用于禁用或计划删除已创建的客户 CMKs | [[CloudWatch.7] 确保存在用于禁用或计划删除客户托管密钥的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-7) |
| CIS v1.4.0 | 4.8 确保存在关于 S3 存储桶策略更改的日志指标筛选条件和警报 | [[CloudWatch.8] 确保存在针对 S3 存储桶策略更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-8) |
| CIS v1.4.0 | 4.9 确保存在针对 AWS Config 配置更改的日志指标筛选器和警报 | [[CloudWatch.9] 确保存在 AWS Config 配置更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-9) |
| CIS v1.4.0 | 4.10 确保存在关于安全组更改的日志指标筛选条件和警报 | [[CloudWatch.10] 确保存在针对安全组更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-10) |
| CIS v1.4.0 | 4.11 确保存在关于网络访问控制列表(NACL)更改的日志指标筛选条件和警报 | [[CloudWatch.11] 确保存在针对网络访问控制列表 (NACL) 更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-11) |
| CIS v1.4.0 | 4.12 确保存在关于网络网关更改的日志指标筛选条件和警报 | [[CloudWatch.12] 确保存在针对网络网关更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-12) |
| CIS v1.4.0 | 4.13 确保存在关于路由表更改的日志指标筛选条件和警报 | [[CloudWatch.13] 确保存在针对路由表更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-13) |
| CIS v1.4.0 | 4.14 确保存在关于 VPC 更改的日志指标筛选条件和警报 | [[CloudWatch.14] 确保存在针对 VPC 更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-14) |
| CIS v1.4.0 | 5.1 确保网络不 ACLs 允许从 0.0.0.0/0 进入远程服务器管理端口 | [[EC2.21] 网络 ACLs 不应允许从 0.0.0.0/0 进入端口 22 或端口 3389](ec2-controls.md#ec2-21) |
| CIS v1.4.0 | 5.3 确保每个 VPC 的默认安全组限制所有流量 | [[EC2.2] VPC 默认安全组不应允许入站或出站流量](ec2-controls.md#ec2-2) |
| PCI DSS v3.2.1 | PCI。 AutoScaling.1 与负载均衡器关联的自动扩展组应使用负载均衡器运行状况检查 | [[AutoScaling.1] 与负载均衡器关联的 Auto Scaling 组应使用 ELB 运行状况检查](autoscaling-controls.md#autoscaling-1) |
| PCI DSS v3.2.1 | PCI。 CloudTrail.1 CloudTrail 日志应使用静态加密日志 AWS KMS CMKs | [[CloudTrail.2] CloudTrail 应该启用静态加密](cloudtrail-controls.md#cloudtrail-2) |
| PCI DSS v3.2.1 | PCI。 CloudTrail CloudTrail 应该启用 .2 | [[CloudTrail.3] 应至少启用一条 CloudTrail 跟踪](cloudtrail-controls.md#cloudtrail-3) |
| PCI DSS v3.2.1 | PCI。 CloudTrail.3 应启用 CloudTrail 日志文件验证 | [[CloudTrail.4] 应启用 CloudTrail 日志文件验证](cloudtrail-controls.md#cloudtrail-4) |
| PCI DSS v3.2.1 | PCI。 CloudTrail.4 CloudTrail 路径应与 Amazon CloudWatch 日志集成 | [[CloudTrail.5] 应将 CloudTrail 跟踪与 Amazon CloudWatch 日志集成](cloudtrail-controls.md#cloudtrail-5) |
| PCI DSS v3.2.1 | PCI。 CodeBuild.1 CodeBuild GitHub 或 Bitbucket 源存储库 URLs 应使用 OAuth | [[CodeBuild.1] CodeBuild Bitbucket 源存储库 URLs 不应包含敏感凭证](codebuild-controls.md#codebuild-1) |
| PCI DSS v3.2.1 | PCI。 CodeBuild.2 CodeBuild 项目环境变量不应包含明文凭证 | [[CodeBuild.2] CodeBuild 项目环境变量不应包含明文凭证](codebuild-controls.md#codebuild-2) |
| PCI DSS v3.2.1 | 应该启用 pci.config.1 AWS Config | [AWS Config 应启用 [Config.1] 并使用服务相关角色进行资源记录](config-controls.md#config-1) |
| PCI DSS v3.2.1 | PCI.CW.1 应具有有关“根”用户使用的日志指标筛选条件和警报 | [[CloudWatch.1] “root” 用户应有日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-1) |
| PCI DSS v3.2.1 | PCI.DMS.1 Database Migration Service 复制实例不应公开 | [[DMS.1] Database Migration Service 复制实例不应公开](dms-controls.md#dms-1) |
| PCI DSS v3.2.1 | PCI.EC2.1 不应公开还原 EBS 快照 | [[EC2.1] Amazon EBS 快照不应公开恢复](ec2-controls.md#ec2-1) |
| PCI DSS v3.2.1 | PCI.EC2.2 VPC 默认安全组应禁止入站和出站流量 | [[EC2.2] VPC 默认安全组不应允许入站或出站流量](ec2-controls.md#ec2-2) |
| PCI DSS v3.2.1 | PCI.EC2.4 应移除未使用的 EC2 EIPs | [[EC2.12] EIPs 应移除未使用的亚马逊 EC2](ec2-controls.md#ec2-12) |
| PCI DSS v3.2.1 | PCI.EC2.5 不允许安全组从 0.0.0.0/0 到端口 22 的入站流量 | [[EC2.13] 安全组不应允许从 0.0.0.0/0 或 ::/0 到端口 22 的入口流量](ec2-controls.md#ec2-13) |
| PCI DSS v3.2.1 | 应全部启用 PCI.EC2.6 VPC 流量记录 VPCs | [[EC2.6] 应全部启用 VPC 流量记录 VPCs](ec2-controls.md#ec2-6) |
| PCI DSS v3.2.1 | PCI。 ELBv2.1 Application Load Balancer 应配置为将所有 HTTP 请求重定向到 HTTPS | [[ELB.1] 应用程序负载均衡器应配置为将所有 HTTP 请求重定向到 HTTPS](elb-controls.md#elb-1) |
| PCI DSS v3.2.1 | PCI.ES.1 Elasticsearch 域应位于 VPC 中 | [[ES.2] Elasticsearch 域名不可供公共访问](es-controls.md#es-2) |
| PCI DSS v3.2.1 | PCI.ES.2 Elasticsearch 域应启用静态加密 | [[ES.1] Elasticsearch 域应启用静态加密](es-controls.md#es-1) |
| PCI DSS v3.2.1 | PCI。 GuardDuty.1 GuardDuty 应该启用 | [[GuardDuty.1] GuardDuty 应该启用](guardduty-controls.md#guardduty-1) |
| PCI DSS v3.2.1 | PCI.IAM.1 IAM 根用户访问密钥不应存在 | [[IAM.4] 不应存在 IAM 根用户访问密钥](iam-controls.md#iam-4) |
| PCI DSS v3.2.1 | PCI.IAM.2 IAM 用户不应附加 IAM policy | [[IAM.2] IAM 用户不应附加 IAM policy](iam-controls.md#iam-2) |
| PCI DSS v3.2.1 | PCI.IAM.3 IAM policy 不应允许完全“\$1”管理权限 | [[IAM.1] IAM policy 不应允许完整的“\$1”管理权限](iam-controls.md#iam-1) |
| PCI DSS v3.2.1 | PCI.IAM.4 应该为根用户启用硬件 MFA | [[IAM.6] 应该为根用户启用硬件 MFA](iam-controls.md#iam-6) |
| PCI DSS v3.2.1 | PCI.IAM.5 应该为根用户启用虚拟 MFA | [[IAM.9] 应为根用户启用 MFA](iam-controls.md#iam-9) |
| PCI DSS v3.2.1 | PCI.IAM.6 应该为所有 IAM 用户启用 MFA | [[IAM.19] 应为所有 IAM 用户启用 MFA](iam-controls.md#iam-19) |
| PCI DSS v3.2.1 | 如果未在预定义的天数内使用 PCI.IAM.7 IAM 用户凭证,则应禁用 | [[IAM.8] 应移除未使用的 IAM 用户凭证](iam-controls.md#iam-8) |
| PCI DSS v3.2.1 | PCI.IAM.8 IAM 用户的密码策略应具有可靠的配置 | [[IAM.10] IAM 用户的密码策略应具有很强的配置](iam-controls.md#iam-10) |
| PCI DSS v3.2.1 | PCI.KMS.1 应启用客户主密钥(CMK)轮换 | [[KMS.4] 应启用 AWS KMS 密钥轮换](kms-controls.md#kms-4) |
| PCI DSS v3.2.1 | PCI.Lambda.1 Lambda 函数应禁止公开访问 | [[Lambda.1] Lambda 函数策略应禁止公共访问](lambda-controls.md#lambda-1) |
| PCI DSS v3.2.1 | PCI.Lambda.2 Lambda 函数应位于 VPC 中 | [[Lambda.3] Lambda 函数应位于 VPC 中](lambda-controls.md#lambda-3) |
| PCI DSS v3.2.1 | PCI.openSearch.1 OpenSearch 域名应该在 VPC 中 | [[Opensearch.2] OpenSearch 域名不应向公众开放](opensearch-controls.md#opensearch-2) |
| PCI DSS v3.2.1 | PCI.Opensearch.2 不应公开还原 EBS 快照 | [[Opensearch.1] OpenSearch 域名应启用静态加密](opensearch-controls.md#opensearch-1) |
| PCI DSS v3.2.1 | PCI.RDS.1 RDS 快照应为私有快照 | [[RDS.1] RDS 快照应为私有](rds-controls.md#rds-1) |
| PCI DSS v3.2.1 | PCI.RDS.2 RDS 数据库实例应禁止公开访问 | [[RDS.2] RDS 数据库实例应禁止公共访问,具体取决于配置 PubliclyAccessible](rds-controls.md#rds-2) |
| PCI DSS v3.2.1 | PCI.Redshift.1 Amazon Redshift 集群应禁止公共访问 | [[Redshift.1] Amazon Redshift 集群应禁止公共访问](redshift-controls.md#redshift-1) |
| PCI DSS v3.2.1 | PCI.S3.1 S3 存储桶应禁止公开写入访问 | [[S3.3] S3 通用存储桶应阻止公共写入访问权限](s3-controls.md#s3-3) |
| PCI DSS v3.2.1 | PCI.S3.2 S3 存储桶应禁止公开读取访问 | [[S3.2] S3 通用存储桶应阻止公共读取访问权限](s3-controls.md#s3-2) |
| PCI DSS v3.2.1 | PCI.S3.3 S3 存储桶应启用跨区域复制 | [[S3.7] S3 通用存储桶应使用跨区域复制](s3-controls.md#s3-7) |
| PCI DSS v3.2.1 | PCI.S3.5 S3 存储桶应要求请求才能使用安全套接字层 | [[S3.5] S3 通用存储桶应需要请求才能使用 SSL](s3-controls.md#s3-5) |
| PCI DSS v3.2.1 | PCI.S3.6 应启用 S3 阻止公有访问设置 | [[S3.1] S3 通用存储桶应启用屏蔽公共访问权限设置](s3-controls.md#s3-1) |
| PCI DSS v3.2.1 | PCI。 SageMaker.1 Amazon SageMaker 笔记本实例不应直接访问互联网 | [[SageMaker.1] Amazon SageMaker 笔记本实例不应直接访问互联网](sagemaker-controls.md#sagemaker-1) |
| PCI DSS v3.2.1 | PCI.SSM.1 由 Systems Manager 管理的 EC2 实例在安装补丁后应具有 COMPLIANT 的补丁合规性状态 | [[SSM.2] 由 Systems Manager 管理的 Amazon EC2 实例在安装补丁后应具有 COMPLIANT 的补丁合规性状态](ssm-controls.md#ssm-2) |
| PCI DSS v3.2.1 | 由 Systems Manager 管理的 PCI.SSM.2 EC2 实例的关联合规性的状态应为 COMPLIANT | [[SSM.3] 由 Systems Manager 管理的 Amazon EC2 实例的关联合规状态应为 COMPLIANT](ssm-controls.md#ssm-3) |
| PCI DSS v3.2.1 | PCI.SSM.3 EC2 实例应由以下人员管理 AWS Systems Manager | [[SSM.1] Amazon EC2 实例应由以下人员管理 AWS Systems Manager](ssm-controls.md#ssm-1) |
## 更新工作流以进行整合。
如果工作流不依赖于控件调查发现中任何字段的特定格式,则无需执行任何操作。
如果工作流依赖于控件调查发现中一个或多个字段的特定格式,则应更新工作流。例如,如果您创建的 Amazon EventBridge 规则触发了针对特定控件 ID 的操作(例如在控件 ID 等于 CIS 2.7 时调用 AWS Lambda 函数),请将该规则更新为使用 CloudTrail .2,这是该控件`Compliance.SecurityControlId`字段的值。
如果您创建了使用任何已更改字段或值的[自定义见解](securityhub-custom-insights.md),请更新这些见解以使用新字段或值。
# 必需的顶级 ASFF 属性
Security Hub CSPM 中的所有搜索结果都需要 AWS 安全调查结果格式 (ASFF) 中的以下顶级属性。有关这些属性的更多信息,请参阅《AWS Security Hub API 参考》**中的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html)。
## AwsAccountId
调查结果适用的 AWS 账户 ID。
**示例**
```
"AwsAccountId": "111111111111"
```
## CreatedAt
表示调查发现捕获到的潜在安全问题或事件的创建时间。
**示例**
```
"CreatedAt": "2017-03-22T13:22:13.933Z"
```
## 说明
结果说明。该字段可以是非特定的样板文本,也可以是特定于结果实例的详细信息。
对于 Security Hub CSPM 生成的控件调查发现,此字段提供控件的描述。
如果您启用[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings),则此字段不会引用标准。
**示例**
```
"Description": "This AWS control checks whether AWS Config is enabled in the current account and Region."
```
## GeneratorId
生成结果的特定于解决方案的组件(离散的逻辑单元)的标识符。
对于 Security Hub CSPM 生成的控件调查发现,如果您启用[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings),则此字段不会引用标准。
**示例**
```
"GeneratorId": "security-control/Config.1"
```
## Id
结果的特定于产品的标识符。对于 Security Hub CSPM 生成的控件调查发现,此字段提供调查发现的 Amazon 资源名称(ARN)。
如果您启用[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings),则此字段不会引用标准。
**示例**
```
"Id": "arn:aws:securityhub:eu-central-1:123456789012:security-control/iam.9/finding/ab6d6a26-a156-48f0-9403-115983e5a956"
```
## ProductArn
由 Security Hub CSPM 生成的 Amazon 资源名称(ARN),用于在产品注册到 Security Hub CSPM 后唯一标识第三方调查发现产品。
此字段的格式为 `arn:partition:securityhub:region:account-id:product/company-id/product-id`。
+ 为了 AWS 服务 与 Security Hub CSPM 集成,`company-id`必须`aws`是 “”,并且`product-id`必须是 AWS 公共服务名称。由于 AWS 产品和服务未与账户关联,所以 ARN 的`account-id`部分为空。 AWS 服务 尚未与 Security Hub CSPM 集成的产品被视为第三方产品。
+ 对于公共产品,`company-id` 和 `product-id` 必须为注册时指定的 ID 值。
+ 对于私有产品,`company-id` 必须为账户 ID。`product-id` 必须为保留字“default”或注册时指定的 ID。
**示例**
```
// Private ARN
"ProductArn": "arn:aws:securityhub:us-east-1:111111111111:product/111111111111/default"
// Public ARN
"ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty"
"ProductArn": "arn:aws:securityhub:us-west-2:222222222222:product/generico/secure-pro"
```
## 资源
对象`Resources`数组提供了一组资源数据类型,这些数据类型描述了调查结果所指的 AWS 资源。有关 `Resources` 对象可能包含的字段的详细信息(包括哪些字段是必需的),请参阅《AWS Security Hub API 参考》**中的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Resource.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Resource.html)。有关特定`Resources`对象的示例 AWS 服务,请参见[Resources ASFF 对象](asff-resources.md)。
**示例**
```
"Resources": [
{
"ApplicationArn": "arn:aws:resource-groups:us-west-2:123456789012:group/SampleApp/1234567890abcdef0",
"ApplicationName": "SampleApp",
"DataClassification": {
"DetailedResultsLocation": "Path_to_Folder_Or_File",
"Result": {
"MimeType": "text/plain",
"SizeClassified": 2966026,
"AdditionalOccurrences": false,
"Status": {
"Code": "COMPLETE",
"Reason": "Unsupportedfield"
},
"SensitiveData": [
{
"Category": "PERSONAL_INFORMATION",
"Detections": [
{
"Count": 34,
"Type": "GE_PERSONAL_ID",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 10,
"StartColumn": 20
}
],
"Pages": [],
"Records": [],
"Cells": []
}
},
{
"Count": 59,
"Type": "EMAIL_ADDRESS",
"Occurrences": {
"Pages": [
{
"PageNumber": 1,
"OffsetRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
},
"LineRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
}
}
]
}
},
{
"Count": 2229,
"Type": "URL",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 13
}
]
}
},
{
"Count": 13826,
"Type": "NameDetection",
"Occurrences": {
"Records": [
{
"RecordIndex": 1,
"JsonPath": "$.ssn.value"
}
]
}
},
{
"Count": 32,
"Type": "AddressDetection"
}
],
"TotalCount": 32
}
],
"CustomDataIdentifiers": {
"Detections": [
{
"Arn": "1712be25e7c7f53c731fe464f1c869b8",
"Name": "1712be25e7c7f53c731fe464f1c869b8",
"Count": 2
}
],
"TotalCount": 2
}
}
},
"Type": "AwsEc2Instance",
"Id": "arn:aws:ec2:us-west-2:123456789012:instance/i-abcdef01234567890",
"Partition": "aws",
"Region": "us-west-2",
"ResourceRole": "Target",
"Tags": {
"billingCode": "Lotus-1-2-3",
"needsPatching": true
},
"Details": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:role/IamInstanceProfileArn",
"ImageId": "ami-79fd7eee",
"IpV4Addresses": ["1.1.1.1"],
"IpV6Addresses": ["2001:db8:1234:1a2b::123"],
"KeyName": "testkey",
"LaunchedAt": "2018-09-29T01:25:54Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled"
}
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "PublicSubnet",
"Type": "i3.xlarge",
"VirtualizationType": "hvm",
"VpcId": "TestVPCIpv6"
}
]
```
## SchemaVersion
格式化结果的架构版本。该字段的值必须为 AWS确定的官方发布版本之一。在当前版本中, AWS 安全调查结果格式架构版本为`2018-10-08`。
**示例**
```
"SchemaVersion": "2018-10-08"
```
## 严重性
定义调查发现的重要性。有关此对象的详细信息,请参阅 *AWS Security Hub API 参考*中的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Severity.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Severity.html)。
`Severity` 既是调查发现中的顶级对象,又嵌套在 `FindingProviderFields` 对象之下。
只能使用 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 来更新调查发现的顶级 `Severity` 对象的值。
要提供严重性信息,调查发现提供商在进行 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API 请求时应更新 `FindingProviderFields` 下的 `Severity` 对象。
如果对新调查发现的 `BatchImportFindings` 请求仅提供 `Label` 或仅提供 `Normalized`,则 Security Hub CSPM 会自动填充其他字段的值。可能还会填充 `Product` 和 `Original` 字段。
如果顶级 `Finding.Severity` 对象存在但 `Finding.FindingProviderFields` 不存在,Security Hub CSPM 会创建 `FindingProviderFields.Severity` 对象并将整个 `Finding.Severity object` 复制到其中。这样可以确保即使顶级 `Severity` 对象被覆盖,提供者提供的原始详细信息也会保留在 `FindingProviderFields.Severity` 结构中。
结果严重性不考虑涉及的资产或底层资源的严重性。严重性将定义为与结果关联的资源的重要性级别。例如,与任务关键型应用程序关联的资源比与非生产测试关联的资源具有更高的关键性。要捕获有关资源严重性的信息,请使用 `Criticality` 字段。
我们建议在将调查发现的本机严重性评分转换为 ASFF 中的 `Severity.Label` 值时使用以下指南。
+ `INFORMATIONAL`——此类别可能包括 `PASSED`、`WARNING`、`NOT AVAILABLE` 的调查发现或敏感数据标识。
+ `LOW`——可能导致未来受损的调查发现。例如,此类别可能包括漏洞、配置隐患和泄露密码。
+ `MEDIUM`——结果表明遭受活动攻击,但未指示攻击者已达成其目标 例如,此类别可能包括恶意软件活动、黑客活动和异常行为检测。
+ `HIGH` 或 `CRITICAL`——指示攻击者达成目标(例如主动数据丢失或泄露、拒绝服务)的调查发现。
**示例**
```
"Severity": {
"Label": "CRITICAL",
"Normalized": 90,
"Original": "CRITICAL"
}
```
## 标题
结果的标题。该字段可以包含非特定的样板文本,也可以包含特定于结果实例的详细信息。
对于控件调查发现,此字段提供控件的标题。如果您启用[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings),则此字段不会引用标准。
**示例**
```
"Title": "AWS Config should be enabled"
```
## 类型
一个或多个 `namespace/category/classifier` 格式的结果类型,用于对结果进行分类。如果您启用[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings),则此字段不会引用标准。
只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 来更新 `Types`。
调查发现提供商想要为 `Types` 提供值,应使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_FindingProviderFields.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_FindingProviderFields.html) 下面的 `Types` 属性。
在下面的列表中,顶级项目符号是命名空间,二级项目符号是类别,三级项目符号是分类器。我们建议调查发现提供商使用定义的命名空间来帮助对调查发现进行排序和分组。也可以使用定义的类别和分类器,但不是必需的。仅软件和配置检查命名空间定义了分类器。
您可以为定义部分路径namespace/category/classifier。例如,以下调查发现类型均有效:
+ TTPs
+ TTPs/防御闪避
+ TTPs/Defense Evasion/CloudTrailStopped
以下列表中的战术、技巧和程序 (TTPs) 类别与 [MITRE ATT&CK Mat](https://attack.mitre.org/matrices/enterprise/) rixTM 一致。Unusual Behaviours 命名空间反映一般异常行为,例如一般统计异常,并且与特定 TTP 不一致。但是,您可以同时使用异常行为和发现类型对 TTPs 发现进行分类。
**命名空间、类别和分类器列表:**
+ Software and Configuration Checks
+ 漏洞
+ CVE
+ AWS 安全最佳实践
+ 网络可到达性
+ 运行时行为分析
+ 行业和法规标准
+ AWS 基础安全最佳实践
+ CIS 主机强化基准
+ 独联体 AWS 基金会基准
+ PCI-DSS
+ 云安全联盟控制
+ ISO 90001 控制
+ ISO 27001 控制
+ ISO 27017 控制
+ ISO 27018 控制
+ SOC 1
+ SOC 2
+ HIPAA 控制(美国)
+ NIST 800-53 控制(美国)
+ NIST CSF 控制(美国)
+ IRAP 控制(澳大利亚)
+ K-ISMS 控制(韩国)
+ MTCS 控制(新加坡)
+ FISC 控制(日本)
+ My Number Act 控制(日本)
+ ENS 控制(西班牙)
+ Cyber Essentials Plus 控制(英国)
+ G-Cloud 控制(英国)
+ C5 控制(德国)
+ IT-Grundschutz 控制(德国)
+ GDP 控制(欧洲)
+ TISAX 控制(欧洲)
+ 补丁管理
+ TTPs
+ 首次访问
+ Execution
+ Persistence
+ 权限提升
+ 躲避防御系统
+ 凭证访问
+ Discovery
+ 横向移动
+ 集合
+ 命令和控制
+ 影响
+ 数据公开
+ 数据泄露
+ 数据销毁
+ 拒绝服务
+ 资源消耗
+ 不寻常的行为
+ 应用程序
+ 网络流量
+ IP 地址
+ 用户
+ VM
+ Container
+ Serverless(无服务器)
+ 流程
+ 数据库
+ 数据
+ 敏感数据识别
+ PII
+ 密码
+ 法律条款
+ 财务
+ 安全性
+ 商业
**示例**
```
"Types": [
"Software and Configuration Checks/Vulnerabilities/CVE"
]
```
## UpdatedAt
表示调查发现提供商上次更新查找记录的时间。
此时间戳反映了上次或最近一次更新的调查发现记录的时间。因此,它可能与 `LastObservedAt` 时间戳不同,后者反映的是上次或最近观察到事件或漏洞的时间。
更新结果记录时,必须将该时间戳更新为当前时间戳。创建调查发现记录后,`CreatedAt` 和 `UpdatedAt` 时间戳必须相同。更新调查发现记录后,该字段的值必须比它包含的所有先前值更新。
请注意,`UpdatedAt` 无法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 操作进行更新。您只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 操作更新它。
**示例**
```
"UpdatedAt": "2017-04-22T13:22:13.933Z"
```
# 可选顶级 ASFF 属性
在 Security Hub CSPM 中查找结果时, AWS 安全调查结果格式 (ASFF) 中的以下顶级属性是可选的。有关这些属性的更多信息,请参阅《AWS Security Hub API 参考》**中的 [AwsSecurityFinding](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html)。
## Action
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html) 对象提供有关影响资源或已对资源采取的操作的详细信息。
**示例**
```
"Action": {
"ActionType": "PORT_PROBE",
"PortProbeAction": {
"PortProbeDetails": [
{
"LocalPortDetails": {
"Port": 80,
"PortName": "HTTP"
},
"LocalIpDetails": {
"IpAddressV4": "192.0.2.0"
},
"RemoteIpDetails": {
"Country": {
"CountryName": "Example Country"
},
"City": {
"CityName": "Example City"
},
"GeoLocation": {
"Lon": 0,
"Lat": 0
},
"Organization": {
"AsnOrg": "ExampleASO",
"Org": "ExampleOrg",
"Isp": "ExampleISP",
"Asn": 64496
}
}
}
],
"Blocked": false
}
}
```
## AwsAccountName
调查结果适用的 AWS 账户 名称。
**示例**
```
"AwsAccountName": "jane-doe-testaccount"
```
## CompanyName
生成调查发现的产品的公司名称。对于基于控制的调查结果,该公司是。 AWS
Security Hub CSPM 会为每个调查发现自动填充此属性。您无法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 或 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 对其进行更新。使用自定义集成是此规则的例外。请参阅[将 Security Hub CSPM 与自定义产品集成](securityhub-custom-providers.md)。
当您使用 Security Hub CSPM 控制台按公司名称筛选调查发现时,请使用此属性。当您使用 Security Hub CSPM API 按公司名称筛选调查发现时,请使用 `ProductFields` 下的 `aws/securityhub/CompanyName` 属性。Security Hub CSPM 不会同步这两个属性。
**示例**
```
"CompanyName": "AWS"
```
## 合规
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Compliance.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Compliance.html) 对象通常会提供有关控件调查发现的详细信息,例如适用的标准和控件检查的状态。
**示例**
```
"Compliance": {
"AssociatedStandards": [
{"StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"},
{"StandardsId": "standards/service-managed-aws-control-tower/v/1.0.0"},
{"StandardsId": "standards/nist-800-53/v/5.0.0"}
],
"RelatedRequirements": [
"NIST.800-53.r5 AC-4",
"NIST.800-53.r5 AC-4(21)",
"NIST.800-53.r5 SC-7",
"NIST.800-53.r5 SC-7(11)",
"NIST.800-53.r5 SC-7(16)",
"NIST.800-53.r5 SC-7(21)",
"NIST.800-53.r5 SC-7(4)",
"NIST.800-53.r5 SC-7(5)"
],
"SecurityControlId": "EC2.18",
"SecurityControlParameters":[
{
"Name": "authorizedTcpPorts",
"Value": ["80", "443"]
},
{
"Name": "authorizedUdpPorts",
"Value": ["427"]
}
],
"Status": "NOT_AVAILABLE",
"StatusReasons": [
{
"ReasonCode": "CONFIG_RETURNS_NOT_APPLICABLE",
"Description": "This finding has a compliance status of NOT AVAILABLE because AWS Config sent Security Hub CSPM a finding with a compliance state of Not Applicable. The potential reasons for a Not Applicable finding from Config are that (1) a resource has been moved out of scope of the Config rule; (2) the Config rule has been deleted; (3) the resource has been deleted; or (4) the logic of the Config rule itself includes scenarios where Not Applicable is returned. The specific reason why Not Applicable is returned is not available in the Config rule evaluation."
}
]
}
```
## 置信度
调查发现能够准确识别其理应识别的行为或问题的可能性。
`Confidence` 只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 进行更新。
调查发现提供商想要为 `Confidence` 提供值,应使用 `FindingProviderFields` 下面的 `Confidence` 属性。请参阅[使用 FindingProviderFields 更新调查发现](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
使用比例刻度按 0-100 分对 `Confidence` 进行评分。 0 表示置信度为 0%,100 表示置信度为 100%。例如,基于网络流量统计偏差的数据泄露检测的置信度较低,因为实际的泄露尚未得到验证。
**示例**
```
"Confidence": 42
```
## 严重性
分配给与调查发现关联的资源的重要性级别。
`Criticality` 只能通过调用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 操作进行更新。不要使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 更新此对象。
调查发现提供商想要为 `Criticality` 提供值,应使用 `FindingProviderFields` 下面的 `Criticality` 属性。请参阅[使用 FindingProviderFields 更新调查发现](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
使用仅支持全整型的比例刻度以 0-100 为基础对 `Criticality` 进行评分。评分为 0 意味着底层资源不关键,对于最关键的资源,评分为 100。
对于每种资源,在分配 `Criticality` 时请考虑以下几点:
+ 受影响的资源是否包含敏感数据(例如,具有 PII 的 S3 存储桶)?
+ 受影响的资源是否使攻击者能够加深访问或扩展其能力以执行其他恶意活动(例如,受损的系统管理员账户)?
+ 资源是否为业务关键型资产(例如,在受到攻击时可能会对收入造成重大影响的关键业务系统)?
您可以使用以下准则:
+ 对于支持关键任务型系统或包含高度敏感数据的资源,评分范围为 75–100。
+ 对于支持重要(但非关键)系统或包含中等重要程度数据的资源,评分范围为 25–74。
+ 对于支持非重要系统或包含非敏感数据的资源,评分范围应 为 0–24。
**示例**
```
"Criticality": 99
```
## 检测
该`Detection`对象提供有关从 Amazon GuardDuty 扩展威胁检测中发现的攻击序列的详细信息。 GuardDuty 当多个事件与潜在的可疑活动对应时,生成攻击序列查找结果。要在 Sec AWS urity Hub CSPM 中接收 GuardDuty 攻击序列结果,你必须已在 GuardDuty 账户中启用。有关更多信息,请参阅《[亚马逊* GuardDuty 用户指南》中的 “亚马逊 GuardDuty *扩展威胁检测](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html)”。
**示例**
```
"Detection": {
"Sequence": {
"Uid": "1111111111111-184ec3b9-cf8d-452d-9aad-f5bdb7afb010",
"Actors": [{
"Id": "USER:AROA987654321EXAMPLE:i-b188560f:1234567891",
"Session": {
"Uid": "1234567891",
"MfAStatus": "DISABLED",
"CreatedTime": "1716916944000",
"Issuer": "arn:aws:s3:::amzn-s3-demo-destination-bucket"
},
"User": {
"CredentialUid": "ASIAIOSFODNN7EXAMPLE",
"Name": "ec2_instance_role_production",
"Type": "AssumedRole",
"Uid": "AROA987654321EXAMPLE:i-b188560f",
"Account": {
"Uid": "AccountId",
"Name": "AccountName"
}
}
}],
"Endpoints": [{
"Id": "EndpointId",
"Ip": "203.0.113.1",
"Domain": "example.com",
"Port": 4040,
"Location": {
"City": "New York",
"Country": "US",
"Lat": 40.7123,
"Lon": -74.0068
},
"AutonomousSystem": {
"Name": "AnyCompany",
"Number": 64496
},
"Connection": {
"Direction": "INBOUND"
}
}],
"Signals": [{
"Id": "arn:aws:guardduty:us-east-1:123456789012:detector/d0bfe135ab8b4dd8c3eaae7df9900073/finding/535a382b1bcc44d6b219517a29058fb7",
"Title": "Someone ran a penetration test tool on your account.",
"ActorIds": ["USER:AROA987654321EXAMPLE:i-b188560f:1234567891"],
"Count": 19,
"FirstSeenAt": 1716916943000,
"SignalIndicators": [
{
"Key": "ATTACK_TACTIC",
"Title": "Attack Tactic",
"Values": [
"Impact"
]
},
{
"Key": "HIGH_RISK_API",
"Title": "High Risk Api",
"Values": [
"s3:DeleteObject"
]
},
{
"Key": "ATTACK_TECHNIQUE",
"Title": "Attack Technique",
"Values": [
"Data Destruction"
]
},
],
"LastSeenAt": 1716916944000,
"Name": "Test:IAMUser/KaliLinux",
"ResourceIds": [
"arn:aws:s3:::amzn-s3-demo-destination-bucket"
],
"Type": "FINDING"
}],
"SequenceIndicators": [
{
"Key": "ATTACK_TACTIC",
"Title": "Attack Tactic",
"Values": [
"Discovery",
"Exfiltration",
"Impact"
]
},
{
"Key": "HIGH_RISK_API",
"Title": "High Risk Api",
"Values": [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBuckets"
"s3:ListObjects"
]
},
{
"Key": "ATTACK_TECHNIQUE",
"Title": "Attack Technique",
"Values": [
"Cloud Service Discovery",
"Data Destruction"
]
}
]
}
}
```
## FindingProviderFields
`FindingProviderFields` 包括以下属性:
+ `Confidence`
+ `Criticality`
+ `RelatedFindings`
+ `Severity`
+ `Types`
前面的字段都嵌套在 `FindingProviderFields` 对象下,但具有与顶级 ASFF 字段相同的名称。当调查发现提供者将新调查发现发送到 Security Hub CSPM 时,如果 `FindingProviderFields` 对象为空,Security Hub CSPM 会根据相应的顶级字段自动填充该对象。
调查发现提供者可以通过使用 Security Hub CSPM API 的 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 操作更新 `FindingProviderFields`。调查发现提供者无法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 更新此对象。
有关 Security Hub CSPM 如何处理由 `BatchImportFindings` 到 `FindingProviderFields`,再到相应顶级属性的更新的详细信息,请参阅[使用 FindingProviderFields 更新调查发现](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
客户可以使用 `BatchUpdateFindings` 操作更新顶级字段。客户无法更新 `FindingProviderFields`。
**示例**
```
"FindingProviderFields": {
"Confidence": 42,
"Criticality": 99,
"RelatedFindings":[
{
"ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "123e4567-e89b-12d3-a456-426655440000"
}
],
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ]
}
```
## FirstObservedAt
表示调查发现捕获到的潜在安全问题或事件的首次观察时间。
此时间戳指定首次观察到事件或漏洞的时间。因此,它可能与 `CreatedAt` 时间戳不同,后者反映了此调查发现记录的创建时间。
对于 Security Hub CSPM 生成和更新的控件调查发现,此时间戳还可以指示资源的合规性状态最近发生更改的时间。对于其他类型的调查发现,此时间戳在调查发现记录的更新之间应该是不可变的,但如果确定了更准确的时间戳,则可以更新。
**示例**
```
"FirstObservedAt": "2017-03-22T13:22:13.933Z"
```
## LastObservedAt
表示安全调查发现产品最近一次观察到由调查发现捕获的潜在安全问题或事件的时间。
此时间戳指定上次或最近观察到事件或漏洞的时间。因此,它可能与 `UpdatedAt` 时间戳不同,后者反映了该调查发现记录的最后一次更新时间或最近更新的时间。
您可以提供此时间戳,但在首次观察时不需要此时间戳。如果您在首次观察时填充此字段,则时间戳应与 `FirstObservedAt` 时间戳相同。每次观察到结果时,您应该更新该字段,以反映上次或最近一次观察的时间戳。
**示例**
```
"LastObservedAt": "2017-03-23T13:22:13.933Z"
```
## 恶意软件
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html) 对象提供与调查发现相关的恶意软件列表。
**示例**
```
"Malware": [
{
"Name": "Stringler",
"Type": "COIN_MINER",
"Path": "/usr/sbin/stringler",
"State": "OBSERVED"
}
]
```
## 网络(已停用)
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Network.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Network.html) 对象提供有关调查发现的网络相关信息。
此对象已停用。要提供此数据,您可以将数据映射到 `Resources` 中的资源,也可以使用 `Action` 对象。
**示例**
```
"Network": {
"Direction": "IN",
"OpenPortRange": {
"Begin": 443,
"End": 443
},
"Protocol": "TCP",
"SourceIpV4": "1.2.3.4",
"SourceIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C",
"SourcePort": "42",
"SourceDomain": "example1.com",
"SourceMac": "00:0d:83:b1:c0:8e",
"DestinationIpV4": "2.3.4.5",
"DestinationIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C",
"DestinationPort": "80",
"DestinationDomain": "example2.com"
}
```
## NetworkPath
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_NetworkPathComponent.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_NetworkPathComponent.html) 对象提供与调查发现相关的网络路径的相关信息。`NetworkPath` 中的每个条目都代表路径的一个组成部分。
**示例**
```
"NetworkPath" : [
{
"ComponentId": "abc-01a234bc56d8901ee",
"ComponentType": "AWS::EC2::InternetGateway",
"Egress": {
"Destination": {
"Address": [ "192.0.2.0/24" ],
"PortRanges": [
{
"Begin": 443,
"End": 443
}
]
},
"Protocol": "TCP",
"Source": {
"Address": ["203.0.113.0/24"]
}
},
"Ingress": {
"Destination": {
"Address": [ "198.51.100.0/24" ],
"PortRanges": [
{
"Begin": 443,
"End": 443
}
]
},
"Protocol": "TCP",
"Source": {
"Address": [ "203.0.113.0/24" ]
}
}
}
]
```
## 备注
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Note.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Note.html) 对象指定了用户定义的注释,您可以将其添加到调查发现中。
结果提供商可以为结果提供初始注释,但不能在此之后添加注释。您只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 更新注释。
**示例**
```
"Note": {
"Text": "Don't forget to check under the mat.",
"UpdatedBy": "jsmith",
"UpdatedAt": "2018-08-31T00:15:09Z"
}
```
## PatchSummary
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_PatchSummary.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_PatchSummary.html) 对象根据所选合规性标准提供实例的补丁合规性状态摘要。
**示例**
```
"PatchSummary" : {
"FailedCount" : 0,
"Id" : "pb-123456789098",
"InstalledCount" : 100,
"InstalledOtherCount" : 1023,
"InstalledPendingReboot" : 0,
"InstalledRejectedCount" : 0,
"MissingCount" : 100,
"Operation" : "Install",
"OperationEndTime" : "2018-09-27T23:39:31Z",
"OperationStartTime" : "2018-09-27T23:37:31Z",
"RebootOption" : "RebootIfNeeded"
}
```
## 流程
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ProcessDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ProcessDetails.html) 对象提供有关调查发现的过程相关详细信息。
示例:
```
"Process": {
"LaunchedAt": "2018-09-27T22:37:31Z",
"Name": "syslogd",
"ParentPid": 56789,
"Path": "/usr/sbin/syslogd",
"Pid": 12345,
"TerminatedAt": "2018-09-27T23:37:31Z"
}
```
## ProcessedAt
指示 Security Hub CSPM 何时收到调查发现并开始对其进行处理。
与 `CreatedAt` 和 `UpdatedAt` 不同,这二者是必需的时间戳,与调查发现提供者与安全问题和调查发现的交互有关。`ProcessedAt` 时间戳指示 Security Hub CSPM 何时开始处理调查发现。处理完成后,调查发现会出现在用户的账户中。
```
"ProcessedAt": "2023-03-23T13:22:13.933Z"
```
## ProductFields
一种数据类型,其中安全调查结果产品可以包含其他特定于解决方案的详细信息,这些详细信息不是定义 AWS 的安全调查结果格式的一部分。
有关由 Security Hub CSPM 控件生成的调查发现,`ProductFields` 包括有关控件的信息。请参阅[生成和更新控件调查发现](controls-findings-create-update.md)。
此字段不应包含冗余数据,也不得包含与 AWS 安全调查结果格式字段冲突的数据。
“`aws/`” 前缀仅代表为 AWS 产品和服务保留的命名空间,不得与第三方集成的发现一起提交。
虽然不是必需的,但产品应将字段名称格式化为 `company-id/product-id/field-name`,其中 `company-id` 和 `product-id` 与结果的 `ProductArn` 中提供的名称匹配。
当 Security Hub CSPM 存档现有调查发现时,将使用引用 `Archival` 的字段。例如,当您禁用控件或标准以及打开或关闭[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings)时,Security Hub CSPM 会存档现有调查发现。
此字段还可能包含有关标准的信息,标准中包括产生调查发现的控件。
**示例**
```
"ProductFields": {
"API", "DeleteTrail",
"ArchivalReasons:0/Description": "The finding is in an ARCHIVED state because consolidated control findings has been turned on or off. This causes findings in the previous state to be archived when new findings are being generated.",
"ArchivalReasons:0/ReasonCode": "CONSOLIDATED_CONTROL_FINDINGS_UPDATE",
"aws/inspector/AssessmentTargetName": "My prod env",
"aws/inspector/AssessmentTemplateName": "My daily CVE assessment",
"aws/inspector/RulesPackageName": "Common Vulnerabilities and Exposures",
"generico/secure-pro/Action.Type", "AWS_API_CALL",
"generico/secure-pro/Count": "6",
"Service_Name": "cloudtrail.amazonaws.com"
}
```
## ProductName
提供生成调查发现的产品的名称。对于基于控件的调查发现,产品名称为 Security Hub CSPM。
Security Hub CSPM 会为每个调查发现自动填充此属性。您无法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 或 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 对其进行更新。使用自定义集成是此规则的例外。请参阅[将 Security Hub CSPM 与自定义产品集成](securityhub-custom-providers.md)。
当您使用 Security Hub CSPM 控制台按产品名称筛选调查发现时,请使用此属性。
当您使用 Security Hub CSPM API 按产品名称筛选调查发现时,请使用 `ProductFields` 下面的 `aws/securityhub/ProductName` 属性。
Security Hub CSPM 不会同步这两个属性。
## RecordState
提供调查发现的记录状态。
默认情况下,在最初由服务生成时,结果被视为 `ACTIVE`。
`ARCHIVED` 状态表示应从视图中隐藏结果。存档的调查发现不会立即删除。您可以搜索、查看和报告这些结果。如果关联的资源被删除、资源不存在或控件被禁用,Security Hub CSPM 会自动存档基于控件的调查发现。
`RecordState` 适用于调查发现提供者,并且只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 操作进行更新。您不能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 操作进行更新。
要跟踪调查发现的状态,请使用 [`Workflow`](#asff-workflow) 而不是 `RecordState`。
如果记录状态从 `ARCHIVED` 变为 `ACTIVE`,并且调查发现的工作流状态为 `NOTIFIED` 或 `RESOLVED`,则 Security Hub CSPM 会自动将工作流状态更改为 `NEW`。
**示例**
```
"RecordState": "ACTIVE"
```
## Region
指定生成查找结果 AWS 区域 的依据。
Security Hub CSPM 会为每个调查发现自动填充此属性。您无法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 或 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 对其进行更新。
**示例**
```
"Region": "us-west-2"
```
## RelatedFindings
提供与当前发现相关的调查发现列表。
`RelatedFindings` 只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 操作进行更新。您不应使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 更新此对象。
对于 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 请求,调查发现提供商应使用 [`FindingProviderFields`](#asff-findingproviderfields) 下面的 `RelatedFindings` 对象。
要查看 `RelatedFindings` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_RelatedFinding.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_RelatedFinding.html)。
**示例**
```
"RelatedFindings": [
{ "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "123e4567-e89b-12d3-a456-426655440000" },
{ "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "AcmeNerfHerder-111111111111-x189dx7824" }
]
```
## RiskAssessment
**示例**
```
"RiskAssessment": {
"Posture": {
"FindingTotal": 4,
"Indicators": [
{
"Type": "Reachability",
"Findings": [
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/1234567890abcdef0",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
},
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/abcdef01234567890",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
}
]
},
{
"Type": "Vulnerability",
"Findings": [
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/021345abcdef6789",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
},
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/021345ghijkl6789",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
}
]
}
]
}
}
```
## 修复
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Remediation.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Remediation.html) 对象提供有关为解决调查发现问题而建议的修复步骤的信息。
**示例**
```
"Remediation": {
"Recommendation": {
"Text": "For instructions on how to fix this issue, see the AWS Security Hub CSPM documentation for EC2.2.",
"Url": "https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation"
}
}
```
## 样本
指定调查发现是否为调查发现样本。
```
"Sample": true
```
## SourceUrl
`SourceUrl` 对象提供一个 URL,指向有关调查发现产品中当前调查发现的页面
```
"SourceUrl": "http://sourceurl.com"
```
## ThreatIntelIndicators
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ThreatIntelIndicator.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ThreatIntelIndicator.html) 对象提供与调查发现相关的威胁情报详细信息。
**示例**
```
"ThreatIntelIndicators": [
{
"Category": "BACKDOOR",
"LastObservedAt": "2018-09-27T23:37:31Z",
"Source": "Threat Intel Weekly",
"SourceUrl": "http://threatintelweekly.org/backdoors/8888",
"Type": "IPV4_ADDRESS",
"Value": "8.8.8.8",
}
]
```
## 威胁
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Threat.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Threat.html) 对象提供调查发现所检测到的威胁的详细信息。
**示例**
```
"Threats": [{
"FilePaths": [{
"FileName": "b.txt",
"FilePath": "/tmp/b.txt",
"Hash": "sha256",
"ResourceId": "arn:aws:ec2:us-west-2:123456789012:volume/vol-032f3bdd89aee112f"
}],
"ItemCount": 3,
"Name": "Iot.linux.mirai.vwisi",
"Severity": "HIGH"
}]
```
## UserDefinedFields
提供与调查发现关联的名称/值字符串对的列表。这些是添加到结果的自定义用户定义字段。这些字段可以通过特定配置自动生成。
调查发现提供商不应将此字段用于产品生成的数据。相反,查找提供者可以将该`ProductFields`字段用于未映射到任何标准 AWS 安全查找格式字段的数据。
这些字段只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 进行更新。
**示例**
```
"UserDefinedFields": {
"reviewedByCio": "true",
"comeBackToLater": "Check this again on Monday"
}
```
## VerificationState
提供调查发现的准确性。结果产品可以提供 `UNKNOWN` 作为该字段的值。如果在结果产品的系统中存在有意义的类比,则结果产品应该为该字段提供值。该字段通常由用户在对调查发现进行调查后做出的决定或操作填充。
结果提供商可以为此属性提供初始值,但在此之后无法更新它。您只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 来更新此属性。
```
"VerificationState": "Confirmed"
```
## 漏洞
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html) 对象提供与调查发现相关的漏洞列表。
**示例**
```
"Vulnerabilities" : [
{
"CodeVulnerabilities": [{
"Cwes": [
"CWE-798",
"CWE-799"
],
"FilePath": {
"EndLine": 421,
"FileName": "package-lock.json",
"FilePath": "package-lock.json",
"StartLine": 420
},
"SourceArn":"arn:aws:lambda:us-east-1:123456789012:layer:AWS-AppConfig-Extension:114"
}],
"Cvss": [
{
"BaseScore": 4.7,
"BaseVector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"Version": "V3"
},
{
"BaseScore": 4.7,
"BaseVector": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"Version": "V2"
}
],
"EpssScore": 0.015,
"ExploitAvailable": "YES",
"FixAvailable": "YES",
"Id": "CVE-2020-12345",
"LastKnownExploitAt": "2020-01-16T00:01:35Z",
"ReferenceUrls":[
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418",
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563"
],
"RelatedVulnerabilities": ["CVE-2020-12345"],
"Vendor": {
"Name": "Alas",
"Url":"https://alas.aws.amazon.com/ALAS-2020-1337.html",
"VendorCreatedAt":"2020-01-16T00:01:43Z",
"VendorSeverity":"Medium",
"VendorUpdatedAt":"2020-01-16T00:01:43Z"
},
"VulnerablePackages": [
{
"Architecture": "x86_64",
"Epoch": "1",
"FilePath": "/tmp",
"FixedInVersion": "0.14.0",
"Name": "openssl",
"PackageManager": "OS",
"Release": "16.amzn2.0.3",
"Remediation": "Update aws-crt to 0.14.0",
"SourceLayerArn": "arn:aws:lambda:us-west-2:123456789012:layer:id",
"SourceLayerHash": "sha256:c1962c35b63a6ff6ce7df6e042ee82371a605ca9515569edec46ff14f926f001",
"Version": "1.0.2k"
}
]
}
]
```
## 工作流
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Workflow.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Workflow.html) 对象提供有关调查发现调查状态的信息。
此字段专供客户与修复、编排和票务工具配合使用。它不适用于结果提供商。
您只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 更新 `Workflow` 字段。客户还可以从控制台更新它。请参阅[在 Security Hub CSPM 中设置调查发现的工作流状态](findings-workflow-status.md)。
**示例**
```
"Workflow": {
"Status": "NEW"
}
```
## WorkflowState (已退休)
此对象已停用,已被 `Workflow` 对象的 `Status` 字段所取代。
此字段提供调查发现的工作流程状态。结果产品可以提供 `NEW` 作为该字段的值。如果在结果产品的系统中存在有意义的类比,则结果产品可以为该字段提供值。
**示例**
```
"WorkflowState": "NEW"
```
# Resources ASFF 对象
在 AWS 安全调查结果格式 (ASFF) 中,`Resources`对象提供有关查找结果中涉及的资源的信息。它包含最多 32 个资源对象的数组。要确定资源名称的格式,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。有关每个资源对象的示例,请从以下列表中选择资源。
**Topics**
+ [ASFF 中的资源属性](asff-resources-attributes.md)
+ [ASFF 中的 AwsAmazonMQ 资源](asff-resourcedetails-awsamazonmq.md)
+ [ASFF 中的 AwsApiGateway 资源](asff-resourcedetails-awsapigateway.md)
+ [ASFF 中的 AwsAppSync 资源](asff-resourcedetails-awsappsync.md)
+ [ASFF 中的 AwsAthena 资源](asff-resourcedetails-awsathena.md)
+ [ASFF 中的 AwsAutoScaling 资源](asff-resourcedetails-awsautoscaling.md)
+ [ASFF 中的 AwsBackup 资源](asff-resourcedetails-awsbackup.md)
+ [ASFF 中的 AwsCertificateManager 资源](asff-resourcedetails-awscertificatemanager.md)
+ [ASFF 中的 AwsCloudFormation 资源](asff-resourcedetails-awscloudformation.md)
+ [ASFF 中的 AwsCloudFront 资源](asff-resourcedetails-awscloudfront.md)
+ [ASFF 中的 AwsCloudTrail 资源](asff-resourcedetails-awscloudtrail.md)
+ [ASFF 中的 AwsCloudWatch 资源](asff-resourcedetails-awscloudwatch.md)
+ [ASFF 中的 AwsCodeBuild 资源](asff-resourcedetails-awscodebuild.md)
+ [ASFF 中的 AwsDms 资源](asff-resourcedetails-awsdms.md)
+ [ASFF 中的 AwsDynamoDB 资源](asff-resourcedetails-awsdynamodb.md)
+ [ASFF 中的 AwsEc2 资源](asff-resourcedetails-awsec2.md)
+ [ASFF 中的 AwsEcr 资源](asff-resourcedetails-awsecr.md)
+ [ASFF 中的 AwsEcs 资源](asff-resourcedetails-awsecs.md)
+ [ASFF 中的 AwsEfs 资源](asff-resourcedetails-awsefs.md)
+ [ASFF 中的 AwsEks 资源](asff-resourcedetails-awseks.md)
+ [ASFF 中的 AwsElasticBeanstalk 资源](asff-resourcedetails-awselasticbeanstalk.md)
+ [ASFF 中的 AwsElasticSearch 资源](asff-resourcedetails-awselasticsearch.md)
+ [ASFF 中的 AwsElb 资源](asff-resourcedetails-awselb.md)
+ [ASFF 中的 AwsEventBridge 资源](asff-resourcedetails-awsevent.md)
+ [ASFF 中的 AwsGuardDuty 资源](asff-resourcedetails-awsguardduty.md)
+ [ASFF 中的 AwsIam 资源](asff-resourcedetails-awsiam.md)
+ [ASFF 中的 AwsKinesis 资源](asff-resourcedetails-awskinesis.md)
+ [ASFF 中的 AwsKms 资源](asff-resourcedetails-awskms.md)
+ [AwsLambda](asff-resourcedetails-awslambda.md)
+ [ASFF 中的 AwsMsk 资源](asff-resourcedetails-awsmsk.md)
+ [ASFF 中的 AwsNetworkFirewall 资源](asff-resourcedetails-awsnetworkfirewall.md)
+ [ASFF 中的 AwsOpenSearchService 资源](asff-resourcedetails-awsopensearchservice.md)
+ [ASFF 中的 AwsRds 资源](asff-resourcedetails-awsrds.md)
+ [ASFF 中的 AwsRedshift 资源](asff-resourcedetails-awsredshift.md)
+ [ASFF 中的 AwsRoute53 资源](asff-resourcedetails-awsroute53.md)
+ [ASFF 中的 AwsS3 资源](asff-resourcedetails-awss3.md)
+ [ASFF 中的 AwsSageMaker 资源](asff-resourcedetails-awssagemaker.md)
+ [ASFF 中的 AwsSecretsManager 资源](asff-resourcedetails-awssecretsmanager.md)
+ [ASFF 中的 AwsSns 资源](asff-resourcedetails-awssns.md)
+ [ASFF 中的 AwsSqs 资源](asff-resourcedetails-awssqs.md)
+ [ASFF 中的 AwsSsm 资源](asff-resourcedetails-awsssm.md)
+ [ASFF 中的 AwsStepFunctions 资源](asff-resourcedetails-awsstepfunctions.md)
+ [ASFF 中的 AwsWaf 资源](asff-resourcedetails-awswaf.md)
+ [ASFF 中的 AwsXray 资源](asff-resourcedetails-awsxray.md)
+ [ASFF 中的 CodeRepository 对象](asff-resourcedetails-coderepository.md)
+ [ASFF 中的 Container 对象](asff-resourcedetails-container.md)
+ [ASFF 中的 Other 对象](asff-resourcedetails-other.md)
# ASFF 中的资源属性
以下是 AWS 安全调查结果格式 (ASFF) 中该`Resources`对象的描述和示例。有关这些字段的更多信息,请参阅[资源](asff-required-attributes.md#Resources)。
## ApplicationArn
确定调查发现中涉及的应用程序的 Amazon 资源名称(ARN)。
**示例**
```
"ApplicationArn": "arn:aws:resource-groups:us-west-2:123456789012:group/SampleApp/1234567890abcdef0"
```
## ApplicationName
确定调查发现中涉及的应用程序的名称。
**示例**
```
"ApplicationName": "SampleApp"
```
## DataClassification
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DataClassificationDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DataClassificationDetails.html) 字段提供有关在资源上检测到的敏感数据的信息。
**示例**
```
"DataClassification": {
"DetailedResultsLocation": "Path_to_Folder_Or_File",
"Result": {
"MimeType": "text/plain",
"SizeClassified": 2966026,
"AdditionalOccurrences": false,
"Status": {
"Code": "COMPLETE",
"Reason": "Unsupportedfield"
},
"SensitiveData": [
{
"Category": "PERSONAL_INFORMATION",
"Detections": [
{
"Count": 34,
"Type": "GE_PERSONAL_ID",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 10,
"StartColumn": 20
}
],
"Pages": [],
"Records": [],
"Cells": []
}
},
{
"Count": 59,
"Type": "EMAIL_ADDRESS",
"Occurrences": {
"Pages": [
{
"PageNumber": 1,
"OffsetRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
},
"LineRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
}
}
]
}
},
{
"Count": 2229,
"Type": "URL",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 13
}
]
}
},
{
"Count": 13826,
"Type": "NameDetection",
"Occurrences": {
"Records": [
{
"RecordIndex": 1,
"JsonPath": "$.ssn.value"
}
]
}
},
{
"Count": 32,
"Type": "AddressDetection"
}
],
"TotalCount": 32
}
],
"CustomDataIdentifiers": {
"Detections": [
{
"Arn": "1712be25e7c7f53c731fe464f1c869b8",
"Name": "1712be25e7c7f53c731fe464f1c869b8",
"Count": 2,
}
],
"TotalCount": 2
}
}
}
```
## Details
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html) 字段使用相应对象提供有关单个资源的更多信息。必须在 `Resources` 对象中的单独资源对象中提供每个资源。
请注意,如果调查发现大小超过最大值 240 KB,则 `Details` 对象将从调查发现中移除。对于使用 AWS Config 规则的控制结果,您可以在 AWS Config 控制台上查看资源详细信息。
Security Hub CSPM 为其支持的资源类型提供了一组可用的资源详细信息。这些细节对应于 `Type` 对象的值。尽可能使用提供的类型。
例如,如果资源是 S3 存储桶,则将资源 `Type` 设置为 `AwsS3Bucket` 并在 [`AwsS3Bucket`](asff-resourcedetails-awss3.md#asff-resourcedetails-awss3bucket) 对象中提供资源详细信息。
[`Other`](asff-resourcedetails-other.md) 对象允许您提供自定义字段和值。您在以下情况下使用 `Other` 对象:
+ 资源类型(资源 `Type` 的值)没有对应的详细信息对象。要提供资源的详细信息,您可以使用 [`Other`](asff-resourcedetails-other.md) 对象。
+ 资源类型的对象不包括您要填充的所有字段。在这种情况下,请使用资源类型的详细信息对象来填充可用字段。使用 `Other` 对象填充不在特定于类型的对象中的字段。
+ 资源类型不是提供的类型之一。在此情况下,将 `Resource.Type` 设置为 `Other`,并使用 `Other` 对象填充详细信息。
**示例**
```
"Details": {
"AwsEc2Instance": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:role/IamInstanceProfileArn",
"ImageId": "ami-79fd7eee",
"IpV4Addresses": ["1.1.1.1"],
"IpV6Addresses": ["2001:db8:1234:1a2b::123"],
"KeyName": "testkey",
"LaunchedAt": "2018-09-29T01:25:54Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled"
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "PublicSubnet",
"Type": "i3.xlarge",
"VirtualizationType": "hvm",
"VpcId": "TestVPCIpv6"
},
"AwsS3Bucket": {
"OwnerId": "da4d66eac431652a4d44d490a00500bded52c97d235b7b4752f9f688566fe6de",
"OwnerName": "acmes3bucketowner"
},
"Other": { "LightPen": "blinky", "SerialNo": "1234abcd"}
}
```
## Id
给定资源类型的标识符。
对于 AWS 由 Amazon 资源名称 (ARNs) 标识的资源,这是 ARN。
对于缺少的 AWS 资源 ARNs,这是创建资源的 AWS 服务所定义的标识符。
对于非AWS 资源,这是与资源关联的唯一标识符。
**示例**
```
"Id": "arn:aws:s3:::amzn-s3-demo-bucket"
```
## 分区
资源所在的分区。分区是一组 AWS 区域。每个分区的作用域 AWS 账户 仅限于一个分区。
支持以下分区:
+ `aws` – AWS 区域
+ `aws-cn` – 中国区域
+ `aws-us-gov` – AWS GovCloud (US) Region
**示例**
```
"Partition": "aws"
```
## Region
此资源 AWS 区域 所在位置的代码。有关区域代码的列表,请参阅[区域端点](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints)。
**示例**
```
"Region": "us-west-2"
```
## ResourceRole
标识资源在调查发现中的作用。资源要么是调查发现活动的目标,要么是执行该活动的行为者。
**示例**
```
"ResourceRole": "target"
```
## 标签
此字段会提供调查发现中涉及的资源的标签的键值信息。您可以为标记 API `GetResources` 操作[支持的资源](https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/supported-services.html) AWS Resource Groups 添加标签。Security Hub CSPM 通过[服务相关角色](using-service-linked-roles.md)调用此操作,如果 AWS 安全调查结果格式 (ASFF) `Resource.Id` 字段填充了资源 ARN,则会检索资源标签。 AWS 无效 IDs 的资源将被忽略。
您可以向 Security Hub CSPM 提取的调查结果(包括来自集成产品 AWS 服务 和第三方产品的发现)添加资源标签。
添加标签会指明在处理调查发现时与资源关联的标签的列表。您仅可以包含具有关联标签的资源的 `Tags` 属性。如果资源没有关联的标签,请不要在结果中包含 `Tags` 属性。
在调查发现中包含资源标签后,无需构建数据扩充管线或手动扩充调查发现的元数据。您还可以使用标签搜索或筛选调查发现和见解,并创建[自动化规则](automation-rules.md)。
有关适用于标签的限制的信息,请参阅 [Tag naming limits and requirements](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html#tag-conventions)。
您只能在此字段中提供 AWS 资源上存在的标签。要提供未在 AWS 安全调查结果格式中定义的数据,请使用`Other`详细信息子字段。
**示例**
```
"Tags": {
"billingCode": "Lotus-1-2-3",
"needsPatching": "true"
}
```
## Type
要为其提供详细信息的资源的类型。
如果可能,使用提供的资源类型之一,例如 `AwsEc2Instance` 或 `AwsS3Bucket`。
如果资源类型与提供的任何资源类型不匹配,则将资源 `Type` 设置为 `Other`,并使用 `Other` 详细信息子字段填写详细信息。
支持的值列在[资源](asff-resources.md)下。
**示例**
```
"Type": "AwsS3Bucket"
```
# ASFF 中的 AwsAmazonMQ 资源
以下是`AwsAmazonMQ`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAmazonMQBroker
`AwsAmazonMQBroker` 提供有关 Amazon MQ 代理的信息,该代理是运行在 Amazon MQ 上的消息代理环境。
以下示例显示了 `AwsAmazonMQBroker` 对象的 ASFF。要查看 `AwsAmazonMQBroker` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsAmazonMQBroker](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAmazonMQBrokerDetails.html)。
**示例**
```
"AwsAmazonMQBroker": {
"AutoMinorVersionUpgrade": true,
"BrokerArn": "arn:aws:mq:us-east-1:123456789012:broker:TestBroker:b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"BrokerId": "b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"BrokerName": "TestBroker",
"Configuration": {
"Id": "c-a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
"Revision": 1
},
"DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ",
"EncryptionOptions": {
"UseAwsOwnedKey": true
},
"EngineType": "ActiveMQ",
"EngineVersion": "5.17.2",
"HostInstanceType": "mq.t2.micro",
"Logs": {
"Audit": false,
"AuditLogGroup": "/aws/amazonmq/broker/b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111/audit",
"General": false,
"GeneralLogGroup": "/aws/amazonmq/broker/b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111/general"
},
"MaintenanceWindowStartTime": {
"DayOfWeek": "MONDAY",
"TimeOfDay": "22:00",
"TimeZone": "UTC"
},
"PubliclyAccessible": true,
"SecurityGroups": [
"sg-021345abcdef6789"
],
"StorageType": "efs",
"SubnetIds": [
"subnet-1234567890abcdef0",
"subnet-abcdef01234567890"
],
"Users": [
{
"Username": "admin"
}
]
}
```
# ASFF 中的 AwsApiGateway 资源
以下是`AwsApiGateway`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsApiGatewayRestApi
`AwsApiGatewayRestApi` 对象包含有关 Amazon API Gateway 版本 1 中的 REST API 的信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsApiGatewayRestApi` 调查发现示例。要查看 `AwsApiGatewayRestApi` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsApiGatewayRestApiDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayRestApiDetails.html)。
**示例**
```
AwsApiGatewayRestApi: {
"Id": "exampleapi",
"Name": "Security Hub",
"Description": "AWS Security Hub",
"CreatedDate": "2018-11-18T10:20:05-08:00",
"Version": "2018-10-26",
"BinaryMediaTypes" : ["-'*~1*'"],
"MinimumCompressionSize": 1024,
"ApiKeySource": "AWS_ACCOUNT_ID",
"EndpointConfiguration": {
"Types": [
"REGIONAL"
]
}
}
```
## AwsApiGatewayStage
`AwsApiGatewayStage` 对象提供有关版本 1 的 Amazon API Gateway 阶段的信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsApiGatewayStage` 调查发现示例。要查看 `AwsApiGatewayStage` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsApiGatewayStageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayStageDetails.html)。
**示例**
```
"AwsApiGatewayStage": {
"DeploymentId": "n7hlmf",
"ClientCertificateId": "a1b2c3",
"StageName": "Prod",
"Description" : "Stage Description",
"CacheClusterEnabled": false,
"CacheClusterSize" : "1.6",
"CacheClusterStatus": "NOT_AVAILABLE",
"MethodSettings": [
{
"MetricsEnabled": true,
"LoggingLevel": "INFO",
"DataTraceEnabled": false,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 5.0,
"CachingEnabled": false,
"CacheTtlInSeconds": 300,
"CacheDataEncrypted": false,
"RequireAuthorizationForCacheControl": true,
"UnauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER",
"HttpMethod": "POST",
"ResourcePath": "/echo"
}
],
"Variables": {"test": "value"},
"DocumentationVersion": "2.0",
"AccessLogSettings": {
"Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }",
"DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod"
},
"CanarySettings": {
"PercentTraffic": 0.0,
"DeploymentId": "ul73s8",
"StageVariableOverrides" : [
"String" : "String"
],
"UseStageCache": false
},
"TracingEnabled": false,
"CreatedDate": "2018-07-11T10:55:18-07:00",
"LastUpdatedDate": "2020-08-26T11:51:04-07:00",
"WebAclArn" : "arn:aws:waf-regional:us-west-2:111122223333:webacl/cb606bd8-5b0b-4f0b-830a-dd304e48a822"
}
```
## AwsApiGatewayV2Api
`AwsApiGatewayV2Api` 对象包含有关 Amazon API Gateway 中版本 2 API 的信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsApiGatewayV2Api` 调查发现示例。要查看`AwsApiGatewayV2Api`属性的描述,请参阅《*AWS Security Hub API 参考*》ApiDetails中的 [AwsApiGatewayV2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayV2ApiDetails.html)。
**示例**
```
"AwsApiGatewayV2Api": {
"ApiEndpoint": "https://example.us-west-2.amazonaws.com",
"ApiId": "a1b2c3d4",
"ApiKeySelectionExpression": "$request.header.x-api-key",
"CreatedDate": "2020-03-28T00:32:37Z",
"Description": "ApiGatewayV2 Api",
"Version": "string",
"Name": "my-api",
"ProtocolType": "HTTP",
"RouteSelectionExpression": "$request.method $request.path",
"CorsConfiguration": {
"AllowOrigins": [ "*" ],
"AllowCredentials": true,
"ExposeHeaders": [ "string" ],
"MaxAge": 3000,
"AllowMethods": [
"GET",
"PUT",
"POST",
"DELETE",
"HEAD"
],
"AllowHeaders": [ "*" ]
}
}
```
## AwsApiGatewayV2Stage
`AwsApiGatewayV2Stage` 包含有关 Amazon API Gateway 的版本 2 阶段的信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsApiGatewayV2Stage` 调查发现示例。要查看`AwsApiGatewayV2Stage`属性的描述,请参阅《*AWS Security Hub API 参考*》StageDetails中的 [AwsApiGatewayV2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayV2StageDetails.html)。
**示例**
```
"AwsApiGatewayV2Stage": {
"CreatedDate": "2020-04-08T00:36:05Z",
"Description" : "ApiGatewayV2",
"DefaultRouteSettings": {
"DetailedMetricsEnabled": false,
"LoggingLevel": "INFO",
"DataTraceEnabled": true,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 50
},
"DeploymentId": "x1zwyv",
"LastUpdatedDate": "2020-04-08T00:36:13Z",
"RouteSettings": {
"DetailedMetricsEnabled": false,
"LoggingLevel": "INFO",
"DataTraceEnabled": true,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 50
},
"StageName": "prod",
"StageVariables": [
"function": "my-prod-function"
],
"AccessLogSettings": {
"Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }",
"DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod"
},
"AutoDeploy": false,
"LastDeploymentStatusMessage": "Message",
"ApiGatewayManaged": true,
}
```
# ASFF 中的 AwsAppSync 资源
以下是`AwsAppSync`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAppSyncGraphQLApi
`AwsAppSyncGraphQLApi`提供有关 AWS AppSync GraphQL API 的信息,该API是您的应用程序的顶级结构。
以下示例显示了 `AwsAppSyncGraphQLApi` 对象的 ASFF。要查看 `AwsAppSyncGraphQLApi` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsAppSyncGraphQLApi](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAppSyncGraphQLApiDetails.html)。
**示例**
```
"AwsAppSyncGraphQLApi": {
"AdditionalAuthenticationProviders": [
{
"AuthenticationType": "AWS_LAMBDA",
"LambdaAuthorizerConfig": {
"AuthorizerResultTtlInSeconds": 300,
"AuthorizerUri": "arn:aws:lambda:us-east-1:123456789012:function:mylambdafunc"
}
},
{
"AuthenticationType": "AWS_IAM"
}
],
"ApiId": "021345abcdef6789",
"Arn": "arn:aws:appsync:eu-central-1:123456789012:apis/021345abcdef6789",
"AuthenticationType": "API_KEY",
"Id": "021345abcdef6789",
"LogConfig": {
"CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/appsync-graphqlapi-logs-eu-central-1",
"ExcludeVerboseContent": true,
"FieldLogLevel": "ALL"
},
"Name": "My AppSync App",
"XrayEnabled": true,
}
```
# ASFF 中的 AwsAthena 资源
以下是`AwsAthena`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAthenaWorkGroup
`AwsAthenaWorkGroup` 提供了有关 Amazon Athena 工作组的信息。工作组可帮助您分离用户、团队、应用程序或工作负载。它还可以帮助您设置数据处理限制并跟踪成本。
以下示例显示了 `AwsAthenaWorkGroup` 对象的 ASFF。要查看 `AwsAthenaWorkGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsAthenaWorkGroup](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAthenaWorkGroupDetails.html)。
**示例**
```
"AwsAthenaWorkGroup": {
"Description": "My workgroup for prod workloads",
"Name": "MyWorkgroup",
"WorkgroupConfiguration" {
"ResultConfiguration": {
"EncryptionConfiguration": {
"EncryptionOption": "SSE_KMS",
"KmsKey": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
}
}
},
"State": "ENABLED"
}
```
# ASFF 中的 AwsAutoScaling 资源
以下是`AwsAutoScaling`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAutoScalingAutoScalingGroup
`AwsAutoScalingAutoScalingGroup` 对象提供有关自动扩展组的详细信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsAutoScalingAutoScalingGroup` 调查发现示例。要查看 `AwsAutoScalingAutoScalingGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsAutoScalingAutoScalingGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAutoScalingAutoScalingGroupDetails.html)。
**示例**
```
"AwsAutoScalingAutoScalingGroup": {
"CreatedTime": "2017-10-17T14:47:11Z",
"HealthCheckGracePeriod": 300,
"HealthCheckType": "EC2",
"LaunchConfigurationName": "mylaunchconf",
"LoadBalancerNames": [],
"LaunchTemplate": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"MixedInstancesPolicy": {
"InstancesDistribution": {
"OnDemandAllocationStrategy": "prioritized",
"OnDemandBaseCapacity": number,
"OnDemandPercentageAboveBaseCapacity": number,
"SpotAllocationStrategy": "lowest-price",
"SpotInstancePools": number,
"SpotMaxPrice": "string"
},
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"CapacityRebalance": true,
"Overrides": [
{
"InstanceType": "string",
"WeightedCapacity": "string"
}
]
}
}
}
}
```
## AwsAutoScalingLaunchConfiguration
`AwsAutoScalingLaunchConfiguration` 对象提供有关启动配置的详细信息。
以下是 AWS 安全`AwsAutoScalingLaunchConfiguration`调查结果格式 (ASFF) 中的示例发现。
要查看 `AwsAutoScalingLaunchConfiguration` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsAutoScalingLaunchConfigurationDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAutoScalingLaunchConfigurationDetails.html)。
**示例**
```
AwsAutoScalingLaunchConfiguration: {
"LaunchConfigurationName": "newtest",
"ImageId": "ami-058a3739b02263842",
"KeyName": "55hundredinstance",
"SecurityGroups": [ "sg-01fce87ad6e019725" ],
"ClassicLinkVpcSecurityGroups": [],
"UserData": "...Base64-Encoded user data..."
"InstanceType": "a1.metal",
"KernelId": "",
"RamdiskId": "ari-a51cf9cc",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sdh",
"Ebs": {
"VolumeSize": 30,
"VolumeType": "gp2",
"DeleteOnTermination": false,
"Encrypted": true,
"SnapshotId": "snap-ffaa1e69",
"VirtualName": "ephemeral1"
}
},
{
"DeviceName": "/dev/sdb",
"NoDevice": true
},
{
"DeviceName": "/dev/sda1",
"Ebs": {
"SnapshotId": "snap-02420cd3d2dea1bc0",
"VolumeSize": 8,
"VolumeType": "gp2",
"DeleteOnTermination": true,
"Encrypted": false
}
},
{
"DeviceName": "/dev/sdi",
"Ebs": {
"VolumeSize": 20,
"VolumeType": "gp2",
"DeleteOnTermination": false,
"Encrypted": true
}
},
{
"DeviceName": "/dev/sdc",
"NoDevice": true
}
],
"InstanceMonitoring": {
"Enabled": false
},
"CreatedTime": 1620842933453,
"EbsOptimized": false,
"AssociatePublicIpAddress": true,
"SpotPrice": "0.045"
}
```
# ASFF 中的 AwsBackup 资源
以下是`AwsBackup`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsBackupBackupPlan
`AwsBackupBackupPlan` 对象提供有关 AWS Backup 备份计划的信息。 AWS Backup 备份计划是一种策略表达式,用于定义何时以及如何备份 AWS 资源。
以下示例显示了`AwsBackupBackupPlan`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsBackupBackupPlan` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsBackupBackupPlan](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupBackupPlanDetails.html)。
**示例**
```
"AwsBackupBackupPlan": {
"BackupPlan": {
"AdvancedBackupSettings": [{
"BackupOptions": {
"WindowsVSS":"enabled"
},
"ResourceType":"EC2"
}],
"BackupPlanName": "test",
"BackupPlanRule": [{
"CompletionWindowMinutes": 10080,
"CopyActions": [{
"DestinationBackupVaultArn": "arn:aws:backup:us-east-1:858726136373:backup-vault:aws/efs/automatic-backup-vault",
"Lifecycle": {
"DeleteAfterDays": 365,
"MoveToColdStorageAfterDays": 30
}
}],
"Lifecycle": {
"DeleteAfterDays": 35
},
"RuleName": "DailyBackups",
"ScheduleExpression": "cron(0 5 ? * * *)",
"StartWindowMinutes": 480,
"TargetBackupVault": "Default"
},
{
"CompletionWindowMinutes": 10080,
"CopyActions": [{
"DestinationBackupVaultArn": "arn:aws:backup:us-east-1:858726136373:backup-vault:aws/efs/automatic-backup-vault",
"Lifecycle": {
"DeleteAfterDays": 365,
"MoveToColdStorageAfterDays": 30
}
}],
"Lifecycle": {
"DeleteAfterDays": 35
},
"RuleName": "Monthly",
"ScheduleExpression": "cron(0 5 1 * ? *)",
"StartWindowMinutes": 480,
"TargetBackupVault": "Default"
}]
},
"BackupPlanArn": "arn:aws:backup:us-east-1:858726136373:backup-plan:b6d6b896-590d-4ee1-bf29-c5ccae63f4e7",
"BackupPlanId": "b6d6b896-590d-4ee1-bf29-c5ccae63f4e7",
"VersionId": "ZDVjNDIzMjItYTZiNS00NzczLTg4YzctNmExMWM2NjZhY2E1"
}
```
## AwsBackupBackupVault
`AwsBackupBackupVault` 对象提供有关 AWS Backup 备份文件库的信息。 AWS Backup 备份保管库是一个用于存储和组织备份的容器。
以下示例显示了`AwsBackupBackupVault`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsBackupBackupVault` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsBackupBackupVault](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupBackupVaultDetails.html)。
**示例**
```
"AwsBackupBackupVault": {
"AccessPolicy": {
"Statement": [{
"Action": [
"backup:DeleteBackupVault",
"backup:DeleteBackupVaultAccessPolicy",
"backup:DeleteRecoveryPoint",
"backup:StartCopyJob",
"backup:StartRestoreJob",
"backup:UpdateRecoveryPointLifecycle"
],
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": "*"
}],
"Version": "2012-10-17"
},
"BackupVaultArn": "arn:aws:backup:us-east-1:123456789012:backup-vault:aws/efs/automatic-backup-vault",
"BackupVaultName": "aws/efs/automatic-backup-vault",
"EncrytionKeyArn": "arn:aws:kms:us-east-1:444455556666:key/72ba68d4-5e43-40b0-ba38-838bf8d06ca0",
"Notifications": {
"BackupVaultEvents": ["BACKUP_JOB_STARTED", "BACKUP_JOB_COMPLETED", "COPY_JOB_STARTED"],
"SNSTopicArn": "arn:aws:sns:us-west-2:111122223333:MyVaultTopic"
}
}
```
## AwsBackupRecoveryPoint
`AwsBackupRecoveryPoint` 对象提供有关 AWS Backup 备份的信息,也称为恢复点。 AWS Backup 恢复点表示资源在指定时间的内容。
以下示例显示了`AwsBackupRecoveryPoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsBackupBackupVault` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsBackupRecoveryPoint](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupRecoveryPointDetails.html)。
**示例**
```
"AwsBackupRecoveryPoint": {
"BackupSizeInBytes": 0,
"BackupVaultName": "aws/efs/automatic-backup-vault",
"BackupVaultArn": "arn:aws:backup:us-east-1:111122223333:backup-vault:aws/efs/automatic-backup-vault",
"CalculatedLifecycle": {
"DeleteAt": "2021-08-30T06:51:58.271Z",
"MoveToColdStorageAt": "2020-08-10T06:51:58.271Z"
},
"CompletionDate": "2021-07-26T07:21:40.361Z",
"CreatedBy": {
"BackupPlanArn": "arn:aws:backup:us-east-1:111122223333:backup-plan:aws/efs/73d922fb-9312-3a70-99c3-e69367f9fdad",
"BackupPlanId": "aws/efs/73d922fb-9312-3a70-99c3-e69367f9fdad",
"BackupPlanVersion": "ZGM4YzY5YjktMWYxNC00ZTBmLWE5MjYtZmU5OWNiZmM5ZjIz",
"BackupRuleId": "2a600c2-42ad-4196-808e-084923ebfd25"
},
"CreationDate": "2021-07-26T06:51:58.271Z",
"EncryptionKeyArn": "arn:aws:kms:us-east-1:111122223333:key/72ba68d4-5e43-40b0-ba38-838bf8d06ca0",
"IamRoleArn": "arn:aws:iam::111122223333:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup",
"IsEncrypted": true,
"LastRestoreTime": "2021-07-26T06:51:58.271Z",
"Lifecycle": {
"DeleteAfterDays": 35,
"MoveToColdStorageAfterDays": 15
},
"RecoveryPointArn": "arn:aws:backup:us-east-1:111122223333:recovery-point:151a59e4-f1d5-4587-a7fd-0774c6e91268",
"ResourceArn": "arn:aws:elasticfilesystem:us-east-1:858726136373:file-system/fs-15bd31a1",
"ResourceType": "EFS",
"SourceBackupVaultArn": "arn:aws:backup:us-east-1:111122223333:backup-vault:aws/efs/automatic-backup-vault",
"Status": "COMPLETED",
"StatusMessage": "Failure message",
"StorageClass": "WARM"
}
```
# ASFF 中的 AwsCertificateManager 资源
以下是`AwsCertificateManager`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCertificateManagerCertificate
`AwsCertificateManagerCertificate` 对象提供有关 AWS Certificate Manager (ACM)证书的详细信息。
以下是 AWS 安全`AwsCertificateManagerCertificate`调查结果格式 (ASFF) 中的示例发现。要查看 `AwsCertificateManagerCertificate` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCertificateManagerCertificateDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCertificateManagerCertificateDetails.html)。
**示例**
```
"AwsCertificateManagerCertificate": {
"CertificateAuthorityArn": "arn:aws:acm:us-west-2:444455556666:certificate-authority/example",
"CreatedAt": "2019-05-24T18:12:02.000Z",
"DomainName": "example.amazondomains.com",
"DomainValidationOptions": [
{
"DomainName": "example.amazondomains.com",
"ResourceRecord": {
"Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com",
"Type": "CNAME",
"Value": "_example.acm-validations.aws."
},
"ValidationDomain": "example.amazondomains.com",
"ValidationEmails": [sample_email@sample.com],
"ValidationMethod": "DNS",
"ValidationStatus": "SUCCESS"
}
],
"ExtendedKeyUsages": [
{
"Name": "TLS_WEB_SERVER_AUTHENTICATION",
"OId": "1.3.6.1.5.5.7.3.1"
},
{
"Name": "TLS_WEB_CLIENT_AUTHENTICATION",
"OId": "1.3.6.1.5.5.7.3.2"
}
],
"FailureReason": "",
"ImportedAt": "2018-08-17T00:13:00.000Z",
"InUseBy": ["arn:aws:amazondomains:us-west-2:444455556666:loadbalancer/example"],
"IssuedAt": "2020-04-26T00:41:17.000Z",
"Issuer": "Amazon",
"KeyAlgorithm": "RSA-1024",
"KeyUsages": [
{
"Name": "DIGITAL_SIGNATURE",
},
{
"Name": "KEY_ENCIPHERMENT",
}
],
"NotAfter": "2021-05-26T12:00:00.000Z",
"NotBefore": "2020-04-26T00:00:00.000Z",
"Options": {
"CertificateTransparencyLoggingPreference": "ENABLED",
}
"RenewalEligibility": "ELIGIBLE",
"RenewalSummary": {
"DomainValidationOptions": [
{
"DomainName": "example.amazondomains.com",
"ResourceRecord": {
"Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com",
"Type": "CNAME",
"Value": "_example.acm-validations.aws.com",
},
"ValidationDomain": "example.amazondomains.com",
"ValidationEmails": ["sample_email@sample.com"],
"ValidationMethod": "DNS",
"ValidationStatus": "SUCCESS"
}
],
"RenewalStatus": "SUCCESS",
"RenewalStatusReason": "",
"UpdatedAt": "2020-04-26T00:41:35.000Z",
},
"Serial": "02:ac:86:b6:07:2f:0a:61:0e:3a:ac:fd:d9:ab:17:1a",
"SignatureAlgorithm": "SHA256WITHRSA",
"Status": "ISSUED",
"Subject": "CN=example.amazondomains.com",
"SubjectAlternativeNames": ["example.amazondomains.com"],
"Type": "AMAZON_ISSUED"
}
```
# ASFF 中的 AwsCloudFormation 资源
以下是`AwsCloudFormation`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudFormationStack
`AwsCloudFormationStack` 对象提供有关在顶级模板中作为资源进行嵌套的 AWS CloudFormation 堆栈的详细信息。
以下示例显示了`AwsCloudFormationStack`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsCloudFormationStack` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCloudFormationStackDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudFormationStackDetails.html)。
**示例**
```
"AwsCloudFormationStack": {
"Capabilities": [
"CAPABILITY_IAM",
"CAPABILITY_NAMED_IAM"
],
"CreationTime": "2022-02-18T15:31:53.161Z",
"Description": "AWS CloudFormation Sample",
"DisableRollback": true,
"DriftInformation": {
"StackDriftStatus": "DRIFTED"
},
"EnableTerminationProtection": false,
"LastUpdatedTime": "2022-02-18T15:31:53.161Z",
"NotificationArns": [
"arn:aws:sns:us-east-1:978084797471:sample-sns-cfn"
],
"Outputs": [{
"Description": "URL for newly created LAMP stack",
"OutputKey": "WebsiteUrl",
"OutputValue": "http://ec2-44-193-18-241.compute-1.amazonaws.com"
}],
"RoleArn": "arn:aws:iam::012345678910:role/exampleRole",
"StackId": "arn:aws:cloudformation:us-east-1:978084797471:stack/sample-stack/e5d9f7e0-90cf-11ec-88c6-12ac1f91724b",
"StackName": "sample-stack",
"StackStatus": "CREATE_COMPLETE",
"StackStatusReason": "Success",
"TimeoutInMinutes": 1
}
```
# ASFF 中的 AwsCloudFront 资源
以下是`AwsCloudFront`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudFrontDistribution
该`AwsCloudFrontDistribution`对象提供有关 Amazon CloudFront 分配配置的详细信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsCloudFrontDistribution` 调查发现示例。要查看 `AwsCloudFrontDistribution` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCloudFrontDistributionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudFrontDistributionDetails.html)。
**示例**
```
"AwsCloudFrontDistribution": {
"CacheBehaviors": {
"Items": [
{
"ViewerProtocolPolicy": "https-only"
}
]
},
"DefaultCacheBehavior": {
"ViewerProtocolPolicy": "https-only"
},
"DefaultRootObject": "index.html",
"DomainName": "d2wkuj2w9l34gt.cloudfront.net",
"Etag": "E37HOT42DHPVYH",
"LastModifiedTime": "2015-08-31T21:11:29.093Z",
"Logging": {
"Bucket": "myawslogbucket.s3.amazonaws.com",
"Enabled": false,
"IncludeCookies": false,
"Prefix": "myawslog/"
},
"OriginGroups": {
"Items": [
{
"FailoverCriteria": {
"StatusCodes": {
"Items": [
200,
301,
404
]
"Quantity": 3
}
}
}
]
},
"Origins": {
"Items": [
{
"CustomOriginConfig": {
"HttpPort": 80,
"HttpsPort": 443,
"OriginKeepaliveTimeout": 60,
"OriginProtocolPolicy": "match-viewer",
"OriginReadTimeout": 30,
"OriginSslProtocols": {
"Items": ["SSLv3", "TLSv1"],
"Quantity": 2
}
}
},
]
},
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"Id": "my-origin",
"OriginPath": "/production",
"S3OriginConfig": {
"OriginAccessIdentity": "origin-access-identity/cloudfront/E2YFS67H6VB6E4"
}
]
},
"Status": "Deployed",
"ViewerCertificate": {
"AcmCertificateArn": "arn:aws:acm::123456789012:AcmCertificateArn",
"Certificate": "ASCAJRRE5XYF52TKRY5M4",
"CertificateSource": "iam",
"CloudFrontDefaultCertificate": true,
"IamCertificateId": "ASCAJRRE5XYF52TKRY5M4",
"MinimumProtocolVersion": "TLSv1.2_2021",
"SslSupportMethod": "sni-only"
},
"WebAclId": "waf-1234567890"
}
```
# ASFF 中的 AwsCloudTrail 资源
以下是`AwsCloudTrail`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudTrailTrail
`AwsCloudTrailTrail` 对象提供有关 AWS CloudTrail 路径的详细信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsCloudTrailTrail` 调查发现示例。要查看 `AwsCloudTrailTrail` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCloudTrailTrailDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudTrailTrailDetails.html)。
**示例**
```
"AwsCloudTrailTrail": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:CloudTrail/regression:*",
"CloudWatchLogsRoleArn": "arn:aws:iam::866482105055:role/CloudTrail_CloudWatchLogs",
"HasCustomEventSelectors": true,
"HomeRegion": "us-west-2",
"IncludeGlobalServiceEvents": true,
"IsMultiRegionTrail": true,
"IsOrganizationTrail": false,
"KmsKeyId": "kmsKeyId",
"LogFileValidationEnabled": true,
"Name": "regression-trail",
"S3BucketName": "cloudtrail-bucket",
"S3KeyPrefix": "s3KeyPrefix",
"SnsTopicArn": "arn:aws:sns:us-east-2:123456789012:MyTopic",
"SnsTopicName": "snsTopicName",
"TrailArn": "arn:aws:cloudtrail:us-west-2:123456789012:trail"
}
```
# ASFF 中的 AwsCloudWatch 资源
以下是`AwsCloudWatch`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudWatchAlarm
该`AwsCloudWatchAlarm`对象提供有关 Amazon CloudWatch 警报的详细信息,这些警报会监视指标或在警报状态发生变化时执行操作。
以下示例显示了`AwsCloudWatchAlarm`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsCloudWatchAlarm` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCloudWatchAlarmDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudWatchAlarmDetails.html)。
**示例**
```
"AwsCloudWatchAlarm": {
"ActionsEnabled": true,
"AlarmActions": [
"arn:aws:automate:region:ec2:stop",
"arn:aws:automate:region:ec2:terminate"
],
"AlarmArn": "arn:aws:cloudwatch:us-west-2:012345678910:alarm:sampleAlarm",
"AlarmConfigurationUpdatedTimestamp": "2022-02-18T15:31:53.161Z",
"AlarmDescription": "Alarm Example",
"AlarmName": "Example",
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"DatapointsToAlarm": 1,
"Dimensions": [{
"Name": "InstanceId",
"Value": "i-1234567890abcdef0"
}],
"EvaluateLowSampleCountPercentile": "evaluate",
"EvaluationPeriods": 1,
"ExtendedStatistic": "p99.9",
"InsufficientDataActions": [
"arn:aws:automate:region:ec2:stop"
],
"MetricName": "Sample Metric",
"Namespace": "YourNamespace",
"OkActions": [
"arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0"
],
"Period": 1,
"Statistic": "SampleCount",
"Threshold": 12.3,
"ThresholdMetricId": "t1",
"TreatMissingData": "notBreaching",
"Unit": "Kilobytes/Second"
}
```
# ASFF 中的 AwsCodeBuild 资源
以下是`AwsCodeBuild`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCodeBuildProject
`AwsCodeBuildProject` 对象提供有关 AWS CodeBuild 项目的信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsCodeBuildProject` 调查发现示例。要查看 `AwsCodeBuildProject` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCodeBuildProjectDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCodeBuildProjectDetails.html)。
**示例**
```
"AwsCodeBuildProject": {
"Artifacts": [
{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}
],
"SecondaryArtifacts": [
{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}
],
"EncryptionKey": "string",
"Certificate": "string",
"Environment": {
"Certificate": "string",
"EnvironmentVariables": [
{
"Name": "string",
"Type": "string",
"Value": "string"
}
],
"ImagePullCredentialsType": "string",
"PrivilegedMode": boolean,
"RegistryCredential": {
"Credential": "string",
"CredentialProvider": "string"
},
"Type": "string"
},
"LogsConfig": {
"CloudWatchLogs": {
"GroupName": "string",
"Status": "string",
"StreamName": "string"
},
"S3Logs": {
"EncryptionDisabled": boolean,
"Location": "string",
"Status": "string"
}
},
"Name": "string",
"ServiceRole": "string",
"Source": {
"Type": "string",
"Location": "string",
"GitCloneDepth": integer
},
"VpcConfig": {
"VpcId": "string",
"Subnets": ["string"],
"SecurityGroupIds": ["string"]
}
}
```
# ASFF 中的 AwsDms 资源
以下是`AwsDms`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsDmsEndpoint
该`AwsDmsEndpoint`对象提供有关 AWS Database Migration Service (AWS DMS) 端点的信息。端点提供有关数据存储的连接、数据存储类型和位置信息。
以下示例显示了`AwsDmsEndpoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsDmsEndpoint` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsDmsEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsEndpointDeatils.html)。
**示例**
```
"AwsDmsEndpoint": {
"CertificateArn": "arn:aws:dms:us-east-1:123456789012:cert:EXAMPLEIGDURVZGVJQZDPWJ5A7F2YDJVSMTBWFI",
"DatabaseName": "Test",
"EndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:EXAMPLEQB3CZY33F7XV253NAJVBNPK6MJQVFVQA",
"EndpointIdentifier": "target-db",
"EndpointType": "TARGET",
"EngineName": "mariadb",
"KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Port": 3306,
"ServerName": "target-db.exampletafyu.us-east-1.rds.amazonaws.com",
"SslMode": "verify-ca",
"Username": "admin"
}
```
## AwsDmsReplicationInstance
该`AwsDmsReplicationInstance`对象提供有关 AWS Database Migration Service (AWS DMS) 复制实例的信息。DMS 使用复制实例连接到源数据存储,读取源数据并设置数据格式以供目标数据存储使用。
以下示例显示了`AwsDmsReplicationInstance`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsDmsReplicationInstance` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsDmsReplicationInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsReplicationInstanceDetails.html)。
**示例**
```
"AwsDmsReplicationInstance": {
"AllocatedStorage": 50,
"AutoMinorVersionUpgrade": true,
"AvailabilityZone": "us-east-1b",
"EngineVersion": "3.5.1",
"KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"MultiAZ": false,
"PreferredMaintenanceWindow": "wed:08:08-wed:08:38",
"PubliclyAccessible": true,
"ReplicationInstanceClass": "dms.c5.xlarge",
"ReplicationInstanceIdentifier": "second-replication-instance",
"ReplicationSubnetGroup": {
"ReplicationSubnetGroupIdentifier": "default-vpc-2344f44f"
},
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-003a34e205138138b"
}
]
}
```
## AwsDmsReplicationTask
该`AwsDmsReplicationTask`对象提供有关 AWS Database Migration Service (AWS DMS) 复制任务的信息。复制任务将一组数据从源端点移动到目标端点。
以下示例显示了`AwsDmsReplicationInstance`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsDmsReplicationInstance` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsDmsReplicationInstance](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsReplicationTaskDetails.html)。
**示例**
```
"AwsDmsReplicationTask": {
"CdcStartPosition": "2023-08-28T14:26:22",
"Id": "arn:aws:dms:us-east-1:123456789012:task:YDYUOHZIXWKQSUCBMUCQCNY44SJW74VJNB5DFWQ",
"MigrationType": "cdc",
"ReplicationInstanceArn": "arn:aws:dms:us-east-1:123456789012:rep:T7V6RFDP23PYQWUL26N3PF5REKML4YOUGIMYJUI",
"ReplicationTaskIdentifier": "test-task",
"ReplicationTaskSettings": "{\"Logging\":{\"EnableLogging\":false,\"EnableLogContext\":false,\"LogComponents\":[{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TRANSFORMATION\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SOURCE_UNLOAD\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"IO\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TARGET_LOAD\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"PERFORMANCE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SOURCE_CAPTURE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SORTER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"REST_SERVER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"VALIDATOR_EXT\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TARGET_APPLY\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TASK_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TABLES_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"METADATA_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"FILE_FACTORY\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"COMMON\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"ADDONS\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"DATA_STRUCTURE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"COMMUNICATION\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"FILE_TRANSFER\"}],\"CloudWatchLogGroup\":null,\"CloudWatchLogStream\":null},\"StreamBufferSettings\":{\"StreamBufferCount\":3,\"CtrlStreamBufferSizeInMB\":5,\"StreamBufferSizeInMB\":8},\"ErrorBehavior\":{\"FailOnNoTablesCaptured\":true,\"ApplyErrorUpdatePolicy\":\"LOG_ERROR\",\"FailOnTransactionConsistencyBreached\":false,\"RecoverableErrorThrottlingMax\":1800,\"DataErrorEscalationPolicy\":\"SUSPEND_TABLE\",\"ApplyErrorEscalationCount\":0,\"RecoverableErrorStopRetryAfterThrottlingMax\":true,\"RecoverableErrorThrottling\":true,\"ApplyErrorFailOnTruncationDdl\":false,\"DataTruncationErrorPolicy\":\"LOG_ERROR\",\"ApplyErrorInsertPolicy\":\"LOG_ERROR\",\"EventErrorPolicy\":\"IGNORE\",\"ApplyErrorEscalationPolicy\":\"LOG_ERROR\",\"RecoverableErrorCount\":-1,\"DataErrorEscalationCount\":0,\"TableErrorEscalationPolicy\":\"STOP_TASK\",\"RecoverableErrorInterval\":5,\"ApplyErrorDeletePolicy\":\"IGNORE_RECORD\",\"TableErrorEscalationCount\":0,\"FullLoadIgnoreConflicts\":true,\"DataErrorPolicy\":\"LOG_ERROR\",\"TableErrorPolicy\":\"SUSPEND_TABLE\"},\"TTSettings\":{\"TTS3Settings\":null,\"TTRecordSettings\":null,\"EnableTT\":false},\"FullLoadSettings\":{\"CommitRate\":10000,\"StopTaskCachedChangesApplied\":false,\"StopTaskCachedChangesNotApplied\":false,\"MaxFullLoadSubTasks\":8,\"TransactionConsistencyTimeout\":600,\"CreatePkAfterFullLoad\":false,\"TargetTablePrepMode\":\"DO_NOTHING\"},\"TargetMetadata\":{\"ParallelApplyBufferSize\":0,\"ParallelApplyQueuesPerThread\":0,\"ParallelApplyThreads\":0,\"TargetSchema\":\"\",\"InlineLobMaxSize\":0,\"ParallelLoadQueuesPerThread\":0,\"SupportLobs\":true,\"LobChunkSize\":64,\"TaskRecoveryTableEnabled\":false,\"ParallelLoadThreads\":0,\"LobMaxSize\":0,\"BatchApplyEnabled\":false,\"FullLobMode\":true,\"LimitedSizeLobMode\":false,\"LoadMaxFileSize\":0,\"ParallelLoadBufferSize\":0},\"BeforeImageSettings\":null,\"ControlTablesSettings\":{\"historyTimeslotInMinutes\":5,\"HistoryTimeslotInMinutes\":5,\"StatusTableEnabled\":false,\"SuspendedTablesTableEnabled\":false,\"HistoryTableEnabled\":false,\"ControlSchema\":\"\",\"FullLoadExceptionTableEnabled\":false},\"LoopbackPreventionSettings\":null,\"CharacterSetSettings\":null,\"FailTaskWhenCleanTaskResourceFailed\":false,\"ChangeProcessingTuning\":{\"StatementCacheSize\":50,\"CommitTimeout\":1,\"BatchApplyPreserveTransaction\":true,\"BatchApplyTimeoutMin\":1,\"BatchSplitSize\":0,\"BatchApplyTimeoutMax\":30,\"MinTransactionSize\":1000,\"MemoryKeepTime\":60,\"BatchApplyMemoryLimit\":500,\"MemoryLimitTotal\":1024},\"ChangeProcessingDdlHandlingPolicy\":{\"HandleSourceTableDropped\":true,\"HandleSourceTableTruncated\":true,\"HandleSourceTableAltered\":true},\"PostProcessingRules\":null}",
"SourceEndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:TZPWV2VCXEGHYOKVKRNHAKJ4Q3RUXACNGFGYWRI",
"TableMappings": "{\"rules\":[{\"rule-type\":\"selection\",\"rule-id\":\"969761702\",\"rule-name\":\"969761702\",\"object-locator\":{\"schema-name\":\"%table\",\"table-name\":\"%example\"},\"rule-action\":\"exclude\",\"filters\":[]}]}",
"TargetEndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:ABR8LBOQB3CZY33F7XV253NAJVBNPK6MJQVFVQA"
}
```
# ASFF 中的 AwsDynamoDB 资源
以下是`AwsDynamoDB`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsDynamoDbTable
`AwsDynamoDbTable` 对象提供有关 Amazon DynamoDB 表的详细信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsDynamoDbTable` 调查发现示例。要查看 `AwsDynamoDbTable` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsDynamoDbTableDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDynamoDbTableDetails.html)。
**示例**
```
"AwsDynamoDbTable": {
"AttributeDefinitions": [
{
"AttributeName": "attribute1",
"AttributeType": "value 1"
},
{
"AttributeName": "attribute2",
"AttributeType": "value 2"
},
{
"AttributeName": "attribute3",
"AttributeType": "value 3"
}
],
"BillingModeSummary": {
"BillingMode": "PAY_PER_REQUEST",
"LastUpdateToPayPerRequestDateTime": "2019-12-03T15:23:10.323Z"
},
"CreationDateTime": "2019-12-03T15:23:10.248Z",
"DeletionProtectionEnabled": true,
"GlobalSecondaryIndexes": [
{
"Backfilling": false,
"IndexArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/index/exampleIndex",
"IndexName": "standardsControlArnIndex",
"IndexSizeBytes": 1862513,
"IndexStatus": "ACTIVE",
"ItemCount": 20,
"KeySchema": [
{
"AttributeName": "City",
"KeyType": "HASH"
},
{
"AttributeName": "Date",
"KeyType": "RANGE"
}
],
"Projection": {
"NonKeyAttributes": ["predictorName"],
"ProjectionType": "ALL"
},
"ProvisionedThroughput": {
"LastIncreaseDateTime": "2019-03-14T13:21:00.399Z",
"LastDecreaseDateTime": "2019-03-14T12:47:35.193Z",
"NumberOfDecreasesToday": 0,
"ReadCapacityUnits": 100,
"WriteCapacityUnits": 50
},
}
],
"GlobalTableVersion": "V1",
"ItemCount": 2705,
"KeySchema": [
{
"AttributeName": "zipcode",
"KeyType": "HASH"
}
],
"LatestStreamArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/stream/2019-12-03T23:23:10.248",
"LatestStreamLabel": "2019-12-03T23:23:10.248",
"LocalSecondaryIndexes": [
{
"IndexArn": "arn:aws:dynamodb:us-east-1:111122223333:table/exampleGroup/index/exampleId",
"IndexName": "CITY_DATE_INDEX_NAME",
"KeySchema": [
{
"AttributeName": "zipcode",
"KeyType": "HASH"
}
],
"Projection": {
"NonKeyAttributes": ["predictorName"],
"ProjectionType": "ALL"
},
}
],
"ProvisionedThroughput": {
"LastIncreaseDateTime": "2019-03-14T13:21:00.399Z",
"LastDecreaseDateTime": "2019-03-14T12:47:35.193Z",
"NumberOfDecreasesToday": 0,
"ReadCapacityUnits": 100,
"WriteCapacityUnits": 50
},
"Replicas": [
{
"GlobalSecondaryIndexes":[
{
"IndexName": "CITY_DATE_INDEX_NAME",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": 10
}
}
],
"KmsMasterKeyId" : "KmsKeyId"
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": 10
},
"RegionName": "regionName",
"ReplicaStatus": "CREATING",
"ReplicaStatusDescription": "replicaStatusDescription"
}
],
"RestoreSummary" : {
"SourceBackupArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/backup/backup1",
"SourceTableArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable",
"RestoreDateTime": "2020-06-22T17:40:12.322Z",
"RestoreInProgress": true
},
"SseDescription": {
"InaccessibleEncryptionDateTime": "2018-01-26T23:50:05.000Z",
"Status": "ENABLED",
"SseType": "KMS",
"KmsMasterKeyArn": "arn:aws:kms:us-east-1:111122223333:key/key1"
},
"StreamSpecification" : {
"StreamEnabled": true,
"StreamViewType": "NEW_IMAGE"
},
"TableId": "example-table-id-1",
"TableName": "example-table",
"TableSizeBytes": 1862513,
"TableStatus": "ACTIVE"
}
```
# ASFF 中的 AwsEc2 资源
以下是`AwsEc2`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEc2ClientVpnEndpoint
该`AwsEc2ClientVpnEndpoint`对象提供有关 AWS Client VPN 端点的信息。客户端 VPN 端点是您创建并配置以用于启用和管理客户端 VPN 会话的资源。这是所有 Client VPN 会话的终止点。
以下示例显示了`AwsEc2ClientVpnEndpoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2ClientVpnEndpoint`属性的描述,请参阅《*AWS Security Hub API 参考*》ClientVpnEndpointDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2ClientVpnEndpointDetails.html)。
**示例**
```
"AwsEc2ClientVpnEndpoint": {
"AuthenticationOptions": [
{
"MutualAuthentication": {
"ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Type": "certificate-authentication"
}
],
"ClientCidrBlock": "10.0.0.0/22",
"ClientConnectOptions": {
"Enabled": false
},
"ClientLoginBannerOptions": {
"Enabled": false
},
"ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5",
"ConnectionLogOptions": {
"Enabled": false
},
"Description": "test",
"DnsServer": ["10.0.0.0"],
"ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"SecurityGroupIdSet": [
"sg-0f7a177b82b443691"
],
"SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5",
"SessionTimeoutHours": 24,
"SplitTunnel": false,
"TransportProtocol": "udp",
"VpcId": "vpc-1a2b3c4d5e6f1a2b3",
"VpnPort": 443
}
```
## AwsEc2Eip
`AwsEc2Eip` 对象提供有关弹性 IP 地址的信息。
以下示例显示了`AwsEc2Eip`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2Eip`属性的描述,请参阅《*AWS Security Hub API 参考*》EipDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2EipDetails.html)。
**示例**
```
"AwsEc2Eip": {
"InstanceId": "instance1",
"PublicIp": "192.0.2.04",
"AllocationId": "eipalloc-example-id-1",
"AssociationId": "eipassoc-example-id-1",
"Domain": "vpc",
"PublicIpv4Pool": "anycompany",
"NetworkBorderGroup": "eu-central-1",
"NetworkInterfaceId": "eni-example-id-1",
"NetworkInterfaceOwnerId": "777788889999",
"PrivateIpAddress": "192.0.2.03"
}
```
## AwsEc2Instance
`AwsEc2Instance` 对象提供有关 Amazon EC2 实例的详细信息。
以下示例显示了`AwsEc2Instance`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2Instance`属性的描述,请参阅《*AWS Security Hub API 参考*》InstanceDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2InstanceDetails.html)。
**示例**
```
"AwsEc2Instance": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole",
"ImageId": "ami-1234",
"IpV4Addresses": [ "1.1.1.1" ],
"IpV6Addresses": [ "2001:db8:1234:1a2b::123" ],
"KeyName": "my_keypair",
"LaunchedAt": "2018-05-08T16:46:19.000Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled",
},
"Monitoring": {
"State": "disabled"
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "subnet-123",
"Type": "i3.xlarge",
"VpcId": "vpc-123"
}
```
## AwsEc2LaunchTemplate
`AwsEc2LaunchTemplate` 对象包含有关指定实例配置信息的 Amazon Elastic Compute Cloud 启动模板的详细信息。
以下示例显示了`AwsEc2LaunchTemplate`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2LaunchTemplate`属性的描述,请参阅《*AWS Security Hub API 参考*》LaunchTemplateDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2LaunchTemplateDetals.html)。
**示例**
```
"AwsEc2LaunchTemplate": {
"DefaultVersionNumber": "1",
"ElasticGpuSpecifications": ["string"],
"ElasticInferenceAccelerators": ["string"],
"Id": "lt-0a16e9802800bdd85",
"ImageId": "ami-0d5eff06f840b45e9",
"LatestVersionNumber": "1",
"LaunchTemplateData": {
"BlockDeviceMappings": [{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteonTermination": true,
"Encrypted": true,
"SnapshotId": "snap-01047646ec075f543",
"VolumeSize": 8,
"VolumeType:" "gp2"
}
}],
"MetadataOptions": {
"HttpTokens": "enabled",
"HttpPutResponseHopLimit" : 1
},
"Monitoring": {
"Enabled": true,
"NetworkInterfaces": [{
"AssociatePublicIpAddress" : true,
}],
"LaunchTemplateName": "string",
"LicenseSpecifications": ["string"],
"SecurityGroupIds": ["sg-01fce87ad6e019725"],
"SecurityGroups": ["string"],
"TagSpecifications": ["string"]
}
```
## AwsEc2NetworkAcl
`AwsEc2NetworkAcl` 对象包含有关 Amazon EC2 网络访问控制列表(ACL)的详细信息。
以下示例显示了`AwsEc2NetworkAcl`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2NetworkAcl`属性的描述,请参阅《*AWS Security Hub API 参考*》NetworkAclDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2NetworkAclDetails.html)。
**示例**
```
"AwsEc2NetworkAcl": {
"IsDefault": false,
"NetworkAclId": "acl-1234567890abcdef0",
"OwnerId": "123456789012",
"VpcId": "vpc-1234abcd",
"Associations": [{
"NetworkAclAssociationId": "aclassoc-abcd1234",
"NetworkAclId": "acl-021345abcdef6789",
"SubnetId": "subnet-abcd1234"
}],
"Entries": [{
"CidrBlock": "10.24.34.0/23",
"Egress": true,
"IcmpTypeCode": {
"Code": 10,
"Type": 30
},
"Ipv6CidrBlock": "2001:DB8::/32",
"PortRange": {
"From": 20,
"To": 40
},
"Protocol": "tcp",
"RuleAction": "allow",
"RuleNumber": 100
}]
}
```
## AwsEc2NetworkInterface
`AwsEc2NetworkInterface` 对象提供有关 Amazon EC2 网络接口的信息。
以下示例显示了`AwsEc2NetworkInterface`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2NetworkInterface`属性的描述,请参阅《*AWS Security Hub API 参考*》NetworkInterfaceDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2NetworkInterfaceDetails.html)。
**示例**
```
"AwsEc2NetworkInterface": {
"Attachment": {
"AttachTime": "2019-01-01T03:03:21Z",
"AttachmentId": "eni-attach-43348162",
"DeleteOnTermination": true,
"DeviceIndex": 123,
"InstanceId": "i-1234567890abcdef0",
"InstanceOwnerId": "123456789012",
"Status": 'ATTACHED'
},
"SecurityGroups": [
{
"GroupName": "my-security-group",
"GroupId": "sg-903004f8"
},
],
"NetworkInterfaceId": 'eni-686ea200',
"SourceDestCheck": false
}
```
## AwsEc2RouteTable
`AwsEc2RouteTable` 对象提供有关 Amazon EC2 路由表的信息。
以下示例显示了`AwsEc2RouteTable`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2RouteTable`属性的描述,请参阅《*AWS Security Hub API 参考*》RouteTableDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2RouteTableDetails.html)。
**示例**
```
"AwsEc2RouteTable": {
"AssociationSet": [{
"AssociationSet": {
"State": "associated"
},
"Main": true,
"RouteTableAssociationId": "rtbassoc-08e706c45de9f7512",
"RouteTableId": "rtb-0a59bde9cf2548e34",
}],
"PropogatingVgwSet": [],
"RouteTableId": "rtb-0a59bde9cf2548e34",
"RouteSet": [
{
"DestinationCidrBlock": "10.24.34.0/23",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "10.24.34.0/24",
"GatewayId": "igw-0242c2d7d513fc5d3",
"Origin": "CreateRoute",
"State": "active"
}
],
"VpcId": "vpc-0c250a5c33f51d456"
}
```
## AwsEc2SecurityGroup
`AwsEc2SecurityGroup` 对象描述 Amazon EC2 安全组。
以下示例显示了`AwsEc2SecurityGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2SecurityGroup`属性的描述,请参阅《*AWS Security Hub API 参考*》SecurityGroupDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2SecurityGroupDetails.html)。
**示例**
```
"AwsEc2SecurityGroup": {
"GroupName": "MySecurityGroup",
"GroupId": "sg-903004f8",
"OwnerId": "123456789012",
"VpcId": "vpc-1a2b3c4d",
"IpPermissions": [
{
"IpProtocol": "-1",
"IpRanges": [],
"UserIdGroupPairs": [
{
"UserId": "123456789012",
"GroupId": "sg-903004f8"
}
],
"PrefixListIds": [
{"PrefixListId": "pl-63a5400a"}
]
},
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "203.0.113.0/24"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": []
}
]
}
```
## AwsEc2Subnet
`AwsEc2Subnet` 对象提供有关 Amazon EC2 中子网的信息。
以下示例显示了`AwsEc2Subnet`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2Subnet`属性的描述,请参阅《*AWS Security Hub API 参考*》SubnetDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2SubnetDetails.html)。
**示例**
```
AwsEc2Subnet: {
"AssignIpv6AddressOnCreation": false,
"AvailabilityZone": "us-west-2c",
"AvailabilityZoneId": "usw2-az3",
"AvailableIpAddressCount": 8185,
"CidrBlock": "10.0.0.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"OwnerId": "123456789012",
"State": "available",
"SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93",
"SubnetId": "subnet-d5436c93",
"VpcId": "vpc-153ade70",
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "subnet-cidr-assoc-EXAMPLE",
"Ipv6CidrBlock": "2001:DB8::/32",
"CidrBlockState": "associated"
}]
}
```
## AwsEc2TransitGateway
该`AwsEc2TransitGateway`对象提供有关将您的虚拟私有云 (VPCs) 和本地网络互连的 Amazon EC2 传输网关的详细信息。
以下是 AWS 安全`AwsEc2TransitGateway`调查结果格式 (ASFF) 中的示例发现。要查看`AwsEc2TransitGateway`属性的描述,请参阅《*AWS Security Hub API 参考*》TransitGatewayDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2TransitGatewayDetails.html)。
**示例**
```
"AwsEc2TransitGateway": {
"AmazonSideAsn": 65000,
"AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
"AutoAcceptSharedAttachments": "disable",
"DefaultRouteTableAssociation": "enable",
"DefaultRouteTablePropagation": "enable",
"Description": "sample transit gateway",
"DnsSupport": "enable",
"Id": "tgw-042ae6bf7a5c126c3",
"MulticastSupport": "disable",
"PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
"TransitGatewayCidrBlocks": ["10.0.0.0/16"],
"VpnEcmpSupport": "enable"
}
```
## AwsEc2Volume
`AwsEc2Volume` 对象提供有关 Amazon EC2 卷的详细信息。
以下示例显示了`AwsEc2Volume`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2Volume`属性的描述,请参阅《*AWS Security Hub API 参考*》VolumeDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VolumeDetails.html)。
**示例**
```
"AwsEc2Volume": {
"Attachments": [
{
"AttachTime": "2017-10-17T14:47:11Z",
"DeleteOnTermination": true,
"InstanceId": "i-123abc456def789g",
"Status": "attached"
}
],
"CreateTime": "2020-02-24T15:54:30Z",
"Encrypted": true,
"KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"Size": 80,
"SnapshotId": "",
"Status": "available"
}
```
## AwsEc2Vpc
`AwsEc2Vpc` 对象提供有关 Amazon EC2 VPC 的详细信息。
以下示例显示了`AwsEc2Vpc`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2Vpc`属性的描述,请参阅《*AWS Security Hub API 参考*》VpcDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcDetails.html)。
**示例**
```
"AwsEc2Vpc": {
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
"CidrBlock": "192.0.2.0/24",
"CidrBlockState": "associated"
}
],
"DhcpOptionsId": "dopt-4e42ce28",
"Ipv6CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
"CidrBlockState": "associated",
"Ipv6CidrBlock": "192.0.2.0/24"
}
],
"State": "available"
}
```
## AwsEc2VpcEndpointService
`AwsEc2VpcEndpointService` 对象包含有关 VPC 端点服务的服务配置的详细信息。
以下示例显示了`AwsEc2VpcEndpointService`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2VpcEndpointService`属性的描述,请参阅《*AWS Security Hub API 参考*》VpcEndpointServiceDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcEndpointServiceDetails.html)。
**示例**
```
"AwsEc2VpcEndpointService": {
"ServiceType": [
{
"ServiceType": "Interface"
}
],
"ServiceId": "vpce-svc-example1",
"ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1",
"ServiceState": "Available",
"AvailabilityZones": [
"us-east-1"
],
"AcceptanceRequired": true,
"ManagesVpcEndpoints": false,
"NetworkLoadBalancerArns": [
"arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1"
],
"GatewayLoadBalancerArns": [],
"BaseEndpointDnsNames": [
"vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com"
],
"PrivateDnsName": "my-private-dns"
}
```
## AwsEc2VpcPeeringConnection
该`AwsEc2VpcPeeringConnection`对象提供有关两者之间网络连接的详细信息 VPCs。
以下示例显示了`AwsEc2VpcPeeringConnection`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2VpcPeeringConnection`属性的描述,请参阅《*AWS Security Hub API 参考*》VpcPeeringConnectionDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcPeeringConnectionDetails.html)。
**示例**
```
"AwsEc2VpcPeeringConnection": {
"AccepterVpcInfo": {
"CidrBlock": "10.0.0.0/28",
"CidrBlockSet": [{
"CidrBlock": "10.0.0.0/28"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
}],
"OwnerId": "012345678910",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": true,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": true
},
"Region": "us-west-2",
"VpcId": "vpc-i123456"
},
"ExpirationTime": "2022-02-18T15:31:53.161Z",
"RequesterVpcInfo": {
"CidrBlock": "192.168.0.0/28",
"CidrBlockSet": [{
"CidrBlock": "192.168.0.0/28"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
}],
"OwnerId": "012345678910",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": true,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": true
},
"Region": "us-west-2",
"VpcId": "vpc-i123456"
},
"Status": {
"Code": "initiating-request",
"Message": "Active"
},
"VpcPeeringConnectionId": "pcx-1a2b3c4d"
}
```
# ASFF 中的 AwsEcr 资源
以下是`AwsEcr`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEcrContainerImage
`AwsEcrContainerImage` 对象提供 Amazon ECR 镜像的信息。
以下示例显示了`AwsEcrContainerImage`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcrContainerImage` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcrContainerImageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcrContainerImageDetails.html)。
**示例**
```
"AwsEcrContainerImage": {
"RegistryId": "123456789012",
"RepositoryName": "repository-name",
"Architecture": "amd64"
"ImageDigest": "sha256:a568e5c7a953fbeaa2904ac83401f93e4a076972dc1bae527832f5349cd2fb10",
"ImageTags": ["00000000-0000-0000-0000-000000000000"],
"ImagePublishedAt": "2019-10-01T20:06:12Z"
}
```
## AwsEcrRepository
`AwsEcrRepository` 对象提供有关 Amazon Elastic Container Registry 存储库的信息。
以下示例显示了`AwsEcrRepository`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcrRepository` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcrRepositoryDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcrRepositoryDetails.html)。
**示例**
```
"AwsEcrRepository": {
"LifecyclePolicy": {
"RegistryId": "123456789012",
},
"RepositoryName": "sample-repo",
"Arn": "arn:aws:ecr:us-west-2:111122223333:repository/sample-repo",
"ImageScanningConfiguration": {
"ScanOnPush": true
},
"ImageTagMutability": "IMMUTABLE"
}
```
# ASFF 中的 AwsEcs 资源
以下是`AwsEcs`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEcsCluster
`AwsEcsCluster` 对象提供有关 Amazon Elastic Container Service 集群的详细信息。
以下示例显示了`AwsEcsCluster`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcsCluster` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcsClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsClusterDetails.html)。
**示例**
```
"AwsEcsCluster": {
"CapacityProviders": [],
"ClusterSettings": [
{
"Name": "containerInsights",
"Value": "enabled"
}
],
"Configuration": {
"ExecuteCommandConfiguration": {
"KmsKeyId": "kmsKeyId",
"LogConfiguration": {
"CloudWatchEncryptionEnabled": true,
"CloudWatchLogGroupName": "cloudWatchLogGroupName",
"S3BucketName": "s3BucketName",
"S3EncryptionEnabled": true,
"S3KeyPrefix": "s3KeyPrefix"
},
"Logging": "DEFAULT"
}
}
"DefaultCapacityProviderStrategy": [
{
"Base": 0,
"CapacityProvider": "capacityProvider",
"Weight": 1
}
]
}
```
## AwsEcsContainer
`AwsEcsContainer` 对象包含有关 Amazon ECS 容器的详细信息。
以下示例显示了`AwsEcsContainer`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcsContainer` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcsContainerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsContainerDetails.html)。
**示例**
```
"AwsEcsContainer": {
"Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3",
"MountPoints": [{
"ContainerPath": "/mnt/etc",
"SourceVolume": "vol-03909e9"
}],
"Name": "knote",
"Privileged": true
}
```
## AwsEcsService
`AwsEcsService` 对象提供有关 Amazon ECS 集群内的服务的详细信息。
以下示例显示了`AwsEcsService`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcsService` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcsServiceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsServiceDetails.html)。
**示例**
```
"AwsEcsService": {
"CapacityProviderStrategy": [
{
"Base": 12,
"CapacityProvider": "",
"Weight": ""
}
],
"Cluster": "arn:aws:ecs:us-east-1:111122223333:cluster/example-ecs-cluster",
"DeploymentConfiguration": {
"DeploymentCircuitBreaker": {
"Enable": false,
"Rollback": false
},
"MaximumPercent": 200,
"MinimumHealthyPercent": 100
},
"DeploymentController": "",
"DesiredCount": 1,
"EnableEcsManagedTags": false,
"EnableExecuteCommand": false,
"HealthCheckGracePeriodSeconds": 1,
"LaunchType": "FARGATE",
"LoadBalancers": [
{
"ContainerName": "",
"ContainerPort": 23,
"LoadBalancerName": "",
"TargetGroupArn": ""
}
],
"Name": "sample-app-service",
"NetworkConfiguration": {
"AwsVpcConfiguration": {
"Subnets": [
"Subnet-example1",
"Subnet-example2"
],
"SecurityGroups": [
"Sg-0ce48e9a6e5b457f5"
],
"AssignPublicIp": "ENABLED"
}
},
"PlacementConstraints": [
{
"Expression": "",
"Type": ""
}
],
"PlacementStrategies": [
{
"Field": "",
"Type": ""
}
],
"PlatformVersion": "LATEST",
"PropagateTags": "",
"Role": "arn:aws:iam::111122223333:role/aws-servicerole/ecs.amazonaws.com/ServiceRoleForECS",
"SchedulingStrategy": "REPLICA",
"ServiceName": "sample-app-service",
"ServiceArn": "arn:aws:ecs:us-east-1:111122223333:service/example-ecs-cluster/sample-app-service",
"ServiceRegistries": [
{
"ContainerName": "",
"ContainerPort": 1212,
"Port": 1221,
"RegistryArn": ""
}
],
"TaskDefinition": "arn:aws:ecs:us-east-1:111122223333:task-definition/example-taskdef:1"
}
```
## AwsEcsTask
`AwsEcsTask` 对象提供有关 Amazon ECS 任务的详细信息。
以下示例显示了`AwsEcsTask`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcsTask` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcsTask](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsTaskDetails.html)。
**示例**
```
"AwsEcsTask": {
"ClusterArn": "arn:aws:ecs:us-west-2:123456789012:task/MyCluster/1234567890123456789",
"CreatedAt": "1557134011644",
"Group": "service:fargate-service",
"StartedAt": "1557134011644",
"StartedBy": "ecs-svc/1234567890123456789",
"TaskDefinitionArn": "arn:aws:ecs:us-west-2:123456789012:task-definition/sample-fargate:2",
"Version": 3,
"Volumes": [{
"Name": "string",
"Host": {
"SourcePath": "string"
}
}],
"Containers": {
"Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3",
"MountPoints": [{
"ContainerPath": "/mnt/etc",
"SourceVolume": "vol-03909e9"
}],
"Name": "knote",
"Privileged": true
}
}
```
## AwsEcsTaskDefinition
`AwsEcsTaskDefinition` 对象包含有关任务定义的详细信息。任务定义描述 Amazon Elastic Container Service 任务的容器和卷定义。
以下示例显示了`AwsEcsTaskDefinition`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcsTaskDefinition` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcsTaskDefinitionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsTaskDefinitionDetails.html)。
**示例**
```
"AwsEcsTaskDefinition": {
"ContainerDefinitions": [
{
"Command": ['ruby', 'hi.rb'],
"Cpu":128,
"Essential": true,
"HealthCheck": {
"Command": ["CMD-SHELL", "curl -f http://localhost/ || exit 1"],
"Interval": 10,
"Retries": 3,
"StartPeriod": 5,
"Timeout": 20
},
"Image": "tongueroo/sinatra:latest",
"Interactive": true,
"Links": [],
"LogConfiguration": {
"LogDriver": "awslogs",
"Options": {
"awslogs-group": "/ecs/sinatra-hi",
"awslogs-region": "ap-southeast-1",
"awslogs-stream-prefix": "ecs"
},
"SecretOptions": []
},
"MemoryReservation": 128,
"Name": "web",
"PortMappings": [
{
"ContainerPort": 4567,
"HostPort":4567,
"Protocol": "tcp"
}
],
"Privileged": true,
"StartTimeout": 10,
"StopTimeout": 100,
}
],
"Family": "sinatra-hi",
"NetworkMode": "host",
"RequiresCompatibilities": ["EC2"],
"Status": "ACTIVE",
"TaskRoleArn": "arn:aws:iam::111122223333:role/ecsTaskExecutionRole",
}
```
# ASFF 中的 AwsEfs 资源
以下是`AwsEfs`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEfsAccessPoint
`AwsEfsAccessPoint` 对象提供有关存储在 Amazon Elastic File System 中的文件的详细信息。
以下示例显示了`AwsEfsAccessPoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEfsAccessPoint` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEfsAccessPointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEfsAccessPointDetails.html)。
**示例**
```
"AwsEfsAccessPoint": {
"AccessPointId": "fsap-05c4c0e79ba0b118a",
"Arn": "arn:aws:elasticfilesystem:us-east-1:863155670886:access-point/fsap-05c4c0e79ba0b118a",
"ClientToken": "AccessPointCompliant-ASk06ZZSXsEp",
"FileSystemId": "fs-0f8137f731cb32146",
"PosixUser": {
"Gid": "1000",
"SecondaryGids": ["0", "4294967295"],
"Uid": "1234"
},
"RootDirectory": {
"CreationInfo": {
"OwnerGid": "1000",
"OwnerUid": "1234",
"Permissions": "777"
},
"Path": "/tmp/example"
}
}
```
# ASFF 中的 AwsEks 资源
以下是`AwsEks`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEksCluster
`AwsEksCluster` 对象提供有关 Amazon EKS 集群的详细信息。
以下示例显示了`AwsEksCluster`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEksCluster` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEksClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEksClusterDetails.html)。
**示例**
```
{
"AwsEksCluster": {
"Name": "example",
"Arn": "arn:aws:eks:us-west-2:222222222222:cluster/example",
"CreatedAt": 1565804921.901,
"Version": "1.12",
"RoleArn": "arn:aws:iam::222222222222:role/example-cluster-ServiceRole-1XWBQWYSFRE2Q",
"ResourcesVpcConfig": {
"EndpointPublicAccess": false,
"SubnetIds": [
"subnet-021345abcdef6789",
"subnet-abcdef01234567890",
"subnet-1234567890abcdef0"
],
"SecurityGroupIds": [
"sg-abcdef01234567890"
]
},
"Logging": {
"ClusterLogging": [
{
"Types": [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
],
"Enabled": true
}
]
},
"Status": "CREATING",
"CertificateAuthorityData": {},
}
}
```
# ASFF 中的 AwsElasticBeanstalk 资源
以下是`AwsElasticBeanstalk`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElasticBeanstalkEnvironment
`AwsElasticBeanstalkEnvironment` 对象包含有关 AWS Elastic Beanstalk 环境的详细信息。
以下示例显示了`AwsElasticBeanstalkEnvironment`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsElasticBeanstalkEnvironment` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsElasticBeanstalkEnvironmentDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElasticBeanstalkEnvironmentDetails.html)。
**示例**
```
"AwsElasticBeanstalkEnvironment": {
"ApplicationName": "MyApplication",
"Cname": "myexampleapp-env.devo-2.elasticbeanstalk-internal.com",
"DateCreated": "2021-04-30T01:38:01.090Z",
"DateUpdated": "2021-04-30T01:38:01.090Z",
"Description": "Example description of my awesome application",
"EndpointUrl": "eb-dv-e-p-AWSEBLoa-abcdef01234567890-021345abcdef6789.us-east-1.elb.amazonaws.com",
"EnvironmentArn": "arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/MyApplication/myapplication-env",
"EnvironmentId": "e-abcd1234",
"EnvironmentLinks": [
{
"EnvironmentName": "myexampleapp-env",
"LinkName": "myapplicationLink"
}
],
"EnvironmentName": "myapplication-env",
"OptionSettings": [
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "BatchSize",
"Value": "100"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "Timeout",
"Value": "600"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "BatchSizeType",
"Value": "Percentage"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "IgnoreHealthCheck",
"Value": "false"
},
{
"Namespace": "aws:elasticbeanstalk:application",
"OptionName": "Application Healthcheck URL",
"Value": "TCP:80"
}
],
"PlatformArn": "arn:aws:elasticbeanstalk:us-east-1::platform/Tomcat 8 with Java 8 running on 64bit Amazon Linux/2.7.7",
"SolutionStackName": "64bit Amazon Linux 2017.09 v2.7.7 running Tomcat 8 Java 8",
"Status": "Ready",
"Tier": {
"Name": "WebServer"
"Type": "Standard"
"Version": "1.0"
},
"VersionLabel": "Sample Application"
}
```
# ASFF 中的 AwsElasticSearch 资源
以下是`AwsElasticSearch`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElasticSearchDomain
该`AwsElasticSearchDomain`对象提供有关亚马逊 OpenSearch 服务域的详细信息。
以下示例显示了`AwsElasticSearchDomain`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsElasticSearchDomain` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsElasticSearchDomainDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElasticsearchDomainDetails.html)。
**示例**
```
"AwsElasticSearchDomain": {
"AccessPolicies": "string",
"DomainStatus": {
"DomainId": "string",
"DomainName": "string",
"Endpoint": "string",
"Endpoints": {
"string": "string"
}
},
"DomainEndpointOptions": {
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"ElasticsearchClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"ElasticsearchVersion": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VPCOptions": {
"AvailabilityZones": [
"string"
],
"SecurityGroupIds": [
"string"
],
"SubnetIds": [
"string"
],
"VPCId": "string"
}
}
```
# ASFF 中的 AwsElb 资源
以下是`AwsElb`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElbLoadBalancer
`AwsElbLoadBalancer` 对象包含有关经典负载均衡器的详细信息。
以下示例显示了`AwsElbLoadBalancer`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsElbLoadBalancer` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsElbLoadBalancerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElbLoadBalancerDetails.html)。
**示例**
```
"AwsElbLoadBalancer": {
"AvailabilityZones": ["us-west-2a"],
"BackendServerDescriptions": [
{
"InstancePort": 80,
"PolicyNames": ["doc-example-policy"]
}
],
"CanonicalHostedZoneName": "Z3DZXE0EXAMPLE",
"CanonicalHostedZoneNameID": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com",
"CreatedTime": "2020-08-03T19:22:44.637Z",
"DnsName": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com",
"HealthCheck": {
"HealthyThreshold": 2,
"Interval": 30,
"Target": "HTTP:80/png",
"Timeout": 3,
"UnhealthyThreshold": 2
},
"Instances": [
{
"InstanceId": "i-example"
}
],
"ListenerDescriptions": [
{
"Listener": {
"InstancePort": 443,
"InstanceProtocol": "HTTPS",
"LoadBalancerPort": 443,
"Protocol": "HTTPS",
"SslCertificateId": "arn:aws:iam::444455556666:server-certificate/my-server-cert"
},
"PolicyNames": ["ELBSecurityPolicy-TLS-1-2-2017-01"]
}
],
"LoadBalancerAttributes": {
"AccessLog": {
"EmitInterval": 60,
"Enabled": true,
"S3BucketName": "amzn-s3-demo-bucket",
"S3BucketPrefix": "doc-example-prefix"
},
"ConnectionDraining": {
"Enabled": false,
"Timeout": 300
},
"ConnectionSettings": {
"IdleTimeout": 30
},
"CrossZoneLoadBalancing": {
"Enabled": true
},
"AdditionalAttributes": [{
"Key": "elb.http.desyncmitigationmode",
"Value": "strictest"
}]
},
"LoadBalancerName": "example-load-balancer",
"Policies": {
"AppCookieStickinessPolicies": [
{
"CookieName": "",
"PolicyName": ""
}
],
"LbCookieStickinessPolicies": [
{
"CookieExpirationPeriod": 60,
"PolicyName": "my-example-cookie-policy"
}
],
"OtherPolicies": [
"my-PublicKey-policy",
"my-authentication-policy",
"my-SSLNegotiation-policy",
"my-ProxyProtocol-policy",
"ELBSecurityPolicy-2015-03"
]
},
"Scheme": "internet-facing",
"SecurityGroups": ["sg-example"],
"SourceSecurityGroup": {
"GroupName": "my-elb-example-group",
"OwnerAlias": "444455556666"
},
"Subnets": ["subnet-example"],
"VpcId": "vpc-a01106c2"
}
```
## AwsElbv2LoadBalancer
`AwsElbv2LoadBalancer` 对象提供有关负载均衡器的信息。
以下示例显示了`AwsElbv2LoadBalancer`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsElbv2LoadBalancer`属性的描述,请参阅《*AWS Security Hub API 参考*》LoadBalancerDetails中的 [AwsElbv2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElbv2LoadBalancerDetails.html)。
**示例**
```
"AwsElbv2LoadBalancer": {
"AvailabilityZones": {
"SubnetId": "string",
"ZoneName": "string"
},
"CanonicalHostedZoneId": "string",
"CreatedTime": "string",
"DNSName": "string",
"IpAddressType": "string",
"LoadBalancerAttributes": [
{
"Key": "string",
"Value": "string"
}
],
"Scheme": "string",
"SecurityGroups": [ "string" ],
"State": {
"Code": "string",
"Reason": "string"
},
"Type": "string",
"VpcId": "string"
}
```
# ASFF 中的 AwsEventBridge 资源
以下是`AwsEventBridge`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEventSchemasRegistry
该`AwsEventSchemasRegistry`对象提供有关 Amazon EventBridge 架构注册表的信息。架构定义了发送到的事件的结构 EventBridge。架构注册表是收集架构并对其进行逻辑分组的容器。
以下示例显示了`AwsEventSchemasRegistry`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEventSchemasRegistry` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEventSchemasRegistry](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventSchemasRegistryDetails.html)。
**示例**
```
"AwsEventSchemasRegistry": {
"Description": "This is an example event schema registry.",
"RegistryArn": "arn:aws:schemas:us-east-1:123456789012:registry/schema-registry",
"RegistryName": "schema-registry"
}
```
## AwsEventsEndpoint
该`AwsEventsEndpoint`对象提供有关 Amazon EventBridge 全局终端节点的信息。端点可以通过使其具有区域容错能力来提高应用程序的可用性。
以下示例显示了`AwsEventsEndpoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEventsEndpoint` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEventsEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventsEndpointDetails.html)。
**示例**
```
"AwsEventsEndpoint": {
"Arn": "arn:aws:events:us-east-1:123456789012:endpoint/my-endpoint",
"Description": "This is a sample endpoint.",
"EndpointId": "04k1exajoy.veo",
"EndpointUrl": "https://04k1exajoy.veo.endpoint.events.amazonaws.com",
"EventBuses": [
{
"EventBusArn": "arn:aws:events:us-east-1:123456789012:event-bus/default"
},
{
"EventBusArn": "arn:aws:events:us-east-2:123456789012:event-bus/default"
}
],
"Name": "my-endpoint",
"ReplicationConfig": {
"State": "ENABLED"
},
"RoleArn": "arn:aws:iam::123456789012:role/service-role/Amazon_EventBridge_Invoke_Event_Bus_1258925394",
"RoutingConfig": {
"FailoverConfig": {
"Primary": {
"HealthCheck": "arn:aws:route53:::healthcheck/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Secondary": {
"Route": "us-east-2"
}
}
},
"State": "ACTIVE"
}
```
## AwsEventsEventbus
该`AwsEventsEventbus`对象提供有关 Amazon EventBridge 全局终端节点的信息。端点可以通过使其具有区域容错能力来提高应用程序的可用性。
以下示例显示了`AwsEventsEventbus`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEventsEventbus` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEventsEventbusDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventsEventbusDetails.html)。
**示例**
```
"AwsEventsEventbus":
"Arn": "arn:aws:events:us-east-1:123456789012:event-bus/my-event-bus",
"Name": "my-event-bus",
"Policy": "{\"Version\":\"2012-10-17\", \"Statement\":[{\"Sid\":\"AllowAllAccountsFromOrganizationToPutEvents\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"events:PutEvents\",\"Resource\":\"arn:aws:events:us-east-1:123456789012:event-bus/my-event-bus\",\"Condition\":{\"StringEquals\":{\"aws:PrincipalOrgID\":\"o-ki7yjtkjv5\"}}},{\"Sid\":\"AllowAccountToManageRulesTheyCreated\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:root\"},\"Action\":[\"events:PutRule\",\"events:PutTargets\",\"events:DeleteRule\",\"events:RemoveTargets\",\"events:DisableRule\",\"events:EnableRule\",\"events:TagResource\",\"events:UntagResource\",\"events:DescribeRule\",\"events:ListTargetsByRule\",\"events:ListTagsForResource\"],\"Resource\":\"arn:aws:events:us-east-1:123456789012:rule/my-event-bus\",\"Condition\":{\"StringEqualsIfExists\":{\"events:creatorAccount\":\"123456789012\"}}}]}"
```
# ASFF 中的 AwsGuardDuty 资源
以下是`AwsGuardDuty`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsGuardDutyDetector
该`AwsGuardDutyDetector`对象提供有关 Amazon GuardDuty 探测器的信息。探测器是代表 GuardDuty 服务的对象。需要探测器 GuardDuty 才能开始运行。
以下示例显示了`AwsGuardDutyDetector`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsGuardDutyDetector` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsGuardDutyDetector](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsGuardDutyDetectorDetails.html)。
**示例**
```
"AwsGuardDutyDetector": {
"FindingPublishingFrequency": "SIX_HOURS",
"ServiceRole": "arn:aws:iam::123456789012:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty",
"Status": "ENABLED",
"DataSources": {
"CloudTrail": {
"Status": "ENABLED"
},
"DnsLogs": {
"Status": "ENABLED"
},
"FlowLogs": {
"Status": "ENABLED"
},
"S3Logs": {
"Status": "ENABLED"
},
"Kubernetes": {
"AuditLogs": {
"Status": "ENABLED"
}
},
"MalwareProtection": {
"ScanEc2InstanceWithFindings": {
"EbsVolumes": {
"Status": "ENABLED"
}
},
"ServiceRole": "arn:aws:iam::123456789012:role/aws-service-role/malware-protection.guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDutyMalwareProtection"
}
}
}
```
# ASFF 中的 AwsIam 资源
以下是`AwsIam`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsIamAccessKey
`AwsIamAccessKey` 对象包含与调查发现相关的 IAM 访问密钥的详细信息。
以下示例显示了`AwsIamAccessKey`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamAccessKey` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamAccessKeyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamAccessKeyDetails.html)。
**示例**
```
"AwsIamAccessKey": {
"AccessKeyId": "string",
"AccountId": "string",
"CreatedAt": "string",
"PrincipalId": "string",
"PrincipalName": "string",
"PrincipalType": "string",
"SessionContext": {
"Attributes": {
"CreationDate": "string",
"MfaAuthenticated": boolean
},
"SessionIssuer": {
"AccountId": "string",
"Arn": "string",
"PrincipalId": "string",
"Type": "string",
"UserName": "string"
}
},
"Status": "string"
}
```
## AwsIamGroup
`AwsIamGroup` 对象包含有关 IAM 组的详细信息。
以下示例显示了`AwsIamGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamGroupDetails.html)。
**示例**
```
"AwsIamGroup": {
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/ExampleManagedAccess",
"PolicyName": "ExampleManagedAccess",
}
],
"CreateDate": "2020-04-28T14:08:37.000Z",
"GroupId": "AGPA4TPS3VLP7QEXAMPLE",
"GroupName": "Example_User_Group",
"GroupPolicyList": [
{
"PolicyName": "ExampleGroupPolicy"
}
],
"Path": "/"
}
```
## AwsIamPolicy
`AwsIamPolicy` 对象代表一个 IAM 权限策略。
以下示例显示了`AwsIamPolicy`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamPolicy` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamPolicyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamPolicyDetails.html)。
**示例**
```
"AwsIamPolicy": {
"AttachmentCount": 1,
"CreateDate": "2017-09-14T08:17:29.000Z",
"DefaultVersionId": "v1",
"Description": "Example IAM policy",
"IsAttachable": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 5,
"PolicyId": "ANPAJ2UCCR6DPCEXAMPLE",
"PolicyName": "EXAMPLE-MANAGED-POLICY",
"PolicyVersionList": [
{
"VersionId": "v1",
"IsDefaultVersion": true,
"CreateDate": "2017-09-14T08:17:29.000Z"
}
],
"UpdateDate": "2017-09-14T08:17:29.000Z"
}
```
## AwsIamRole
`AwsIamRole` 对象包含有关 IAM 角色的信息,包括该角色的所有策略。
以下示例显示了`AwsIamRole`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamRole` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamRoleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamRoleDetails.html)。
**示例**
```
"AwsIamRole": {
"AssumeRolePolicyDocument": "{'Version': '2012-10-17', 'Statement': [{'Effect': 'Allow','Action': 'sts:AssumeRole'}]}",
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/ExamplePolicy1",
"PolicyName": "Example policy 1"
},
{
"PolicyArn": "arn:aws:iam::444455556666:policy/ExamplePolicy2",
"PolicyName": "Example policy 2"
}
],
"CreateDate": "2020-03-14T07:19:14.000Z",
"InstanceProfileList": [
{
"Arn": "arn:aws:iam::333333333333:ExampleProfile",
"CreateDate": "2020-03-11T00:02:27Z",
"InstanceProfileId": "AIPAIXEU4NUHUPEXAMPLE",
"InstanceProfileName": "ExampleInstanceProfile",
"Path": "/",
"Roles": [
{
"Arn": "arn:aws:iam::444455556666:role/example-role",
"AssumeRolePolicyDocument": "",
"CreateDate": "2020-03-11T00:02:27Z",
"Path": "/",
"RoleId": "AROAJ52OTH4H7LEXAMPLE",
"RoleName": "example-role",
}
]
}
],
"MaxSessionDuration": 3600,
"Path": "/",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "arn:aws:iam::aws:policy/AdministratorAccess",
"PermissionsBoundaryType": "PermissionsBoundaryPolicy"
},
"RoleId": "AROA4TPS3VLEXAMPLE",
"RoleName": "BONESBootstrapHydra-OverbridgeOpsFunctionsLambda",
"RolePolicyList": [
{
"PolicyName": "Example role policy"
}
]
}
```
## AwsIamUser
`AwsIamUser` 对象提供有关用户的信息。
以下示例显示了`AwsIamUser`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamUser` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamUserDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamUserDetails.html)。
**示例**
```
"AwsIamUser": {
"AttachedManagedPolicies": [
{
"PolicyName": "ExamplePolicy",
"PolicyArn": "arn:aws:iam::aws:policy/ExampleAccess"
}
],
"CreateDate": "2018-01-26T23:50:05.000Z",
"GroupList": [],
"Path": "/",
"PermissionsBoundary" : {
"PermissionsBoundaryArn" : "arn:aws:iam::aws:policy/AdministratorAccess",
"PermissionsBoundaryType" : "PermissionsBoundaryPolicy"
},
"UserId": "AIDACKCEVSQ6C2EXAMPLE",
"UserName": "ExampleUser",
"UserPolicyList": [
{
"PolicyName": "InstancePolicy"
}
]
}
```
# ASFF 中的 AwsKinesis 资源
以下是`AwsKinesis`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsKinesisStream
`AwsKinesisStream` 对象提供有关 Amazon Kinesis Data Streams 的详细信息。
以下示例显示了`AwsKinesisStream`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsKinesisStream` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsKinesisStreamDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsKinesisStreamDetails.html)。
**示例**
```
"AwsKinesisStream": {
"Name": "test-vir-kinesis-stream",
"Arn": "arn:aws:kinesis:us-east-1:293279581038:stream/test-vir-kinesis-stream",
"RetentionPeriodHours": 24,
"ShardCount": 2,
"StreamEncryption": {
"EncryptionType": "KMS",
"KeyId": "arn:aws:kms:us-east-1:293279581038:key/849cf029-4143-4c59-91f8-ea76007247eb"
}
}
```
# ASFF 中的 AwsKms 资源
以下是`AwsKms`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsKmsKey
该`AwsKmsKey`对象提供有关一个的详细信息 AWS KMS key。
以下示例显示了`AwsKmsKey`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsKmsKey` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsKmsKeyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsKmsKeyDetails.html)。
**示例**
```
"AwsKmsKey": {
"AWSAccountId": "string",
"CreationDate": "string",
"Description": "string",
"KeyId": "string",
"KeyManager": "string",
"KeyRotationStatus": boolean,
"KeyState": "string",
"Origin": "string"
}
```
# AwsLambda
以下是`AwsLambda`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsLambdaFunction
`AwsLambdaFunction` 对象提供有关 Lambda 函数配置的详细信息。
以下示例显示了`AwsLambdaFunction`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsLambdaFunction` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsLambdaFunctionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsLambdaFunctionDetails.html)。
**示例**
```
"AwsLambdaFunction": {
"Architectures": [
"x86_64"
],
"Code": {
"S3Bucket": "amzn-s3-demo-bucket",
"S3Key": "samplekey",
"S3ObjectVersion": "2",
"ZipFile": "myzip.zip"
},
"CodeSha256": "1111111111111abcdef",
"DeadLetterConfig": {
"TargetArn": "arn:aws:lambda:us-east-2:123456789012:queue:myqueue:2"
},
"Environment": {
"Variables": {
"Stage": "foobar"
},
"Error": {
"ErrorCode": "Sample-error-code",
"Message": "Caller principal is a manager."
}
},
"FunctionName": "CheckOut",
"Handler": "main.py:lambda_handler",
"KmsKeyArn": "arn:aws:kms:us-west-2:123456789012:key/mykey",
"LastModified": "2001-09-11T09:00:00Z",
"Layers": {
"Arn": "arn:aws:lambda:us-east-2:123456789012:layer:my-layer:3",
"CodeSize": 169
},
"PackageType": "Zip",
"RevisionId": "23",
"Role": "arn:aws:iam::123456789012:role/Accounting-Role",
"Runtime": "go1.7",
"Timeout": 15,
"TracingConfig": {
"Mode": "Active"
},
"Version": "$LATEST$",
"VpcConfig": {
"SecurityGroupIds": ["sg-085912345678492fb", "sg-08591234567bdgdc"],
"SubnetIds": ["subnet-071f712345678e7c8", "subnet-07fd123456788a036"]
},
"MasterArn": "arn:aws:lambda:us-east-2:123456789012:\$LATEST",
"MemorySize": 2048
}
```
## AwsLambdaLayerVersion
`AwsLambdaLayerVersion` 对象提供有关 Lambda 层版本的详细信息。
以下示例显示了`AwsLambdaLayerVersion`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsLambdaLayerVersion` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsLambdaLayerVersionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsLambdaLayerVersionDetails.html)。
**示例**
```
"AwsLambdaLayerVersion": {
"Version": 2,
"CompatibleRuntimes": [
"java8"
],
"CreatedDate": "2019-10-09T22:02:00.274+0000"
}
```
# ASFF 中的 AwsMsk 资源
以下是`AwsMsk`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsMskCluster
`AwsMskCluster` 对象提供有关 Amazon Managed Streaming for Apache Kafka(Amazon MSK)集群的信息。
以下示例显示了`AwsMskCluster`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsMskCluster` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsMskClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsMskClusterDetails.html)。
**示例**
```
"AwsMskCluster": {
"ClusterInfo": {
"ClientAuthentication": {
"Sasl": {
"Scram": {
"Enabled": true
},
"Iam": {
"Enabled": true
}
},
"Tls": {
"CertificateAuthorityArnList": [],
"Enabled": false
},
"Unauthenticated": {
"Enabled": false
}
},
"ClusterName": "my-cluster",
"CurrentVersion": "K2PWKAKR8XB7XF",
"EncryptionInfo": {
"EncryptionAtRest": {
"DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"EncryptionInTransit": {
"ClientBroker": "TLS",
"InCluster": true
}
},
"EnhancedMonitoring": "PER_TOPIC_PER_BROKER",
"NumberOfBrokerNodes": 3
}
}
```
# ASFF 中的 AwsNetworkFirewall 资源
以下是`AwsNetworkFirewall`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsNetworkFirewallFirewall
`AwsNetworkFirewallFirewall` 对象包含有关 AWS Network Firewall 防火墙的详细信息。
以下示例显示了`AwsNetworkFirewallFirewall`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsNetworkFirewallFirewall` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsNetworkFirewallFirewallDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallFirewallDetails.html)。
**示例**
```
"AwsNetworkFirewallFirewall": {
"DeleteProtection": false,
"FirewallArn": "arn:aws:network-firewall:us-east-1:024665936331:firewall/testfirewall",
"FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall",
"FirewallId": "dea7d8e9-ae38-4a8a-b022-672a830a99fa",
"FirewallName": "testfirewall",
"FirewallPolicyChangeProtection": false,
"SubnetChangeProtection": false,
"SubnetMappings": [
{
"SubnetId": "subnet-0183481095e588cdc"
},
{
"SubnetId": "subnet-01f518fad1b1c90b0"
}
],
"VpcId": "vpc-40e83c38"
}
```
## AwsNetworkFirewallFirewallPolicy
`AwsNetworkFirewallFirewallPolicy` 对象提供有关防火墙策略的详细信息。防火墙策略定义网络防火墙的行为。
以下示例显示了`AwsNetworkFirewallFirewallPolicy`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsNetworkFirewallFirewallPolicy` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsNetworkFirewallFirewallPolicyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallFirewallPolicyDetails.html)。
**示例**
```
"AwsNetworkFirewallFirewallPolicy": {
"FirewallPolicy": {
"StatefulRuleGroupReferences": [
{
"ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/PatchesOnly"
}
],
"StatelessDefaultActions": [ "aws:forward_to_sfe" ],
"StatelessFragmentDefaultActions": [ "aws:forward_to_sfe" ],
"StatelessRuleGroupReferences": [
{
"Priority": 1,
"ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1"
}
]
},
"FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall",
"FirewallPolicyId": "9ceeda22-6050-4048-a0ca-50ce47f0cc65",
"FirewallPolicyName": "InitialFirewall",
"Description": "Initial firewall"
}
```
## AwsNetworkFirewallRuleGroup
`AwsNetworkFirewallRuleGroup` 对象提供有关 AWS Network Firewall 规则组的详细信息。规则组用于检查和控制网络流量。无状态规则组适用于各个数据包。有状态规则组适用于其流量上下文中的数据包。
规则组在防火墙策略中引用。
以下示例显示了`AwsNetworkFirewallRuleGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsNetworkFirewallRuleGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsNetworkFirewallRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallRuleGroupDetails.html)。
**示例——无状态规则组**
```
"AwsNetworkFirewallRuleGroup": {
"Capacity": 600,
"RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1",
"RuleGroupId": "fb13c4df-b6da-4c1e-91ec-84b7a5487493",
"RuleGroupName": "Stateless-1"
"Description": "Example of a stateless rule group",
"Type": "STATELESS",
"RuleGroup": {
"RulesSource": {
"StatelessRulesAndCustomActions": {
"CustomActions": [],
"StatelessRules": [
{
"Priority": 1,
"RuleDefinition": {
"Actions": [
"aws:pass"
],
"MatchAttributes": {
"DestinationPorts": [
{
"FromPort": 443,
"ToPort": 443
}
],
"Destinations": [
{
"AddressDefinition": "192.0.2.0/24"
}
],
"Protocols": [
6
],
"SourcePorts": [
{
"FromPort": 0,
"ToPort": 65535
}
],
"Sources": [
{
"AddressDefinition": "198.51.100.0/24"
}
]
}
}
}
]
}
}
}
}
```
**示例——有状态规则组**
```
"AwsNetworkFirewallRuleGroup": {
"Capacity": 100,
"RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/tupletest",
"RuleGroupId": "38b71c12-da80-4643-a6c5-03337f8933e0",
"RuleGroupName": "ExampleRuleGroup",
"Description": "Example of a stateful rule group",
"Type": "STATEFUL",
"RuleGroup": {
"RuleSource": {
"StatefulRules": [
{
"Action": "PASS",
"Header": {
"Destination": "Any",
"DestinationPort": "443",
"Direction": "ANY",
"Protocol": "TCP",
"Source": "Any",
"SourcePort": "Any"
},
"RuleOptions": [
{
"Keyword": "sid:1"
}
]
}
]
}
}
}
```
以下是 `AwsNetworkFirewallRuleGroup` 属性的有效值示例列表:
+ `Action`
有效值:`PASS` \$1`DROP` \$1`ALERT`
+ `Protocol`
有效值:`IP` \$1 `TCP` \$1 `UDP` \$1 `ICMP` \$1 `HTTP` \$1 `FTP` \$1 `TLS` \$1 `SMB` \$1 `DNS` \$1 `DCERPC` \$1 `SSH` \$1 `SMTP` \$1 `IMAP` \$1 `MSN` \$1 `KRB5` \$1 `IKEV2` \$1 `TFTP` \$1 `NTP` \$1 `DHCP`
+ `Flags`
有效值:`FIN` \$1 `SYN` \$1 `RST` \$1 `PSH` \$1 `ACK` \$1 `URG` \$1 `ECE` \$1 `CWR`
+ `Masks`
有效值:`FIN` \$1 `SYN` \$1 `RST` \$1 `PSH` \$1 `ACK` \$1 `URG` \$1 `ECE` \$1 `CWR`
# ASFF 中的 AwsOpenSearchService 资源
以下是`AwsOpenSearchService`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsOpenSearchServiceDomain
该`AwsOpenSearchServiceDomain`对象包含有关亚马逊 OpenSearch 服务域的信息。
以下示例显示了`AwsOpenSearchServiceDomain`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsOpenSearchServiceDomain` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsOpenSearchServiceDomainDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsOpenSearchServiceDomainDetails.html)。
**示例**
```
"AwsOpenSearchServiceDomain": {
"AccessPolicies": "IAM_Id",
"AdvancedSecurityOptions": {
"Enabled": true,
"InternalUserDatabaseEnabled": true,
"MasterUserOptions": {
"MasterUserArn": "arn:aws:iam::123456789012:user/third-master-use",
"MasterUserName": "third-master-use",
"MasterUserPassword": "some-password"
}
},
"Arn": "arn:aws:Opensearch:us-east-1:111122223333:somedomain",
"ClusterConfig": {
"InstanceType": "c5.large.search",
"InstanceCount": 1,
"DedicatedMasterEnabled": true,
"ZoneAwarenessEnabled": false,
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": 2
},
"DedicatedMasterType": "c5.large.search",
"DedicatedMasterCount": 3,
"WarmEnabled": true,
"WarmCount": 3,
"WarmType": "ultrawarm1.large.search"
},
"DomainEndpoint": "https://es-2021-06-23t17-04-qowmgghud5vofgb5e4wmi.eu-central-1.es.amazonaws.com",
"DomainEndpointOptions": {
"EnforceHTTPS": false,
"TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
"CustomEndpointCertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/bda1bff1-79c0-49d0-abe6-50a15a7477d4",
"CustomEndpointEnabled": true,
"CustomEndpoint": "example.com"
},
"DomainEndpoints": {
"vpc": "vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com"
},
"DomainName": "my-domain",
"EncryptionAtRestOptions": {
"Enabled": false,
"KmsKeyId": "1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a"
},
"EngineVersion": "7.1",
"Id": "123456789012",
"LogPublishingOptions": {
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-index-slow-logs",
"Enabled": true
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-slow-logs",
"Enabled": true
},
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-slow-logs",
"Enabled": true
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": true
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "2022-04-28T14:08:37.000Z",
"Cancellable": false,
"CurrentVersion": "R20210331",
"Description": "There is no software update available for this domain.",
"NewVersion": "OpenSearch_1.0",
"UpdateAvailable": false,
"UpdateStatus": "COMPLETED",
"OptionalDeployment": false
},
"VpcOptions": {
"SecurityGroupIds": [
"sg-2a3a4a5a"
],
"SubnetIds": [
"subnet-1a2a3a4a"
],
}
}
```
# ASFF 中的 AwsRds 资源
以下是`AwsRds`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRdsDbCluster
`AwsRdsDbCluster` 对象提供有关 Amazon RDS 数据库集群的详细信息。
以下示例显示了`AwsRdsDbCluster`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsDbCluster` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsDbClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbClusterDetails.html)。
**示例**
```
"AwsRdsDbCluster": {
"ActivityStreamStatus": "stopped",
"AllocatedStorage": 1,
"AssociatedRoles": [
{
"RoleArn": "arn:aws:iam::777788889999:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
"Status": "PENDING"
}
],
"AutoMinorVersionUpgrade": true,
"AvailabilityZones": [
"us-east-1a",
"us-east-1c",
"us-east-1e"
],
"BackupRetentionPeriod": 1,
"ClusterCreateTime": "2020-06-22T17:40:12.322Z",
"CopyTagsToSnapshot": true,
"CrossAccountClone": false,
"CustomEndpoints": [],
"DatabaseName": "Sample name",
"DbClusterIdentifier": "database-3",
"DbClusterMembers": [
{
"DbClusterParameterGroupStatus": "in-sync",
"DbInstanceIdentifier": "database-3-instance-1",
"IsClusterWriter": true,
"PromotionTier": 1,
}
],
"DbClusterOptionGroupMemberships": [],
"DbClusterParameterGroup": "cluster-parameter-group",
"DbClusterResourceId": "cluster-example",
"DbSubnetGroup": "subnet-group",
"DeletionProtection": false,
"DomainMemberships": [],
"Status": "modifying",
"EnabledCloudwatchLogsExports": [
"audit",
"error",
"general",
"slowquery"
],
"Endpoint": "database-3.cluster-example.us-east-1.rds.amazonaws.com",
"Engine": "aurora-mysql",
"EngineMode": "provisioned",
"EngineVersion": "5.7.mysql_aurora.2.03.4",
"HostedZoneId": "ZONE1",
"HttpEndpointEnabled": false,
"IamDatabaseAuthenticationEnabled": false,
"KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
"MasterUsername": "admin",
"MultiAz": false,
"Port": 3306,
"PreferredBackupWindow": "04:52-05:22",
"PreferredMaintenanceWindow": "sun:09:32-sun:10:02",
"ReaderEndpoint": "database-3.cluster-ro-example.us-east-1.rds.amazonaws.com",
"ReadReplicaIdentifiers": [],
"Status": "Modifying",
"StorageEncrypted": true,
"VpcSecurityGroups": [
{
"Status": "active",
"VpcSecurityGroupId": "sg-example-1"
}
],
}
```
## AwsRdsDbClusterSnapshot
`AwsRdsDbClusterSnapshot` 对象包含有关 Amazon RDS DS集群快照的信息。
以下示例显示了`AwsRdsDbClusterSnapshot`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsDbClusterSnapshot` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsDbClusterSnapshotDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbClusterSnapshotDetails.html)。
**示例**
```
"AwsRdsDbClusterSnapshot": {
"AllocatedStorage": 0,
"AvailabilityZones": [
"us-east-1a",
"us-east-1d",
"us-east-1e"
],
"ClusterCreateTime": "2020-06-12T13:23:15.577Z",
"DbClusterIdentifier": "database-2",
"DbClusterSnapshotAttributes": [{
"AttributeName": "restore",
"AttributeValues": ["123456789012"]
}],
"DbClusterSnapshotIdentifier": "rds:database-2-2020-06-23-03-52",
"Engine": "aurora",
"EngineVersion": "5.6.10a",
"IamDatabaseAuthenticationEnabled": false,
"KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
"LicenseModel": "aurora",
"MasterUsername": "admin",
"PercentProgress": 100,
"Port": 0,
"SnapshotCreateTime": "2020-06-22T17:40:12.322Z",
"SnapshotType": "automated",
"Status": "available",
"StorageEncrypted": true,
"VpcId": "vpc-faf7e380"
}
```
## AwsRdsDbInstance
`AwsRdsDbInstance` 对象提供有关 Amazon RDS 数据库实例的详细信息。
以下示例显示了`AwsRdsDbInstance`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsDbInstance` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsDbInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbInstanceDetails.html)。
**示例**
```
"AwsRdsDbInstance": {
"AllocatedStorage": 20,
"AssociatedRoles": [],
"AutoMinorVersionUpgrade": true,
"AvailabilityZone": "us-east-1d",
"BackupRetentionPeriod": 7,
"CaCertificateIdentifier": "certificate1",
"CharacterSetName": "",
"CopyTagsToSnapshot": true,
"DbClusterIdentifier": "",
"DbInstanceArn": "arn:aws:rds:us-east-1:111122223333:db:database-1",
"DbInstanceClass": "db.t2.micro",
"DbInstanceIdentifier": "database-1",
"DbInstancePort": 0,
"DbInstanceStatus": "available",
"DbiResourceId": "db-EXAMPLE123",
"DbName": "",
"DbParameterGroups": [
{
"DbParameterGroupName": "default.mysql5.7",
"ParameterApplyStatus": "in-sync"
}
],
"DbSecurityGroups": [],
"DbSubnetGroup": {
"DbSubnetGroupName": "my-group-123abc",
"DbSubnetGroupDescription": "My subnet group",
"VpcId": "vpc-example1",
"SubnetGroupStatus": "Complete",
"Subnets": [
{
"SubnetIdentifier": "subnet-123abc",
"SubnetAvailabilityZone": {
"Name": "us-east-1d"
},
"SubnetStatus": "Active"
},
{
"SubnetIdentifier": "subnet-456def",
"SubnetAvailabilityZone": {
"Name": "us-east-1c"
},
"SubnetStatus": "Active"
}
],
"DbSubnetGroupArn": ""
},
"DeletionProtection": false,
"DomainMemberships": [],
"EnabledCloudWatchLogsExports": [],
"Endpoint": {
"address": "database-1.example.us-east-1.rds.amazonaws.com",
"port": 3306,
"hostedZoneId": "ZONEID1"
},
"Engine": "mysql",
"EngineVersion": "5.7.22",
"EnhancedMonitoringResourceArn": "arn:aws:logs:us-east-1:111122223333:log-group:Example:log-stream:db-EXAMPLE1",
"IamDatabaseAuthenticationEnabled": false,
"InstanceCreateTime": "2020-06-22T17:40:12.322Z",
"Iops": "",
"KmsKeyId": "",
"LatestRestorableTime": "2020-06-24T05:50:00.000Z",
"LicenseModel": "general-public-license",
"ListenerEndpoint": "",
"MasterUsername": "admin",
"MaxAllocatedStorage": 1000,
"MonitoringInterval": 60,
"MonitoringRoleArn": "arn:aws:iam::111122223333:role/rds-monitoring-role",
"MultiAz": false,
"OptionGroupMemberships": [
{
"OptionGroupName": "default:mysql-5-7",
"Status": "in-sync"
}
],
"PreferredBackupWindow": "03:57-04:27",
"PreferredMaintenanceWindow": "thu:10:13-thu:10:43",
"PendingModifiedValues": {
"DbInstanceClass": "",
"AllocatedStorage": "",
"MasterUserPassword": "",
"Port": "",
"BackupRetentionPeriod": "",
"MultiAZ": "",
"EngineVersion": "",
"LicenseModel": "",
"Iops": "",
"DbInstanceIdentifier": "",
"StorageType": "",
"CaCertificateIdentifier": "",
"DbSubnetGroupName": "",
"PendingCloudWatchLogsExports": "",
"ProcessorFeatures": []
},
"PerformanceInsightsEnabled": false,
"PerformanceInsightsKmsKeyId": "",
"PerformanceInsightsRetentionPeriod": "",
"ProcessorFeatures": [],
"PromotionTier": "",
"PubliclyAccessible": false,
"ReadReplicaDBClusterIdentifiers": [],
"ReadReplicaDBInstanceIdentifiers": [],
"ReadReplicaSourceDBInstanceIdentifier": "",
"SecondaryAvailabilityZone": "",
"StatusInfos": [],
"StorageEncrypted": false,
"StorageType": "gp2",
"TdeCredentialArn": "",
"Timezone": "",
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-example1",
"Status": "active"
}
]
}
```
## AwsRdsDbSecurityGroup
`AwsRdsDbSecurityGroup` 对象包含有关 Amazon Relational Database Service 的信息
以下示例显示了`AwsRdsDbSecurityGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsDbSecurityGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsDbSecurityGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbSecurityGroupDetails.html)。
**示例**
```
"AwsRdsDbSecurityGroup": {
"DbSecurityGroupArn": "arn:aws:rds:us-west-1:111122223333:secgrp:default",
"DbSecurityGroupDescription": "default",
"DbSecurityGroupName": "mysecgroup",
"Ec2SecurityGroups": [
{
"Ec2SecurityGroupuId": "myec2group",
"Ec2SecurityGroupName": "default",
"Ec2SecurityGroupOwnerId": "987654321021",
"Status": "authorizing"
}
],
"IpRanges": [
{
"Cidrip": "0.0.0.0/0",
"Status": "authorizing"
}
],
"OwnerId": "123456789012",
"VpcId": "vpc-1234567f"
}
```
## AwsRdsDbSnapshot
`AwsRdsDbSnapshot` 对象包含有关 Amazon RDS DS集群快照的详细信息。
以下示例显示了`AwsRdsDbSnapshot`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsDbSnapshot` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsDbSnapshotDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbSnapshotDetails.html)。
**示例**
```
"AwsRdsDbSnapshot": {
"DbSnapshotIdentifier": "rds:database-1-2020-06-22-17-41",
"DbInstanceIdentifier": "database-1",
"SnapshotCreateTime": "2020-06-22T17:41:29.967Z",
"Engine": "mysql",
"AllocatedStorage": 20,
"Status": "available",
"Port": 3306,
"AvailabilityZone": "us-east-1d",
"VpcId": "vpc-example1",
"InstanceCreateTime": "2020-06-22T17:40:12.322Z",
"MasterUsername": "admin",
"EngineVersion": "5.7.22",
"LicenseModel": "general-public-license",
"SnapshotType": "automated",
"Iops": null,
"OptionGroupName": "default:mysql-5-7",
"PercentProgress": 100,
"SourceRegion": null,
"SourceDbSnapshotIdentifier": "",
"StorageType": "gp2",
"TdeCredentialArn": "",
"Encrypted": false,
"KmsKeyId": "",
"Timezone": "",
"IamDatabaseAuthenticationEnabled": false,
"ProcessorFeatures": [],
"DbiResourceId": "db-resourceexample1"
}
```
## AwsRdsEventSubscription
`AwsRdsEventSubscription` 包含有关 RDS 事件通知订阅的详细信息。订阅允许 RDS 将事件发布到 SNS 主题。
以下示例显示了`AwsRdsEventSubscription`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsEventSubscription` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsEventSubscriptionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsEventSubscriptionDetails.html)。
**示例**
```
"AwsRdsEventSubscription": {
"CustSubscriptionId": "myawsuser-secgrp",
"CustomerAwsId": "111111111111",
"Enabled": true,
"EventCategoriesList": [
"configuration change",
"failure"
],
"EventSubscriptionArn": "arn:aws:rds:us-east-1:111111111111:es:my-instance-events",
"SnsTopicArn": "arn:aws:sns:us-east-1:111111111111:myawsuser-RDS",
"SourceIdsList": [
"si-sample",
"mysqldb-rr"
],
"SourceType": "db-security-group",
"Status": "creating",
"SubscriptionCreationTime": "2021-06-27T01:38:01.090Z"
}
```
# ASFF 中的 AwsRedshift 资源
以下是`AwsRedshift`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRedshiftCluster
`AwsRedshiftCluster` 对象包含有关 Amazon Redshift 集群的详细信息。
以下示例显示了`AwsRedshiftCluster`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRedshiftCluster` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRedshiftClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRedshiftClusterDetails.html)。
**示例**
```
"AwsRedshiftCluster": {
"AllowVersionUpgrade": true,
"AutomatedSnapshotRetentionPeriod": 1,
"AvailabilityZone": "us-west-2d",
"ClusterAvailabilityStatus": "Unavailable",
"ClusterCreateTime": "2020-08-03T19:22:44.637Z",
"ClusterIdentifier": "redshift-cluster-1",
"ClusterNodes": [
{
"NodeRole": "LEADER",
"PrivateIPAddress": "192.0.2.108",
"PublicIPAddress": "198.51.100.29"
},
{
"NodeRole": "COMPUTE-0",
"PrivateIPAddress": "192.0.2.22",
"PublicIPAddress": "198.51.100.63"
},
{
"NodeRole": "COMPUTE-1",
"PrivateIPAddress": "192.0.2.224",
"PublicIPAddress": "198.51.100.226"
}
],
"ClusterParameterGroups": [
{
"ClusterParameterStatusList": [
{
"ParameterName": "max_concurrency_scaling_clusters",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "enable_user_activity_logging",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "auto_analyze",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "query_group",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "datestyle",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "extra_float_digits",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "search_path",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "statement_timeout",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "wlm_json_configuration",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "require_ssl",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "use_fips_ssl",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
}
],
"ParameterApplyStatus": "in-sync",
"ParameterGroupName": "temp"
}
],
"ClusterPublicKey": "JalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Amazon-Redshift",
"ClusterRevisionNumber": 17498,
"ClusterSecurityGroups": [
{
"ClusterSecurityGroupName": "default",
"Status": "active"
}
],
"ClusterSnapshotCopyStatus": {
"DestinationRegion": "us-west-2",
"ManualSnapshotRetentionPeriod": -1,
"RetentionPeriod": 1,
"SnapshotCopyGrantName": "snapshotCopyGrantName"
},
"ClusterStatus": "available",
"ClusterSubnetGroupName": "default",
"ClusterVersion": "1.0",
"DBName": "dev",
"DeferredMaintenanceWindows": [
{
"DeferMaintenanceEndTime": "2020-10-07T20:34:01.000Z",
"DeferMaintenanceIdentifier": "deferMaintenanceIdentifier",
"DeferMaintenanceStartTime": "2020-09-07T20:34:01.000Z"
}
],
"ElasticIpStatus": {
"ElasticIp": "203.0.113.29",
"Status": "active"
},
"ElasticResizeNumberOfNodeOptions": "4",
"Encrypted": false,
"Endpoint": {
"Address": "redshift-cluster-1.example.us-west-2.redshift.amazonaws.com",
"Port": 5439
},
"EnhancedVpcRouting": false,
"ExpectedNextSnapshotScheduleTime": "2020-10-13T20:34:01.000Z",
"ExpectedNextSnapshotScheduleTimeStatus": "OnTrack",
"HsmStatus": {
"HsmClientCertificateIdentifier": "hsmClientCertificateIdentifier",
"HsmConfigurationIdentifier": "hsmConfigurationIdentifier",
"Status": "applying"
},
"IamRoles": [
{
"ApplyStatus": "in-sync",
"IamRoleArn": "arn:aws:iam::111122223333:role/RedshiftCopyUnload"
}
],
"KmsKeyId": "kmsKeyId",
"LoggingStatus": {
"BucketName": "amzn-s3-demo-bucket",
"LastFailureMessage": "test message",
"LastFailureTime": "2020-08-09T13:00:00.000Z",
"LastSuccessfulDeliveryTime": "2020-08-08T13:00:00.000Z",
"LoggingEnabled": true,
"S3KeyPrefix": "/"
},
"MaintenanceTrackName": "current",
"ManualSnapshotRetentionPeriod": -1,
"MasterUsername": "awsuser",
"NextMaintenanceWindowStartTime": "2020-08-09T13:00:00.000Z",
"NodeType": "dc2.large",
"NumberOfNodes": 2,
"PendingActions": [],
"PendingModifiedValues": {
"AutomatedSnapshotRetentionPeriod": 0,
"ClusterIdentifier": "clusterIdentifier",
"ClusterType": "clusterType",
"ClusterVersion": "clusterVersion",
"EncryptionType": "None",
"EnhancedVpcRouting": false,
"MaintenanceTrackName": "maintenanceTrackName",
"MasterUserPassword": "masterUserPassword",
"NodeType": "dc2.large",
"NumberOfNodes": 1,
"PubliclyAccessible": true
},
"PreferredMaintenanceWindow": "sun:13:00-sun:13:30",
"PubliclyAccessible": true,
"ResizeInfo": {
"AllowCancelResize": true,
"ResizeType": "ClassicResize"
},
"RestoreStatus": {
"CurrentRestoreRateInMegaBytesPerSecond": 15,
"ElapsedTimeInSeconds": 120,
"EstimatedTimeToCompletionInSeconds": 100,
"ProgressInMegaBytes": 10,
"SnapshotSizeInMegaBytes": 1500,
"Status": "restoring"
},
"SnapshotScheduleIdentifier": "snapshotScheduleIdentifier",
"SnapshotScheduleState": "ACTIVE",
"VpcId": "vpc-example",
"VpcSecurityGroups": [
{
"Status": "active",
"VpcSecurityGroupId": "sg-example"
}
]
}
```
# ASFF 中的 AwsRoute53 资源
以下是`AwsRoute53`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRoute53HostedZone
`AwsRoute53HostedZone` 对象提供有关 Amazon Route 53 托管区域的信息,包括分配给托管区域的四个名称服务器。托管区域表示可统一管理的一组记录,属于单一父域名。
以下示例显示了`AwsRoute53HostedZone`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsRoute53HostedZone`属性的描述,请参阅《*AWS Security Hub API 参考*》HostedZoneDetails中的 [AwsRoute53](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRoute53HostedZoneDetails.html)。
**示例**
```
"AwsRoute53HostedZone": {
"HostedZone": {
"Id": "Z06419652JEMGO9TA2XKL",
"Name": "asff.testing",
"Config": {
"Comment": "This is an example comment."
}
},
"NameServers": [
"ns-470.awsdns-32.net",
"ns-1220.awsdns-12.org",
"ns-205.awsdns-13.com",
"ns-1960.awsdns-51.co.uk"
],
"QueryLoggingConfig": {
"CloudWatchLogsLogGroupArn": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:asfftesting:*",
"Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"HostedZoneId": "Z00932193AF5H180PPNZD"
}
},
"Vpcs": [
{
"Id": "vpc-05d7c6e36bc03ea76",
"Region": "us-east-1"
}
]
}
```
# ASFF 中的 AwsS3 资源
以下是`AwsS3`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsS3AccessPoint
`AwsS3AccessPoint` 提供有关 Amazon S3 接入点的信息。S3 接入点是附加到 S3 存储桶的具名网络端点,您可以使用这些存储桶执行 S3 对象操作。
以下示例显示了`AwsS3AccessPoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsS3AccessPoint`属性的描述,请参阅 *AWS Security Hub API* 参考AccessPointDetails中的 [awss3](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3AccessPointDetails.html)。
**示例**
```
"AwsS3AccessPoint": {
"AccessPointArn": "arn:aws:s3:us-east-1:123456789012:accesspoint/asff-access-point",
"Alias": "asff-access-point-hrzrlukc5m36ft7okagglf3gmwluquse1b-s3alias",
"Bucket": "amzn-s3-demo-bucket",
"BucketAccountId": "123456789012",
"Name": "asff-access-point",
"NetworkOrigin": "VPC",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"VpcConfiguration": {
"VpcId": "vpc-1a2b3c4d5e6f1a2b3"
}
}
```
## AwsS3AccountPublicAccessBlock
`AwsS3AccountPublicAccessBlock` 提供了有关账户的 Amazon S3 公共访问屏蔽配置的信息。
以下示例显示了`AwsS3AccountPublicAccessBlock`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsS3AccountPublicAccessBlock`属性的描述,请参阅 *AWS Security Hub API* 参考AccountPublicAccessBlockDetails中的 [awss3](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3AccountPublicAccessBlockDetails.html)。
**示例**
```
"AwsS3AccountPublicAccessBlock": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": false,
"RestrictPublicBuckets": true
}
```
## AwsS3Bucket
`AwsS3Bucket` 对象提供有关 Amazon S3 存储桶的详细信息。
以下示例显示了`AwsS3Bucket`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsS3Bucket`属性的描述,请参阅 *AWS Security Hub API* 参考BucketDetails中的 [awss3](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3BucketDetails.html)。
**示例**
```
"AwsS3Bucket": {
"AccessControlList": "{\"grantSet\":null,\"grantList\":[{\"grantee\":{\"id\":\"4df55416215956920d9d056aa8b99803a294ea221222bb668b55a8c6bca81094\",\"displayName\":null},\"permission\":\"FullControl\"},{\"grantee\":\"AllUsers\",\"permission\":\"ReadAcp\"},{\"grantee\":\"AuthenticatedUsers\",\"permission\":\"ReadAcp\"}",,
"BucketLifecycleConfiguration": {
"Rules": [
{
"AbortIncompleteMultipartUpload": {
"DaysAfterInitiation": 5
},
"ExpirationDate": "2021-11-10T00:00:00.000Z",
"ExpirationInDays": 365,
"ExpiredObjectDeleteMarker": false,
"Filter": {
"Predicate": {
"Operands": [
{
"Prefix": "tmp/",
"Type": "LifecyclePrefixPredicate"
},
{
"Tag": {
"Key": "ArchiveAge",
"Value": "9m"
},
"Type": "LifecycleTagPredicate"
}
],
"Type": "LifecycleAndOperator"
}
},
"ID": "Move rotated logs to Glacier",
"NoncurrentVersionExpirationInDays": -1,
"NoncurrentVersionTransitions": [
{
"Days": 2,
"StorageClass": "GLACIER"
}
],
"Prefix": "rotated/",
"Status": "Enabled",
"Transitions": [
{
"Date": "2020-11-10T00:00:00.000Z",
"Days": 100,
"StorageClass": "GLACIER"
}
]
}
]
},
"BucketLoggingConfiguration": {
"DestinationBucketName": "s3serversideloggingbucket-123456789012",
"LogFilePrefix": "buckettestreadwrite23435/"
},
"BucketName": "amzn-s3-demo-bucket",
"BucketNotificationConfiguration": {
"Configurations": [{
"Destination": "arn:aws:lambda:us-east-1:123456789012:function:s3_public_write",
"Events": [
"s3:ObjectCreated:Put"
],
"Filter": {
"S3KeyFilter": {
"FilterRules": [
{
"Name": "AffS3BucketNotificationConfigurationS3KeyFilterRuleName.PREFIX",
"Value": "pre"
},
{
"Name": "AffS3BucketNotificationConfigurationS3KeyFilterRuleName.SUFFIX",
"Value": "suf"
},
]
}
},
"Type": "LambdaConfiguration"
}]
},
"BucketVersioningConfiguration": {
"IsMfaDeleteEnabled": true,
"Status": "Off"
},
"BucketWebsiteConfiguration": {
"ErrorDocument": "error.html",
"IndexDocumentSuffix": "index.html",
"RedirectAllRequestsTo": {
"HostName": "example.com",
"Protocol": "http"
},
"RoutingRules": [{
"Condition": {
"HttpErrorCodeReturnedEquals": "Redirected",
"KeyPrefixEquals": "index"
},
"Redirect": {
"HostName": "example.com",
"HttpRedirectCode": "401",
"Protocol": "HTTP",
"ReplaceKeyPrefixWith": "string",
"ReplaceKeyWith": "string"
}
}]
},
"CreatedAt": "2007-11-30T01:46:56.000Z",
"ObjectLockConfiguration": {
"ObjectLockEnabled": "Enabled",
"Rule": {
"DefaultRetention": {
"Days": null,
"Mode": "GOVERNANCE",
"Years": 12
},
},
},
"OwnerId": "AIDACKCEVSQ6C2EXAMPLE",
"OwnerName": "s3bucketowner",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true,
},
"ServerSideEncryptionConfiguration": {
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256",
"KMSMasterKeyID": "12345678-abcd-abcd-abcd-123456789012"
}
}
]
}
}
```
## AwsS3Object
`AwsS3Object` 对象提供有关 Amazon S3 对象的信息。
以下示例显示了`AwsS3Object`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsS3Object`属性的描述,请参阅 *AWS Security Hub API* 参考ObjectDetails中的 [awss3](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3ObjectDetails.html)。
**示例**
```
"AwsS3Object": {
"ContentType": "text/html",
"ETag": "\"30a6ec7e1a9ad79c203d05a589c8b400\"",
"LastModified": "2012-04-23T18:25:43.511Z",
"ServerSideEncryption": "aws:kms",
"SSEKMSKeyId": "arn:aws:kms:us-west-2:123456789012:key/4dff8393-e225-4793-a9a0-608ec069e5a7",
"VersionId": "ws31OurgOOjH_HHllIxPE35P.MELYaYh"
}
```
# ASFF 中的 AwsSageMaker 资源
以下是`AwsSageMaker`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSageMakerNotebookInstance
该`AwsSageMakerNotebookInstance`对象提供有关 Amazon A SageMaker I 笔记本实例的信息,该实例是运行 Jupyter Notebook 应用程序的机器学习计算实例。
以下示例显示了`AwsSageMakerNotebookInstance`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsSageMakerNotebookInstance` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsSageMakerNotebookInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSageMakerNotebookInstanceDetails.html)。
**示例**
```
"AwsSageMakerNotebookInstance": {
"DirectInternetAccess": "Disabled",
"InstanceMetadataServiceConfiguration": {
"MinimumInstanceMetadataServiceVersion": "1",
},
"InstanceType": "ml.t2.medium",
"LastModifiedTime": "2022-09-09 22:48:32.012000+00:00",
"NetworkInterfaceId": "eni-06c09ac2541a1bed3",
"NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:001098605940:notebook-instance/sagemakernotebookinstancerootaccessdisabledcomplia-8myjcyofzixm",
"NotebookInstanceName": "SagemakerNotebookInstanceRootAccessDisabledComplia-8MYjcyofZiXm",
"NotebookInstanceStatus": "InService",
"PlatformIdentifier": "notebook-al1-v1",
"RoleArn": "arn:aws:iam::001098605940:role/sechub-SageMaker-1-scenar-SageMakerCustomExecution-1R0X32HGC38IW",
"RootAccess": "Disabled",
"SecurityGroups": [
"sg-06b347359ab068745"
],
"SubnetId": "subnet-02c0deea5fa64578e",
"Url": "sagemakernotebookinstancerootaccessdisabledcomplia-8myjcyofzixm.notebook.us-east-1.sagemaker.aws",
"VolumeSizeInGB": 5
}
```
# ASFF 中的 AwsSecretsManager 资源
以下是`AwsSecretsManager`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSecretsManagerSecret
`AwsSecretsManagerSecret` 对象提供有关 Secrets Manager 密钥的详细信息。
以下示例显示了`AwsSecretsManagerSecret`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsSecretsManagerSecret` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsSecretsManagerSecretDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecretsManagerSecretDetails.html)。
**示例**
```
"AwsSecretsManagerSecret": {
"RotationRules": {
"AutomaticallyAfterDays": 30
},
"RotationOccurredWithinFrequency": true,
"KmsKeyId": "kmsKeyId",
"RotationEnabled": true,
"RotationLambdaArn": "arn:aws:lambda:us-west-2:777788889999:function:MyTestRotationLambda",
"Deleted": false,
"Name": "MyTestDatabaseSecret",
"Description": "My test database secret"
}
```
# ASFF 中的 AwsSns 资源
以下是`AwsSns`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSnsTopic
`AwsSnsTopic` 对象包含有关 Amazon Simple Notification Service 主题。
以下示例显示了`AwsSnsTopic`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsSnsTopic` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsSnsTopicDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSnsTopicDetails.html)。
**示例**
```
"AwsSnsTopic": {
"ApplicationSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/ApplicationSuccessFeedbackRoleArn",
"FirehoseFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/FirehoseFailureFeedbackRoleArn",
"FirehoseSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/FirehoseSuccessFeedbackRoleArn",
"HttpFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/HttpFailureFeedbackRoleArn",
"HttpSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/HttpSuccessFeedbackRoleArn",
"KmsMasterKeyId": "alias/ExampleAlias",
"Owner": "123456789012",
"SqsFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/SqsFailureFeedbackRoleArn",
"SqsSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/SqsSuccessFeedbackRoleArn",
"Subscription": {
"Endpoint": "http://sampleendpoint.com",
"Protocol": "http"
},
"TopicName": "SampleTopic"
}
```
# ASFF 中的 AwsSqs 资源
以下是`AwsSqs`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSqsQueue
`AwsSqsQueue` 对象包含有关 Amazon Simple Queue Service 队列的信息。
以下示例显示了`AwsSqsQueue`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsSqsQueue` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsSqsQueueDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSqsQueueDetails.html)。
**示例**
```
"AwsSqsQueue": {
"DeadLetterTargetArn": "arn:aws:sqs:us-west-2:123456789012:queue/target",
"KmsDataKeyReusePeriodSeconds": 60,,
"KmsMasterKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
"QueueName": "sample-queue"
}
```
# ASFF 中的 AwsSsm 资源
以下是`AwsSsm`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSsmPatchCompliance
`AwsSsmPatchCompliance` 对象根据用于修补实例的补丁基准提供有关实例补丁状态的信息。
以下示例显示了`AwsSsmPatchCompliance`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsSsmPatchCompliance` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsSsmPatchComplianceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSsmPatchComplianceDetails.html)。
**示例**
```
"AwsSsmPatchCompliance": {
"Patch": {
"ComplianceSummary": {
"ComplianceType": "Patch",
"CompliantCriticalCount": 0,
"CompliantHighCount": 0,
"CompliantInformationalCount": 0,
"CompliantLowCount": 0,
"CompliantMediumCount": 0,
"CompliantUnspecifiedCount": 461,
"ExecutionType": "Command",
"NonCompliantCriticalCount": 0,
"NonCompliantHighCount": 0,
"NonCompliantInformationalCount": 0,
"NonCompliantLowCount": 0,
"NonCompliantMediumCount": 0,
"NonCompliantUnspecifiedCount": 0,
"OverallSeverity": "UNSPECIFIED",
"PatchBaselineId": "pb-0c5b2769ef7cbe587",
"PatchGroup": "ExamplePatchGroup",
"Status": "COMPLIANT"
}
}
}
```
# ASFF 中的 AwsStepFunctions 资源
以下是`AwsStepFunctions`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsStepFunctionStateMachine
`AwsStepFunctionStateMachine` 对象提供有关 AWS Step Functions 状态机的信息,状态机是一个由一系列事件驱动步骤组成的工作流程。
以下示例显示了`AwsStepFunctionStateMachine`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsStepFunctionStateMachine` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsStepFunctionStateMachine](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsStepFunctionStateMachineDetails.html)。
**示例**
```
"AwsStepFunctionStateMachine": {
"StateMachineArn": "arn:aws:states:us-east-1:123456789012:stateMachine:StepFunctionsLogDisableNonCompliantResource-fQLujTeXvwsb",
"Name": "StepFunctionsLogDisableNonCompliantResource-fQLujTeXvwsb",
"Status": "ACTIVE",
"RoleArn": "arn:aws:iam::123456789012:role/teststepfunc-StatesExecutionRole-1PNM71RVO1UKT",
"Type": "STANDARD",
"LoggingConfiguration": {
"Level": "OFF",
"IncludeExecutionData": false
},
"TracingConfiguration": {
"Enabled": false
}
}
```
# ASFF 中的 AwsWaf 资源
以下是`AwsWaf`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsWafRateBasedRule
`AwsWafRateBasedRule` 对象包含有关 AWS WAF 基于速率的全局资源规则的详细信息。 AWS WAF 基于速率的规则提供设置,以指示何时允许、阻止或计算请求。基于速率的规则包括在指定时间段内到达的请求数。
以下示例显示了`AwsWafRateBasedRule`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsWafRateBasedRule` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRateBasedRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRateBasedRuleDetails.html)。
**示例**
```
"AwsWafRateBasedRule":{
"MatchPredicates" : [{
"DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0",
"Negated" : "True",
"Type" : "IPMatch" ,
}],
"MetricName" : "MetricName",
"Name" : "Test",
"RateKey" : "IP",
"RateLimit" : 235000,
"RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f"
}
```
## AwsWafRegionalRateBasedRule
`AwsWafRegionalRateBasedRule` 对象包含有关基于速率的区域性资源规则的详细信息。基于速率的规则提供设置,用于指示何时允许、阻止或计数请求。基于速率的规则包括在指定时间段内到达的请求数。
以下示例显示了`AwsWafRegionalRateBasedRule`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsWafRegionalRateBasedRule` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRegionalRateBasedRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRateBasedRuleDetails.html)。
**示例**
```
"AwsWafRegionalRateBasedRule":{
"MatchPredicates" : [{
"DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0",
"Negated" : "True",
"Type" : "IPMatch" ,
}],
"MetricName" : "MetricName",
"Name" : "Test",
"RateKey" : "IP",
"RateLimit" : 235000,
"RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f"
}
```
## AwsWafRegionalRule
该`AwsWafRegionalRule`对象提供有关 AWS WAF 区域规则的详细信息。此规则标识您想要允许、阻止或计数的 Web 请求。
以下示例显示了`AwsWafRegionalRule`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsWafRegionalRule` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRegionalRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRuleDetails.html)。
**示例**
```
"AwsWafRegionalRule": {
"MetricName": "SampleWAF_Rule__Metric_1",
"Name": "bb-waf-regional-rule-not-empty-conditions-compliant",
"RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de95fe",
"PredicateList": [{
"DataId": "127d9346-e607-4e93-9286-c1296fb5445a",
"Negated": false,
"Type": "GeoMatch"
}]
}
```
## AwsWafRegionalRuleGroup
`AwsWafRegionalRuleGroup` 对象提供有关 AWS WAF 区域规则组的详细信息。规则组是添加到 Web 访问控制列表(Web ACL)的预定义规则的集合。
以下示例显示了`AwsWafRegionalRuleGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsWafRegionalRuleGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRegionalRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRuleGroupDetails.html)。
**示例**
```
"AwsWafRegionalRuleGroup": {
"MetricName": "SampleWAF_Metric_1",
"Name": "bb-WAFClassicRuleGroupWithRuleCompliant",
"RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb",
"Rules": [{
"Action": {
"Type": "ALLOW"
}
}],
"Priority": 1,
"RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c",
"Type": "REGULAR"
}
```
## AwsWafRegionalWebAcl
`AwsWafRegionalWebAcl`提供了有关 AWS WAF 区域 Web 访问控制列表 (Web ACL) 的详细信息。Web ACL 包含用于标识您要允许、阻止或计数的请求的规则。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsWafRegionalWebAcl` 调查发现示例。要查看 `AwsApiGatewayV2Stage` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRegionalWebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalWebAclDetails.html)。
**示例**
```
"AwsWafRegionalWebAcl": {
"DefaultAction": "ALLOW",
"MetricName" : "web-regional-webacl-metric-1",
"Name": "WebACL_123",
"RulesList": [
{
"Action": {
"Type": "Block"
},
"Priority": 3,
"RuleId": "24445857-852b-4d47-bd9c-61f05e4d223c",
"Type": "REGULAR",
"ExcludedRules": [
{
"ExclusionType": "Exclusion",
"RuleId": "Rule_id_1"
}
],
"OverrideAction": {
"Type": "OVERRIDE"
}
}
],
"WebAclId": "443c76f4-2e72-4c89-a2ee-389d501c1f67"
}
```
## AwsWafRule
`AwsWafRule`提供有关 AWS WAF 规则的信息。 AWS WAF 规则用于标识您想要允许、阻止或计数的 Web 请求。
以下是 AWS 安全`AwsWafRule`调查结果格式 (ASFF) 中的示例发现。要查看 `AwsApiGatewayV2Stage` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRuleDetails.html)。
**示例**
```
"AwsWafRule": {
"MetricName": "AwsWafRule_Metric_1",
"Name": "AwsWafRule_Name_1",
"PredicateList": [{
"DataId": "cdd225da-32cf-4773-1dc2-3bca3ed9c19c",
"Negated": false,
"Type": "GeoMatch"
}],
"RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de953e"
}
```
## AwsWafRuleGroup
`AwsWafRuleGroup`提供了有关 AWS WAF 规则组的信息。 AWS WAF 规则组是您添加到 Web 访问控制列表(Web ACL)中的预定义规则的集合。
以下是 AWS 安全`AwsWafRuleGroup`调查结果格式 (ASFF) 中的示例发现。要查看 `AwsApiGatewayV2Stage` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRuleGroupDetails.html)。
**示例**
```
"AwsWafRuleGroup": {
"MetricName": "SampleWAF_Metric_1",
"Name": "bb-WAFRuleGroupWithRuleCompliant",
"RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb",
"Rules": [{
"Action": {
"Type": "ALLOW",
},
"Priority": 1,
"RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c",
"Type": "REGULAR"
}]
}
```
## AwsWafv2RuleGroup
该`AwsWafv2RuleGroup`对象提供有关 AWS WAF V2 规则组的详细信息。
以下示例显示了`AwsWafv2RuleGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsWafv2RuleGroup`属性的描述,请参阅《*AWS Security Hub API 参考*》RuleGroupDetails中的 [AwsWafv2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafv2RuleGroupDetails.html)。
**示例**
```
"AwsWafv2RuleGroup": {
"Arn": "arn:aws:wafv2:us-east-1:123456789012:global/rulegroup/wafv2rulegroupasff/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Capacity": 1000,
"Description": "Resource for ASFF",
"Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Name": "wafv2rulegroupasff",
"Rules": [{
"Action": {
"Allow": {
"CustomRequestHandling": {
"InsertHeaders": [
{
"Name": "AllowActionHeader1Name",
"Value": "AllowActionHeader1Value"
},
{
"Name": "AllowActionHeader2Name",
"Value": "AllowActionHeader2Value"
}
]
}
},
"Name": "RuleOne",
"Priority": 1,
"VisibilityConfig": {
"CloudWatchMetricsEnabled": true,
"MetricName": "rulegroupasff",
"SampledRequestsEnabled": false
}
}],
"VisibilityConfig": {
"CloudWatchMetricsEnabled": true,
"MetricName": "rulegroupasff",
"SampledRequestsEnabled": false
}
}
```
## AwsWafWebAcl
该`AwsWafWebAcl`对象提供有关 AWS WAF Web ACL 的详细信息。
以下示例显示了`AwsWafWebAcl`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsWafWebAcl` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafWebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafWebAclDetails.html)。
**示例**
```
"AwsWafWebAcl": {
"DefaultAction": "ALLOW",
"Name": "MyWafAcl",
"Rules": [
{
"Action": {
"Type": "ALLOW"
},
"ExcludedRules": [
{
"RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98"
}
],
"OverrideAction": {
"Type": "NONE"
},
"Priority": 1,
"RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98",
"Type": "REGULAR"
}
],
"WebAclId": "waf-1234567890"
}
```
## AwsWafv2WebAcl
该`AwsWafv2WebAcl`对象提供有关 AWS WAF V2 Web ACL 的详细信息。
以下示例显示了`AwsWafv2WebAcl`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsWafv2WebAcl`属性的描述,请参阅《*AWS Security Hub API 参考*》WebAclDetails中的 [AwsWafv2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafv2WebAclDetails.html)。
**示例**
```
"AwsWafv2WebAcl": {
"Arn": "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/WebACL-RoaD4QexqSxG/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Capacity": 1326,
"CaptchaConfig": {
"ImmunityTimeProperty": {
"ImmunityTime": 500
}
},
"DefaultAction": {
"Block": {}
},
"Description": "Web ACL for JsonBody testing",
"ManagedbyFirewallManager": false,
"Name": "WebACL-RoaD4QexqSxG",
"Rules": [{
"Action": {
"RuleAction": {
"Block": {}
}
},
"Name": "TestJsonBodyRule",
"Priority": 1,
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "JsonBodyMatchMetric"
}
}],
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "TestingJsonBodyMetric"
}
}
```
# ASFF 中的 AwsXray 资源
以下是`AwsXray`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsXrayEncryptionConfig
该`AwsXrayEncryptionConfig`对象包含有关加密配置的信息 AWS X-Ray。
以下示例显示了`AwsXrayEncryptionConfig`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsXrayEncryptionConfig` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsXrayEncryptionConfigDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsXrayEncryptionConfigDetails.html)。
**示例**
```
"AwsXRayEncryptionConfig":{
"KeyId": "arn:aws:kms:us-east-2:222222222222:key/example-key",
"Status": "UPDATING",
"Type":"KMS"
}
```
# ASFF 中的 CodeRepository 对象
该`CodeRepository`对象提供有关外部代码存储库的信息,您已将该代码存储库连接到 AWS 资源并将 Amazon Inspector 配置为扫描漏洞。
以下示例显示了该`CodeRepository`对象 AWS 的安全调查结果格式 (ASFF) 语法。要查看 `CodeRepository` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [CodeRepositoryDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CodeRepositoryDetails.html)。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
**示例**
```
"CodeRepository": {
"ProviderType": "GITLAB_SELF_MANAGED",
"ProjectName": "projectName",
"CodeSecurityIntegrationArn": "arn:aws:inspector2:us-east-1:123456789012:codesecurity-integration/00000000-0000-0000-0000-000000000000"
}
```
# ASFF 中的 Container 对象
以下示例显示了该`Container`对象 AWS 的安全调查结果格式 (ASFF) 语法。要查看 `Container` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [ContainerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ContainerDetails.html)。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
**示例**
```
"Container": {
"ContainerRuntime": "docker",
"ImageId": "image12",
"ImageName": "1111111/knotejs@sha256:372131c9fef111111111111115f4ed3ea5f9dce4dc3bd34ce21846588a3",
"LaunchedAt": "2018-09-29T01:25:54Z",
"Name": "knote",
"Privileged": true,
"VolumeMounts": [{
"Name": "vol-03909e9",
"MountPath": "/mnt/etc"
}]
}
```
# ASFF 中的 Other 对象
在 AWS 安全调查结果格式 (ASFF) 中,`Other`对象指定自定义字段和值。有关 ASFF 的更多信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
通过使用 `Other` 对象,您可以为资源指定自定义字段和值。您可以在以下情况下使用 `Other` 对象:
+ 该资源类型没有对应的 `Details` 对象。要指定资源的详细信息,请使用 `Other` 对象。
+ 资源类型的 `Details` 对象不包括要指定的所有属性。在这种情况下,请使用资源类型的 `Details` 对象来指定可用属性。使用 `Other` 对象指定不在特定于类型的 `Details` 对象中的属性。
+ 资源类型不是提供的类型之一。在这种情况下,请将 `Resource.Type` 设置为 `Other`,并使用 `Other` 对象指定详细信息。
**类型:**最多 50 个键/值对的映射
每个键-值对必须满足以下要求。
+ 密钥包含的字符数必须少于 128 个。
+ 该值包含的字符数必须少于 1024 个。