本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 在 Security Hub CSPM 中创建和更新调查发现
在 Sec AWS urity Hub CSPM 中,*发现*是安全检查或安全相关检测的可观察记录。调查发现可能来自以下来源之一:
+ Security Hub CSPM 中控件的安全检查。
+ 与他人的集成 AWS 服务。
+ 与第三方产品的集成。
+ 自定义集成。
Security Hub CSPM 将所有来源中的调查发现标准化为一种标准语法和格式,称为 *AWS 安全调查发现格式(ASFF)*。有关此格式的详细信息,包括各个 ASFF 字段的描述,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。如果启用跨区域聚合,Security Hub CSPM 还会自动将所有关联区域中新增和更新的调查发现聚合到您指定的聚合区域中。有关更多信息,请参阅 [了解 Security Hub CSPM 中的跨区域聚合](finding-aggregation.md)。
创建调查发现后,可以按如下方式进行更新:
+ 调查发现提供者可以使用 Security Hub CSPM API 的 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 操作更新有关调查发现的一般信息。结果提供商只能更新他们创建的结果。
+ 客户可以使用 Security Hub CSPM 控制台或 Security Hub CSPM API 的 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 操作来更新对调查发现的调查状态。SIEM、票证、事件管理、SOAR 或其他类型的工具也可以代表客户使用 `BatchUpdateFindings` 操作。
为了减少调查发现噪音并简化对单个调查发现的跟踪和分析,Security Hub CSPM 会自动删除最近未更新的调查发现。Security Hub CSPM 执行此操作的时间取决于调查发现是处于活跃状态还是已存档:
+ *活跃调查发现*是指其记录状态(`RecordState`)为 `ACTIVE` 的调查发现。Security Hub CSPM 会将活跃调查发现存储 90 天。如果某活跃调查发现已 90 天未更新,则其将过期,并且 Security Hub CSPM 会将其永久删除。
+ *存档的调查发现*是指其记录状态(`RecordState`)为 `ARCHIVED` 的调查发现。Security Hub CSPM 会将存档的调查发现存储 30 天。如果某存档的调查发现已 30 天未更新,则其将过期,并且 Security Hub CSPM 会将其永久删除。
对于控件调查发现(即 Security Hub CSPM 从控件的安全检查生成的调查发现),Security Hub CSPM 会根据调查发现的 `UpdatedAt` 字段的值来确定调查发现是否已过期。如果活跃调查发现的此值已超过 90 天,则 Security Hub CSPM 将永久删除该调查发现。如果存档的调查发现的此值已超过 30 天,则 Security Hub CSPM 将永久删除该调查发现。
对于所有其他类型的调查发现,Security Hub CSPM 会根据调查发现的 `ProcessedAt` 和 `UpdatedAt` 字段的值来确定调查发现是否已过期。Security Hub CSPM 会比较这些字段的值,并确定哪个值是最新的。如果活跃调查发现的最新值已超过 90 天,则 Security Hub CSPM 将永久删除该调查发现。如果存档的调查发现的最新值已超过 30 天,则 Security Hub CSPM 将永久删除该调查发现。调查发现提供者可以使用 Security Hub CSPM API 的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) 操作来更改一个或多个调查发现的 `UpdatedAt` 字段的值。
为了长期保留调查发现,您可以将调查发现导出到 S3 存储桶。您可以通过使用带有 Amazon EventBridge 规则的自定义操作来实现此目的。有关更多信息,请参阅 [EventBridge 用于自动响应和补救](securityhub-cloudwatch-events.md)。
**Topics**
+ [BatchImportFindings 用于寻找提供者](finding-update-batchimportfindings.md)
+ [BatchUpdateFindings 为顾客服务](finding-update-batchupdatefindings.md)
+ [在 Security Hub CSPM 中查看调查发现详细信息和历史记录](securityhub-findings-viewing.md)
+ [在 Security Hub CSPM 中筛选调查发现](securityhub-findings-manage.md)
+ [在 Security Hub CSPM 中对调查发现进行分组](finding-list-grouping.md)
+ [在 Security Hub CSPM 中设置调查发现的工作流状态](findings-workflow-status.md)
+ [将调查发现发送到自定义 Security Hub CSPM 操作](findings-custom-action.md)
+ [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)
# BatchImportFindings 用于寻找提供者
调查发现提供者可以使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 操作在 AWS Security Hub CSPM 中创建新的调查发现。他们还可以使用此操作来更新自己创建的调查发现。调查发现提供者无法更新他们未创建的调查发现。
客户 SIEMs、票务、SOAR 和其他类型的工具必须使用该[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)操作来更新他们对寻找提供商的调查结果的调查。有关更多信息,请参阅 [BatchUpdateFindings 为顾客服务](finding-update-batchupdatefindings.md)。
当 Security Hub CSPM 收到创建或更新调查结果的`BatchImportFindings`请求时,它会自动在亚马逊中生成一个**Security Hub Findings - Imported**事件。 EventBridge您可以对该事件执行自动操作。有关更多信息,请参阅 [EventBridge 用于自动响应和补救](securityhub-cloudwatch-events.md)。
## 使用 `BatchImportFindings` 的先决条件
`BatchImportFindings` 必须由以下之一调用:
+ 与调查发现关联的账户。相关账户的标识符必须与调查发现的 `AwsAccountId` 属性值相匹配。
+ 列入官方 Security Hub CSPM 合作伙伴集成允许列表的账户。
Security Hub CSPM 只能接受已启用 Security Hub CSPM 的账户的调查发现更新。还必须启用结果提供商。如果禁用 Security Hub CSPM,或者未启用调查发现提供者集成,则会在 `FailedFindings` 列表中返回调查发现,并显示 `InvalidAccess` 错误。
## 确定是创建还是更新结果
要确定是创建还是更新调查发现,Security Hub CSPM 需要检查 `ID` 字段。如果 `ID` 的值与现有调查发现不匹配,则 Security Hub CSPM 会创建新的调查发现。
如果 `ID` 与现有调查发现匹配,则 Security Hub CSPM 会检查 `UpdatedAt` 字段是否有更新,并按如下方式继续:
+ 如果更新的 `UpdatedAt` 匹配或出现在现有调查发现的 `UpdatedAt` 之前,则 Security Hub CSPM 会忽略更新请求。
+ 如果更新的 `UpdatedAt` 出现在现有结果的 `UpdatedAt` 之后,则 Security Hub CSPM 会更新现有调查发现。
## 使用 `BatchImportFindings` 对调查发现进行更新的限制
调查发现提供者无法使用 `BatchImportFindings` 更新现有调查发现的以下属性:
+ `Note`
+ `UserDefinedFields`
+ `VerificationState`
+ `Workflow`
Security Hub CSPM 会忽略在 `BatchImportFindings` 请求这些属性时提供的任何内容。客户或代表他们行事的实体(例如票证工具)可以使用 `BatchUpdateFindings` 更新这些属性。
## 使用 FindingProviderFields 更新调查发现
查找提供者也不应使用`BatchImportFindings`来更新 AWS 安全调查结果格式 (ASFF) 中的以下顶级属性:
+ `Confidence`
+ `Criticality`
+ `RelatedFindings`
+ `Severity`
+ `Types`
相反,调查发现提供者应使用 [`FindingProviderFields`](asff-top-level-attributes.md#asff-findingproviderfields) 对象为这些属性提供值。
**示例**
```
"FindingProviderFields": {
"Confidence": 42,
"Criticality": 99,
"RelatedFindings":[
{
"ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "123e4567-e89b-12d3-a456-426655440000"
}
],
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ]
}
```
对于 `BatchImportFindings` 请求,Security Hub CSPM 按如下方式处理顶级属性和 [`FindingProviderFields`](asff-top-level-attributes.md#asff-findingproviderfields) 中的值。
**(首选)`BatchImportFindings` 为 [`FindingProviderFields`](asff-top-level-attributes.md#asff-findingproviderfields) 中的属性提供值,但并未为相应的顶级属性提供值。**
例如,`BatchImportFindings` 提供 `FindingProviderFields.Confidence`,但不提供 `Confidence`。这是 `BatchImportFindings` 请求的首选选项。
Security Hub CSPM 更新 `FindingProviderFields` 中属性的值。
仅当属性尚未由 `BatchUpdateFindings` 更新时,它才会将该值复制到顶级属性。
**`BatchImportFindings` 为顶级属性提供值,但不为 `FindingProviderFields` 中的相应属性提供值。**
例如,`BatchImportFindings` 提供 `Confidence`,但不提供 `FindingProviderFields.Confidence`。
Security Hub CSPM 使用该值来更新 `FindingProviderFields` 中的属性。它会覆盖任何现有值。
只有当顶级属性尚未由 `BatchUpdateFindings` 更新时,Security Hub CSPM 才会更新该属性。
**`BatchImportFindings` 为顶级属性和 `FindingProviderFields` 中的相应属性提供了一个值。**
例如,`BatchImportFindings` 同时提供 `Confidence` 和 `FindingProviderFields.Confidence`。
对于新调查发现,Security Hub CSPM 使用 `FindingProviderFields` 中的值填充顶级属性和 `FindingProviderFields` 中的相应属性。它不使用提供的顶级属性值。
对于现有调查发现,Security Hub CSPM 使用这两个值。但是,只有当属性尚未由 `BatchUpdateFindings` 更新时,它才会更新顶级属性值。
# BatchUpdateFindings 为顾客服务
AWS Security Hub CSPM客户和代表他们行事的实体可以使用该[BatchUpdateFindings](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)操作来更新与处理Security Hub CSPM调查结果相关的信息,这些信息来自寻找提供商。作为客户,您可以直接使用此操作。SIEM、票证、事件管理和 SOAR 工具也可以代表客户使用此操作。
您不能使用 `BatchUpdateFindings` 操作来创建新的调查发现。但是,您可以使用它一次性更新多达 100 个现有调查发现。在`BatchUpdateFindings`请求中,您可以指定要更新的调查结果、要为查找结果更新哪些 AWS 安全结果格式 (ASFF) 字段,以及这些字段的新值。Security Hub CSPM 随后会按照您的请求指定的内容更新调查发现。此过程可能耗时数分钟。如果您使用 `BatchUpdateFindings` 操作更新调查发现,则更新不会影响调查发现 `UpdatedAt` 字段的现有值。
当 Security Hub CSPM 收到更新调查结果的`BatchUpdateFindings`请求时,它会自动在亚马逊中生成一个**Security Hub Findings – Imported**事件。 EventBridge您还可以选择使用此事件对指定的调查发现执行自动操作。有关更多信息,请参阅 [EventBridge 用于自动响应和补救](securityhub-cloudwatch-events.md)。
## BatchUpdateFindings 可用字段
如果您已登录 Security Hub CSPM 管理员账户,则可以使用 `BatchUpdateFindings` 更新该管理员账户或成员账户生成的调查发现。成员账户仅可以使用 `BatchUpdateFindings` 更新其账户的调查发现。
客户可以使用 `BatchUpdateFindings` 更新以下字段和对象:
+ `Confidence`
+ `Criticality`
+ `Note`
+ `RelatedFindings`
+ `Severity`
+ `Types`
+ `UserDefinedFields`
+ `VerificationState`
+ `Workflow`
## 配置对 BatchUpdateFindings 的访问权限
您可以配置 AWS Identity and Access Management (IAM) 策略以限制访问权限,使用`BatchUpdateFindings`来更新查找字段和字段值。
在限制访问 `BatchUpdateFindings` 的语句中,使用以下值:
+ `Action` 是 `securityhub:BatchUpdateFindings`
+ `Effect` 是 `Deny`
+ 对于 `Condition`,您可以根据以下条件拒绝 `BatchUpdateFindings` 请求:
+ 调查发现包括一个特定的字段。
+ 调查发现包括一个特定的字段值。
### 条件键
这些是限制访问 `BatchUpdateFindings` 的条件键。
**ASFF 字段**
ASFF 字段的条件键如下所示:
```
securityhub:ASFFSyntaxPath/
```
`` 替换为 ASFF 字段。配置访问 `BatchUpdateFindings` 权限时,请在 IAM policy 中包含一个或多个特定的 ASFF 字段,而不是父级字段。例如,要限制对 `Workflow.Status` 字段的访问权限,您必须在策略中包含 ` securityhub:ASFFSyntaxPath/Workflow.Status` 而不是 `Workflow` 父级字段。
### 禁止对某个字段进行所有更新
要防止用户对特定字段进行任何更新,请使用如下条件:
```
"Condition": {
"Null": {
"securityhub:ASFFSyntaxPath/": "false"
}
}
```
例如,以下语句表示 `BatchUpdateFindings` 不能用于更新调查发现的 `Workflow.Status` 字段。
```
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "securityhub:BatchUpdateFindings",
"Resource": "*",
"Condition": {
"Null": {
"securityhub:ASFFSyntaxPath/Workflow.Status": "false"
}
}
}
```
### 禁用特定的字段值
要防止用户将字段设置为特定值,请使用如下条件:
```
"Condition": {
"StringEquals": {
"securityhub:ASFFSyntaxPath/": ""
}
}
```
例如,以下语句表示 `BatchUpdateFindings` 不能用于把 `Workflow.Status` 设置为 `SUPPRESSED`。
```
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "securityhub:BatchUpdateFindings",
"Resource": "*",
"Condition": {
"StringEquals": {
"securityhub:ASFFSyntaxPath/Workflow.Status": "SUPPRESSED"
}
}
```
您还可以提供不允许的值的列表。
```
"Condition": {
"StringEquals": {
"securityhub:ASFFSyntaxPath/": [ "", "", "" ]
}
}
```
例如,以下语句表示`BatchUpdateFindings` 不能用于把 `Workflow.Status` 设置为 `RESOLVED` 或 `SUPPRESSED`。
```
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "securityhub:BatchUpdateFindings",
"Resource": "*",
"Condition": {
"StringEquals": {
"securityhub:ASFFSyntaxPath/Workflow.Status": [
"RESOLVED",
"NOTIFIED"
]
}
}
```
# 在 Security Hub CSPM 中查看调查发现详细信息和历史记录
在 Sec AWS urity Hub CSPM 中,*发现*是安全检查或安全相关检测的可观察记录。在完成对控件的安全检查以及从集成 AWS 服务 或第三方产品中提取调查发现时,Security Hub CSPM 会生成调查发现。每项调查发现都包括更改历史记录和其他详细信息,例如严重性评级和有关受影响资源的信息。
您可以在 Security Hub CSPM 控制台上查看各个调查发现的历史记录和其他详细信息,也可以使用 Security Hub CSPM API 或 AWS CLI以编程方式查看。
为了帮助您简化分析,Security Hub CSPM 控制台会在您选择特定调查发现时显示调查发现面板。该面板包含不同的菜单和选项卡,用于查看调查发现的具体详细信息。
**操作菜单**
在此菜单中,您可以查看调查发现的完整 JSON 或添加注释。一项调查发现一次只能附上一个注释。此菜单还提供了用于[设置查找结果的工作流程状态](findings-workflow-status.md)或[将调查结果发送到 Amazon 中的自定义操作](findings-custom-action.md)的选项 EventBridge。
**调查菜单**
在这个菜单中,您可以在 Amazon Detective 中对调查发现进行调查。Detective 从调查结果中提取实体,例如 IP 地址和 AWS 用户,并可视化他们的活动。您可以使用实体活动作为起点对调查发现的原因和影响进行调查。
**“概述”选项卡**
此选项卡提供调查发现的摘要。例如,您可以确定调查发现的创建时间和上次更新时间、调查发现所在的账户以及调查发现的来源。对于控件调查发现,此选项卡还会显示关联的 AWS Config 规则的名称以及指向 Security Hub CSPM 文档中补救指导的链接。
在**概述**选项卡上的**资源**快照中,您可以获得调查发现中涉及的资源的简要概述。对于某些资源,这包括**打开资源**选项,该选项直接链接到相关 AWS 服务 控制台上受影响的资源。**历史记录**快照最多会显示在所跟踪历史记录的最近日期对调查发现所做的两次更改。例如,如果您昨天进行了更改,今天又进行了另一个更改,则快照会显示今天的更改。要查看之前的条目,请切换到**历史记录**选项卡。
展开**合规**行将显示更多详细信息。例如,如果某个控件包含参数,您可以查看 Security Hub CSPM 在对该控件进行安全检查时当前使用的参数值。
**“资源”选项卡**
此选项卡提供有关调查发现中涉及的资源的详细信息。如果您登录的是拥有资源的账户,则可以在相应的 AWS 服务 控制台中查看该资源。如果您不是资源的所有者,则此选项卡会显示所有者的 AWS 账户 ID。
**详细信息**行显示调查发现中特定于资源的详细信息。它以 JSON 格式显示调查发现的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html) 部分。
**标签**行显示分配给调查发现中涉及的资源的标签键和值。可以标记 AWS Resource Groups 标记 API 的 [GetResources 操作支持的](https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/supported-services.html)资源。Security Hub CSPM 在处理新的或更新的调查发现时,会使用[服务相关角色](using-service-linked-roles.md)调用此操作,并且如果 AWS 安全调查发现格式(ASFF)`Resource.Id` 字段填充了资源的 ARN,则会检索资源标签。Security Hub CSPM 会忽略无效的资源。 IDs有关在调查发现中包含资源标签的更多信息,请参阅 [标签](asff-resources-attributes.md#asff-resources-tags)。
**“历史记录”选项卡**
此选项卡跟踪调查发现的历史记录。调查发现的历史记录适用于活动和已归档的调查发现。它提供随着时间推移对调查发现所做的更改的不可改变跟踪,包括 ASFF 字段更改的内容、更改发生的时间以及由哪个用户所做的更改。选项卡上的每个页面最多显示 20 个更改。最近的更改优先显示。
对于活跃调查发现,调查发现历史记录最多可保留 90 天。对于存档的调查发现,调查发现历史记录最多可保留 30 天。调查发现历史记录包括手动进行的更改或通过 [Security Hub CSPM 自动化规则](automation-rules.md)自动进行的更改。它不包括对顶级时间戳字段的更改,例如 `CreatedAt` 和 `UpdatedAt` 字段。
如果您登录了 Security Hub CSPM 管理员账户,则显示该管理员账户和所有成员账户的调查发现历史记录。
**“威胁”选项卡**
此选项卡包括 ASFF 的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html)、[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html) 和 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Process.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Process.html) 对象的数据,包括威胁类型以及资源是目标还是角色。这些详细信息通常适用于源自 Amazon GuardDuty 的调查结果。
**“漏洞”选项卡**
此选项卡显示 ASFF 的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html) 对象的数据,包括是否存在与调查发现关联的漏洞或可用的修复程序。这些详细信息通常适用于源自 Amazon Inspector 的调查发现。
每个选项卡上的行都包含复制或筛选选项。例如,如果您打开了工作流状态为**已通知**的调查发现的面板,则可以选择**工作流状态**行旁边的筛选选项。如果选择**显示包含此值的所有调查发现**,则 Security Hub CSPM 会筛选调查发现表格,仅显示具有相同工作流状态的调查发现。
## 查看调查发现的详细信息和历史记录
选择您喜欢的方法,然后按照以下步骤在 Security Hub CSPM 中查看调查发现详细信息。
如果您启用了跨区域聚合并登录了聚合区域,则调查发现将包括来自聚合区域和关联区域的数据。在其他区域,调查发现数据仅特定于当前区域。有关跨区域聚合的更多信息,请参阅 [了解 Security Hub CSPM 中的跨区域聚合](finding-aggregation.md)。
------
#### [ Security Hub CSPM console ]
**查看调查发现的详细信息和历史记录**
1. 打开 S AWS ecurity Hub CSPM 控制台,网址为。[https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/)
1. 要显示调查发现列表,请执行以下操作之一:
+ 在导航窗格中,选择 **调查发现**。根据需要添加搜索筛选条件以缩小调查发现列表的范围。
+ 在导航窗格中,选择 **Insights**。选择见解。然后在结果列表中,选择一个见解结果。
+ 在导航窗格中,选择**集成**。选择**查看集成的调查发现**。
+ 在导航窗格中,选择**控件**。
1. 选择一个调查发现。调查发现面板显示调查发现的详细信息。
1. 在调查发现面板中,执行以下任一操作:
+ 要查看调查发现的特定详细信息,请选择一个选项卡。
+ 要对调查发现采取行动,请从**操作**菜单中选择一个选项。
+ 要在 Amazon Detective 中调查调查发现,请选择**调查**选项。
**注意**
如果您集成 AWS Organizations 并登录了成员账户,则搜索面板中会包含账户名称。对于手动邀请而非通过 Organizations 邀请的成员账户,调查发现面板仅包括账户 ID。
------
#### [ Security Hub CSPM API ]
使用 Security Hub CSPM API 的[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html)操作,或者如果你使用的是 AWS CLI,则运行命令。[https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-findings.html](https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-findings.html)您可以为 `Filters` 参数提供一个或多个值,以缩小要检索的调查发现的范围。
如果调查发现的数量过大,则可以使用 `MaxResults` 参数将调查发现限制为指定数量,并使用 `NextToken` 参数对调查发现进行分页。使用 `SortCriteria` 参数以按特定字段对调查发现进行排序。
例如,以下 AWS CLI 命令检索符合指定筛选条件的结果,并按字段降序对结果进行排序。`LastObservedAt`此示例是针对 Linux、macOS 或 Unix 进行格式化的,它使用反斜杠(\$1)行继续符来提高可读性。
```
$ aws securityhub get-findings \
--filters '{"GeneratorId":[{"Value": "aws-foundational","Comparison":"PREFIX"}],"WorkflowStatus": [{"Value": "NEW","Comparison":"EQUALS"}],"Confidence": [{"Gte": 85}]}' --sort-criteria '{"Field": "LastObservedAt","SortOrder": "desc"}' --page-size 5 --max-items 100
```
要查看调查发现的历史记录,请使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_GetFindingHistory.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_GetFindingHistory.html) 操作。如果您使用的是 AWS CLI,请运行该[https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-finding-history.html](https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-finding-history.html)命令。使用 `ProductArn` 和 `Id` 字段确定要获取历史记录的调查发现。有关这些字段的信息,请参阅 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingIdentifier.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingIdentifier.html)。每个请求只能检索一个调查发现的历史记录。
例如,以下 AWS CLI 命令检索指定查找结果的历史记录。此示例是针对 Linux、macOS 或 Unix 进行格式化的,它使用反斜杠(\$1)行继续符来提高可读性。
```
$ aws securityhub get-finding-history \
--region us-west-2 \
--finding-identifier Id="a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",ProductArn="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default" \
--max-results 2 \
--start-time "2021-09-30T15:53:35.573Z" \
--end-time "2021-09-31T15:53:35.573Z"
```
------
#### [ PowerShell ]
使用 `Get-SHUBFinding` cmdlet。或者,填充 `Filter` 参数以缩小要检索的调查发现的范围。
例如,以下 cmdlet 将检索与指定的筛选条件匹配的调查发现
```
Get-SHUBFinding -Filter @{AwsAccountId = [Amazon.SecurityHub.Model.StringFilter]@{Comparison = "EQUALS"; Value = "XXX"};ComplianceStatus = [Amazon.SecurityHub.Model.StringFilter]@{Comparison = "EQUALS"; Value = 'FAILED'}}
```
------
**注意**
如果按 `CompanyName` 或 `ProductName` 筛选调查发现,Security Hub 会使用属于 `ProductFields` ASFF 对象一部分的值。Security Hub CSPM 不使用顶级 `CompanyName` 和 `ProductName` 字段。
# 在 Security Hub CSPM 中筛选调查发现
AWS Security Hub CSPM 通过安全检查生成自己的调查结果,并从集成产品中接收调查结果。您可以在 Security Hub CSPM 控制台的**调查发现**、**集成**和**见解**页面上显示调查发现列表。您可以添加筛选条件来缩小调查发现列表的范围,使列表与您的组织或使用案例相关。
有关筛选特定安全控件的调查发现的信息,请参阅[对控件调查发现进行筛选和排序](control-finding-list.md)。本页上的信息适用于**调查发现**、**见解**和**集成**页面。
## 调查发现列表上的默认筛选条件
默认情况下,Security Hub CSPM 控制台上的调查发现列表是根据 AWS 安全调查发现格式(ASFF)的 `RecordState` 和 `Workflow.Status` 字段进行筛选的。这是特定见解或集成的筛选条件的补充。
记录状态指示调查发现处于活动状态还是存档状态。默认情况下,结果列表仅显示活动结果。如果调查发现不再处于活动状态或不再重要,则调查发现提供者可以将其归档。如果关联的资源被删除,Security Hub CSPM 还会自动归档控件调查发现。
工作流状态指示对调查发现进行的调查的状态。默认情况下,调查发现列表仅显示工作流状态为 `NEW` 或 `NOTIFIED` 的调查发现。您可以更新调查发现的工作流状态。
## 添加筛选条件的说明
您最多可以按十个属性筛选调查发现列表。对于每个属性,您最多可以提供 20 个筛选值。
筛选调查发现列表时,Security Hub CSPM 会将 `AND` 逻辑应用于筛选条件集。仅在调查发现符合所有提供的筛选条件时才被视为匹配的调查发现。例如,如果您添加GuardDuty 为**产品名称**的筛选器,并`AwsS3Bucket`添加为**资源类型的**筛选器,Security Hub CSPM 会显示符合这两个条件的搜索结果。
Security Hub CSPM 会对使用的属性相同但值不同的筛选条件应用 `OR` 逻辑。例如,如果您同时添加两者 GuardDuty 和 Amazon Inspector 作为**商品名称**的筛选值,Security Hub CSPM 会显示由任一方 GuardDuty 或亚马逊检查员生成的结果。
**向调查发现列表添加筛选条件(控制台)**
1. 打开 S AWS ecurity Hub CSPM 控制台,网址为。[https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/)
1. 要显示调查发现列表,请从导航窗格执行以下操作之一:
+ 选择**调查发现**。
+ 选择 **Insights**。选择见解。然后在结果列表上,选择一个见解结果。
+ 选择**集成**。选择**查看集成的调查发现**。
1. 在**添加筛选条件**框中,选择一个或多个要筛选的字段。
当您按**公司名称或**产品名称****筛选时,控制台将使用 AWS 安全调查结果格式 (ASFF) 的顶层`CompanyName`和`ProductName`字段。API 使用嵌套在 `ProductFields` 下的值。
1. 选择筛选器匹配类型。
对于字符串筛选条件,您可以从以下选项中进行选择:
+ **是**——查找与筛选值完全匹配的值。
+ **以...开头**——查找以筛选值开头的值。
+ **不是**——查找与筛选值不匹配的值。
+ **不以...开头**——查找不以筛选值开头的值。
对于**资源标签**字段,您可以基于特定键或值进行筛选。
对于数值筛选条件,您可以选择是提供单个数字**简单**还是数值范围**范围**。
对于日期或时间筛选条件,您可以选择是提供从当前日期时间开始的时间长度**滚动窗口**还是提供具体日期范围**固定范围**。
添加多个筛选条件具有以下交互作用:
+ **是**和**以...开头**筛选条件由“或”连接。如果一个值包含任何筛选条件值,则该值匹配。例如,如果您将**“严重性”标签指定为“重大”**,**“严重性”标签为“高”**,则结果将包括重大和高严重性结果。
+ **不是**,**不以...开头**筛选条件由“和”连接的。仅当值不包含任何这些筛选条件值时才匹配。例如,如果您指定**“严重性”标签不为“低”**,**“严重性”标签不为“中”**,则结果不包括低或中等严重性调查发现。
如果在某个字段上有**是**的筛选条件,则不能在同一个字段上使用**不是**或**不以……开头**的筛选条件。
1. 指定筛选器值。对于字符串筛选条件,筛选条件值区分大小写。
1. 选择**应用**。
对于现有筛选条件,您可以更改筛选条件匹配类型或值。在筛选后的调查发现列表中,选择筛选条件。在**编辑筛选条件**框中,选择新的匹配类型或值,然后选择**应用**。
要删除筛选条件,请选择 **x** 图标。列表会自动更新以反映更改。
# 在 Security Hub CSPM 中对调查发现进行分组
您可以根据所选属性的值对 Sec AWS urity Hub CSPM 中的发现结果进行分组。
对调查发现进行分组时,调查发现列表将替换为匹配调查发现中选定属性的值列表。对于每个值,列表会显示匹配调查发现的数量。
例如,如果您按 AWS 账户 ID 对发现结果进行分组,则会看到账户标识符列表,其中包含每个账户的匹配结果数量。
Security Hub CSPM 可以为选定的属性显示多达 100 个值。如果值超过 100 个,则只能看到前 100 个。
当您选择一个属性值时,Security Hub CSPM 会显示与该值匹配的调查发现列表。
**将调查发现分组到调查发现列表中(控制台)**
1. 打开 S AWS ecurity Hub CSPM 控制台,网址为。[https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/)
1. 要显示调查发现列表,请从导航窗格执行以下操作之一:
+ 选择**调查发现**。
+ 选择 **Insights**。选择见解。然后在结果列表上,选择一个见解结果。
+ 选择**集成**。选择**查看集成的调查发现**。
1. 在**分组依据**下拉列表中,选择要用于分组的属性。
要删除分组属性,请选择 **x** 图标。删除分组属性时,列表将从属性值列表更改为调查发现列表。
# 在 Security Hub CSPM 中设置调查发现的工作流状态
工作流状态跟踪对调查发现的调查进度。工作流状态特定于单个调查发现,不会影响新调查发现的生成。例如,如果将调查发现的工作流状态更改为 `SUPPRESSED` 或 `RESOLVED`,则您的更改不会阻止 Security Hub CSPM 针对同一问题生成新的调查发现。
调查发现的工作流状态可以是以下值之一。
**新**
调查发现在被审查前的初始状态。
从集成 AWS 服务(例如)中提取的发现以 AWS Config其初始状态`NEW`为初始状态。
在以下情况下,Security Hub CSPM 还会将工作流状态从 `NOTIFIED` 或 `RESOLVED` 重置为 `NEW`:
+ `RecordState` 从 `ARCHIVED` 变为 `ACTIVE`。
+ `Compliance.Status` 从 `PASSED` 变为 `FAILED`、`WARNING` 或 `NOT_AVAILABLE`。
这些变化表明需要进一步调查。
**NOTIFIED**
表示您已将安全问题告知资源拥有者。如果您不是资源拥有者,并且需要资源拥有者的干预才能解决安全问题,则可以使用此状态。
如果出现以下情况之一,则工作流状态将自动从 `NOTIFIED` 更改为 `NEW`:
+ `RecordState` 从 `ARCHIVED` 变为 `ACTIVE`。
+ `Compliance.Status` 从 `PASSED` 变为 `FAILED`、`WARNING` 或 `NOT_AVAILABLE`。
**SUPPRESSED**
表示您已查看调查发现,但认为不需要采取任何操作。
如果 `RecordState` 从 `ARCHIVED` 变为 `ACTIVE`,则 `SUPPRESSED` 调查发现的工作流状态不会改变。
**RESOLVED**
已对结果进行审查并采取了补救措施,现在被视为已解决。
除非出现下列情况之一,否则调查发现将保持为 `RESOLVED`:
+ `RecordState` 从 `ARCHIVED` 变为 `ACTIVE`。
+ `Compliance.Status` 从 `PASSED` 变为 `FAILED`、`WARNING` 或 `NOT_AVAILABLE`。
在这种情况下,工作流状态会自动重置为 `NEW`。
对于来自控件的调查发现,如果 `Compliance.Status` 是 `PASSED`,则 Security Hub CSPM 会自动将工作流状态设置为 `RESOLVED`。
## 设置调查发现的工作流状态
要更改一个或多个调查发现的工作流状态,您可以使用 Security Hub CSPM 控制台或 Security Hub CSPM API。如果您更改了调查发现的工作流状态,请注意,Security Hub CSPM 可能需要几分钟时间来处理您的请求并更新调查发现。
**提示**
您还可以使用自动化规则自动更改调查发现的工作流状态。通过自动化规则,您可以配置 Security Hub CSPM,使其根据您指定的条件自动更新调查发现的工作流状态。有关更多信息,请参阅 [了解 Security Hub CSPM 中的自动化规则](automation-rules.md)。
要更改一个或多个调查发现的工作流状态,请选择您喜欢的方法并按照步骤进行操作。
------
#### [ Security Hub CSPM console ]
**更改调查发现的工作流状态**
1. 打开 S AWS ecurity Hub CSPM 控制台,网址为。[https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/)
1. 在导航窗格中,执行以下操作之一以显示调查发现表格:
+ 选择**调查发现**。
+ 选择 **Insights**。然后选择一个见解。在见解结果中,选择一个结果。
+ 选择**集成**。然后,在集成的部分中,选择**查看调查发现**。
+ 选择**安全标准**。然后,在标准的部分中,选择**查看结果**。在控件表格中,选择一个控件以显示控件的调查发现。
1. 在调查发现表格中,选中要更改工作流状态的每个调查发现对应的复选框。
1. 在页面顶部,选择**工作流状态**,然后为所选调查发现选择新的工作流状态。
1. 在**设置工作流状态**对话框中,选择输入注释,以详细说明更改工作流状态的原因。然后选择**设置状态**。
------
#### [ Security Hub CSPM API ]
使用 [BatchUpdateFindings](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 操作。提供用于生成调查发现的产品调查发现 ID 和 ARN。您可以使用[GetFindings](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_GetFindings.html)操作来获取这些详细信息。
------
#### [ AWS CLI ]
运行 [batch-update-findings](https://docs.aws.amazon.com/cli/latest/reference/securityhub/batch-update-findings.html) 命令。提供用于生成调查发现的产品调查发现 ID 和 ARN。您可以通过运行 [get-findings](https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-findings.html) 命令来获取这些详细信息。
```
batch-update-findings --finding-identifiers Id="",ProductArn="" --workflow Status=""
```
**示例**
```
aws securityhub batch-update-findings --finding-identifiers Id="arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",ProductArn="arn:aws:securityhub:us-west-1::product/aws/securityhub" --workflow Status="RESOLVED"
```
------
# 将调查发现发送到自定义 Security Hub CSPM 操作
你可以创建 S AWS ecurity Hub CSPM 自定义操作,通过亚马逊自动执行 Security Hub CSPM。 EventBridge对于自定义操作,事件类型为 **Security Hub Findings - Custom Action**。设置自定义操作后,您可以向其发送结果。有关创建自定义操作的更多信息和详细步骤,请参阅 [EventBridge 用于自动响应和补救](securityhub-cloudwatch-events.md)。
**将结果发送到自定义操作(控制台)**
1. 打开 S AWS ecurity Hub CSPM 控制台,网址为。[https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/)
1. 要显示调查发现列表,请执行以下操作之一:
+ 在 Security Hub CSPM 导航窗格中,选择**调查发现**。
+ 在 Security Hub CSPM 导航窗格中,选择**见解**。选择见解。然后在结果列表上,选择一个见解结果。
+ 在 Security Hub CSPM 导航窗格中,选择**集成**。选择**查看集成的调查发现**。
+ 在 Security Hub CSPM 导航窗格中,选择**安全标准**。选择**查看结果**以显示控件列表。然后选择控件名称。
1. 在调查发现列表中,选中要发送到自定义操作的每个调查发现的复选框。
您一次最多可以发送 20 个结果。
1. 对于**操作**,选择自定义操作。
# AWS 安全调查结果格式 (ASFF)
AWS Security Hub CSPM 使用和汇总来自集成 AWS 服务 和第三方产品的发现。Security Hub CSPM 使用一种称为 *AWS 安全调查发现格式(ASFF)*的标准调查发现格式来处理这些调查发现,无需进行耗时的数据转换工作。
本页提供了 AWS 安全调查结果格式 (ASFF) 中查找结果的 JSON 的完整概述。该格式源自 [JSON 架构](https://json-schema.org/)。选择链接对象的名称,以查看该对象的调查发现示例。将 Security Hub CSPM 调查发现与此处显示的资源和示例进行比较,以帮助您解释调查发现。
有关各个 ASFF 属性的描述,请参阅[必需的顶级 ASFF 属性](asff-required-attributes.md)和[可选顶级 ASFF 属性](asff-top-level-attributes.md)。
```
"Findings": [
{
"Action": {
"ActionType": "string",
"AwsApiCallAction": {
"AffectedResources": {
"string": "string"
},
"Api": "string",
"CallerType": "string",
"DomainDetails": {
"Domain": "string"
},
"FirstSeen": "string",
"LastSeen": "string",
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"IpAddressV4": "string",
"Geolocation": {
"Lat": number,
"Lon": number
},
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
},
"ServiceName": "string"
},
"DnsRequestAction": {
"Blocked": boolean,
"Domain": "string",
"Protocol": "string"
},
"NetworkConnectionAction": {
"Blocked": boolean,
"ConnectionDirection": "string",
"LocalPortDetails": {
"Port": number,
"PortName": "string"
},
"Protocol": "string",
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"IpAddressV4": "string",
"Geolocation": {
"Lat": number,
"Lon": number
},
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
},
"RemotePortDetails": {
"Port": number,
"PortName": "string"
}
},
"PortProbeAction": {
"Blocked": boolean,
"PortProbeDetails": [{
"LocalIpDetails": {
"IpAddressV4": "string"
},
"LocalPortDetails": {
"Port": number,
"PortName": "string"
},
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"GeoLocation": {
"Lat": number,
"Lon": number
},
"IpAddressV4": "string",
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
}
}]
}
},
"AwsAccountId": "string",
"AwsAccountName": "string",
"CompanyName": "string",
"Compliance": {
"AssociatedStandards": [{
"StandardsId": "string"
}],
"RelatedRequirements": ["string"],
"SecurityControlId": "string",
"SecurityControlParameters": [
{
"Name": "string",
"Value": ["string"]
}
],
"Status": "string",
"StatusReasons": [
{
"Description": "string",
"ReasonCode": "string"
}
]
},
"Confidence": number,
"CreatedAt": "string",
"Criticality": number,
"Description": "string",
"Detection": {
"Sequence": {
"Uid": "string",
"Actors": [{
"Id": "string",
"Session": {
"Uid": "string",
"MfAStatus": "string",
"CreatedTime": "string",
"Issuer": "string"
},
"User": {
"CredentialUid": "string",
"Name": "string",
"Type": "string",
"Uid": "string",
"Account": {
"Uid": "string",
"Name": "string"
}
}
}],
"Endpoints": [{
"Id": "string",
"Ip": "string",
"Domain": "string",
"Port": number,
"Location": {
"City": "string",
"Country": "string",
"Lat": number,
"Lon": number
},
"AutonomousSystem": {
"Name": "string",
"Number": number
},
"Connection": {
"Direction": "string"
}
}],
"Signals": [{
"Id": "string",
"Title": "string",
"ActorIds": ["string"],
"Count": number,
"FirstSeenAt": number,
"SignalIndicators": [
{
"Key": "string",
"Title": "string",
"Values": ["string"]
},
{
"Key": "string",
"Title": "string",
"Values": ["string"]
}
],
"LastSeenAt": number,
"Name": "string",
"ResourceIds": ["string"],
"Type": "string"
}],
"SequenceIndicators": [
{
"Key": "string",
"Title": "string",
"Values": ["string"]
},
{
"Key": "string",
"Title": "string",
"Values": ["string"]
}
]
}
},
"FindingProviderFields": {
"Confidence": number,
"Criticality": number,
"RelatedFindings": [{
"ProductArn": "string",
"Id": "string"
}],
"Severity": {
"Label": "string",
"Normalized": number,
"Original": "string"
},
"Types": ["string"]
},
"FirstObservedAt": "string",
"GeneratorId": "string",
"Id": "string",
"LastObservedAt": "string",
"Malware": [{
"Name": "string",
"Path": "string",
"State": "string",
"Type": "string"
}],
"Network": {
"DestinationDomain": "string",
"DestinationIpV4": "string",
"DestinationIpV6": "string",
"DestinationPort": number,
"Direction": "string",
"OpenPortRange": {
"Begin": integer,
"End": integer
},
"Protocol": "string",
"SourceDomain": "string",
"SourceIpV4": "string",
"SourceIpV6": "string",
"SourceMac": "string",
"SourcePort": number
},
"NetworkPath": [{
"ComponentId": "string",
"ComponentType": "string",
"Egress": {
"Destination": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
},
"Protocol": "string",
"Source": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
}
},
"Ingress": {
"Destination": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
},
"Protocol": "string",
"Source": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
}
}
}],
"Note": {
"Text": "string",
"UpdatedAt": "string",
"UpdatedBy": "string"
},
"PatchSummary": {
"FailedCount": number,
"Id": "string",
"InstalledCount": number,
"InstalledOtherCount": number,
"InstalledPendingReboot": number,
"InstalledRejectedCount": number,
"MissingCount": number,
"Operation": "string",
"OperationEndTime": "string",
"OperationStartTime": "string",
"RebootOption": "string"
},
"Process": {
"LaunchedAt": "string",
"Name": "string",
"ParentPid": number,
"Path": "string",
"Pid": number,
"TerminatedAt": "string"
},
"ProductArn": "string",
"ProductFields": {
"string": "string"
},
"ProductName": "string",
"RecordState": "string",
"Region": "string",
"RelatedFindings": [{
"Id": "string",
"ProductArn": "string"
}],
"Remediation": {
"Recommendation": {
"Text": "string",
"Url": "string"
}
},
"Resources": [{
"ApplicationArn": "string",
"ApplicationName": "string",
"DataClassification": {
"DetailedResultsLocation": "string",
"Result": {
"AdditionalOccurrences": boolean,
"CustomDataIdentifiers": {
"Detections": [{
"Arn": "string",
"Count": integer,
"Name": "string",
"Occurrences": {
"Cells": [{
"CellReference": "string",
"Column": integer,
"ColumnName": "string",
"Row": integer
}],
"LineRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"OffsetRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"Pages": [{
"LineRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"OffsetRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"PageNumber": integer
}],
"Records": [{
"JsonPath": "string",
"RecordIndex": integer
}]
}
}],
"TotalCount": integer
},
"MimeType": "string",
"SensitiveData": [{
"Category": "string",
"Detections": [{
"Count": integer,
"Occurrences": {
"Cells": [{
"CellReference": "string",
"Column": integer,
"ColumnName": "string",
"Row": integer
}],
"LineRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"OffsetRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"Pages": [{
"LineRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"OffsetRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"PageNumber": integer
}],
"Records": [{
"JsonPath": "string",
"RecordIndex": integer
}]
},
"Type": "string"
}],
"TotalCount": integer
}],
"SizeClassified": integer,
"Status": {
"Code": "string",
"Reason": "string"
}
}
},
"Details": {
"AwsAmazonMQBroker": {
"AutoMinorVersionUpgrade": boolean,
"BrokerArn": "string",
"BrokerId": "string",
"BrokerName": "string",
"Configuration": {
"Id": "string",
"Revision": integer
},
"DeploymentMode": "string",
"EncryptionOptions": {
"UseAwsOwnedKey": boolean
},
"EngineType": "string",
"EngineVersion": "string",
"HostInstanceType": "string",
"Logs": {
"Audit": boolean,
"AuditLogGroup": "string",
"General": boolean,
"GeneralLogGroup": "string"
},
"MaintenanceWindowStartTime": {
"DayOfWeek": "string",
"TimeOfDay": "string",
"TimeZone": "string"
},
"PubliclyAccessible": boolean,
"SecurityGroups": [
"string"
],
"StorageType": "string",
"SubnetIds": [
"string",
"string"
],
"Users": [{
"Username": "string"
}]
},
"AwsApiGatewayRestApi": {
"ApiKeySource": "string",
"BinaryMediaTypes": [" string"],
"CreatedDate": "string",
"Description": "string",
"EndpointConfiguration": {
"Types": ["string"]
},
"Id": "string",
"MinimumCompressionSize": number,
"Name": "string",
"Version": "string"
},
"AwsApiGatewayStage": {
"AccessLogSettings": {
"DestinationArn": "string",
"Format": "string"
},
"CacheClusterEnabled": boolean,
"CacheClusterSize": "string",
"CacheClusterStatus": "string",
"CanarySettings": {
"DeploymentId": "string",
"PercentTraffic": number,
"StageVariableOverrides": [{
"string": "string"
}],
"UseStageCache": boolean
},
"ClientCertificateId": "string",
"CreatedDate": "string",
"DeploymentId": "string",
"Description": "string",
"DocumentationVersion": "string",
"LastUpdatedDate": "string",
"MethodSettings": [{
"CacheDataEncrypted": boolean,
"CachingEnabled": boolean,
"CacheTtlInSeconds": number,
"DataTraceEnabled": boolean,
"HttpMethod": "string",
"LoggingLevel": "string",
"MetricsEnabled": boolean,
"RequireAuthorizationForCacheControl": boolean,
"ResourcePath": "string",
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number,
"UnauthorizedCacheControlHeaderStrategy": "string"
}],
"StageName": "string",
"TracingEnabled": boolean,
"Variables": {
"string": "string"
},
"WebAclArn": "string"
},
"AwsApiGatewayV2Api": {
"ApiEndpoint": "string",
"ApiId": "string",
"ApiKeySelectionExpression": "string",
"CorsConfiguration": {
"AllowCredentials": boolean,
"AllowHeaders": ["string"],
"AllowMethods": ["string"],
"AllowOrigins": ["string"],
"ExposeHeaders": ["string"],
"MaxAge": number
},
"CreatedDate": "string",
"Description": "string",
"Name": "string",
"ProtocolType": "string",
"RouteSelectionExpression": "string",
"Version": "string"
},
"AwsApiGatewayV2Stage": {
"AccessLogSettings": {
"DestinationArn": "string",
"Format": "string"
},
"ApiGatewayManaged": boolean,
"AutoDeploy": boolean,
"ClientCertificateId": "string",
"CreatedDate": "string",
"DefaultRouteSettings": {
"DataTraceEnabled": boolean,
"DetailedMetricsEnabled": boolean,
"LoggingLevel": "string",
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number
},
"DeploymentId": "string",
"Description": "string",
"LastDeploymentStatusMessage": "string",
"LastUpdatedDate": "string",
"RouteSettings": {
"DetailedMetricsEnabled": boolean,
"LoggingLevel": "string",
"DataTraceEnabled": boolean,
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number
},
"StageName": "string",
"StageVariables": [{
"string": "string"
}]
},
"AwsAppSyncGraphQLApi": {
"AwsAppSyncGraphQlApi": {
"AdditionalAuthenticationProviders": [
{
"AuthenticationType": "string",
"LambdaAuthorizerConfig": {
"AuthorizerResultTtlInSeconds": integer,
"AuthorizerUri": "string"
}
},
{
"AuthenticationType": "string"
}
],
"ApiId": "string",
"Arn": "string",
"AuthenticationType": "string",
"Id": "string",
"LogConfig": {
"CloudWatchLogsRoleArn": "string",
"ExcludeVerboseContent": boolean,
"FieldLogLevel": "string"
},
"Name": "string",
"XrayEnabled": boolean
}
},
"AwsAthenaWorkGroup": {
"Description": "string",
"Name": "string",
"WorkgroupConfiguration": {
"ResultConfiguration": {
"EncryptionConfiguration": {
"EncryptionOption": "string",
"KmsKey": "string"
}
}
},
"State": "string"
},
"AwsAutoScalingAutoScalingGroup": {
"AvailabilityZones": [{
"Value": "string"
}],
"CreatedTime": "string",
"HealthCheckGracePeriod": integer,
"HealthCheckType": "string",
"LaunchConfigurationName": "string",
"LoadBalancerNames": ["string"],
"LaunchTemplate": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"MixedInstancesPolicy": {
"InstancesDistribution": {
"OnDemandAllocationStrategy": "string",
"OnDemandBaseCapacity": number,
"OnDemandPercentageAboveBaseCapacity": number,
"SpotAllocationStrategy": "string",
"SpotInstancePools": number,
"SpotMaxPrice": "string"
},
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"CapacityRebalance": boolean,
"Overrides": [{
"InstanceType": "string",
"WeightedCapacity": "string"
}]
}
}
},
"AwsAutoScalingLaunchConfiguration": {
"AssociatePublicIpAddress": boolean,
"BlockDeviceMappings": [{
"DeviceName": "string",
"Ebs": {
"DeleteOnTermination": boolean,
"Encrypted": boolean,
"Iops": number,
"SnapshotId": "string",
"VolumeSize": number,
"VolumeType": "string"
},
"NoDevice": boolean,
"VirtualName": "string"
}],
"ClassicLinkVpcId": "string",
"ClassicLinkVpcSecurityGroups": ["string"],
"CreatedTime": "string",
"EbsOptimized": boolean,
"IamInstanceProfile": "string"
},
"ImageId": "string",
"InstanceMonitoring": {
"Enabled": boolean
},
"InstanceType": "string",
"KernelId": "string",
"KeyName": "string",
"LaunchConfigurationName": "string",
"MetadataOptions": {
"HttpEndPoint": "string",
"HttpPutReponseHopLimit": number,
"HttpTokens": "string"
},
"PlacementTenancy": "string",
"RamdiskId": "string",
"SecurityGroups": ["string"],
"SpotPrice": "string",
"UserData": "string"
},
"AwsBackupBackupPlan": {
"BackupPlan": {
"AdvancedBackupSettings": [{
"BackupOptions": {
"WindowsVSS":"string"
},
"ResourceType":"string"
}],
"BackupPlanName": "string",
"BackupPlanRule": [{
"CompletionWindowMinutes": integer,
"CopyActions": [{
"DestinationBackupVaultArn": "string",
"Lifecycle": {
"DeleteAfterDays": integer,
"MoveToColdStorageAfterDays": integer
}
}],
"Lifecycle": {
"DeleteAfterDays": integer
},
"RuleName": "string",
"ScheduleExpression": "string",
"StartWindowMinutes": integer,
"TargetBackupVault": "string"
}]
},
"BackupPlanArn": "string",
"BackupPlanId": "string",
"VersionId": "string"
},
"AwsBackupBackupVault": {
"AccessPolicy": {
"Statement": [{
"Action": ["string"],
"Effect": "string",
"Principal": {
"AWS": "string"
},
"Resource": "string"
}],
"Version": "string"
},
"BackupVaultArn": "string",
"BackupVaultName": "string",
"EncryptionKeyArn": "string",
"Notifications": {
"BackupVaultEvents": ["string"],
"SNSTopicArn": "string"
}
},
"AwsBackupRecoveryPoint": {
"BackupSizeInBytes": integer,
"BackupVaultName": "string",
"BackupVaultArn": "string",
"CalculatedLifecycle": {
"DeleteAt": "string",
"MoveToColdStorageAt": "string"
},
"CompletionDate": "string",
"CreatedBy": {
"BackupPlanArn": "string",
"BackupPlanId": "string",
"BackupPlanVersion": "string",
"BackupRuleId": "string"
},
"CreationDate": "string",
"EncryptionKeyArn": "string",
"IamRoleArn": "string",
"IsEncrypted": boolean,
"LastRestoreTime": "string",
"Lifecycle": {
"DeleteAfterDays": integer,
"MoveToColdStorageAfterDays": integer
},
"RecoveryPointArn": "string",
"ResourceArn": "string",
"ResourceType": "string",
"SourceBackupVaultArn": "string",
"Status": "string",
"StatusMessage": "string",
"StorageClass": "string"
},
"AwsCertificateManagerCertificate": {
"CertificateAuthorityArn": "string",
"CreatedAt": "string",
"DomainName": "string",
"DomainValidationOptions": [{
"DomainName": "string",
"ResourceRecord": {
"Name": "string",
"Type": "string",
"Value": "string"
},
"ValidationDomain": "string",
"ValidationEmails": ["string"],
"ValidationMethod": "string",
"ValidationStatus": "string"
}],
"ExtendedKeyUsages": [{
"Name": "string",
"OId": "string"
}],
"FailureReason": "string",
"ImportedAt": "string",
"InUseBy": ["string"],
"IssuedAt": "string",
"Issuer": "string",
"KeyAlgorithm": "string",
"KeyUsages": [{
"Name": "string"
}],
"NotAfter": "string",
"NotBefore": "string",
"Options": {
"CertificateTransparencyLoggingPreference": "string"
},
"RenewalEligibility": "string",
"RenewalSummary": {
"DomainValidationOptions": [{
"DomainName": "string",
"ResourceRecord": {
"Name": "string",
"Type": "string",
"Value": "string"
},
"ValidationDomain": "string",
"ValidationEmails": ["string"],
"ValidationMethod": "string",
"ValidationStatus": "string"
}],
"RenewalStatus": "string",
"RenewalStatusReason": "string",
"UpdatedAt": "string"
},
"Serial": "string",
"SignatureAlgorithm": "string",
"Status": "string",
"Subject": "string",
"SubjectAlternativeNames": ["string"],
"Type": "string"
},
"AwsCloudFormationStack": {
"Capabilities": ["string"],
"CreationTime": "string",
"Description": "string",
"DisableRollback": boolean,
"DriftInformation": {
"StackDriftStatus": "string"
},
"EnableTerminationProtection": boolean,
"LastUpdatedTime": "string",
"NotificationArns": ["string"],
"Outputs": [{
"Description": "string",
"OutputKey": "string",
"OutputValue": "string"
}],
"RoleArn": "string",
"StackId": "string",
"StackName": "string",
"StackStatus": "string",
"StackStatusReason": "string",
"TimeoutInMinutes": number
},
"AwsCloudFrontDistribution": {
"CacheBehaviors": {
"Items": [{
"ViewerProtocolPolicy": "string"
}]
},
"DefaultCacheBehavior": {
"ViewerProtocolPolicy": "string"
},
"DefaultRootObject": "string",
"DomainName": "string",
"Etag": "string",
"LastModifiedTime": "string",
"Logging": {
"Bucket": "string",
"Enabled": boolean,
"IncludeCookies": boolean,
"Prefix": "string"
},
"OriginGroups": {
"Items": [{
"FailoverCriteria": {
"StatusCodes": {
"Items": [number],
"Quantity": number
}
}
}]
},
"Origins": {
"Items": [{
"CustomOriginConfig": {
"HttpPort": number,
"HttpsPort": number,
"OriginKeepaliveTimeout": number,
"OriginProtocolPolicy": "string",
"OriginReadTimeout": number,
"OriginSslProtocols": {
"Items": ["string"],
"Quantity": number
}
},
"DomainName": "string",
"Id": "string",
"OriginPath": "string",
"S3OriginConfig": {
"OriginAccessIdentity": "string"
}
}]
},
"Status": "string",
"ViewerCertificate": {
"AcmCertificateArn": "string",
"Certificate": "string",
"CertificateSource": "string",
"CloudFrontDefaultCertificate": boolean,
"IamCertificateId": "string",
"MinimumProtocolVersion": "string",
"SslSupportMethod": "string"
},
"WebAclId": "string"
},
"AwsCloudTrailTrail": {
"CloudWatchLogsLogGroupArn": "string",
"CloudWatchLogsRoleArn": "string",
"HasCustomEventSelectors": boolean,
"HomeRegion": "string",
"IncludeGlobalServiceEvents": boolean,
"IsMultiRegionTrail": boolean,
"IsOrganizationTrail": boolean,
"KmsKeyId": "string",
"LogFileValidationEnabled": boolean,
"Name": "string",
"S3BucketName": "string",
"S3KeyPrefix": "string",
"SnsTopicArn": "string",
"SnsTopicName": "string",
"TrailArn": "string"
},
"AwsCloudWatchAlarm": {
"ActionsEnabled": boolean,
"AlarmActions": ["string"],
"AlarmArn": "string",
"AlarmConfigurationUpdatedTimestamp": "string",
"AlarmDescription": "string",
"AlarmName": "string",
"ComparisonOperator": "string",
"DatapointsToAlarm": number,
"Dimensions": [{
"Name": "string",
"Value": "string"
}],
"EvaluateLowSampleCountPercentile": "string",
"EvaluationPeriods": number,
"ExtendedStatistic": "string",
"InsufficientDataActions": ["string"],
"MetricName": "string",
"Namespace": "string",
"OkActions": ["string"],
"Period": number,
"Statistic": "string",
"Threshold": number,
"ThresholdMetricId": "string",
"TreatMissingData": "string",
"Unit": "string"
},
"AwsCodeBuildProject": {
"Artifacts": [{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}],
"SecondaryArtifacts": [{
"ArtifactIdentifier": "string",
"Type": "string",
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"Packaging": "string",
"Path": "string",
"EncryptionDisabled": boolean,
"OverrideArtifactName": boolean
}],
"EncryptionKey": "string",
"Certificate": "string",
"Environment": {
"Certificate": "string",
"EnvironmentVariables": [{
"Name": "string",
"Type": "string",
"Value": "string"
}],
"ImagePullCredentialsType": "string",
"PrivilegedMode": boolean,
"RegistryCredential": {
"Credential": "string",
"CredentialProvider": "string"
},
"Type": "string"
},
"LogsConfig": {
"CloudWatchLogs": {
"GroupName": "string",
"Status": "string",
"StreamName": "string"
},
"S3Logs": {
"EncryptionDisabled": boolean,
"Location": "string",
"Status": "string"
}
},
"Name": "string",
"ServiceRole": "string",
"Source": {
"Type": "string",
"Location": "string",
"GitCloneDepth": integer
},
"VpcConfig": {
"VpcId": "string",
"Subnets": ["string"],
"SecurityGroupIds": ["string"]
}
},
"AwsDmsEndpoint": {
"CertificateArn": "string",
"DatabaseName": "string",
"EndpointArn": "string",
"EndpointIdentifier": "string",
"EndpointType": "string",
"EngineName": "string",
"KmsKeyId": "string",
"Port": integer,
"ServerName": "string",
"SslMode": "string",
"Username": "string"
},
"AwsDmsReplicationInstance": {
"AllocatedStorage": integer,
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZone": "string",
"EngineVersion": "string",
"KmsKeyId": "string",
"MultiAZ": boolean,
"PreferredMaintenanceWindow": "string",
"PubliclyAccessible": boolean,
"ReplicationInstanceClass": "string",
"ReplicationInstanceIdentifier": "string",
"ReplicationSubnetGroup": {
"ReplicationSubnetGroupIdentifier": "string"
},
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "string"
}
]
},
"AwsDmsReplicationTask": {
"CdcStartPosition": "string",
"Id": "string",
"MigrationType": "string",
"ReplicationInstanceArn": "string",
"ReplicationTaskIdentifier": "string",
"ReplicationTaskSettings": {
"string": "string"
},
"SourceEndpointArn": "string",
"TableMappings": {
"string": "string"
},
"TargetEndpointArn": "string"
},
"AwsDynamoDbTable": {
"AttributeDefinitions": [{
"AttributeName": "string",
"AttributeType": "string"
}],
"BillingModeSummary": {
"BillingMode": "string",
"LastUpdateToPayPerRequestDateTime": "string"
},
"CreationDateTime": "string",
"DeletionProtectionEnabled": boolean,
"GlobalSecondaryIndexes": [{
"Backfilling": boolean,
"IndexArn": "string",
"IndexName": "string",
"IndexSizeBytes": number,
"IndexStatus": "string",
"ItemCount": number,
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"Projection": {
"NonKeyAttributes": ["string"],
"ProjectionType": "string"
},
"ProvisionedThroughput": {
"LastDecreaseDateTime": "string",
"LastIncreaseDateTime": "string",
"NumberOfDecreasesToday": number,
"ReadCapacityUnits": number,
"WriteCapacityUnits": number
}
}],
"GlobalTableVersion": "string",
"ItemCount": number,
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"LatestStreamArn": "string",
"LatestStreamLabel": "string",
"LocalSecondaryIndexes": [{
"IndexArn": "string",
"IndexName": "string",
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"Projection": {
"NonKeyAttributes": ["string"],
"ProjectionType": "string"
}
}],
"ProvisionedThroughput": {
"LastDecreaseDateTime": "string",
"LastIncreaseDateTime": "string",
"NumberOfDecreasesToday": number,
"ReadCapacityUnits": number,
"WriteCapacityUnits": number
},
"Replicas": [{
"GlobalSecondaryIndexes": [{
"IndexName": "string",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": number
}
}],
"KmsMasterKeyId": "string",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": number
},
"RegionName": "string",
"ReplicaStatus": "string",
"ReplicaStatusDescription": "string"
}],
"RestoreSummary": {
"RestoreDateTime": "string",
"RestoreInProgress": boolean,
"SourceBackupArn": "string",
"SourceTableArn": "string"
},
"SseDescription": {
"InaccessibleEncryptionDateTime": "string",
"KmsMasterKeyArn": "string",
"SseType": "string",
"Status": "string"
},
"StreamSpecification": {
"StreamEnabled": boolean,
"StreamViewType": "string"
},
"TableId": "string",
"TableName": "string",
"TableSizeBytes": number,
"TableStatus": "string"
},
"AwsEc2ClientVpnEndpoint": {
"AuthenticationOptions": [
{
"MutualAuthentication": {
"ClientRootCertificateChainArn": "string"
},
"Type": "string"
}
],
"ClientCidrBlock": "string",
"ClientConnectOptions": {
"Enabled": boolean
},
"ClientLoginBannerOptions": {
"Enabled": boolean
},
"ClientVpnEndpointId": "string",
"ConnectionLogOptions": {
"Enabled": boolean
},
"Description": "string",
"DnsServer": ["string"],
"ServerCertificateArn": "string",
"SecurityGroupIdSet": [
"string"
],
"SelfServicePortalUrl": "string",
"SessionTimeoutHours": "integer",
"SplitTunnel": boolean,
"TransportProtocol": "string",
"VpcId": "string",
"VpnPort": integer
},
"AwsEc2Eip": {
"AllocationId": "string",
"AssociationId": "string",
"Domain": "string",
"InstanceId": "string",
"NetworkBorderGroup": "string",
"NetworkInterfaceId": "string",
"NetworkInterfaceOwnerId": "string",
"PrivateIpAddress": "string",
"PublicIp": "string",
"PublicIpv4Pool": "string"
},
"AwsEc2Instance": {
"IamInstanceProfileArn": "string",
"ImageId": "string",
"IpV4Addresses": ["string"],
"IpV6Addresses": ["string"],
"KeyName": "string",
"LaunchedAt": "string",
"MetadataOptions": {
"HttpEndpoint": "string",
"HttpProtocolIpv6": "string",
"HttpPutResponseHopLimit": number,
"HttpTokens": "string",
"InstanceMetadataTags": "string"
},
"Monitoring": {
"State": "string"
},
"NetworkInterfaces": [{
"NetworkInterfaceId": "string"
}],
"SubnetId": "string",
"Type": "string",
"VirtualizationType": "string",
"VpcId": "string"
},
"AwsEc2LaunchTemplate": {
"DefaultVersionNumber": "string",
"ElasticGpuSpecifications": ["string"],
"ElasticInferenceAccelerators": ["string"],
"Id": "string",
"ImageId": "string",
"LatestVersionNumber": "string",
"LaunchTemplateData": {
"BlockDeviceMappings": [{
"DeviceName": "string",
"Ebs": {
"DeleteonTermination": boolean,
"Encrypted": boolean,
"SnapshotId": "string",
"VolumeSize": number,
"VolumeType": "string"
}
}],
"MetadataOptions": {
"HttpTokens": "string",
"HttpPutResponseHopLimit" : number
},
"Monitoring": {
"Enabled": boolean
},
"NetworkInterfaces": [{
"AssociatePublicIpAddress" : boolean
}]
},
"LaunchTemplateName": "string",
"LicenseSpecifications": ["string"],
"SecurityGroupIds": ["string"],
"SecurityGroups": ["string"],
"TagSpecifications": ["string"]
},
"AwsEc2NetworkAcl": {
"Associations": [{
"NetworkAclAssociationId": "string",
"NetworkAclId": "string",
"SubnetId": "string"
}],
"Entries": [{
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string",
"RuleNumber": number
}],
"IsDefault": boolean,
"NetworkAclId": "string",
"OwnerId": "string",
"VpcId": "string"
},
"AwsEc2NetworkInterface": {
"Attachment": {
"AttachmentId": "string",
"AttachTime": "string",
"DeleteOnTermination": boolean,
"DeviceIndex": number,
"InstanceId": "string",
"InstanceOwnerId": "string",
"Status": "string"
},
"Ipv6Addresses": [{
"Ipv6Address": "string"
}],
"NetworkInterfaceId": "string",
"PrivateIpAddresses": [{
"PrivateDnsName": "string",
"PrivateIpAddress": "string"
}],
"PublicDnsName": "string",
"PublicIp": "string",
"SecurityGroups": [{
"GroupId": "string",
"GroupName": "string"
}],
"SourceDestCheck": boolean
},
"AwsEc2RouteTable": {
"AssociationSet": [{
"AssociationState": {
"State": "string"
},
"Main": boolean,
"RouteTableAssociationId": "string",
"RouteTableId": "string"
}],
"PropogatingVgwSet": [],
"RouteTableId": "string",
"RouteSet": [
{
"DestinationCidrBlock": "string",
"GatewayId": "string",
"Origin": "string",
"State": "string"
},
{
"DestinationCidrBlock": "string",
"GatewayId": "string",
"Origin": "string",
"State": "string"
}
],
"VpcId": "string"
},
"AwsEc2SecurityGroup": {
"GroupId": "string",
"GroupName": "string",
"IpPermissions": [{
"FromPort": number,
"IpProtocol": "string",
"IpRanges": [{
"CidrIp": "string"
}],
"Ipv6Ranges": [{
"CidrIpv6": "string"
}],
"PrefixListIds": [{
"PrefixListId": "string"
}],
"ToPort": number,
"UserIdGroupPairs": [{
"GroupId": "string",
"GroupName": "string",
"PeeringStatus": "string",
"UserId": "string",
"VpcId": "string",
"VpcPeeringConnectionId": "string"
}]
}],
"IpPermissionsEgress": [{
"FromPort": number,
"IpProtocol": "string",
"IpRanges": [{
"CidrIp": "string"
}],
"Ipv6Ranges": [{
"CidrIpv6": "string"
}],
"PrefixListIds": [{
"PrefixListId": "string"
}],
"ToPort": number,
"UserIdGroupPairs": [{
"GroupId": "string",
"GroupName": "string",
"PeeringStatus": "string",
"UserId": "string",
"VpcId": "string",
"VpcPeeringConnectionId": "string"
}]
}],
"OwnerId": "string",
"VpcId": "string"
},
"AwsEc2Subnet": {
"AssignIpv6AddressOnCreation": boolean,
"AvailabilityZone": "string",
"AvailabilityZoneId": "string",
"AvailableIpAddressCount": number,
"CidrBlock": "string",
"DefaultForAz": boolean,
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "string",
"Ipv6CidrBlock": "string",
"CidrBlockState": "string"
}],
"MapPublicIpOnLaunch": boolean,
"OwnerId": "string",
"State": "string",
"SubnetArn": "string",
"SubnetId": "string",
"VpcId": "string"
},
"AwsEc2TransitGateway": {
"AmazonSideAsn": number,
"AssociationDefaultRouteTableId": "string",
"AutoAcceptSharedAttachments": "string",
"DefaultRouteTableAssociation": "string",
"DefaultRouteTablePropagation": "string",
"Description": "string",
"DnsSupport": "string",
"Id": "string",
"MulticastSupport": "string",
"PropagationDefaultRouteTableId": "string",
"TransitGatewayCidrBlocks": ["string"],
"VpnEcmpSupport": "string"
},
"AwsEc2Volume": {
"Attachments": [{
"AttachTime": "string",
"DeleteOnTermination": boolean,
"InstanceId": "string",
"Status": "string"
}],
"CreateTime": "string",
"DeviceName": "string",
"Encrypted": boolean,
"KmsKeyId": "string",
"Size": number,
"SnapshotId": "string",
"Status": "string",
"VolumeId": "string",
"VolumeScanStatus": "string",
"VolumeType": "string"
},
"AwsEc2Vpc": {
"CidrBlockAssociationSet": [{
"AssociationId": "string",
"CidrBlock": "string",
"CidrBlockState": "string"
}],
"DhcpOptionsId": "string",
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "string",
"CidrBlockState": "string",
"Ipv6CidrBlock": "string"
}],
"State": "string"
},
"AwsEc2VpcEndpointService": {
"AcceptanceRequired": boolean,
"AvailabilityZones": ["string"],
"BaseEndpointDnsNames": ["string"],
"ManagesVpcEndpoints": boolean,
"GatewayLoadBalancerArns": ["string"],
"NetworkLoadBalancerArns": ["string"],
"PrivateDnsName": "string",
"ServiceId": "string",
"ServiceName": "string",
"ServiceState": "string",
"ServiceType": [{
"ServiceType": "string"
}]
},
"AwsEc2VpcPeeringConnection": {
"AccepterVpcInfo": {
"CidrBlock": "string",
"CidrBlockSet": [{
"CidrBlock": "string"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "string"
}],
"OwnerId": "string",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": boolean,
"AllowEgressFromLocalClassicLinkToRemoteVpc": boolean,
"AllowEgressFromLocalVpcToRemoteClassicLink": boolean
},
"Region": "string",
"VpcId": "string"
},
"ExpirationTime": "string",
"RequesterVpcInfo": {
"CidrBlock": "string",
"CidrBlockSet": [{
"CidrBlock": "string"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "string"
}],
"OwnerId": "string",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": boolean,
"AllowEgressFromLocalClassicLinkToRemoteVpc": boolean,
"AllowEgressFromLocalVpcToRemoteClassicLink": boolean
},
"Region": "string",
"VpcId": "string"
},
"Status": {
"Code": "string",
"Message": "string"
},
"VpcPeeringConnectionId": "string"
},
"AwsEcrContainerImage": {
"Architecture": "string",
"ImageDigest": "string",
"ImagePublishedAt": "string",
"ImageTags": ["string"],
"RegistryId": "string",
"RepositoryName": "string"
},
"AwsEcrRepository": {
"Arn": "string",
"ImageScanningConfiguration": {
"ScanOnPush": boolean
},
"ImageTagMutability": "string",
"LifecyclePolicy": {
"LifecyclePolicyText": "string",
"RegistryId": "string"
},
"RepositoryName": "string",
"RepositoryPolicyText": "string"
},
"AwsEcsCluster": {
"ActiveServicesCount": number,
"CapacityProviders": ["string"],
"ClusterArn": "string",
"ClusterName": "string",
"ClusterSettings": [{
"Name": "string",
"Value": "string"
}],
"Configuration": {
"ExecuteCommandConfiguration": {
"KmsKeyId": "string",
"LogConfiguration": {
"CloudWatchEncryptionEnabled": boolean,
"CloudWatchLogGroupName": "string",
"S3BucketName": "string",
"S3EncryptionEnabled": boolean,
"S3KeyPrefix": "string"
},
"Logging": "string"
}
},
"DefaultCapacityProviderStrategy": [{
"Base": number,
"CapacityProvider": "string",
"Weight": number
}],
"RegisteredContainerInstancesCount": number,
"RunningTasksCount": number,
"Status": "string"
},
"AwsEcsContainer": {
"Image": "string",
"MountPoints": [{
"ContainerPath": "string",
"SourceVolume": "string"
}],
"Name": "string",
"Privileged": boolean
},
"AwsEcsService": {
"CapacityProviderStrategy": [{
"Base": number,
"CapacityProvider": "string",
"Weight": number
}],
"Cluster": "string",
"DeploymentConfiguration": {
"DeploymentCircuitBreaker": {
"Enable": boolean,
"Rollback": boolean
},
"MaximumPercent": number,
"MinimumHealthyPercent": number
},
"DeploymentController": {
"Type": "string"
},
"DesiredCount": number,
"EnableEcsManagedTags": boolean,
"EnableExecuteCommand": boolean,
"HealthCheckGracePeriodSeconds": number,
"LaunchType": "string",
"LoadBalancers": [{
"ContainerName": "string",
"ContainerPort": number,
"LoadBalancerName": "string",
"TargetGroupArn": "string"
}],
"Name": "string",
"NetworkConfiguration": {
"AwsVpcConfiguration": {
"AssignPublicIp": "string",
"SecurityGroups": ["string"],
"Subnets": ["string"]
}
},
"PlacementConstraints": [{
"Expression": "string",
"Type": "string"
}],
"PlacementStrategies": [{
"Field": "string",
"Type": "string"
}],
"PlatformVersion": "string",
"PropagateTags": "string",
"Role": "string",
"SchedulingStrategy": "string",
"ServiceArn": "string",
"ServiceName": "string",
"ServiceRegistries": [{
"ContainerName": "string",
"ContainerPort": number,
"Port": number,
"RegistryArn": "string"
}],
"TaskDefinition": "string"
},
"AwsEcsTask": {
"CreatedAt": "string",
"ClusterArn": "string",
"Group": "string",
"StartedAt": "string",
"StartedBy": "string",
"TaskDefinitionArn": "string",
"Version": number,
"Volumes": [{
"Name": "string",
"Host": {
"SourcePath": "string"
}
}],
"Containers": [{
"Image": "string",
"MountPoints": [{
"ContainerPath": "string",
"SourceVolume": "string"
}],
"Name": "string",
"Privileged": boolean
}]
},
"AwsEcsTaskDefinition": {
"ContainerDefinitions": [{
"Command": ["string"],
"Cpu": number,
"DependsOn": [{
"Condition": "string",
"ContainerName": "string"
}],
"DisableNetworking": boolean,
"DnsSearchDomains": ["string"],
"DnsServers": ["string"],
"DockerLabels": {
"string": "string"
},
"DockerSecurityOptions": ["string"],
"EntryPoint": ["string"],
"Environment": [{
"Name": "string",
"Value": "string"
}],
"EnvironmentFiles": [{
"Type": "string",
"Value": "string"
}],
"Essential": boolean,
"ExtraHosts": [{
"Hostname": "string",
"IpAddress": "string"
}],
"FirelensConfiguration": {
"Options": {
"string": "string"
},
"Type": "string"
},
"HealthCheck": {
"Command": ["string"],
"Interval": number,
"Retries": number,
"StartPeriod": number,
"Timeout": number
},
"Hostname": "string",
"Image": "string",
"Interactive": boolean,
"Links": ["string"],
"LinuxParameters": {
"Capabilities": {
"Add": ["string"],
"Drop": ["string"]
},
"Devices": [{
"ContainerPath": "string",
"HostPath": "string",
"Permissions": ["string"]
}],
"InitProcessEnabled": boolean,
"MaxSwap": number,
"SharedMemorySize": number,
"Swappiness": number,
"Tmpfs": [{
"ContainerPath": "string",
"MountOptions": ["string"],
"Size": number
}]
},
"LogConfiguration": {
"LogDriver": "string",
"Options": {
"string": "string"
},
"SecretOptions": [{
"Name": "string",
"ValueFrom": "string"
}]
},
"Memory": number,
"MemoryReservation": number,
"MountPoints": [{
"ContainerPath": "string",
"ReadOnly": boolean,
"SourceVolume": "string"
}],
"Name": "string",
"PortMappings": [{
"ContainerPort": number,
"HostPort": number,
"Protocol": "string"
}],
"Privileged": boolean,
"PseudoTerminal": boolean,
"ReadonlyRootFilesystem": boolean,
"RepositoryCredentials": {
"CredentialsParameter": "string"
},
"ResourceRequirements": [{
"Type": "string",
"Value": "string"
}],
"Secrets": [{
"Name": "string",
"ValueFrom": "string"
}],
"StartTimeout": number,
"StopTimeout": number,
"SystemControls": [{
"Namespace": "string",
"Value": "string"
}],
"Ulimits": [{
"HardLimit": number,
"Name": "string",
"SoftLimit": number
}],
"User": "string",
"VolumesFrom": [{
"ReadOnly": boolean,
"SourceContainer": "string"
}],
"WorkingDirectory": "string"
}],
"Cpu": "string",
"ExecutionRoleArn": "string",
"Family": "string",
"InferenceAccelerators": [{
"DeviceName": "string",
"DeviceType": "string"
}],
"IpcMode": "string",
"Memory": "string",
"NetworkMode": "string",
"PidMode": "string",
"PlacementConstraints": [{
"Expression": "string",
"Type": "string"
}],
"ProxyConfiguration": {
"ContainerName": "string",
"ProxyConfigurationProperties": [{
"Name": "string",
"Value": "string"
}],
"Type": "string"
},
"RequiresCompatibilities": ["string"],
"Status": "string",
"TaskRoleArn": "string",
"Volumes": [{
"DockerVolumeConfiguration": {
"Autoprovision": boolean,
"Driver": "string",
"DriverOpts": {
"string": "string"
},
"Labels": {
"string": "string"
},
"Scope": "string"
},
"EfsVolumeConfiguration": {
"AuthorizationConfig": {
"AccessPointId": "string",
"Iam": "string"
},
"FilesystemId": "string",
"RootDirectory": "string",
"TransitEncryption": "string",
"TransitEncryptionPort": number
},
"Host": {
"SourcePath": "string"
},
"Name": "string"
}]
},
"AwsEfsAccessPoint": {
"AccessPointId": "string",
"Arn": "string",
"ClientToken": "string",
"FileSystemId": "string",
"PosixUser": {
"Gid": "string",
"SecondaryGids": ["string"],
"Uid": "string"
},
"RootDirectory": {
"CreationInfo": {
"OwnerGid": "string",
"OwnerUid": "string",
"Permissions": "string"
},
"Path": "string"
}
},
"AwsEksCluster": {
"Arn": "string",
"CertificateAuthorityData": "string",
"ClusterStatus": "string",
"Endpoint": "string",
"Logging": {
"ClusterLogging": [{
"Enabled": boolean,
"Types": ["string"]
}]
},
"Name": "string",
"ResourcesVpcConfig": {
"EndpointPublicAccess": boolean,
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
},
"RoleArn": "string",
"Version": "string"
},
"AwsElasticBeanstalkEnvironment": {
"ApplicationName": "string",
"Cname": "string",
"DateCreated": "string",
"DateUpdated": "string",
"Description": "string",
"EndpointUrl": "string",
"EnvironmentArn": "string",
"EnvironmentId": "string",
"EnvironmentLinks": [{
"EnvironmentName": "string",
"LinkName": "string"
}],
"EnvironmentName": "string",
"OptionSettings": [{
"Namespace": "string",
"OptionName": "string",
"ResourceName": "string",
"Value": "string"
}],
"PlatformArn": "string",
"SolutionStackName": "string",
"Status": "string",
"Tier": {
"Name": "string",
"Type": "string",
"Version": "string"
},
"VersionLabel": "string"
},
"AwsElasticSearchDomain": {
"AccessPolicies": "string",
"DomainStatus": {
"DomainId": "string",
"DomainName": "string",
"Endpoint": "string",
"Endpoints": {
"string": "string"
}
},
"DomainEndpointOptions": {
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"ElasticsearchClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"ElasticsearchVersion": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VPCOptions": {
"AvailabilityZones": [
"string"
],
"SecurityGroupIds": [
"string"
],
"SubnetIds": [
"string"
],
"VPCId": "string"
}
},
"AwsElbLoadBalancer": {
"AvailabilityZones": ["string"],
"BackendServerDescriptions": [{
"InstancePort": number,
"PolicyNames": ["string"]
}],
"CanonicalHostedZoneName": "string",
"CanonicalHostedZoneNameID": "string",
"CreatedTime": "string",
"DnsName": "string",
"HealthCheck": {
"HealthyThreshold": number,
"Interval": number,
"Target": "string",
"Timeout": number,
"UnhealthyThreshold": number
},
"Instances": [{
"InstanceId": "string"
}],
"ListenerDescriptions": [{
"Listener": {
"InstancePort": number,
"InstanceProtocol": "string",
"LoadBalancerPort": number,
"Protocol": "string",
"SslCertificateId": "string"
},
"PolicyNames": ["string"]
}],
"LoadBalancerAttributes": {
"AccessLog": {
"EmitInterval": number,
"Enabled": boolean,
"S3BucketName": "string",
"S3BucketPrefix": "string"
},
"ConnectionDraining": {
"Enabled": boolean,
"Timeout": number
},
"ConnectionSettings": {
"IdleTimeout": number
},
"CrossZoneLoadBalancing": {
"Enabled": boolean
},
"AdditionalAttributes": [{
"Key": "string",
"Value": "string"
}]
},
"LoadBalancerName": "string",
"Policies": {
"AppCookieStickinessPolicies": [{
"CookieName": "string",
"PolicyName": "string"
}],
"LbCookieStickinessPolicies": [{
"CookieExpirationPeriod": number,
"PolicyName": "string"
}],
"OtherPolicies": ["string"]
},
"Scheme": "string",
"SecurityGroups": ["string"],
"SourceSecurityGroup": {
"GroupName": "string",
"OwnerAlias": "string"
},
"Subnets": ["string"],
"VpcId": "string"
},
"AwsElbv2LoadBalancer": {
"AvailabilityZones": {
"SubnetId": "string",
"ZoneName": "string"
},
"CanonicalHostedZoneId": "string",
"CreatedTime": "string",
"DNSName": "string",
"IpAddressType": "string",
"LoadBalancerAttributes": [{
"Key": "string",
"Value": "string"
}],
"Scheme": "string",
"SecurityGroups": ["string"],
"State": {
"Code": "string",
"Reason": "string"
},
"Type": "string",
"VpcId": "string"
},
"AwsEventSchemasRegistry": {
"Description": "string",
"RegistryArn": "string",
"RegistryName": "string"
},
"AwsEventsEndpoint": {
"Arn": "string",
"Description": "string",
"EndpointId": "string",
"EndpointUrl": "string",
"EventBuses": [
{
"EventBusArn": "string"
},
{
"EventBusArn": "string"
}
],
"Name": "string",
"ReplicationConfig": {
"State": "string"
},
"RoleArn": "string",
"RoutingConfig": {
"FailoverConfig": {
"Primary": {
"HealthCheck": "string"
},
"Secondary": {
"Route": "string"
}
}
},
"State": "string"
},
"AwsEventsEventBus": {
"Arn": "string",
"Name": "string",
"Policy": "string"
},
"AwsGuardDutyDetector": {
"FindingPublishingFrequency": "string",
"ServiceRole": "string",
"Status": "string",
"DataSources": {
"CloudTrail": {
"Status": "string"
},
"DnsLogs": {
"Status": "string"
},
"FlowLogs": {
"Status": "string"
},
"S3Logs": {
"Status": "string"
},
"Kubernetes": {
"AuditLogs": {
"Status": "string"
}
},
"MalwareProtection": {
"ScanEc2InstanceWithFindings": {
"EbsVolumes": {
"Status": "string"
}
},
"ServiceRole": "string"
}
}
},
"AwsIamAccessKey": {
"AccessKeyId": "string",
"AccountId": "string",
"CreatedAt": "string",
"PrincipalId": "string",
"PrincipalName": "string",
"PrincipalType": "string",
"SessionContext": {
"Attributes": {
"CreationDate": "string",
"MfaAuthenticated": boolean
},
"SessionIssuer": {
"AccountId": "string",
"Arn": "string",
"PrincipalId": "string",
"Type": "string",
"UserName": "string"
}
},
"Status": "string"
},
"AwsIamGroup": {
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"GroupId": "string",
"GroupName": "string",
"GroupPolicyList": [{
"PolicyName": "string"
}],
"Path": "string"
},
"AwsIamPolicy": {
"AttachmentCount": number,
"CreateDate": "string",
"DefaultVersionId": "string",
"Description": "string",
"IsAttachable": boolean,
"Path": "string",
"PermissionsBoundaryUsageCount": number,
"PolicyId": "string",
"PolicyName": "string",
"PolicyVersionList": [{
"CreateDate": "string",
"IsDefaultVersion": boolean,
"VersionId": "string"
}],
"UpdateDate": "string"
},
"AwsIamRole": {
"AssumeRolePolicyDocument": "string",
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"InstanceProfileList": [{
"Arn": "string",
"CreateDate": "string",
"InstanceProfileId": "string",
"InstanceProfileName": "string",
"Path": "string",
"Roles": [{
"Arn": "string",
"AssumeRolePolicyDocument": "string",
"CreateDate": "string",
"Path": "string",
"RoleId": "string",
"RoleName": "string"
}]
}],
"MaxSessionDuration": number,
"Path": "string",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "string",
"PermissionsBoundaryType": "string"
},
"RoleId": "string",
"RoleName": "string",
"RolePolicyList": [{
"PolicyName": "string"
}]
},
"AwsIamUser": {
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"GroupList": ["string"],
"Path": "string",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "string",
"PermissionsBoundaryType": "string"
},
"UserId": "string",
"UserName": "string",
"UserPolicyList": [{
"PolicyName": "string"
}]
},
"AwsKinesisStream": {
"Arn": "string",
"Name": "string",
"RetentionPeriodHours": number,
"ShardCount": number,
"StreamEncryption": {
"EncryptionType": "string",
"KeyId": "string"
}
},
"AwsKmsKey": {
"AWSAccountId": "string",
"CreationDate": "string",
"Description": "string",
"KeyId": "string",
"KeyManager": "string",
"KeyRotationStatus": boolean,
"KeyState": "string",
"Origin": "string"
},
"AwsLambdaFunction": {
"Architectures": [
"string"
],
"Code": {
"S3Bucket": "string",
"S3Key": "string",
"S3ObjectVersion": "string",
"ZipFile": "string"
},
"CodeSha256": "string",
"DeadLetterConfig": {
"TargetArn": "string"
},
"Environment": {
"Variables": {
"Stage": "string"
},
"Error": {
"ErrorCode": "string",
"Message": "string"
}
},
"FunctionName": "string",
"Handler": "string",
"KmsKeyArn": "string",
"LastModified": "string",
"Layers": {
"Arn": "string",
"CodeSize": number
},
"PackageType": "string",
"RevisionId": "string",
"Role": "string",
"Runtime": "string",
"Timeout": integer,
"TracingConfig": {
"Mode": "string"
},
"Version": "string",
"VpcConfig": {
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
},
"MasterArn": "string",
"MemorySize": number
},
"AwsLambdaLayerVersion": {
"CompatibleRuntimes": [
"string"
],
"CreatedDate": "string",
"Version": number
},
"AwsMskCluster": {
"ClusterInfo": {
"ClientAuthentication": {
"Sasl": {
"Scram": {
"Enabled": boolean
},
"Iam": {
"Enabled": boolean
}
},
"Tls": {
"CertificateAuthorityArnList": [],
"Enabled": boolean
},
"Unauthenticated": {
"Enabled": boolean
}
},
"ClusterName": "string",
"CurrentVersion": "string",
"EncryptionInfo": {
"EncryptionAtRest": {
"DataVolumeKMSKeyId": "string"
},
"EncryptionInTransit": {
"ClientBroker": "string",
"InCluster": boolean
}
},
"EnhancedMonitoring": "string",
"NumberOfBrokerNodes": integer
}
},
"AwsNetworkFirewallFirewall": {
"DeleteProtection": boolean,
"Description": "string",
"FirewallArn": "string",
"FirewallId": "string",
"FirewallName": "string",
"FirewallPolicyArn": "string",
"FirewallPolicyChangeProtection": boolean,
"SubnetChangeProtection": boolean,
"SubnetMappings": [{
"SubnetId": "string"
}],
"VpcId": "string"
},
"AwsNetworkFirewallFirewallPolicy": {
"Description": "string",
"FirewallPolicy": {
"StatefulRuleGroupReferences": [{
"ResourceArn": "string"
}],
"StatelessCustomActions": [{
"ActionDefinition": {
"PublishMetricAction": {
"Dimensions": [{
"Value": "string"
}]
}
},
"ActionName": "string"
}],
"StatelessDefaultActions": ["string"],
"StatelessFragmentDefaultActions": ["string"],
"StatelessRuleGroupReferences": [{
"Priority": number,
"ResourceArn": "string"
}]
},
"FirewallPolicyArn": "string",
"FirewallPolicyId": "string",
"FirewallPolicyName": "string"
},
"AwsNetworkFirewallRuleGroup": {
"Capacity": number,
"Description": "string",
"RuleGroup": {
"RulesSource": {
"RulesSourceList": {
"GeneratedRulesType": "string",
"Targets": ["string"],
"TargetTypes": ["string"]
},
"RulesString": "string",
"StatefulRules": [{
"Action": "string",
"Header": {
"Destination": "string",
"DestinationPort": "string",
"Direction": "string",
"Protocol": "string",
"Source": "string",
"SourcePort": "string"
},
"RuleOptions": [{
"Keyword": "string",
"Settings": ["string"]
}]
}],
"StatelessRulesAndCustomActions": {
"CustomActions": [{
"ActionDefinition": {
"PublishMetricAction": {
"Dimensions": [{
"Value": "string"
}]
}
},
"ActionName": "string"
}],
"StatelessRules": [{
"Priority": number,
"RuleDefinition": {
"Actions": ["string"],
"MatchAttributes": {
"DestinationPorts": [{
"FromPort": number,
"ToPort": number
}],
"Destinations": [{
"AddressDefinition": "string"
}],
"Protocols": [number],
"SourcePorts": [{
"FromPort": number,
"ToPort": number
}],
"Sources": [{
"AddressDefinition": "string"
}],
"TcpFlags": [{
"Flags": ["string"],
"Masks": ["string"]
}]
}
}
}]
}
},
"RuleVariables": {
"IpSets": {
"Definition": ["string"]
},
"PortSets": {
"Definition": ["string"]
}
}
},
"RuleGroupArn": "string",
"RuleGroupId": "string",
"RuleGroupName": "string",
"Type": "string"
},
"AwsOpenSearchServiceDomain": {
"AccessPolicies": "string",
"AdvancedSecurityOptions": {
"Enabled": boolean,
"InternalUserDatabaseEnabled": boolean,
"MasterUserOptions": {
"MasterUserArn": "string",
"MasterUserName": "string",
"MasterUserPassword": "string"
}
},
"Arn": "string",
"ClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"WarmCount": number,
"WarmEnabled": boolean,
"WarmType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"DomainEndpoint": "string",
"DomainEndpointOptions": {
"CustomEndpoint": "string",
"CustomEndpointCertificateArn": "string",
"CustomEndpointEnabled": boolean,
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"DomainEndpoints": {
"string": "string"
},
"DomainName": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"EngineVersion": "string",
"Id": "string",
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"OptionalDeployment": boolean,
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VpcOptions": {
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
}
},
"AwsRdsDbCluster": {
"ActivityStreamStatus": "string",
"AllocatedStorage": number,
"AssociatedRoles": [{
"RoleArn": "string",
"Status": "string"
}],
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZones": ["string"],
"BackupRetentionPeriod": integer,
"ClusterCreateTime": "string",
"CopyTagsToSnapshot": boolean,
"CrossAccountClone": boolean,
"CustomEndpoints": ["string"],
"DatabaseName": "string",
"DbClusterIdentifier": "string",
"DbClusterMembers": [{
"DbClusterParameterGroupStatus": "string",
"DbInstanceIdentifier": "string",
"IsClusterWriter": boolean,
"PromotionTier": integer
}],
"DbClusterOptionGroupMemberships": [{
"DbClusterOptionGroupName": "string",
"Status": "string"
}],
"DbClusterParameterGroup": "string",
"DbClusterResourceId": "string",
"DbSubnetGroup": "string",
"DeletionProtection": boolean,
"DomainMemberships": [{
"Domain": "string",
"Fqdn": "string",
"IamRoleName": "string",
"Status": "string"
}],
"EnabledCloudwatchLogsExports": ["string"],
"Endpoint": "string",
"Engine": "string",
"EngineMode": "string",
"EngineVersion": "string",
"HostedZoneId": "string",
"HttpEndpointEnabled": boolean,
"IamDatabaseAuthenticationEnabled": boolean,
"KmsKeyId": "string",
"MasterUsername": "string",
"MultiAz": boolean,
"Port": integer,
"PreferredBackupWindow": "string",
"PreferredMaintenanceWindow": "string",
"ReaderEndpoint": "string",
"ReadReplicaIdentifiers": ["string"],
"Status": "string",
"StorageEncrypted": boolean,
"VpcSecurityGroups": [{
"Status": "string",
"VpcSecurityGroupId": "string"
}]
},
"AwsRdsDbClusterSnapshot": {
"AllocatedStorage": integer,
"AvailabilityZones": ["string"],
"ClusterCreateTime": "string",
"DbClusterIdentifier": "string",
"DbClusterSnapshotAttributes": [{
"AttributeName": "string",
"AttributeValues": ["string"]
}],
"DbClusterSnapshotIdentifier": "string",
"Engine": "string",
"EngineVersion": "string",
"IamDatabaseAuthenticationEnabled": boolean,
"KmsKeyId": "string",
"LicenseModel": "string",
"MasterUsername": "string",
"PercentProgress": integer,
"Port": integer,
"SnapshotCreateTime": "string",
"SnapshotType": "string",
"Status": "string",
"StorageEncrypted": boolean,
"VpcId": "string"
},
"AwsRdsDbInstance": {
"AllocatedStorage": number,
"AssociatedRoles": [{
"RoleArn": "string",
"FeatureName": "string",
"Status": "string"
}],
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZone": "string",
"BackupRetentionPeriod": number,
"CACertificateIdentifier": "string",
"CharacterSetName": "string",
"CopyTagsToSnapshot": boolean,
"DBClusterIdentifier": "string",
"DBInstanceClass": "string",
"DBInstanceIdentifier": "string",
"DbInstancePort": number,
"DbInstanceStatus": "string",
"DbiResourceId": "string",
"DBName": "string",
"DbParameterGroups": [{
"DbParameterGroupName": "string",
"ParameterApplyStatus": "string"
}],
"DbSecurityGroups": ["string"],
"DbSubnetGroup": {
"DbSubnetGroupArn": "string",
"DbSubnetGroupDescription": "string",
"DbSubnetGroupName": "string",
"SubnetGroupStatus": "string",
"Subnets": [{
"SubnetAvailabilityZone": {
"Name": "string"
},
"SubnetIdentifier": "string",
"SubnetStatus": "string"
}],
"VpcId": "string"
},
"DeletionProtection": boolean,
"Endpoint": {
"Address": "string",
"Port": number,
"HostedZoneId": "string"
},
"DomainMemberships": [{
"Domain": "string",
"Fqdn": "string",
"IamRoleName": "string",
"Status": "string"
}],
"EnabledCloudwatchLogsExports": ["string"],
"Engine": "string",
"EngineVersion": "string",
"EnhancedMonitoringResourceArn": "string",
"IAMDatabaseAuthenticationEnabled": boolean,
"InstanceCreateTime": "string",
"Iops": number,
"KmsKeyId": "string",
"LatestRestorableTime": "string",
"LicenseModel": "string",
"ListenerEndpoint": {
"Address": "string",
"HostedZoneId": "string",
"Port": number
},
"MasterUsername": "admin",
"MaxAllocatedStorage": number,
"MonitoringInterval": number,
"MonitoringRoleArn": "string",
"MultiAz": boolean,
"OptionGroupMemberships": [{
"OptionGroupName": "string",
"Status": "string"
}],
"PendingModifiedValues": {
"AllocatedStorage": number,
"BackupRetentionPeriod": number,
"CaCertificateIdentifier": "string",
"DbInstanceClass": "string",
"DbInstanceIdentifier": "string",
"DbSubnetGroupName": "string",
"EngineVersion": "string",
"Iops": number,
"LicenseModel": "string",
"MasterUserPassword": "string",
"MultiAZ": boolean,
"PendingCloudWatchLogsExports": {
"LogTypesToDisable": ["string"],
"LogTypesToEnable": ["string"]
},
"Port": number,
"ProcessorFeatures": [{
"Name": "string",
"Value": "string"
}],
"StorageType": "string"
},
"PerformanceInsightsEnabled": boolean,
"PerformanceInsightsKmsKeyId": "string",
"PerformanceInsightsRetentionPeriod": number,
"PreferredBackupWindow": "string",
"PreferredMaintenanceWindow": "string",
"ProcessorFeatures": [{
"Name": "string",
"Value": "string"
}],
"PromotionTier": number,
"PubliclyAccessible": boolean,
"ReadReplicaDBClusterIdentifiers": ["string"],
"ReadReplicaDBInstanceIdentifiers": ["string"],
"ReadReplicaSourceDBInstanceIdentifier": "string",
"SecondaryAvailabilityZone": "string",
"StatusInfos": [{
"Message": "string",
"Normal": boolean,
"Status": "string",
"StatusType": "string"
}],
"StorageEncrypted": boolean,
"TdeCredentialArn": "string",
"Timezone": "string",
"VpcSecurityGroups": [{
"VpcSecurityGroupId": "string",
"Status": "string"
}]
},
"AwsRdsDbSecurityGroup": {
"DbSecurityGroupArn": "string",
"DbSecurityGroupDescription": "string",
"DbSecurityGroupName": "string",
"Ec2SecurityGroups": [{
"Ec2SecurityGroupuId": "string",
"Ec2SecurityGroupName": "string",
"Ec2SecurityGroupOwnerId": "string",
"Status": "string"
}],
"IpRanges": [{
"CidrIp": "string",
"Status": "string"
}],
"OwnerId": "string",
"VpcId": "string"
},
"AwsRdsDbSnapshot": {
"AllocatedStorage": integer,
"AvailabilityZone": "string",
"DbInstanceIdentifier": "string",
"DbiResourceId": "string",
"DbSnapshotIdentifier": "string",
"Encrypted": boolean,
"Engine": "string",
"EngineVersion": "string",
"IamDatabaseAuthenticationEnabled": boolean,
"InstanceCreateTime": "string",
"Iops": number,
"KmsKeyId": "string",
"LicenseModel": "string",
"MasterUsername": "string",
"OptionGroupName": "string",
"PercentProgress": integer,
"Port": integer,
"ProcessorFeatures": [],
"SnapshotCreateTime": "string",
"SnapshotType": "string",
"SourceDbSnapshotIdentifier": "string",
"SourceRegion": "string",
"Status": "string",
"StorageType": "string",
"TdeCredentialArn": "string",
"Timezone": "string",
"VpcId": "string"
},
"AwsRdsEventSubscription": {
"CustomerAwsId": "string",
"CustSubscriptionId": "string",
"Enabled": boolean,
"EventCategoriesList": ["string"],
"EventSubscriptionArn": "string",
"SnsTopicArn": "string",
"SourceIdsList": ["string"],
"SourceType": "string",
"Status": "string",
"SubscriptionCreationTime": "string"
},
"AwsRedshiftCluster": {
"AllowVersionUpgrade": boolean,
"AutomatedSnapshotRetentionPeriod": number,
"AvailabilityZone": "string",
"ClusterAvailabilityStatus": "string",
"ClusterCreateTime": "string",
"ClusterIdentifier": "string",
"ClusterNodes": [{
"NodeRole": "string",
"PrivateIPAddress": "string",
"PublicIPAddress": "string"
}],
"ClusterParameterGroups": [{
"ClusterParameterStatusList": [{
"ParameterApplyErrorDescription": "string",
"ParameterApplyStatus": "string",
"ParameterName": "string"
}],
"ParameterApplyStatus": "string",
"ParameterGroupName": "string"
}],
"ClusterPublicKey": "string",
"ClusterRevisionNumber": "string",
"ClusterSecurityGroups": [{
"ClusterSecurityGroupName": "string",
"Status": "string"
}],
"ClusterSnapshotCopyStatus": {
"DestinationRegion": "string",
"ManualSnapshotRetentionPeriod": number,
"RetentionPeriod": number,
"SnapshotCopyGrantName": "string"
},
"ClusterStatus": "string",
"ClusterSubnetGroupName": "string",
"ClusterVersion": "string",
"DBName": "string",
"DeferredMaintenanceWindows": [{
"DeferMaintenanceEndTime": "string",
"DeferMaintenanceIdentifier": "string",
"DeferMaintenanceStartTime": "string"
}],
"ElasticIpStatus": {
"ElasticIp": "string",
"Status": "string"
},
"ElasticResizeNumberOfNodeOptions": "string",
"Encrypted": boolean,
"Endpoint": {
"Address": "string",
"Port": number
},
"EnhancedVpcRouting": boolean,
"ExpectedNextSnapshotScheduleTime": "string",
"ExpectedNextSnapshotScheduleTimeStatus": "string",
"HsmStatus": {
"HsmClientCertificateIdentifier": "string",
"HsmConfigurationIdentifier": "string",
"Status": "string"
},
"IamRoles": [{
"ApplyStatus": "string",
"IamRoleArn": "string"
}],
"KmsKeyId": "string",
"LoggingStatus":{
"BucketName": "string",
"LastFailureMessage": "string",
"LastFailureTime": "string",
"LastSuccessfulDeliveryTime": "string",
"LoggingEnabled": boolean,
"S3KeyPrefix": "string"
},
"MaintenanceTrackName": "string",
"ManualSnapshotRetentionPeriod": number,
"MasterUsername": "string",
"NextMaintenanceWindowStartTime": "string",
"NodeType": "string",
"NumberOfNodes": number,
"PendingActions": ["string"],
"PendingModifiedValues": {
"AutomatedSnapshotRetentionPeriod": number,
"ClusterIdentifier": "string",
"ClusterType": "string",
"ClusterVersion": "string",
"EncryptionType": "string",
"EnhancedVpcRouting": boolean,
"MaintenanceTrackName": "string",
"MasterUserPassword": "string",
"NodeType": "string",
"NumberOfNodes": number,
"PubliclyAccessible": "string"
},
"PreferredMaintenanceWindow": "string",
"PubliclyAccessible": boolean,
"ResizeInfo": {
"AllowCancelResize": boolean,
"ResizeType": "string"
},
"RestoreStatus": {
"CurrentRestoreRateInMegaBytesPerSecond": number,
"ElapsedTimeInSeconds": number,
"EstimatedTimeToCompletionInSeconds": number,
"ProgressInMegaBytes": number,
"SnapshotSizeInMegaBytes": number,
"Status": "string"
},
"SnapshotScheduleIdentifier": "string",
"SnapshotScheduleState": "string",
"VpcId": "string",
"VpcSecurityGroups": [{
"Status": "string",
"VpcSecurityGroupId": "string"
}]
},
"AwsRoute53HostedZone": {
"HostedZone": {
"Id": "string",
"Name": "string",
"Config": {
"Comment": "string"
}
},
"NameServers": ["string"],
"QueryLoggingConfig": {
"CloudWatchLogsLogGroupArn": {
"CloudWatchLogsLogGroupArn": "string",
"Id": "string",
"HostedZoneId": "string"
}
},
"Vpcs": [
{
"Id": "string",
"Region": "string"
}
]
},
"AwsS3AccessPoint": {
"AccessPointArn": "string",
"Alias": "string",
"Bucket": "string",
"BucketAccountId": "string",
"Name": "string",
"NetworkOrigin": "string",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"VpcConfiguration": {
"VpcId": "string"
}
},
"AwsS3AccountPublicAccessBlock": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"AwsS3Bucket": {
"AccessControlList": "string",
"BucketLifecycleConfiguration": {
"Rules": [{
"AbortIncompleteMultipartUpload": {
"DaysAfterInitiation": number
},
"ExpirationDate": "string",
"ExpirationInDays": number,
"ExpiredObjectDeleteMarker": boolean,
"Filter": {
"Predicate": {
"Operands": [{
"Prefix": "string",
"Type": "string"
},
{
"Tag": {
"Key": "string",
"Value": "string"
},
"Type": "string"
}
],
"Type": "string"
}
},
"Id": "string",
"NoncurrentVersionExpirationInDays": number,
"NoncurrentVersionTransitions": [{
"Days": number,
"StorageClass": "string"
}],
"Prefix": "string",
"Status": "string",
"Transitions": [{
"Date": "string",
"Days": number,
"StorageClass": "string"
}]
}]
},
"BucketLoggingConfiguration": {
"DestinationBucketName": "string",
"LogFilePrefix": "string"
},
"BucketName": "string",
"BucketNotificationConfiguration": {
"Configurations": [{
"Destination": "string",
"Events": ["string"],
"Filter": {
"S3KeyFilter": {
"FilterRules": [{
"Name": "string",
"Value": "string"
}]
}
},
"Type": "string"
}]
},
"BucketVersioningConfiguration": {
"IsMfaDeleteEnabled": boolean,
"Status": "string"
},
"BucketWebsiteConfiguration": {
"ErrorDocument": "string",
"IndexDocumentSuffix": "string",
"RedirectAllRequestsTo": {
"HostName": "string",
"Protocol": "string"
},
"RoutingRules": [{
"Condition": {
"HttpErrorCodeReturnedEquals": "string",
"KeyPrefixEquals": "string"
},
"Redirect": {
"HostName": "string",
"HttpRedirectCode": "string",
"Protocol": "string",
"ReplaceKeyPrefixWith": "string",
"ReplaceKeyWith": "string"
}
}]
},
"CreatedAt": "string",
"ObjectLockConfiguration": {
"ObjectLockEnabled": "string",
"Rule": {
"DefaultRetention": {
"Days": integer,
"Mode": "string",
"Years": integer
}
}
},
"OwnerAccountId": "string",
"OwnerId": "string",
"OwnerName": "string",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"ServerSideEncryptionConfiguration": {
"Rules": [{
"ApplyServerSideEncryptionByDefault": {
"KMSMasterKeyID": "string",
"SSEAlgorithm": "string"
}
}]
}
},
"AwsS3Object": {
"ContentType": "string",
"ETag": "string",
"LastModified": "string",
"ServerSideEncryption": "string",
"SSEKMSKeyId": "string",
"VersionId": "string"
},
"AwsSagemakerNotebookInstance": {
"DirectInternetAccess": "string",
"InstanceMetadataServiceConfiguration": {
"MinimumInstanceMetadataServiceVersion": "string"
},
"InstanceType": "string",
"LastModifiedTime": "string",
"NetworkInterfaceId": "string",
"NotebookInstanceArn": "string",
"NotebookInstanceName": "string",
"NotebookInstanceStatus": "string",
"PlatformIdentifier": "string",
"RoleArn": "string",
"RootAccess": "string",
"SecurityGroups": ["string"],
"SubnetId": "string",
"Url": "string",
"VolumeSizeInGB": number
},
"AwsSecretsManagerSecret": {
"Deleted": boolean,
"Description": "string",
"KmsKeyId": "string",
"Name": "string",
"RotationEnabled": boolean,
"RotationLambdaArn": "string",
"RotationOccurredWithinFrequency": boolean,
"RotationRules": {
"AutomaticallyAfterDays": integer
}
},
"AwsSnsTopic": {
"ApplicationSuccessFeedbackRoleArn": "string",
"FirehoseFailureFeedbackRoleArn": "string",
"FirehoseSuccessFeedbackRoleArn": "string",
"HttpFailureFeedbackRoleArn": "string",
"HttpSuccessFeedbackRoleArn": "string",
"KmsMasterKeyId": "string",
"Owner": "string",
"SqsFailureFeedbackRoleArn": "string",
"SqsSuccessFeedbackRoleArn": "string",
"Subscription": {
"Endpoint": "string",
"Protocol": "string"
},
"TopicName": "string"
},
"AwsSqsQueue": {
"DeadLetterTargetArn": "string",
"KmsDataKeyReusePeriodSeconds": number,
"KmsMasterKeyId": "string",
"QueueName": "string"
},
"AwsSsmPatchCompliance": {
"Patch": {
"ComplianceSummary": {
"ComplianceType": "string",
"CompliantCriticalCount": integer,
"CompliantHighCount": integer,
"CompliantInformationalCount": integer,
"CompliantLowCount": integer,
"CompliantMediumCount": integer,
"CompliantUnspecifiedCount": integer,
"ExecutionType": "string",
"NonCompliantCriticalCount": integer,
"NonCompliantHighCount": integer,
"NonCompliantInformationalCount": integer,
"NonCompliantLowCount": integer,
"NonCompliantMediumCount": integer,
"NonCompliantUnspecifiedCount": integer,
"OverallSeverity": "string",
"PatchBaselineId": "string",
"PatchGroup": "string",
"Status": "string"
}
}
},
"AwsStepFunctionStateMachine": {
"StateMachineArn": "string",
"Name": "string",
"Status": "string",
"RoleArn": "string",
"Type": "string",
"LoggingConfiguration": {
"Level": "string",
"IncludeExecutionData": boolean
},
"TracingConfiguration": {
"Enabled": boolean
}
},
"AwsWafRateBasedRule": {
"MatchPredicates": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"MetricName": "string",
"Name": "string",
"RateKey": "string",
"RateLimit": number,
"RuleId": "string"
},
"AwsWafRegionalRateBasedRule": {
"MatchPredicates": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"MetricName": "string",
"Name": "string",
"RateKey": "string",
"RateLimit": number,
"RuleId": "string"
},
"AwsWafRegionalRule": {
"MetricName": "string",
"Name": "string",
"RuleId": "string",
"PredicateList": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}]
},
"AwsWafRegionalRuleGroup": {
"MetricName": "string",
"Name": "string",
"RuleGroupId": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}]
},
"AwsWafRegionalWebAcl": {
"DefaultAction": "string",
"MetricName" : "string",
"Name": "string",
"RulesList" : [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string",
"ExcludedRules": [{
"ExclusionType": "string",
"RuleId": "string"
}],
"OverrideAction": {
"Type": "string"
}
}],
"WebAclId": "string"
},
"AwsWafRule": {
"MetricName": "string",
"Name": "string",
"PredicateList": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"RuleId": "string"
},
"AwsWafRuleGroup": {
"MetricName": "string",
"Name": "string",
"RuleGroupId": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}]
},
"AwsWafv2RuleGroup": {
"Arn": "string",
"Capacity": number,
"Description": "string",
"Id": "string",
"Name": "string",
"Rules": [{
"Action": {
"Allow": {
"CustomRequestHandling": {
"InsertHeaders": [
{
"Name": "string",
"Value": "string"
},
{
"Name": "string",
"Value": "string"
}
]
}
}
},
"Name": "string",
"Priority": number,
"VisibilityConfig": {
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string",
"SampledRequestsEnabled": boolean
}
}],
"VisibilityConfig": {
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string",
"SampledRequestsEnabled": boolean
}
},
"AwsWafWebAcl": {
"DefaultAction": "string",
"Name": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"ExcludedRules": [{
"RuleId": "string"
}],
"OverrideAction": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}],
"WebAclId": "string"
},
"AwsWafv2WebAcl": {
"Arn": "string",
"Capacity": number,
"CaptchaConfig": {
"ImmunityTimeProperty": {
"ImmunityTime": number
}
},
"DefaultAction": {
"Block": {}
},
"Description": "string",
"ManagedbyFirewallManager": boolean,
"Name": "string",
"Rules": [{
"Action": {
"RuleAction": {
"Block": {}
}
},
"Name": "string",
"Priority": number,
"VisibilityConfig": {
"SampledRequestsEnabled": boolean,
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string"
}
}],
"VisibilityConfig": {
"SampledRequestsEnabled": boolean,
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string"
}
},
"AwsXrayEncryptionConfig": {
"KeyId": "string",
"Status": "string",
"Type": "string"
},
"CodeRepository": {
"CodeSecurityIntegrationArn": "string",
"ProjectName": "string",
"ProviderType": "string"
},
"Container": {
"ContainerRuntime": "string",
"ImageId": "string",
"ImageName": "string",
"LaunchedAt": "string",
"Name": "string",
"Privileged": boolean,
"VolumeMounts": [{
"Name": "string",
"MountPath": "string"
}]
},
"Other": {
"string": "string"
},
"Id": "string",
"Partition": "string",
"Region": "string",
"ResourceRole": "string",
"Tags": {
"string": "string"
},
"Type": "string"
}],
"SchemaVersion": "string",
"Severity": {
"Label": "string",
"Normalized": number,
"Original": "string"
},
"Sample": boolean,
"SourceUrl": "string",
"Threats": [{
"FilePaths": [{
"FileName": "string",
"FilePath": "string",
"Hash": "string",
"ResourceId": "string"
}],
"ItemCount": number,
"Name": "string",
"Severity": "string"
}],
"ThreatIntelIndicators": [{
"Category": "string",
"LastObservedAt": "string",
"Source": "string",
"SourceUrl": "string",
"Type": "string",
"Value": "string"
}],
"Title": "string",
"Types": ["string"],
"UpdatedAt": "string",
"UserDefinedFields": {
"string": "string"
},
"VerificationState": "string",
"Vulnerabilities": [{
"CodeVulnerabilities": [{
"Cwes": [
"string",
"string"
],
"FilePath": {
"EndLine": integer,
"FileName": "string",
"FilePath": "string",
"StartLine": integer
},
"SourceArn":"string"
}],
"Cvss": [{
"Adjustments": [{
"Metric": "string",
"Reason": "string"
}],
"BaseScore": number,
"BaseVector": "string",
"Source": "string",
"Version": "string"
}],
"EpssScore": number,
"ExploitAvailable": "string",
"FixAvailable": "string",
"Id": "string",
"LastKnownExploitAt": "string",
"ReferenceUrls": ["string"],
"RelatedVulnerabilities": ["string"],
"Vendor": {
"Name": "string",
"Url": "string",
"VendorCreatedAt": "string",
"VendorSeverity": "string",
"VendorUpdatedAt": "string"
},
"VulnerablePackages": [{
"Architecture": "string",
"Epoch": "string",
"FilePath": "string",
"FixedInVersion": "string",
"Name": "string",
"PackageManager": "string",
"Release": "string",
"Remediation": "string",
"SourceLayerArn": "string",
"SourceLayerHash": "string",
"Version": "string"
}]
}],
"Workflow": {
"Status": "string"
},
"WorkflowState": "string"
}
]
```
# 合并对 ASFF 字段和值的影响
AWS Security Hub CSPM 为控制提供了两种类型的整合:
+ **整合控件视图** – 通过这种类型的整合,每个控件在所有标准中都有一个标识符。此外,在 Security Hub CSPM 控制台上,**控件**页面显示所有标准的所有控件。
+ **整合的控件调查发现** – 通过这种整合,Security Hub CSPM 可以为控件生成一个调查发现,即使该控件适用于多个已启用标准也是如此。这样可以减少调查发现噪音。
您无法启用或禁用整合控件视图。如果您在 2023 年 2 月 23 日当天或之后启用 Security Hub CSPM,则默认情况下会启用整合的控件调查发现。否则,默认情况下禁用。但是,对于组织,只有当为管理员账户启用整合的控件调查发现时,Security Hub CSPM 成员帐户才能启用该功能。要了解有关整合的控件调查发现的更多信息,请参阅[生成和更新控件调查发现](controls-findings-create-update.md)。
这两种类型的整合都会影响 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md) 安全调查发现格式(ASFF)中控件调查发现的字段和值。
**Topics**
+ [整合的控件视图——ASFF 变更](#securityhub-findings-format-consolidated-controls-view)
+ [整合的控件调查发现——ASFF 的变化](#securityhub-findings-format-consolidated-control-findings)
+ [启用整合控制结果 IDs 之前和之后的生成器](#securityhub-findings-format-changes-generator-ids)
+ [整合如何影响控制权 IDs 和所有权](#securityhub-findings-format-changes-ids-titles)
+ [更新工作流以进行整合。](#securityhub-findings-format-changes-prepare)
## 整合的控件视图——ASFF 变更
整合的控件视图功能对 ASFF 中的控件调查发现的字段和值进行了以下更改。如果您的工作流不依赖于这些 ASFF 字段的值,则无需执行任何操作。如果有工作流依赖于这些字段的特定值,请更新工作流以使用当前值。
| ASFF 字段 | 整合的控件视图之前的样本值 | 整合的控件视图后的样本值以及更改描述 |
| --- | --- | --- |
| 合规。 SecurityControlId | 不适用(新字段) | EC2.2 引入各类标准的单一控件 ID。`ProductFields.RuleId` 仍然为 CIS v1.2.0 控件提供基于标准的控件 ID。`ProductFields.ControlId` 仍然为其他标准中的控件提供基于标准的控件 ID。 |
| 合规。 AssociatedStandards | 不适用(新字段) | [\$1” StandardsId “:” standards/aws-foundational-security-best-practices/v /1.0.0 “\$1] 显示启用控件的标准。 |
| ProductFields。 ArchivalReasons:0/描述 | 不适用(新字段) | “调查发现处于已存档状态,因为整合的控件调查发现已开启或关闭。这会导致在生成新调查发现时存档先前状态的调查发现。” 描述 Security Hub CSPM 为何对现有调查发现进行存档。 |
| ProductFields。 ArchivalReasons:0/ ReasonCode | 不适用(新字段) | "CONSOLIDATED\$1CONTROL\$1FINDINGS\$1UPDATE" 提供 Security Hub CSPM 存档现有调查发现的原因。 |
| ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此字段不再引用标准。 |
| Remediation.Recommendation.Text | “有关如何解决此问题的说明,请查阅 Sec AWS urity Hub CSPM PCI DSS 文档。” | “有关如何更正此问题的说明,请参阅 Sec AWS urity Hub CSPM 控制文档。” 此字段不再引用标准。 |
| Remediation.Recommendation.Url | https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此字段不再引用标准。 |
## 整合的控件调查发现——ASFF 的变化
如果您启用整合的控件调查发现,则可能会受到 ASFF 中的控件调查发现的字段和值的以下更改影响。这些更改是对整合的控件视图功能引入的更改的补充。如果您的工作流不依赖于这些 ASFF 字段的值,则无需执行任何操作。如果有工作流依赖于这些字段的特定值,请更新工作流以使用当前值。
**提示**
如果您在 [AWS v2.0.0 上使用自动安全响应](https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/)解决方案,请注意它支持整合的控制结果。这意味着,如果您启用整合的控件调查发现,则可以保持当前的工作流。
| ASFF 字段 | 启用整合的控件调查发现之前的示例值 | 启用整合的控件调查发现后的示例值和更改的描述 |
| --- | --- | --- |
| GeneratorId | aws-foundational-security-best-practices/v/1.0.0/Config .1 | security-control/Config.1 此字段不再引用标准。 |
| 标题 | 应该启用 pci.config.1 AWS Config | AWS Config 应该启用 该字段将不再引用特定于标准的信息。 |
| Id | arn: aws: securityhub: eu-central-1:123456789012:6d6a26-a156-48f0-9403-115983e5a956 subscription/pci-dss/v/3.2.1/PCI.IAM.5/finding/ab | arn: aws: securityhub: eu-central-1:123456789012: security-6d6a26-a156-48f0-9403-115983e5a956 control/iam.9/finding/ab 此字段不再引用标准。 |
| ProductFields.ControlId | PCI.EC2.2 | 已删除。请改而参阅 `Compliance.SecurityControlId`。 该字段已被删除,取而代之的是单一的、与标准无关的控制 ID。 |
| ProductFields.RuleId | 1.3 | 已删除。请改而参阅 `Compliance.SecurityControlId`。 该字段已被删除,取而代之的是单一的、与标准无关的控制 ID。 |
| 说明 | 此 PCI DSS 控件检查当前账户和地区 AWS Config 是否已启用。 | 此 AWS 控件检查当前账户和区域中 AWS Config 是否已启用。此字段不再引用标准。 |
| 严重性 | "Severity": \$1 “产品”:90, “标签”:“重大”, “标准化”:90, “原始”:“重大” \$1 | "Severity": \$1 “标签”:“重大”, “标准化”:90, “原始”:“重大” \$1 Security Hub CSPM 将不再使用“产品”字段描述调查发现的严重性。 |
| 类型 | [“软件、配置 Checks/Industry 和监管标准/PCI-DSS”] | [“软件和配置 Checks/Industry 及监管标准”] 此字段不再引用标准。 |
| 合规。 RelatedRequirements | ["PCI DSS 10.5.2", "PCI DSS 11.5", “独联体 AWS 基金会 2.5"] | ["PCI DSS v3.2.1/10.5.2", "PCI DSS v3.2.1/11.5", “独联体 AWS 基金会基准测试 v1.2.0/2.5"] 该字段将显示所有启用标准中的相关要求。 |
| CreatedAt | 2022-05-05T08:18:13.138Z | 2022-09-25T08:18:13.138Z 格式将保持不变,但是当您打开整合的控件调查发现时,值将重置。 |
| FirstObservedAt | 2022-05-07T08:18:13.138Z | 2022-09-28T08:18:13.138Z 格式将保持不变,但是当您打开整合的控件调查发现时,值将重置。 |
| ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation | 已删除。请改而参阅 `Remediation.Recommendation.Url`。 |
| ProductFields.StandardsArn | arn: aws: securityhub:: /1.0.0 standards/aws-foundational-security-best-practices/v | 已删除。请改而参阅 `Compliance.AssociatedStandards`。 |
| ProductFields.StandardsControlArn | arn: aws: securityhub: us-east-1:123456789012: .1 control/aws-foundational-security-best-practices/v/1.0.0/Config | 已删除。Security Hub CSPM 针对各标准的安全检查生成调查发现。 |
| ProductFields.StandardsGuideArn | arn: aws: securityhub:: /1.2.0 ruleset/cis-aws-foundations-benchmark/v | 已删除。请改而参阅 `Compliance.AssociatedStandards`。 |
| ProductFields.StandardsGuideSubscriptionArn | arn: aws: securityhub: us-east-2:123456789012: /1.2.0 subscription/cis-aws-foundations-benchmark/v | 已删除。Security Hub CSPM 针对各标准的安全检查生成调查发现。 |
| ProductFields.StandardsSubscriptionArn | arn: aws: securityhub: us-east-1:123456789012: /1.0.0 subscription/aws-foundational-security-best-practices/v | 已删除。Security Hub CSPM 针对各标准的安全检查生成调查发现。 |
| ProductFields.aws/securityhub/FindingId | arn: aws: securityhub: us-east-1:: /751c2173-7372-4e12-8656-a5210dfb1dfb1d67 product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/Config.1/finding | arn: aws: securityhub: us-east-1:: /751c2173-7372-4e12-8656-a5210dfb1dfb1d67 product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:security-control/Config.1/finding 此字段不再引用标准。 |
### 启用整合的控件调查发现后,客户提供的 ASFF 字段的值
如果您启用整合的控件调查发现,Security Hub CSPM 会生成一个各类标准的调查发现并存档原始调查发现(每个标准都有单独的调查发现)。
使用 Security Hub CSPM 控制台或 [https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html) 操作对原始调查发现所做的更新将不会保留在新调查发现中。如有必要,您可以参考存档的调查发现来恢复此数据。要查看已存档的调查发现,您可以使用 Security Hub CSPM 控制台上的**调查发现**页面,并将**记录状态**筛选条件设置为 **ARCHIVED**。或者,您可以使用 Security Hub CSPM API 的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html) 操作。
| 客户提供的 ASFF 字段 | 启用整合的控件调查发现后的更改的描述 |
| --- | --- |
| 置信度 | 重置为空状态。 |
| 严重性 | 重置为空状态。 |
| 备注 | 重置为空状态。 |
| RelatedFindings | 重置为空状态。 |
| 严重性 | 调查发现的默认严重性(与控件的严重性相匹配)。 |
| 类型 | 重置为与标准无关的值。 |
| UserDefinedFields | 重置为空状态。 |
| VerificationState | 重置为空状态。 |
| 工作流 | 新的失败调查发现的默认值为 NEW。新通过的调查发现的默认值为 RESOLVED。 |
## 启用整合控制结果 IDs 之前和之后的生成器
下表列出了启用整合的控件调查发现时控件的生成器 ID 值的变化。这些更改适用于自 2023 年 2 月 15 日起 Security Hub CSPM 支持的控件。
| 启用整合的控件调查发现之前的生成器 ID | 启用整合的控件调查发现之后的生成器 ID |
| --- | --- |
| arn: aws: securityhub:: /1.1 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .1 CloudWatch |
| arn: aws: securityhub:: /1.10 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.16 |
| arn: aws: securityhub:: /1.11 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.17 |
| arn: aws: securityhub:: /1.12 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.4 |
| arn: aws: securityhub:: /1.13 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.9 |
| arn: aws: securityhub:: /1.14 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.6 |
| arn: aws: securityhub:: /1.16 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.2 |
| arn: aws: securityhub:: /1.2 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.5 |
| arn: aws: securityhub:: /1.20 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.18 |
| arn: aws: securityhub:: /1.22 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.1 |
| arn: aws: securityhub::: /1.3 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.8 |
| arn: aws: securityhub:: /1.4 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.3 |
| arn: aws: securityhub:: /1.5 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.11 |
| arn: aws: securityhub:: /1.6 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.12 |
| arn: aws: securityhub::: /1.7 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.13 |
| arn: aws: securityhub:: /1.8 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.14 |
| arn: aws: securityhub:: /1.9 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/IAM.15 |
| arn: aws: securityhub:: /2.1 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .1 CloudTrail |
| arn: aws: securityhub:: /2.2 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .4 CloudTrail |
| arn: aws: securityhub:: /2.3 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .6 CloudTrail |
| arn: aws: securityhub:: /2.4 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .5 CloudTrail |
| arn: aws: securityhub::: /2.5 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/Config.1 |
| arn: aws: securityhub:: /2.6 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .7 CloudTrail |
| arn: aws: securityhub:: /2.7 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .2 CloudTrail |
| arn: aws: securityhub::: /2.8 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/KMS.4 |
| arn: aws: securityhub:: /2.9 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/EC2.6 |
| arn: aws: securityhub:: /3.1 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .2 CloudWatch |
| arn: aws: securityhub:: /3.2 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .3 CloudWatch |
| arn: aws: securityhub:: /3.3 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .1 CloudWatch |
| arn: aws: securityhub:: /3.4 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .4 CloudWatch |
| arn: aws: securityhub::: /3.5 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .5 CloudWatch |
| arn: aws: securityhub:: /3.6 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .6 CloudWatch |
| arn: aws: securityhub:: /3.7 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .7 CloudWatch |
| arn: aws: securityhub:: /3.8 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .8 CloudWatch |
| arn: aws: securityhub:: /3.9 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .9 CloudWatch |
| arn: aws: securityhub:: /3.10 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .10 CloudWatch |
| arn: aws: securityhub:: /3.11 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .11 CloudWatch |
| arn: aws: securityhub::: /3.12 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .12 CloudWatch |
| arn: aws: securityhub:: /3.13 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .13 CloudWatch |
| arn: aws: securityhub:: /3.14 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | 安全控制/ .14 CloudWatch |
| arn: aws: securityhub:: /4.1 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/EC2.13 |
| arn: aws: securityhub::: /4.2 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/EC2.14 |
| arn: aws: securityhub:: /4.3 ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule | security-control/EC2.2 |
| cis-aws-foundations-benchmark/v/1.4.0/1.10 | security-control/IAM.5 |
| cis-aws-foundations-benchmark/v/1.4.0/1.14 | security-control/IAM.3 |
| cis-aws-foundations-benchmark/v/1.4.0/1.16 | security-control/IAM.1 |
| cis-aws-foundations-benchmark/v/1.4.0/1.17 | security-control/IAM.18 |
| cis-aws-foundations-benchmark/v/1.4.0/1.4 | security-control/IAM.4 |
| cis-aws-foundations-benchmark/v/1.4.0/1.5 | security-control/IAM.9 |
| cis-aws-foundations-benchmark/v/1.4.0/1.6 | security-control/IAM.6 |
| cis-aws-foundations-benchmark/v/1.4.0/1.7 | 安全控制/ .1 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/1.8 | security-control/IAM.15 |
| cis-aws-foundations-benchmark/v/1.4.0/1.9 | security-control/IAM.16 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.2 | security-control/S3.5 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.5.1 | security-control/S3.1 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.5.2 | security-control/S3.8 |
| cis-aws-foundations-benchmark/v/1.4.0/2.2.1 | security-control/EC2.7 |
| cis-aws-foundations-benchmark/v/1.4.0/2.3.1 | security-control/RDS.3 |
| cis-aws-foundations-benchmark/v/1.4.0/3.1 | 安全控制/ .1 CloudTrail |
| cis-aws-foundations-benchmark/v/1.4.0/3.2 | 安全控制/ .4 CloudTrail |
| cis-aws-foundations-benchmark/v/1.4.0/3.4 | 安全控制/ .5 CloudTrail |
| cis-aws-foundations-benchmark/v/1.4.0/3.5 | security-control/Config.1 |
| cis-aws-foundations-benchmark/v/1.4.0/3.6 | security-control/S3.9 |
| cis-aws-foundations-benchmark/v/1.4.0/3.7 | 安全控制/ .2 CloudTrail |
| cis-aws-foundations-benchmark/v/1.4.0/3.8 | security-control/KMS.4 |
| cis-aws-foundations-benchmark/v/1.4.0/3.9 | security-control/EC2.6 |
| cis-aws-foundations-benchmark/v/1.4.0/4.3 | 安全控制/ .1 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.4 | 安全控制/ .4 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.5 | 安全控制/ .5 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.6 | 安全控制/ .6 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.7 | 安全控制/ .7 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.8 | 安全控制/ .8 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.9 | 安全控制/ .9 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.10 | 安全控制/ .10 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.11 | 安全控制/ .11 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.12 | 安全控制/ .12 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.13 | 安全控制/ .13 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/4.14 | 安全控制/ .14 CloudWatch |
| cis-aws-foundations-benchmark/v/1.4.0/5.1 | security-control/EC2.21 |
| cis-aws-foundations-benchmark/v/1.4.0/5.3 | security-control/EC2.2 |
| aws-foundational-security-best-practices/v/1.0.0/Account .1 | security-control/Account.1 |
| aws-foundational-security-best-practices/v/1.0.0/ACM .1 | security-control/ACM.1 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .1 | 安全控制/ .1 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .2 | 安全控制/ .2 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .3 | 安全控制/ .3 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .4 | 安全控制/ .4 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .5 | 安全控制/ .5 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .8 | 安全控制/ .8 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway .9 | 安全控制/ .9 APIGateway |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling .1 | 安全控制/ .1 AutoScaling |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling .2 | 安全控制/ .2 AutoScaling |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling .3 | 安全控制/ .3 AutoScaling |
| aws-foundational-security-best-practices/v/1.0.0/Autoscaling .5 | security-control/Autoscaling.5 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling .6 | 安全控制/ .6 AutoScaling |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling .9 | 安全控制/ .9 AutoScaling |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .1 | 安全控制/ .1 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .3 | 安全控制/ .3 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .4 | 安全控制/ .4 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .5 | 安全控制/ .5 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .6 | 安全控制/ .6 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .7 | 安全控制/ .7 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .8 | 安全控制/ .8 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .9 | 安全控制/ .9 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .10 | 安全控制/ .10 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront .12 | 安全控制/ .12 CloudFront |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail .1 | 安全控制/ .1 CloudTrail |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail .2 | 安全控制/ .2 CloudTrail |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail .4 | 安全控制/ .4 CloudTrail |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail .5 | 安全控制/ .5 CloudTrail |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild .1 | 安全控制/ .1 CodeBuild |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild .2 | 安全控制/ .2 CodeBuild |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild .3 | 安全控制/ .3 CodeBuild |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild .4 | 安全控制/ .4 CodeBuild |
| aws-foundational-security-best-practices/v/1.0.0/Config .1 | security-control/Config.1 |
| aws-foundational-security-best-practices/v/1.0.0/DMS .1 | security-control/DMS.1 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB .1 | security-control/DynamoDB.1 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB .2 | security-control/DynamoDB.2 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB .3 | security-control/DynamoDB.3 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.1 | security-control/EC2.1 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.3 | security-control/EC2.3 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.4 | security-control/EC2.4 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.6 | security-control/EC2.6 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.7 | security-control/EC2.7 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.8 | security-control/EC2.8 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.9 | security-control/EC2.9 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.10 | security-control/EC2.10 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.15 | security-control/EC2.15 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.16 | security-control/EC2.16 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.17 | security-control/EC2.17 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.18 | security-control/EC2.18 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.19 | security-control/EC2.19 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.2 | security-control/EC2.2 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.20 | security-control/EC2.20 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.21 | security-control/EC2.21 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.23 | security-control/EC2.23 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.24 | security-control/EC2.24 |
| aws-foundational-security-best-practices/v/1.0.0/EC 2.25 | security-control/EC2.25 |
| aws-foundational-security-best-practices/v/1.0.0/ECR .1 | security-control/ECR.1 |
| aws-foundational-security-best-practices/v/1.0.0/ECR .2 | security-control/ECR.2 |
| aws-foundational-security-best-practices/v/1.0.0/ECR .3 | security-control/ECR.3 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .1 | security-control/ECS.1 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .10 | security-control/ECS.10 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .12 | security-control/ECS.12 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .2 | security-control/ECS.2 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .3 | security-control/ECS.3 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .4 | security-control/ECS.4 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .5 | security-control/ECS.5 |
| aws-foundational-security-best-practices/v/1.0.0/ECS .8 | security-control/ECS.8 |
| aws-foundational-security-best-practices/v/1.0.0/EFS .1 | security-control/EFS.1 |
| aws-foundational-security-best-practices/v/1.0.0/EFS .2 | security-control/EFS.2 |
| aws-foundational-security-best-practices/v/1.0.0/EFS .3 | security-control/EFS.3 |
| aws-foundational-security-best-practices/v/1.0.0/EFS .4 | security-control/EFS.4 |
| aws-foundational-security-best-practices/v/1.0.0/EKS .2 | security-control/EKS.2 |
| aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk .1 | 安全控制/ .1 ElasticBeanstalk |
| aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk .2 | 安全控制/ .2 ElasticBeanstalk |
| aws-foundational-security-best-practices/v/1.0.0/ELBv 2.1 | security-control/ELB.1 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .2 | security-control/ELB.2 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .3 | security-control/ELB.3 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .4 | security-control/ELB.4 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .5 | security-control/ELB.5 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .6 | security-control/ELB.6 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .7 | security-control/ELB.7 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .8 | security-control/ELB.8 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .9 | security-control/ELB.9 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .10 | security-control/ELB.10 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .11 | security-control/ELB.11 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .12 | security-control/ELB.12 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .13 | security-control/ELB.13 |
| aws-foundational-security-best-practices/v/1.0.0/ELB .14 | security-control/ELB.14 |
| aws-foundational-security-best-practices/v/1.0.0/EMR .1 | security-control/EMR.1 |
| aws-foundational-security-best-practices/v/1.0.0/ES .1 | security-control/ES.1 |
| aws-foundational-security-best-practices/v/1.0.0/ES .2 | security-control/ES.2 |
| aws-foundational-security-best-practices/v/1.0.0/ES .3 | security-control/ES.3 |
| aws-foundational-security-best-practices/v/1.0.0/ES .4 | security-control/ES.4 |
| aws-foundational-security-best-practices/v/1.0.0/ES .5 | security-control/ES.5 |
| aws-foundational-security-best-practices/v/1.0.0/ES .6 | security-control/ES.6 |
| aws-foundational-security-best-practices/v/1.0.0/ES .7 | security-control/ES.7 |
| aws-foundational-security-best-practices/v/1.0.0/ES .8 | security-control/ES.8 |
| aws-foundational-security-best-practices/v/1.0.0/GuardDuty .1 | 安全控制/ .1 GuardDuty |
| aws-foundational-security-best-practices/v/1.0.0/IAM .1 | security-control/IAM.1 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .2 | security-control/IAM.2 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .21 | security-control/IAM.21 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .3 | security-control/IAM.3 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .4 | security-control/IAM.4 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .5 | security-control/IAM.5 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .6 | security-control/IAM.6 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .7 | security-control/IAM.7 |
| aws-foundational-security-best-practices/v/1.0.0/IAM .8 | security-control/IAM.8 |
| aws-foundational-security-best-practices/v/1.0.0/Kinesis .1 | security-control/Kinesis.1 |
| aws-foundational-security-best-practices/v/1.0.0/KMS .1 | security-control/KMS.1 |
| aws-foundational-security-best-practices/v/1.0.0/KMS .2 | security-control/KMS.2 |
| aws-foundational-security-best-practices/v/1.0.0/KMS .3 | security-control/KMS.3 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda .1 | security-control/Lambda.1 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda .2 | security-control/Lambda.2 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda .5 | security-control/Lambda.5 |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall .3 | 安全控制/ .3 NetworkFirewall |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall .4 | 安全控制/ .4 NetworkFirewall |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall .5 | 安全控制/ .5 NetworkFirewall |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall .6 | 安全控制/ .6 NetworkFirewall |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .1 | security-control/Opensearch.1 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .2 | security-control/Opensearch.2 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .3 | security-control/Opensearch.3 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .4 | security-control/Opensearch.4 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .5 | security-control/Opensearch.5 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .6 | security-control/Opensearch.6 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .7 | security-control/Opensearch.7 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch .8 | security-control/Opensearch.8 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .1 | security-control/RDS.1 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .10 | security-control/RDS.10 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .11 | security-control/RDS.11 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .12 | security-control/RDS.12 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .13 | security-control/RDS.13 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .14 | security-control/RDS.14 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .15 | security-control/RDS.15 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .16 | security-control/RDS.16 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .17 | security-control/RDS.17 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .19 | security-control/RDS.19 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .2 | security-control/RDS.2 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .20 | security-control/RDS.20 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .21 | security-control/RDS.21 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .22 | security-control/RDS.22 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .23 | security-control/RDS.23 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .24 | security-control/RDS.24 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .25 | security-control/RDS.25 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .3 | security-control/RDS.3 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .4 | security-control/RDS.4 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .5 | security-control/RDS.5 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .6 | security-control/RDS.6 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .7 | security-control/RDS.7 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .8 | security-control/RDS.8 |
| aws-foundational-security-best-practices/v/1.0.0/RDS .9 | security-control/RDS.9 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .1 | security-control/Redshift.1 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .2 | security-control/Redshift.2 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .3 | security-control/Redshift.3 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .4 | security-control/Redshift.4 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .6 | security-control/Redshift.6 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .7 | security-control/Redshift.7 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .8 | security-control/Redshift.8 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift .9 | security-control/Redshift.9 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.1 | security-control/S3.1 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.12 | security-control/S3.12 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.13 | security-control/S3.13 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.2 | security-control/S3.2 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.3 | security-control/S3.3 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.5 | security-control/S3.5 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.6 | security-control/S3.6 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.8 | security-control/S3.8 |
| aws-foundational-security-best-practices/v/1.0.0/S 3.9 | security-control/S3.9 |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker .1 | 安全控制/ .1 SageMaker |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker .2 | 安全控制/ .2 SageMaker |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker .3 | 安全控制/ .3 SageMaker |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager .1 | 安全控制/ .1 SecretsManager |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager .2 | 安全控制/ .2 SecretsManager |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager .3 | 安全控制/ .3 SecretsManager |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager .4 | 安全控制/ .4 SecretsManager |
| aws-foundational-security-best-practices/v/1.0.0/SQS .1 | security-control/SQS.1 |
| aws-foundational-security-best-practices/v/1.0.0/SSM .1 | security-control/SSM.1 |
| aws-foundational-security-best-practices/v/1.0.0/SSM .2 | security-control/SSM.2 |
| aws-foundational-security-best-practices/v/1.0.0/SSM .3 | security-control/SSM.3 |
| aws-foundational-security-best-practices/v/1.0.0/SSM .4 | security-control/SSM.4 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .1 | security-control/WAF.1 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .2 | security-control/WAF.2 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .3 | security-control/WAF.3 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .4 | security-control/WAF.4 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .6 | security-control/WAF.6 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .7 | security-control/WAF.7 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .8 | security-control/WAF.8 |
| aws-foundational-security-best-practices/v/1.0.0/WAF .10 | security-control/WAF.10 |
| pci-dss/v/3.2.1/PCI。 AutoScaling.1 | 安全控制/ .1 AutoScaling |
| pci-dss/v/3.2.1/PCI。 CloudTrail.1 | 安全控制/ .2 CloudTrail |
| pci-dss/v/3.2.1/PCI。 CloudTrail.2 | 安全控制/ .3 CloudTrail |
| pci-dss/v/3.2.1/PCI。 CloudTrail.3 | 安全控制/ .4 CloudTrail |
| pci-dss/v/3.2.1/PCI。 CloudTrail.4 | 安全控制/ .5 CloudTrail |
| pci-dss/v/3.2.1/PCI。 CodeBuild.1 | 安全控制/ .1 CodeBuild |
| pci-dss/v/3.2.1/PCI。 CodeBuild.2 | 安全控制/ .2 CodeBuild |
| pci-dss/v/3.2.1/PCI .Config.1 | security-control/Config.1 |
| pci-.CW.1 dss/v/3.2.1/PCI | 安全控制/ .1 CloudWatch |
| pci-dss/v/3.2.1/PCI .DMS.1 | security-control/DMS.1 |
| pci-.EC2.1 dss/v/3.2.1/PCI | security-control/EC2.1 |
| pci-.ec2.2 dss/v/3.2.1/PCI | security-control/EC2.2 |
| pci-.ec2.4 dss/v/3.2.1/PCI | security-control/EC2.12 |
| pci-.EC2.5 dss/v/3.2.1/PCI | security-control/EC2.13 |
| pci-.ec2.6 dss/v/3.2.1/PCI | security-control/EC2.6 |
| pci-dss/v/3.2.1/PCI。 ELBv2.1 | security-control/ELB.1 |
| pci-.ES.1 dss/v/3.2.1/PCI | security-control/ES.2 |
| pci-.ES.2 dss/v/3.2.1/PCI | security-control/ES.1 |
| pci-dss/v/3.2.1/PCI。 GuardDuty.1 | 安全控制/ .1 GuardDuty |
| pci-.IAM.1 dss/v/3.2.1/PCI | security-control/IAM.4 |
| pci-.IAM.2 dss/v/3.2.1/PCI | security-control/IAM.2 |
| pci-.IAM.3 dss/v/3.2.1/PCI | security-control/IAM.1 |
| pci-.IAM.4 dss/v/3.2.1/PCI | security-control/IAM.6 |
| pci-.IAM.5 dss/v/3.2.1/PCI | security-control/IAM.9 |
| pci-.IAM.6 dss/v/3.2.1/PCI | security-control/IAM.19 |
| pci-.IAM.7 dss/v/3.2.1/PCI | security-control/IAM.8 |
| pci-.IAM.8 dss/v/3.2.1/PCI | security-control/IAM.10 |
| pci-dss/v/3.2.1/PCI .KMS.1 | security-control/KMS.4 |
| pci-dss/v/3.2.1/PCI .Lambda.1 | security-control/Lambda.1 |
| pci-dss/v/3.2.1/PCI .Lambda.2 | security-control/Lambda.3 |
| pci-dss/v/3.2.1/PCI .Opensearch.1 | security-control/Opensearch.2 |
| pci-dss/v/3.2.1/PCI .Opensearch.2 | security-control/Opensearch.1 |
| pci-dss/v/3.2.1/PCI .rds.1 | security-control/RDS.1 |
| pci-dss/v/3.2.1/PCI .rds.2 | security-control/RDS.2 |
| pci-dss/v/3.2.1/PCI .redshift.1 | security-control/Redshift.1 |
| pci-dss/v/3.2.1/PCI .s3.1 | security-control/S3.3 |
| pci-dss/v/3.2.1/PCI .s3.2 | security-control/S3.2 |
| pci-dss/v/3.2.1/PCI .s3.3 | security-control/S3.7 |
| pci-dss/v/3.2.1/PCI .s3.5 | security-control/S3.5 |
| pci-dss/v/3.2.1/PCI .s3.6 | security-control/S3.1 |
| pci-dss/v/3.2.1/PCI。 SageMaker.1 | 安全控制/ .1 SageMaker |
| pci-dss/v/3.2.1/PCI .SSM.1 | security-control/SSM.2 |
| pci-dss/v/3.2.1/PCI .SSM.2 | security-control/SSM.3 |
| pci-dss/v/3.2.1/PCI .SSM.3 | security-control/SSM.1 |
| service-managed-aws-control-tower/v/1.0.0/ACM .1 | security-control/ACM.1 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway .1 | 安全控制/ .1 APIGateway |
| service-managed-aws-control-tower/v/1.0.0/APIGateway .2 | 安全控制/ .2 APIGateway |
| service-managed-aws-control-tower/v/1.0.0/APIGateway .3 | 安全控制/ .3 APIGateway |
| service-managed-aws-control-tower/v/1.0.0/APIGateway .4 | 安全控制/ .4 APIGateway |
| service-managed-aws-control-tower/v/1.0.0/APIGateway .5 | 安全控制/ .5 APIGateway |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .1 | 安全控制/ .1 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .2 | 安全控制/ .2 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .3 | 安全控制/ .3 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .4 | 安全控制/ .4 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/Autoscaling .5 | security-control/Autoscaling.5 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .6 | 安全控制/ .6 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling .9 | 安全控制/ .9 AutoScaling |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail .1 | 安全控制/ .1 CloudTrail |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail .2 | 安全控制/ .2 CloudTrail |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail .4 | 安全控制/ .4 CloudTrail |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail .5 | 安全控制/ .5 CloudTrail |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild .1 | 安全控制/ .1 CodeBuild |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild .2 | 安全控制/ .2 CodeBuild |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild .4 | 安全控制/ .4 CodeBuild |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild .5 | 安全控制/ .5 CodeBuild |
| service-managed-aws-control-tower/v/1.0.0/DMS .1 | security-control/DMS.1 |
| service-managed-aws-control-tower/v/1.0.0/DynamoDB .1 | security-control/DynamoDB.1 |
| service-managed-aws-control-tower/v/1.0.0/DynamoDB .2 | security-control/DynamoDB.2 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.1 | security-control/EC2.1 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.2 | security-control/EC2.2 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.3 | security-control/EC2.3 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.4 | security-control/EC2.4 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.6 | security-control/EC2.6 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.7 | security-control/EC2.7 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.8 | security-control/EC2.8 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.9 | security-control/EC2.9 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.10 | security-control/EC2.10 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.15 | security-control/EC2.15 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.16 | security-control/EC2.16 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.17 | security-control/EC2.17 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.18 | security-control/EC2.18 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.19 | security-control/EC2.19 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.20 | security-control/EC2.20 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.21 | security-control/EC2.21 |
| service-managed-aws-control-tower/v/1.0.0/EC 2.22 | security-control/EC2.22 |
| service-managed-aws-control-tower/v/1.0.0/ECR .1 | security-control/ECR.1 |
| service-managed-aws-control-tower/v/1.0.0/ECR .2 | security-control/ECR.2 |
| service-managed-aws-control-tower/v/1.0.0/ECR .3 | security-control/ECR.3 |
| service-managed-aws-control-tower/v/1.0.0/ECS .1 | security-control/ECS.1 |
| service-managed-aws-control-tower/v/1.0.0/ECS .2 | security-control/ECS.2 |
| service-managed-aws-control-tower/v/1.0.0/ECS .3 | security-control/ECS.3 |
| service-managed-aws-control-tower/v/1.0.0/ECS .4 | security-control/ECS.4 |
| service-managed-aws-control-tower/v/1.0.0/ECS .5 | security-control/ECS.5 |
| service-managed-aws-control-tower/v/1.0.0/ECS .8 | security-control/ECS.8 |
| service-managed-aws-control-tower/v/1.0.0/ECS .10 | security-control/ECS.10 |
| service-managed-aws-control-tower/v/1.0.0/ECS .12 | security-control/ECS.12 |
| service-managed-aws-control-tower/v/1.0.0/EFS .1 | security-control/EFS.1 |
| service-managed-aws-control-tower/v/1.0.0/EFS .2 | security-control/EFS.2 |
| service-managed-aws-control-tower/v/1.0.0/EFS .3 | security-control/EFS.3 |
| service-managed-aws-control-tower/v/1.0.0/EFS .4 | security-control/EFS.4 |
| service-managed-aws-control-tower/v/1.0.0/EKS .2 | security-control/EKS.2 |
| service-managed-aws-control-tower/v/1.0.0/ELB .2 | security-control/ELB.2 |
| service-managed-aws-control-tower/v/1.0.0/ELB .3 | security-control/ELB.3 |
| service-managed-aws-control-tower/v/1.0.0/ELB .4 | security-control/ELB.4 |
| service-managed-aws-control-tower/v/1.0.0/ELB .5 | security-control/ELB.5 |
| service-managed-aws-control-tower/v/1.0.0/ELB .6 | security-control/ELB.6 |
| service-managed-aws-control-tower/v/1.0.0/ELB .7 | security-control/ELB.7 |
| service-managed-aws-control-tower/v/1.0.0/ELB .8 | security-control/ELB.8 |
| service-managed-aws-control-tower/v/1.0.0/ELB .9 | security-control/ELB.9 |
| service-managed-aws-control-tower/v/1.0.0/ELB .10 | security-control/ELB.10 |
| service-managed-aws-control-tower/v/1.0.0/ELB .12 | security-control/ELB.12 |
| service-managed-aws-control-tower/v/1.0.0/ELB .13 | security-control/ELB.13 |
| service-managed-aws-control-tower/v/1.0.0/ELB .14 | security-control/ELB.14 |
| service-managed-aws-control-tower/v/1.0.0/ELBv 2.1 | 安全控制/ .1 ELBv2 |
| service-managed-aws-control-tower/v/1.0.0/EMR .1 | security-control/EMR.1 |
| service-managed-aws-control-tower/v/1.0.0/ES .1 | security-control/ES.1 |
| service-managed-aws-control-tower/v/1.0.0/ES .2 | security-control/ES.2 |
| service-managed-aws-control-tower/v/1.0.0/ES .3 | security-control/ES.3 |
| service-managed-aws-control-tower/v/1.0.0/ES .4 | security-control/ES.4 |
| service-managed-aws-control-tower/v/1.0.0/ES .5 | security-control/ES.5 |
| service-managed-aws-control-tower/v/1.0.0/ES .6 | security-control/ES.6 |
| service-managed-aws-control-tower/v/1.0.0/ES .7 | security-control/ES.7 |
| service-managed-aws-control-tower/v/1.0.0/ES .8 | security-control/ES.8 |
| service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk .1 | 安全控制/ .1 ElasticBeanstalk |
| service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk .2 | 安全控制/ .2 ElasticBeanstalk |
| service-managed-aws-control-tower/v/1.0.0/GuardDuty .1 | 安全控制/ .1 GuardDuty |
| service-managed-aws-control-tower/v/1.0.0/IAM .1 | security-control/IAM.1 |
| service-managed-aws-control-tower/v/1.0.0/IAM .2 | security-control/IAM.2 |
| service-managed-aws-control-tower/v/1.0.0/IAM .3 | security-control/IAM.3 |
| service-managed-aws-control-tower/v/1.0.0/IAM .4 | security-control/IAM.4 |
| service-managed-aws-control-tower/v/1.0.0/IAM .5 | security-control/IAM.5 |
| service-managed-aws-control-tower/v/1.0.0/IAM .6 | security-control/IAM.6 |
| service-managed-aws-control-tower/v/1.0.0/IAM .7 | security-control/IAM.7 |
| service-managed-aws-control-tower/v/1.0.0/IAM .8 | security-control/IAM.8 |
| service-managed-aws-control-tower/v/1.0.0/IAM .21 | security-control/IAM.21 |
| service-managed-aws-control-tower/v/1.0.0/Kinesis .1 | security-control/Kinesis.1 |
| service-managed-aws-control-tower/v/1.0.0/KMS .1 | security-control/KMS.1 |
| service-managed-aws-control-tower/v/1.0.0/KMS .2 | security-control/KMS.2 |
| service-managed-aws-control-tower/v/1.0.0/KMS .3 | security-control/KMS.3 |
| service-managed-aws-control-tower/v/1.0.0/Lambda .1 | security-control/Lambda.1 |
| service-managed-aws-control-tower/v/1.0.0/Lambda .2 | security-control/Lambda.2 |
| service-managed-aws-control-tower/v/1.0.0/Lambda .5 | security-control/Lambda.5 |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall .3 | 安全控制/ .3 NetworkFirewall |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall .4 | 安全控制/ .4 NetworkFirewall |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall .5 | 安全控制/ .5 NetworkFirewall |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall .6 | 安全控制/ .6 NetworkFirewall |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .1 | security-control/Opensearch.1 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .2 | security-control/Opensearch.2 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .3 | security-control/Opensearch.3 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .4 | security-control/Opensearch.4 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .5 | security-control/Opensearch.5 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .6 | security-control/Opensearch.6 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .7 | security-control/Opensearch.7 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch .8 | security-control/Opensearch.8 |
| service-managed-aws-control-tower/v/1.0.0/RDS .1 | security-control/RDS.1 |
| service-managed-aws-control-tower/v/1.0.0/RDS .2 | security-control/RDS.2 |
| service-managed-aws-control-tower/v/1.0.0/RDS .3 | security-control/RDS.3 |
| service-managed-aws-control-tower/v/1.0.0/RDS .4 | security-control/RDS.4 |
| service-managed-aws-control-tower/v/1.0.0/RDS .5 | security-control/RDS.5 |
| service-managed-aws-control-tower/v/1.0.0/RDS .6 | security-control/RDS.6 |
| service-managed-aws-control-tower/v/1.0.0/RDS .8 | security-control/RDS.8 |
| service-managed-aws-control-tower/v/1.0.0/RDS .9 | security-control/RDS.9 |
| service-managed-aws-control-tower/v/1.0.0/RDS .10 | security-control/RDS.10 |
| service-managed-aws-control-tower/v/1.0.0/RDS .11 | security-control/RDS.11 |
| service-managed-aws-control-tower/v/1.0.0/RDS .13 | security-control/RDS.13 |
| service-managed-aws-control-tower/v/1.0.0/RDS .17 | security-control/RDS.17 |
| service-managed-aws-control-tower/v/1.0.0/RDS .18 | security-control/RDS.18 |
| service-managed-aws-control-tower/v/1.0.0/RDS .19 | security-control/RDS.19 |
| service-managed-aws-control-tower/v/1.0.0/RDS .20 | security-control/RDS.20 |
| service-managed-aws-control-tower/v/1.0.0/RDS .21 | security-control/RDS.21 |
| service-managed-aws-control-tower/v/1.0.0/RDS .22 | security-control/RDS.22 |
| service-managed-aws-control-tower/v/1.0.0/RDS .23 | security-control/RDS.23 |
| service-managed-aws-control-tower/v/1.0.0/RDS .25 | security-control/RDS.25 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .1 | security-control/Redshift.1 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .2 | security-control/Redshift.2 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .4 | security-control/Redshift.4 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .6 | security-control/Redshift.6 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .7 | security-control/Redshift.7 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .8 | security-control/Redshift.8 |
| service-managed-aws-control-tower/v/1.0.0/Redshift .9 | security-control/Redshift.9 |
| service-managed-aws-control-tower/v/1.0.0/S 3.1 | security-control/S3.1 |
| service-managed-aws-control-tower/v/1.0.0/S 3.2 | security-control/S3.2 |
| service-managed-aws-control-tower/v/1.0.0/S 3.3 | security-control/S3.3 |
| service-managed-aws-control-tower/v/1.0.0/S 3.5 | security-control/S3.5 |
| service-managed-aws-control-tower/v/1.0.0/S 3.6 | security-control/S3.6 |
| service-managed-aws-control-tower/v/1.0.0/S 3.8 | security-control/S3.8 |
| service-managed-aws-control-tower/v/1.0.0/S 3.9 | security-control/S3.9 |
| service-managed-aws-control-tower/v/1.0.0/S 3.12 | security-control/S3.12 |
| service-managed-aws-control-tower/v/1.0.0/S 3.13 | security-control/S3.13 |
| service-managed-aws-control-tower/v/1.0.0/SageMaker .1 | 安全控制/ .1 SageMaker |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager .1 | 安全控制/ .1 SecretsManager |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager .2 | 安全控制/ .2 SecretsManager |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager .3 | 安全控制/ .3 SecretsManager |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager .4 | 安全控制/ .4 SecretsManager |
| service-managed-aws-control-tower/v/1.0.0/SQS .1 | security-control/SQS.1 |
| service-managed-aws-control-tower/v/1.0.0/SSM .1 | security-control/SSM.1 |
| service-managed-aws-control-tower/v/1.0.0/SSM .2 | security-control/SSM.2 |
| service-managed-aws-control-tower/v/1.0.0/SSM .3 | security-control/SSM.3 |
| service-managed-aws-control-tower/v/1.0.0/SSM .4 | security-control/SSM.4 |
| service-managed-aws-control-tower/v/1.0.0/WAF .2 | security-control/WAF.2 |
| service-managed-aws-control-tower/v/1.0.0/WAF .3 | security-control/WAF.3 |
| service-managed-aws-control-tower/v/1.0.0/WAF .4 | security-control/WAF.4 |
## 整合如何影响控制权 IDs 和所有权
整合的控制视图和整合的控制结果标准化了跨标准的控制 IDs 和标题。*安全控件 ID* 和*安全控件标题*这两个术语是指这些与标准无关的值。
无论您的账户启用还是禁用了整合控制结果,Security Hub CSPM 控制台都会显示与标准无关的安全控制 IDs 和安全控制标题。但是,如果您的账户禁用了整合的控件调查发现,则 Security Hub CSPM 调查发现包含针对 PCI DSS 和 CIS v1.2.0 的特定于标准的控件标题。此外,Security Hub CSPM 调查发现包含特定于标准的控件 ID 和安全控件 ID。有关整合如何影响控件调查发现的示例,请参阅[控件调查发现示例](sample-control-findings.md)。
对于属于 [AWS Control Tower 服务托管标准](service-managed-standard-aws-control-tower.md)一部分的控件,启用整合的控件调查发现后,将从调查发现的控件 ID 和标题中删除前缀 `CT.`。
要在 Security Hub CSPM 中禁用安全控件,必须禁用与该安全控件对应的所有标准控件。下表显示了安全控制 IDs 和标题与特定标准的控制和标题的映射 IDs 。 IDs 而且,属于 AWS 基础安全最佳实践 (FSBP) 标准的控件的标题已经与标准无关。有关控件与 Center for Internet Security(CIS)v3.0.0 要求的映射,请参阅 [将控件映射到每个版本中的 CIS 要求](cis-aws-foundations-benchmark.md#cis-version-comparison)。要在此表上运行您自己的脚本,您可以[将其下载为 .csv 文件](samples/Consolidation_ID_Title_Changes.csv.zip)。
| 标准 | 标准控件 ID 和标题 | 安全控件 ID 和标题 |
| --- | --- | --- |
| CIS v1.2.0 | 1.1 避免使用根用户 | [[CloudWatch.1] “root” 用户应有日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-1) |
| CIS v1.2.0 | 1.10 确保 IAM 密码策略阻止重复使用密码 | [[IAM.16] 确保 IAM 密码策略阻止重复使用密码](iam-controls.md#iam-16) |
| CIS v1.2.0 | 1.11 确保 IAM 密码策略使密码在 90 天或更短时间内失效 | [[IAM.17] 确保 IAM 密码策略使密码在 90 天或更短时间内失效](iam-controls.md#iam-17) |
| CIS v1.2.0 | 1.12 确保不存在根用户访问密钥 | [[IAM.4] 不应存在 IAM 根用户访问密钥](iam-controls.md#iam-4) |
| CIS v1.2.0 | 1.13 确保为根用户启用 MFA | [[IAM.9] 应为根用户启用 MFA](iam-controls.md#iam-9) |
| CIS v1.2.0 | 1.14 确保为根用户启用硬件 MFA | [[IAM.6] 应该为根用户启用硬件 MFA](iam-controls.md#iam-6) |
| CIS v1.2.0 | 1.16 确保 IAM policy 仅附加到组或角色 | [[IAM.2] IAM 用户不应附加 IAM policy](iam-controls.md#iam-2) |
| CIS v1.2.0 | 1.2 确保为拥有控制台密码的所有 IAM 用户启用多重身份验证(MFA) | [[IAM.5] 应为拥有控制台密码的所有 IAM 用户启用 MFA](iam-controls.md#iam-5) |
| CIS v1.2.0 | 1.20 确保创建支持角色来管理涉及 支持的事务 | [[IAM.18] 确保已创建支持角色来管理事件 AWS 支持](iam-controls.md#iam-18) |
| CIS v1.2.0 | 1.22 确保未创建允许完全“\$1.\$1”管理权限的 IAM policy | [[IAM.1] IAM policy 不应允许完整的“\$1”管理权限](iam-controls.md#iam-1) |
| CIS v1.2.0 | 1.3 确保禁用 90 天或更长时间未使用的凭证 | [[IAM.8] 应移除未使用的 IAM 用户凭证](iam-controls.md#iam-8) |
| CIS v1.2.0 | 1.4 确保访问密钥每 90 天或更短时间轮换一次 | [[IAM.3] IAM 用户访问密钥应每 90 天或更短时间轮换一次](iam-controls.md#iam-3) |
| CIS v1.2.0 | 1.5 确保 IAM 密码策略要求包含至少一个大写字母 | [[IAM.11] 确保 IAM 密码策略要求包含至少一个大写字母](iam-controls.md#iam-11) |
| CIS v1.2.0 | 1.6 确保 IAM 密码策略要求包含至少一个小写字母 | [[IAM.12] 确保 IAM 密码策略要求包含至少一个小写字母](iam-controls.md#iam-12) |
| CIS v1.2.0 | 1.7 确保 IAM 密码策略要求包含至少一个符号 | [[IAM.13] 确保 IAM 密码策略要求包含至少一个符号](iam-controls.md#iam-13) |
| CIS v1.2.0 | 1.8 确保 IAM 密码策略要求包含至少一个数字 | [[IAM.14] 确保 IAM 密码策略要求包含至少一个数字](iam-controls.md#iam-14) |
| CIS v1.2.0 | 1.9 确保 IAM 密码策略要求最短密码长度不低于 14 | [[IAM.15] 确保 IAM 密码策略要求最短密码长度不低于 14](iam-controls.md#iam-15) |
| CIS v1.2.0 | 2.1 确保 CloudTrail 在所有地区都已启用 | [[CloudTrail.1] CloudTrail 应启用并配置至少一条包含读写管理事件的多区域跟踪](cloudtrail-controls.md#cloudtrail-1) |
| CIS v1.2.0 | 2.2 确保已启用 CloudTrail 日志文件验证 | [[CloudTrail.4] 应启用 CloudTrail 日志文件验证](cloudtrail-controls.md#cloudtrail-4) |
| CIS v1.2.0 | 2.3 确保用于存储 CloudTrail 日志的 S3 存储桶不可公开访问 | [[CloudTrail.6] 确保用于存储 CloudTrail 日志的 S3 存储桶不可公开访问](cloudtrail-controls.md#cloudtrail-6) |
| CIS v1.2.0 | 2.4 确保 CloudTrail 跟踪与 CloudWatch 日志集成 | [[CloudTrail.5] 应将 CloudTrail 跟踪与 Amazon CloudWatch 日志集成](cloudtrail-controls.md#cloudtrail-5) |
| CIS v1.2.0 | 2.5 确保 AWS Config 已启用 | [AWS Config 应启用 [Config.1] 并使用服务相关角色进行资源记录](config-controls.md#config-1) |
| CIS v1.2.0 | 2.6 确保在 S3 存储桶上启用 CloudTrail S3 存储桶访问日志记录 | [[CloudTrail.7] 确保在 S3 存储桶上启用 S CloudTrail 3 存储桶访问日志记录](cloudtrail-controls.md#cloudtrail-7) |
| CIS v1.2.0 | 2.7 确保使用 KMS 对 CloudTrail 日志进行静态加密 CMKs | [[CloudTrail.2] CloudTrail 应该启用静态加密](cloudtrail-controls.md#cloudtrail-2) |
| CIS v1.2.0 | 2.8 确保为创建的客户 CMKs 启用轮换 | [[KMS.4] 应启用 AWS KMS 密钥轮换](kms-controls.md#kms-4) |
| CIS v1.2.0 | 2.9 确保全部启用 VPC 流量记录 VPCs | [[EC2.6] 应全部启用 VPC 流量记录 VPCs](ec2-controls.md#ec2-6) |
| CIS v1.2.0 | 3.1 确保存在关于未经授权的 API 调用的日志指标筛选条件和警报 | [[CloudWatch.2] 确保存在针对未经授权的 API 调用的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-2) |
| CIS v1.2.0 | 3.10 确保存在关于安全组更改的日志指标筛选条件和警报 | [[CloudWatch.10] 确保存在针对安全组更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-10) |
| CIS v1.2.0 | 3.11 确保存在关于网络访问控制列表(NACL)更改的日志指标筛选条件和警报 | [[CloudWatch.11] 确保存在针对网络访问控制列表 (NACL) 更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-11) |
| CIS v1.2.0 | 3.12 确保存在关于网络网关更改的日志指标筛选条件和警报 | [[CloudWatch.12] 确保存在针对网络网关更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-12) |
| CIS v1.2.0 | 3.13 确保存在关于路由表更改的日志指标筛选条件和警报 | [[CloudWatch.13] 确保存在针对路由表更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-13) |
| CIS v1.2.0 | 3.14 确保存在关于 VPC 更改的日志指标筛选条件和警报 | [[CloudWatch.14] 确保存在针对 VPC 更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-14) |
| CIS v1.2.0 | 3.2 确保存在关于无 MFA 的管理控制台登录的日志指标筛选条件和警报 | [[CloudWatch.3] 确保在没有 MFA 的情况下登录管理控制台时存在日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-3) |
| CIS v1.2.0 | 3.3 确保存在关于使用根用户的日志指标筛选条件和警报 | [[CloudWatch.1] “root” 用户应有日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-1) |
| CIS v1.2.0 | 3.4 确保存在关于 IAM policy 更改的日志指标筛选条件和警报 | [[CloudWatch.4] 确保存在针对 IAM 策略更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-4) |
| CIS v1.2.0 | 3.5 确保存在针对 CloudTrail 配置更改的日志指标筛选器和警报 | [[CloudWatch.5] 确保存在 CloudTrail 配置更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-5) |
| CIS v1.2.0 | 3.6 确保存在针对 AWS 管理控制台 身份验证失败的日志指标筛选器和警报 | [[CloudWatch.6] 确保存在针对 AWS 管理控制台 身份验证失败的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-6) |
| CIS v1.2.0 | 3.7 确保存在日志指标筛选器和警报,用于禁用或计划删除已创建的客户 CMKs | [[CloudWatch.7] 确保存在用于禁用或计划删除客户托管密钥的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-7) |
| CIS v1.2.0 | 3.8 确保存在关于 S3 存储桶策略更改的日志指标筛选条件和警报 | [[CloudWatch.8] 确保存在针对 S3 存储桶策略更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-8) |
| CIS v1.2.0 | 3.9 确保存在 AWS Config 配置更改的日志指标筛选器和警报 | [[CloudWatch.9] 确保存在 AWS Config 配置更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-9) |
| CIS v1.2.0 | 4.1 确保没有安全组允许从 0.0.0.0/0 到端口 22 的传入流量 | [[EC2.13] 安全组不应允许从 0.0.0.0/0 或 ::/0 到端口 22 的入口流量](ec2-controls.md#ec2-13) |
| CIS v1.2.0 | 4.2 确保没有安全组允许从 0.0.0.0/0 到端口 3389 的传入流量 | [[EC2.14] 安全组不应允许从 0.0.0.0/0 或 ::/0 到端口 3389 的入口流量](ec2-controls.md#ec2-14) |
| CIS v1.2.0 | 4.3 确保每个 VPC 的默认安全组限制所有流量 | [[EC2.2] VPC 默认安全组不应允许入站或出站流量](ec2-controls.md#ec2-2) |
| CIS v1.4.0 | 1.10 确保为拥有控制台密码的所有 IAM 用户启用多重身份验证(MFA) | [[IAM.5] 应为拥有控制台密码的所有 IAM 用户启用 MFA](iam-controls.md#iam-5) |
| CIS v1.4.0 | 1.14 确保访问密钥每 90 天或更短时间轮换一次 | [[IAM.3] IAM 用户访问密钥应每 90 天或更短时间轮换一次](iam-controls.md#iam-3) |
| CIS v1.4.0 | 1.16 确保未附加的允许完全“\$1.\$1”管理权限的 IAM policy | [[IAM.1] IAM policy 不应允许完整的“\$1”管理权限](iam-controls.md#iam-1) |
| CIS v1.4.0 | 1.17 确保创建支持角色来管理涉及 支持的事务 | [[IAM.18] 确保已创建支持角色来管理事件 AWS 支持](iam-controls.md#iam-18) |
| CIS v1.4.0 | 1.4 确保不存在根用户账户访问密钥 | [[IAM.4] 不应存在 IAM 根用户访问密钥](iam-controls.md#iam-4) |
| CIS v1.4.0 | 1.5 确保为根用户账户启用 MFA | [[IAM.9] 应为根用户启用 MFA](iam-controls.md#iam-9) |
| CIS v1.4.0 | 1.6 确保为根用户账户启用硬件 MFA | [[IAM.6] 应该为根用户启用硬件 MFA](iam-controls.md#iam-6) |
| CIS v1.4.0 | 1.7 避免使用根用户执行管理和日常任务 | [[CloudWatch.1] “root” 用户应有日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-1) |
| CIS v1.4.0 | 1.8 确保 IAM 密码策略要求最短长度不低于 14 | [[IAM.15] 确保 IAM 密码策略要求最短密码长度不低于 14](iam-controls.md#iam-15) |
| CIS v1.4.0 | 1.9 确保 IAM 密码策略阻止重复使用密码 | [[IAM.16] 确保 IAM 密码策略阻止重复使用密码](iam-controls.md#iam-16) |
| CIS v1.4.0 | 2.1.2 确保 S3 存储桶策略设置为拒绝 HTTP 请求 | [[S3.5] S3 通用存储桶应需要请求才能使用 SSL](s3-controls.md#s3-5) |
| CIS v1.4.0 | 2.1.5.1 应启用 S3 阻止公有访问设置 | [[S3.1] S3 通用存储桶应启用屏蔽公共访问权限设置](s3-controls.md#s3-1) |
| CIS v1.4.0 | 2.1.5.2 应在存储桶级别启用 S3 阻止公有访问设置 | [[S3.8] S3 通用存储桶应屏蔽公共访问权限](s3-controls.md#s3-8) |
| CIS v1.4.0 | 2.2.1 确保启用 EBS 卷加密 | [[EC2.7] 应启用 EBS 默认加密](ec2-controls.md#ec2-7) |
| CIS v1.4.0 | 2.3.1 确保已为 RDS 实例启用加密 | [[RDS.3] RDS 数据库实例应启用静态加密](rds-controls.md#rds-3) |
| CIS v1.4.0 | 3.1 确保 CloudTrail 在所有地区都已启用 | [[CloudTrail.1] CloudTrail 应启用并配置至少一条包含读写管理事件的多区域跟踪](cloudtrail-controls.md#cloudtrail-1) |
| CIS v1.4.0 | 3.2 确保已启用 CloudTrail 日志文件验证 | [[CloudTrail.4] 应启用 CloudTrail 日志文件验证](cloudtrail-controls.md#cloudtrail-4) |
| CIS v1.4.0 | 3.4 确保 CloudTrail 跟踪与 CloudWatch 日志集成 | [[CloudTrail.5] 应将 CloudTrail 跟踪与 Amazon CloudWatch 日志集成](cloudtrail-controls.md#cloudtrail-5) |
| CIS v1.4.0 | 3.5 确保 AWS Config 在所有地区都已启用 | [AWS Config 应启用 [Config.1] 并使用服务相关角色进行资源记录](config-controls.md#config-1) |
| CIS v1.4.0 | 3.6 确保在 S3 存储桶上启用 CloudTrail S3 存储桶访问日志记录 | [[CloudTrail.7] 确保在 S3 存储桶上启用 S CloudTrail 3 存储桶访问日志记录](cloudtrail-controls.md#cloudtrail-7) |
| CIS v1.4.0 | 3.7 确保使用 KMS 对 CloudTrail 日志进行静态加密 CMKs | [[CloudTrail.2] CloudTrail 应该启用静态加密](cloudtrail-controls.md#cloudtrail-2) |
| CIS v1.4.0 | 3.8 确保为创建的客户 CMKs 启用轮换 | [[KMS.4] 应启用 AWS KMS 密钥轮换](kms-controls.md#kms-4) |
| CIS v1.4.0 | 3.9 确保全部启用 VPC 流量记录 VPCs | [[EC2.6] 应全部启用 VPC 流量记录 VPCs](ec2-controls.md#ec2-6) |
| CIS v1.4.0 | 4.4 确保存在关于 IAM policy 更改的日志指标筛选条件和警报 | [[CloudWatch.4] 确保存在针对 IAM 策略更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-4) |
| CIS v1.4.0 | 4.5 确保存在针对 CloudTrail 配置更改的日志指标筛选器和警报 | [[CloudWatch.5] 确保存在 CloudTrail 配置更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-5) |
| CIS v1.4.0 | 4.6 确保存在针对 AWS 管理控制台 身份验证失败的日志指标筛选器和警报 | [[CloudWatch.6] 确保存在针对 AWS 管理控制台 身份验证失败的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-6) |
| CIS v1.4.0 | 4.7 确保存在日志指标筛选器和警报,用于禁用或计划删除已创建的客户 CMKs | [[CloudWatch.7] 确保存在用于禁用或计划删除客户托管密钥的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-7) |
| CIS v1.4.0 | 4.8 确保存在关于 S3 存储桶策略更改的日志指标筛选条件和警报 | [[CloudWatch.8] 确保存在针对 S3 存储桶策略更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-8) |
| CIS v1.4.0 | 4.9 确保存在针对 AWS Config 配置更改的日志指标筛选器和警报 | [[CloudWatch.9] 确保存在 AWS Config 配置更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-9) |
| CIS v1.4.0 | 4.10 确保存在关于安全组更改的日志指标筛选条件和警报 | [[CloudWatch.10] 确保存在针对安全组更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-10) |
| CIS v1.4.0 | 4.11 确保存在关于网络访问控制列表(NACL)更改的日志指标筛选条件和警报 | [[CloudWatch.11] 确保存在针对网络访问控制列表 (NACL) 更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-11) |
| CIS v1.4.0 | 4.12 确保存在关于网络网关更改的日志指标筛选条件和警报 | [[CloudWatch.12] 确保存在针对网络网关更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-12) |
| CIS v1.4.0 | 4.13 确保存在关于路由表更改的日志指标筛选条件和警报 | [[CloudWatch.13] 确保存在针对路由表更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-13) |
| CIS v1.4.0 | 4.14 确保存在关于 VPC 更改的日志指标筛选条件和警报 | [[CloudWatch.14] 确保存在针对 VPC 更改的日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-14) |
| CIS v1.4.0 | 5.1 确保网络不 ACLs 允许从 0.0.0.0/0 进入远程服务器管理端口 | [[EC2.21] 网络 ACLs 不应允许从 0.0.0.0/0 进入端口 22 或端口 3389](ec2-controls.md#ec2-21) |
| CIS v1.4.0 | 5.3 确保每个 VPC 的默认安全组限制所有流量 | [[EC2.2] VPC 默认安全组不应允许入站或出站流量](ec2-controls.md#ec2-2) |
| PCI DSS v3.2.1 | PCI。 AutoScaling.1 与负载均衡器关联的自动扩展组应使用负载均衡器运行状况检查 | [[AutoScaling.1] 与负载均衡器关联的 Auto Scaling 组应使用 ELB 运行状况检查](autoscaling-controls.md#autoscaling-1) |
| PCI DSS v3.2.1 | PCI。 CloudTrail.1 CloudTrail 日志应使用静态加密日志 AWS KMS CMKs | [[CloudTrail.2] CloudTrail 应该启用静态加密](cloudtrail-controls.md#cloudtrail-2) |
| PCI DSS v3.2.1 | PCI。 CloudTrail CloudTrail 应该启用 .2 | [[CloudTrail.3] 应至少启用一条 CloudTrail 跟踪](cloudtrail-controls.md#cloudtrail-3) |
| PCI DSS v3.2.1 | PCI。 CloudTrail.3 应启用 CloudTrail 日志文件验证 | [[CloudTrail.4] 应启用 CloudTrail 日志文件验证](cloudtrail-controls.md#cloudtrail-4) |
| PCI DSS v3.2.1 | PCI。 CloudTrail.4 CloudTrail 路径应与 Amazon CloudWatch 日志集成 | [[CloudTrail.5] 应将 CloudTrail 跟踪与 Amazon CloudWatch 日志集成](cloudtrail-controls.md#cloudtrail-5) |
| PCI DSS v3.2.1 | PCI。 CodeBuild.1 CodeBuild GitHub 或 Bitbucket 源存储库 URLs 应使用 OAuth | [[CodeBuild.1] CodeBuild Bitbucket 源存储库 URLs 不应包含敏感凭证](codebuild-controls.md#codebuild-1) |
| PCI DSS v3.2.1 | PCI。 CodeBuild.2 CodeBuild 项目环境变量不应包含明文凭证 | [[CodeBuild.2] CodeBuild 项目环境变量不应包含明文凭证](codebuild-controls.md#codebuild-2) |
| PCI DSS v3.2.1 | 应该启用 pci.config.1 AWS Config | [AWS Config 应启用 [Config.1] 并使用服务相关角色进行资源记录](config-controls.md#config-1) |
| PCI DSS v3.2.1 | PCI.CW.1 应具有有关“根”用户使用的日志指标筛选条件和警报 | [[CloudWatch.1] “root” 用户应有日志指标筛选器和警报](cloudwatch-controls.md#cloudwatch-1) |
| PCI DSS v3.2.1 | PCI.DMS.1 Database Migration Service 复制实例不应公开 | [[DMS.1] Database Migration Service 复制实例不应公开](dms-controls.md#dms-1) |
| PCI DSS v3.2.1 | PCI.EC2.1 不应公开还原 EBS 快照 | [[EC2.1] Amazon EBS 快照不应公开恢复](ec2-controls.md#ec2-1) |
| PCI DSS v3.2.1 | PCI.EC2.2 VPC 默认安全组应禁止入站和出站流量 | [[EC2.2] VPC 默认安全组不应允许入站或出站流量](ec2-controls.md#ec2-2) |
| PCI DSS v3.2.1 | PCI.EC2.4 应移除未使用的 EC2 EIPs | [[EC2.12] EIPs 应移除未使用的亚马逊 EC2](ec2-controls.md#ec2-12) |
| PCI DSS v3.2.1 | PCI.EC2.5 不允许安全组从 0.0.0.0/0 到端口 22 的入站流量 | [[EC2.13] 安全组不应允许从 0.0.0.0/0 或 ::/0 到端口 22 的入口流量](ec2-controls.md#ec2-13) |
| PCI DSS v3.2.1 | 应全部启用 PCI.EC2.6 VPC 流量记录 VPCs | [[EC2.6] 应全部启用 VPC 流量记录 VPCs](ec2-controls.md#ec2-6) |
| PCI DSS v3.2.1 | PCI。 ELBv2.1 Application Load Balancer 应配置为将所有 HTTP 请求重定向到 HTTPS | [[ELB.1] 应用程序负载均衡器应配置为将所有 HTTP 请求重定向到 HTTPS](elb-controls.md#elb-1) |
| PCI DSS v3.2.1 | PCI.ES.1 Elasticsearch 域应位于 VPC 中 | [[ES.2] Elasticsearch 域名不可供公共访问](es-controls.md#es-2) |
| PCI DSS v3.2.1 | PCI.ES.2 Elasticsearch 域应启用静态加密 | [[ES.1] Elasticsearch 域应启用静态加密](es-controls.md#es-1) |
| PCI DSS v3.2.1 | PCI。 GuardDuty.1 GuardDuty 应该启用 | [[GuardDuty.1] GuardDuty 应该启用](guardduty-controls.md#guardduty-1) |
| PCI DSS v3.2.1 | PCI.IAM.1 IAM 根用户访问密钥不应存在 | [[IAM.4] 不应存在 IAM 根用户访问密钥](iam-controls.md#iam-4) |
| PCI DSS v3.2.1 | PCI.IAM.2 IAM 用户不应附加 IAM policy | [[IAM.2] IAM 用户不应附加 IAM policy](iam-controls.md#iam-2) |
| PCI DSS v3.2.1 | PCI.IAM.3 IAM policy 不应允许完全“\$1”管理权限 | [[IAM.1] IAM policy 不应允许完整的“\$1”管理权限](iam-controls.md#iam-1) |
| PCI DSS v3.2.1 | PCI.IAM.4 应该为根用户启用硬件 MFA | [[IAM.6] 应该为根用户启用硬件 MFA](iam-controls.md#iam-6) |
| PCI DSS v3.2.1 | PCI.IAM.5 应该为根用户启用虚拟 MFA | [[IAM.9] 应为根用户启用 MFA](iam-controls.md#iam-9) |
| PCI DSS v3.2.1 | PCI.IAM.6 应该为所有 IAM 用户启用 MFA | [[IAM.19] 应为所有 IAM 用户启用 MFA](iam-controls.md#iam-19) |
| PCI DSS v3.2.1 | 如果未在预定义的天数内使用 PCI.IAM.7 IAM 用户凭证,则应禁用 | [[IAM.8] 应移除未使用的 IAM 用户凭证](iam-controls.md#iam-8) |
| PCI DSS v3.2.1 | PCI.IAM.8 IAM 用户的密码策略应具有可靠的配置 | [[IAM.10] IAM 用户的密码策略应具有很强的配置](iam-controls.md#iam-10) |
| PCI DSS v3.2.1 | PCI.KMS.1 应启用客户主密钥(CMK)轮换 | [[KMS.4] 应启用 AWS KMS 密钥轮换](kms-controls.md#kms-4) |
| PCI DSS v3.2.1 | PCI.Lambda.1 Lambda 函数应禁止公开访问 | [[Lambda.1] Lambda 函数策略应禁止公共访问](lambda-controls.md#lambda-1) |
| PCI DSS v3.2.1 | PCI.Lambda.2 Lambda 函数应位于 VPC 中 | [[Lambda.3] Lambda 函数应位于 VPC 中](lambda-controls.md#lambda-3) |
| PCI DSS v3.2.1 | PCI.openSearch.1 OpenSearch 域名应该在 VPC 中 | [[Opensearch.2] OpenSearch 域名不应向公众开放](opensearch-controls.md#opensearch-2) |
| PCI DSS v3.2.1 | PCI.Opensearch.2 不应公开还原 EBS 快照 | [[Opensearch.1] OpenSearch 域名应启用静态加密](opensearch-controls.md#opensearch-1) |
| PCI DSS v3.2.1 | PCI.RDS.1 RDS 快照应为私有快照 | [[RDS.1] RDS 快照应为私有](rds-controls.md#rds-1) |
| PCI DSS v3.2.1 | PCI.RDS.2 RDS 数据库实例应禁止公开访问 | [[RDS.2] RDS 数据库实例应禁止公共访问,具体取决于配置 PubliclyAccessible](rds-controls.md#rds-2) |
| PCI DSS v3.2.1 | PCI.Redshift.1 Amazon Redshift 集群应禁止公共访问 | [[Redshift.1] Amazon Redshift 集群应禁止公共访问](redshift-controls.md#redshift-1) |
| PCI DSS v3.2.1 | PCI.S3.1 S3 存储桶应禁止公开写入访问 | [[S3.3] S3 通用存储桶应阻止公共写入访问权限](s3-controls.md#s3-3) |
| PCI DSS v3.2.1 | PCI.S3.2 S3 存储桶应禁止公开读取访问 | [[S3.2] S3 通用存储桶应阻止公共读取访问权限](s3-controls.md#s3-2) |
| PCI DSS v3.2.1 | PCI.S3.3 S3 存储桶应启用跨区域复制 | [[S3.7] S3 通用存储桶应使用跨区域复制](s3-controls.md#s3-7) |
| PCI DSS v3.2.1 | PCI.S3.5 S3 存储桶应要求请求才能使用安全套接字层 | [[S3.5] S3 通用存储桶应需要请求才能使用 SSL](s3-controls.md#s3-5) |
| PCI DSS v3.2.1 | PCI.S3.6 应启用 S3 阻止公有访问设置 | [[S3.1] S3 通用存储桶应启用屏蔽公共访问权限设置](s3-controls.md#s3-1) |
| PCI DSS v3.2.1 | PCI。 SageMaker.1 Amazon SageMaker 笔记本实例不应直接访问互联网 | [[SageMaker.1] Amazon SageMaker 笔记本实例不应直接访问互联网](sagemaker-controls.md#sagemaker-1) |
| PCI DSS v3.2.1 | PCI.SSM.1 由 Systems Manager 管理的 EC2 实例在安装补丁后应具有 COMPLIANT 的补丁合规性状态 | [[SSM.2] 由 Systems Manager 管理的 Amazon EC2 实例在安装补丁后应具有 COMPLIANT 的补丁合规性状态](ssm-controls.md#ssm-2) |
| PCI DSS v3.2.1 | 由 Systems Manager 管理的 PCI.SSM.2 EC2 实例的关联合规性的状态应为 COMPLIANT | [[SSM.3] 由 Systems Manager 管理的 Amazon EC2 实例的关联合规状态应为 COMPLIANT](ssm-controls.md#ssm-3) |
| PCI DSS v3.2.1 | PCI.SSM.3 EC2 实例应由以下人员管理 AWS Systems Manager | [[SSM.1] Amazon EC2 实例应由以下人员管理 AWS Systems Manager](ssm-controls.md#ssm-1) |
## 更新工作流以进行整合。
如果工作流不依赖于控件调查发现中任何字段的特定格式,则无需执行任何操作。
如果工作流依赖于控件调查发现中一个或多个字段的特定格式,则应更新工作流。例如,如果您创建的 Amazon EventBridge 规则触发了针对特定控件 ID 的操作(例如在控件 ID 等于 CIS 2.7 时调用 AWS Lambda 函数),请将该规则更新为使用 CloudTrail .2,这是该控件`Compliance.SecurityControlId`字段的值。
如果您创建了使用任何已更改字段或值的[自定义见解](securityhub-custom-insights.md),请更新这些见解以使用新字段或值。
# 必需的顶级 ASFF 属性
Security Hub CSPM 中的所有搜索结果都需要 AWS 安全调查结果格式 (ASFF) 中的以下顶级属性。有关这些属性的更多信息,请参阅《AWS Security Hub API 参考》**中的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html)。
## AwsAccountId
调查结果适用的 AWS 账户 ID。
**示例**
```
"AwsAccountId": "111111111111"
```
## CreatedAt
表示调查发现捕获到的潜在安全问题或事件的创建时间。
**示例**
```
"CreatedAt": "2017-03-22T13:22:13.933Z"
```
## 说明
结果说明。该字段可以是非特定的样板文本,也可以是特定于结果实例的详细信息。
对于 Security Hub CSPM 生成的控件调查发现,此字段提供控件的描述。
如果您启用[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings),则此字段不会引用标准。
**示例**
```
"Description": "This AWS control checks whether AWS Config is enabled in the current account and Region."
```
## GeneratorId
生成结果的特定于解决方案的组件(离散的逻辑单元)的标识符。
对于 Security Hub CSPM 生成的控件调查发现,如果您启用[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings),则此字段不会引用标准。
**示例**
```
"GeneratorId": "security-control/Config.1"
```
## Id
结果的特定于产品的标识符。对于 Security Hub CSPM 生成的控件调查发现,此字段提供调查发现的 Amazon 资源名称(ARN)。
如果您启用[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings),则此字段不会引用标准。
**示例**
```
"Id": "arn:aws:securityhub:eu-central-1:123456789012:security-control/iam.9/finding/ab6d6a26-a156-48f0-9403-115983e5a956"
```
## ProductArn
由 Security Hub CSPM 生成的 Amazon 资源名称(ARN),用于在产品注册到 Security Hub CSPM 后唯一标识第三方调查发现产品。
此字段的格式为 `arn:partition:securityhub:region:account-id:product/company-id/product-id`。
+ 为了 AWS 服务 与 Security Hub CSPM 集成,`company-id`必须`aws`是 “”,并且`product-id`必须是 AWS 公共服务名称。由于 AWS 产品和服务未与账户关联,所以 ARN 的`account-id`部分为空。 AWS 服务 尚未与 Security Hub CSPM 集成的产品被视为第三方产品。
+ 对于公共产品,`company-id` 和 `product-id` 必须为注册时指定的 ID 值。
+ 对于私有产品,`company-id` 必须为账户 ID。`product-id` 必须为保留字“default”或注册时指定的 ID。
**示例**
```
// Private ARN
"ProductArn": "arn:aws:securityhub:us-east-1:111111111111:product/111111111111/default"
// Public ARN
"ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty"
"ProductArn": "arn:aws:securityhub:us-west-2:222222222222:product/generico/secure-pro"
```
## 资源
对象`Resources`数组提供了一组资源数据类型,这些数据类型描述了调查结果所指的 AWS 资源。有关 `Resources` 对象可能包含的字段的详细信息(包括哪些字段是必需的),请参阅《AWS Security Hub API 参考》**中的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Resource.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Resource.html)。有关特定`Resources`对象的示例 AWS 服务,请参见[Resources ASFF 对象](asff-resources.md)。
**示例**
```
"Resources": [
{
"ApplicationArn": "arn:aws:resource-groups:us-west-2:123456789012:group/SampleApp/1234567890abcdef0",
"ApplicationName": "SampleApp",
"DataClassification": {
"DetailedResultsLocation": "Path_to_Folder_Or_File",
"Result": {
"MimeType": "text/plain",
"SizeClassified": 2966026,
"AdditionalOccurrences": false,
"Status": {
"Code": "COMPLETE",
"Reason": "Unsupportedfield"
},
"SensitiveData": [
{
"Category": "PERSONAL_INFORMATION",
"Detections": [
{
"Count": 34,
"Type": "GE_PERSONAL_ID",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 10,
"StartColumn": 20
}
],
"Pages": [],
"Records": [],
"Cells": []
}
},
{
"Count": 59,
"Type": "EMAIL_ADDRESS",
"Occurrences": {
"Pages": [
{
"PageNumber": 1,
"OffsetRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
},
"LineRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
}
}
]
}
},
{
"Count": 2229,
"Type": "URL",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 13
}
]
}
},
{
"Count": 13826,
"Type": "NameDetection",
"Occurrences": {
"Records": [
{
"RecordIndex": 1,
"JsonPath": "$.ssn.value"
}
]
}
},
{
"Count": 32,
"Type": "AddressDetection"
}
],
"TotalCount": 32
}
],
"CustomDataIdentifiers": {
"Detections": [
{
"Arn": "1712be25e7c7f53c731fe464f1c869b8",
"Name": "1712be25e7c7f53c731fe464f1c869b8",
"Count": 2
}
],
"TotalCount": 2
}
}
},
"Type": "AwsEc2Instance",
"Id": "arn:aws:ec2:us-west-2:123456789012:instance/i-abcdef01234567890",
"Partition": "aws",
"Region": "us-west-2",
"ResourceRole": "Target",
"Tags": {
"billingCode": "Lotus-1-2-3",
"needsPatching": true
},
"Details": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:role/IamInstanceProfileArn",
"ImageId": "ami-79fd7eee",
"IpV4Addresses": ["1.1.1.1"],
"IpV6Addresses": ["2001:db8:1234:1a2b::123"],
"KeyName": "testkey",
"LaunchedAt": "2018-09-29T01:25:54Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled"
}
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "PublicSubnet",
"Type": "i3.xlarge",
"VirtualizationType": "hvm",
"VpcId": "TestVPCIpv6"
}
]
```
## SchemaVersion
格式化结果的架构版本。该字段的值必须为 AWS确定的官方发布版本之一。在当前版本中, AWS 安全调查结果格式架构版本为`2018-10-08`。
**示例**
```
"SchemaVersion": "2018-10-08"
```
## 严重性
定义调查发现的重要性。有关此对象的详细信息,请参阅 *AWS Security Hub API 参考*中的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Severity.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Severity.html)。
`Severity` 既是调查发现中的顶级对象,又嵌套在 `FindingProviderFields` 对象之下。
只能使用 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 来更新调查发现的顶级 `Severity` 对象的值。
要提供严重性信息,调查发现提供商在进行 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API 请求时应更新 `FindingProviderFields` 下的 `Severity` 对象。
如果对新调查发现的 `BatchImportFindings` 请求仅提供 `Label` 或仅提供 `Normalized`,则 Security Hub CSPM 会自动填充其他字段的值。可能还会填充 `Product` 和 `Original` 字段。
如果顶级 `Finding.Severity` 对象存在但 `Finding.FindingProviderFields` 不存在,Security Hub CSPM 会创建 `FindingProviderFields.Severity` 对象并将整个 `Finding.Severity object` 复制到其中。这样可以确保即使顶级 `Severity` 对象被覆盖,提供者提供的原始详细信息也会保留在 `FindingProviderFields.Severity` 结构中。
结果严重性不考虑涉及的资产或底层资源的严重性。严重性将定义为与结果关联的资源的重要性级别。例如,与任务关键型应用程序关联的资源比与非生产测试关联的资源具有更高的关键性。要捕获有关资源严重性的信息,请使用 `Criticality` 字段。
我们建议在将调查发现的本机严重性评分转换为 ASFF 中的 `Severity.Label` 值时使用以下指南。
+ `INFORMATIONAL`——此类别可能包括 `PASSED`、`WARNING`、`NOT AVAILABLE` 的调查发现或敏感数据标识。
+ `LOW`——可能导致未来受损的调查发现。例如,此类别可能包括漏洞、配置隐患和泄露密码。
+ `MEDIUM`——结果表明遭受活动攻击,但未指示攻击者已达成其目标 例如,此类别可能包括恶意软件活动、黑客活动和异常行为检测。
+ `HIGH` 或 `CRITICAL`——指示攻击者达成目标(例如主动数据丢失或泄露、拒绝服务)的调查发现。
**示例**
```
"Severity": {
"Label": "CRITICAL",
"Normalized": 90,
"Original": "CRITICAL"
}
```
## 标题
结果的标题。该字段可以包含非特定的样板文本,也可以包含特定于结果实例的详细信息。
对于控件调查发现,此字段提供控件的标题。如果您启用[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings),则此字段不会引用标准。
**示例**
```
"Title": "AWS Config should be enabled"
```
## 类型
一个或多个 `namespace/category/classifier` 格式的结果类型,用于对结果进行分类。如果您启用[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings),则此字段不会引用标准。
只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 来更新 `Types`。
调查发现提供商想要为 `Types` 提供值,应使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_FindingProviderFields.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_FindingProviderFields.html) 下面的 `Types` 属性。
在下面的列表中,顶级项目符号是命名空间,二级项目符号是类别,三级项目符号是分类器。我们建议调查发现提供商使用定义的命名空间来帮助对调查发现进行排序和分组。也可以使用定义的类别和分类器,但不是必需的。仅软件和配置检查命名空间定义了分类器。
您可以为定义部分路径namespace/category/classifier。例如,以下调查发现类型均有效:
+ TTPs
+ TTPs/防御闪避
+ TTPs/Defense Evasion/CloudTrailStopped
以下列表中的战术、技巧和程序 (TTPs) 类别与 [MITRE ATT&CK Mat](https://attack.mitre.org/matrices/enterprise/) rixTM 一致。Unusual Behaviours 命名空间反映一般异常行为,例如一般统计异常,并且与特定 TTP 不一致。但是,您可以同时使用异常行为和发现类型对 TTPs 发现进行分类。
**命名空间、类别和分类器列表:**
+ Software and Configuration Checks
+ 漏洞
+ CVE
+ AWS 安全最佳实践
+ 网络可到达性
+ 运行时行为分析
+ 行业和法规标准
+ AWS 基础安全最佳实践
+ CIS 主机强化基准
+ 独联体 AWS 基金会基准
+ PCI-DSS
+ 云安全联盟控制
+ ISO 90001 控制
+ ISO 27001 控制
+ ISO 27017 控制
+ ISO 27018 控制
+ SOC 1
+ SOC 2
+ HIPAA 控制(美国)
+ NIST 800-53 控制(美国)
+ NIST CSF 控制(美国)
+ IRAP 控制(澳大利亚)
+ K-ISMS 控制(韩国)
+ MTCS 控制(新加坡)
+ FISC 控制(日本)
+ My Number Act 控制(日本)
+ ENS 控制(西班牙)
+ Cyber Essentials Plus 控制(英国)
+ G-Cloud 控制(英国)
+ C5 控制(德国)
+ IT-Grundschutz 控制(德国)
+ GDP 控制(欧洲)
+ TISAX 控制(欧洲)
+ 补丁管理
+ TTPs
+ 首次访问
+ Execution
+ Persistence
+ 权限提升
+ 躲避防御系统
+ 凭证访问
+ Discovery
+ 横向移动
+ 集合
+ 命令和控制
+ 影响
+ 数据公开
+ 数据泄露
+ 数据销毁
+ 拒绝服务
+ 资源消耗
+ 不寻常的行为
+ 应用程序
+ 网络流量
+ IP 地址
+ 用户
+ VM
+ Container
+ Serverless(无服务器)
+ 流程
+ 数据库
+ 数据
+ 敏感数据识别
+ PII
+ 密码
+ 法律条款
+ 财务
+ 安全性
+ 商业
**示例**
```
"Types": [
"Software and Configuration Checks/Vulnerabilities/CVE"
]
```
## UpdatedAt
表示调查发现提供商上次更新查找记录的时间。
此时间戳反映了上次或最近一次更新的调查发现记录的时间。因此,它可能与 `LastObservedAt` 时间戳不同,后者反映的是上次或最近观察到事件或漏洞的时间。
更新结果记录时,必须将该时间戳更新为当前时间戳。创建调查发现记录后,`CreatedAt` 和 `UpdatedAt` 时间戳必须相同。更新调查发现记录后,该字段的值必须比它包含的所有先前值更新。
请注意,`UpdatedAt` 无法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 操作进行更新。您只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 操作更新它。
**示例**
```
"UpdatedAt": "2017-04-22T13:22:13.933Z"
```
# 可选顶级 ASFF 属性
在 Security Hub CSPM 中查找结果时, AWS 安全调查结果格式 (ASFF) 中的以下顶级属性是可选的。有关这些属性的更多信息,请参阅《AWS Security Hub API 参考》**中的 [AwsSecurityFinding](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html)。
## Action
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html) 对象提供有关影响资源或已对资源采取的操作的详细信息。
**示例**
```
"Action": {
"ActionType": "PORT_PROBE",
"PortProbeAction": {
"PortProbeDetails": [
{
"LocalPortDetails": {
"Port": 80,
"PortName": "HTTP"
},
"LocalIpDetails": {
"IpAddressV4": "192.0.2.0"
},
"RemoteIpDetails": {
"Country": {
"CountryName": "Example Country"
},
"City": {
"CityName": "Example City"
},
"GeoLocation": {
"Lon": 0,
"Lat": 0
},
"Organization": {
"AsnOrg": "ExampleASO",
"Org": "ExampleOrg",
"Isp": "ExampleISP",
"Asn": 64496
}
}
}
],
"Blocked": false
}
}
```
## AwsAccountName
调查结果适用的 AWS 账户 名称。
**示例**
```
"AwsAccountName": "jane-doe-testaccount"
```
## CompanyName
生成调查发现的产品的公司名称。对于基于控制的调查结果,该公司是。 AWS
Security Hub CSPM 会为每个调查发现自动填充此属性。您无法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 或 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 对其进行更新。使用自定义集成是此规则的例外。请参阅[将 Security Hub CSPM 与自定义产品集成](securityhub-custom-providers.md)。
当您使用 Security Hub CSPM 控制台按公司名称筛选调查发现时,请使用此属性。当您使用 Security Hub CSPM API 按公司名称筛选调查发现时,请使用 `ProductFields` 下的 `aws/securityhub/CompanyName` 属性。Security Hub CSPM 不会同步这两个属性。
**示例**
```
"CompanyName": "AWS"
```
## 合规
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Compliance.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Compliance.html) 对象通常会提供有关控件调查发现的详细信息,例如适用的标准和控件检查的状态。
**示例**
```
"Compliance": {
"AssociatedStandards": [
{"StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"},
{"StandardsId": "standards/service-managed-aws-control-tower/v/1.0.0"},
{"StandardsId": "standards/nist-800-53/v/5.0.0"}
],
"RelatedRequirements": [
"NIST.800-53.r5 AC-4",
"NIST.800-53.r5 AC-4(21)",
"NIST.800-53.r5 SC-7",
"NIST.800-53.r5 SC-7(11)",
"NIST.800-53.r5 SC-7(16)",
"NIST.800-53.r5 SC-7(21)",
"NIST.800-53.r5 SC-7(4)",
"NIST.800-53.r5 SC-7(5)"
],
"SecurityControlId": "EC2.18",
"SecurityControlParameters":[
{
"Name": "authorizedTcpPorts",
"Value": ["80", "443"]
},
{
"Name": "authorizedUdpPorts",
"Value": ["427"]
}
],
"Status": "NOT_AVAILABLE",
"StatusReasons": [
{
"ReasonCode": "CONFIG_RETURNS_NOT_APPLICABLE",
"Description": "This finding has a compliance status of NOT AVAILABLE because AWS Config sent Security Hub CSPM a finding with a compliance state of Not Applicable. The potential reasons for a Not Applicable finding from Config are that (1) a resource has been moved out of scope of the Config rule; (2) the Config rule has been deleted; (3) the resource has been deleted; or (4) the logic of the Config rule itself includes scenarios where Not Applicable is returned. The specific reason why Not Applicable is returned is not available in the Config rule evaluation."
}
]
}
```
## 置信度
调查发现能够准确识别其理应识别的行为或问题的可能性。
`Confidence` 只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 进行更新。
调查发现提供商想要为 `Confidence` 提供值,应使用 `FindingProviderFields` 下面的 `Confidence` 属性。请参阅[使用 FindingProviderFields 更新调查发现](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
使用比例刻度按 0-100 分对 `Confidence` 进行评分。 0 表示置信度为 0%,100 表示置信度为 100%。例如,基于网络流量统计偏差的数据泄露检测的置信度较低,因为实际的泄露尚未得到验证。
**示例**
```
"Confidence": 42
```
## 严重性
分配给与调查发现关联的资源的重要性级别。
`Criticality` 只能通过调用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 操作进行更新。不要使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 更新此对象。
调查发现提供商想要为 `Criticality` 提供值,应使用 `FindingProviderFields` 下面的 `Criticality` 属性。请参阅[使用 FindingProviderFields 更新调查发现](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
使用仅支持全整型的比例刻度以 0-100 为基础对 `Criticality` 进行评分。评分为 0 意味着底层资源不关键,对于最关键的资源,评分为 100。
对于每种资源,在分配 `Criticality` 时请考虑以下几点:
+ 受影响的资源是否包含敏感数据(例如,具有 PII 的 S3 存储桶)?
+ 受影响的资源是否使攻击者能够加深访问或扩展其能力以执行其他恶意活动(例如,受损的系统管理员账户)?
+ 资源是否为业务关键型资产(例如,在受到攻击时可能会对收入造成重大影响的关键业务系统)?
您可以使用以下准则:
+ 对于支持关键任务型系统或包含高度敏感数据的资源,评分范围为 75–100。
+ 对于支持重要(但非关键)系统或包含中等重要程度数据的资源,评分范围为 25–74。
+ 对于支持非重要系统或包含非敏感数据的资源,评分范围应 为 0–24。
**示例**
```
"Criticality": 99
```
## 检测
该`Detection`对象提供有关从 Amazon GuardDuty 扩展威胁检测中发现的攻击序列的详细信息。 GuardDuty 当多个事件与潜在的可疑活动对应时,生成攻击序列查找结果。要在 Sec AWS urity Hub CSPM 中接收 GuardDuty 攻击序列结果,你必须已在 GuardDuty 账户中启用。有关更多信息,请参阅《[亚马逊* GuardDuty 用户指南》中的 “亚马逊 GuardDuty *扩展威胁检测](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html)”。
**示例**
```
"Detection": {
"Sequence": {
"Uid": "1111111111111-184ec3b9-cf8d-452d-9aad-f5bdb7afb010",
"Actors": [{
"Id": "USER:AROA987654321EXAMPLE:i-b188560f:1234567891",
"Session": {
"Uid": "1234567891",
"MfAStatus": "DISABLED",
"CreatedTime": "1716916944000",
"Issuer": "arn:aws:s3:::amzn-s3-demo-destination-bucket"
},
"User": {
"CredentialUid": "ASIAIOSFODNN7EXAMPLE",
"Name": "ec2_instance_role_production",
"Type": "AssumedRole",
"Uid": "AROA987654321EXAMPLE:i-b188560f",
"Account": {
"Uid": "AccountId",
"Name": "AccountName"
}
}
}],
"Endpoints": [{
"Id": "EndpointId",
"Ip": "203.0.113.1",
"Domain": "example.com",
"Port": 4040,
"Location": {
"City": "New York",
"Country": "US",
"Lat": 40.7123,
"Lon": -74.0068
},
"AutonomousSystem": {
"Name": "AnyCompany",
"Number": 64496
},
"Connection": {
"Direction": "INBOUND"
}
}],
"Signals": [{
"Id": "arn:aws:guardduty:us-east-1:123456789012:detector/d0bfe135ab8b4dd8c3eaae7df9900073/finding/535a382b1bcc44d6b219517a29058fb7",
"Title": "Someone ran a penetration test tool on your account.",
"ActorIds": ["USER:AROA987654321EXAMPLE:i-b188560f:1234567891"],
"Count": 19,
"FirstSeenAt": 1716916943000,
"SignalIndicators": [
{
"Key": "ATTACK_TACTIC",
"Title": "Attack Tactic",
"Values": [
"Impact"
]
},
{
"Key": "HIGH_RISK_API",
"Title": "High Risk Api",
"Values": [
"s3:DeleteObject"
]
},
{
"Key": "ATTACK_TECHNIQUE",
"Title": "Attack Technique",
"Values": [
"Data Destruction"
]
},
],
"LastSeenAt": 1716916944000,
"Name": "Test:IAMUser/KaliLinux",
"ResourceIds": [
"arn:aws:s3:::amzn-s3-demo-destination-bucket"
],
"Type": "FINDING"
}],
"SequenceIndicators": [
{
"Key": "ATTACK_TACTIC",
"Title": "Attack Tactic",
"Values": [
"Discovery",
"Exfiltration",
"Impact"
]
},
{
"Key": "HIGH_RISK_API",
"Title": "High Risk Api",
"Values": [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBuckets"
"s3:ListObjects"
]
},
{
"Key": "ATTACK_TECHNIQUE",
"Title": "Attack Technique",
"Values": [
"Cloud Service Discovery",
"Data Destruction"
]
}
]
}
}
```
## FindingProviderFields
`FindingProviderFields` 包括以下属性:
+ `Confidence`
+ `Criticality`
+ `RelatedFindings`
+ `Severity`
+ `Types`
前面的字段都嵌套在 `FindingProviderFields` 对象下,但具有与顶级 ASFF 字段相同的名称。当调查发现提供者将新调查发现发送到 Security Hub CSPM 时,如果 `FindingProviderFields` 对象为空,Security Hub CSPM 会根据相应的顶级字段自动填充该对象。
调查发现提供者可以通过使用 Security Hub CSPM API 的 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 操作更新 `FindingProviderFields`。调查发现提供者无法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 更新此对象。
有关 Security Hub CSPM 如何处理由 `BatchImportFindings` 到 `FindingProviderFields`,再到相应顶级属性的更新的详细信息,请参阅[使用 FindingProviderFields 更新调查发现](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
客户可以使用 `BatchUpdateFindings` 操作更新顶级字段。客户无法更新 `FindingProviderFields`。
**示例**
```
"FindingProviderFields": {
"Confidence": 42,
"Criticality": 99,
"RelatedFindings":[
{
"ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "123e4567-e89b-12d3-a456-426655440000"
}
],
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ]
}
```
## FirstObservedAt
表示调查发现捕获到的潜在安全问题或事件的首次观察时间。
此时间戳指定首次观察到事件或漏洞的时间。因此,它可能与 `CreatedAt` 时间戳不同,后者反映了此调查发现记录的创建时间。
对于 Security Hub CSPM 生成和更新的控件调查发现,此时间戳还可以指示资源的合规性状态最近发生更改的时间。对于其他类型的调查发现,此时间戳在调查发现记录的更新之间应该是不可变的,但如果确定了更准确的时间戳,则可以更新。
**示例**
```
"FirstObservedAt": "2017-03-22T13:22:13.933Z"
```
## LastObservedAt
表示安全调查发现产品最近一次观察到由调查发现捕获的潜在安全问题或事件的时间。
此时间戳指定上次或最近观察到事件或漏洞的时间。因此,它可能与 `UpdatedAt` 时间戳不同,后者反映了该调查发现记录的最后一次更新时间或最近更新的时间。
您可以提供此时间戳,但在首次观察时不需要此时间戳。如果您在首次观察时填充此字段,则时间戳应与 `FirstObservedAt` 时间戳相同。每次观察到结果时,您应该更新该字段,以反映上次或最近一次观察的时间戳。
**示例**
```
"LastObservedAt": "2017-03-23T13:22:13.933Z"
```
## 恶意软件
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html) 对象提供与调查发现相关的恶意软件列表。
**示例**
```
"Malware": [
{
"Name": "Stringler",
"Type": "COIN_MINER",
"Path": "/usr/sbin/stringler",
"State": "OBSERVED"
}
]
```
## 网络(已停用)
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Network.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Network.html) 对象提供有关调查发现的网络相关信息。
此对象已停用。要提供此数据,您可以将数据映射到 `Resources` 中的资源,也可以使用 `Action` 对象。
**示例**
```
"Network": {
"Direction": "IN",
"OpenPortRange": {
"Begin": 443,
"End": 443
},
"Protocol": "TCP",
"SourceIpV4": "1.2.3.4",
"SourceIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C",
"SourcePort": "42",
"SourceDomain": "example1.com",
"SourceMac": "00:0d:83:b1:c0:8e",
"DestinationIpV4": "2.3.4.5",
"DestinationIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C",
"DestinationPort": "80",
"DestinationDomain": "example2.com"
}
```
## NetworkPath
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_NetworkPathComponent.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_NetworkPathComponent.html) 对象提供与调查发现相关的网络路径的相关信息。`NetworkPath` 中的每个条目都代表路径的一个组成部分。
**示例**
```
"NetworkPath" : [
{
"ComponentId": "abc-01a234bc56d8901ee",
"ComponentType": "AWS::EC2::InternetGateway",
"Egress": {
"Destination": {
"Address": [ "192.0.2.0/24" ],
"PortRanges": [
{
"Begin": 443,
"End": 443
}
]
},
"Protocol": "TCP",
"Source": {
"Address": ["203.0.113.0/24"]
}
},
"Ingress": {
"Destination": {
"Address": [ "198.51.100.0/24" ],
"PortRanges": [
{
"Begin": 443,
"End": 443
}
]
},
"Protocol": "TCP",
"Source": {
"Address": [ "203.0.113.0/24" ]
}
}
}
]
```
## 备注
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Note.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Note.html) 对象指定了用户定义的注释,您可以将其添加到调查发现中。
结果提供商可以为结果提供初始注释,但不能在此之后添加注释。您只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 更新注释。
**示例**
```
"Note": {
"Text": "Don't forget to check under the mat.",
"UpdatedBy": "jsmith",
"UpdatedAt": "2018-08-31T00:15:09Z"
}
```
## PatchSummary
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_PatchSummary.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_PatchSummary.html) 对象根据所选合规性标准提供实例的补丁合规性状态摘要。
**示例**
```
"PatchSummary" : {
"FailedCount" : 0,
"Id" : "pb-123456789098",
"InstalledCount" : 100,
"InstalledOtherCount" : 1023,
"InstalledPendingReboot" : 0,
"InstalledRejectedCount" : 0,
"MissingCount" : 100,
"Operation" : "Install",
"OperationEndTime" : "2018-09-27T23:39:31Z",
"OperationStartTime" : "2018-09-27T23:37:31Z",
"RebootOption" : "RebootIfNeeded"
}
```
## 流程
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ProcessDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ProcessDetails.html) 对象提供有关调查发现的过程相关详细信息。
示例:
```
"Process": {
"LaunchedAt": "2018-09-27T22:37:31Z",
"Name": "syslogd",
"ParentPid": 56789,
"Path": "/usr/sbin/syslogd",
"Pid": 12345,
"TerminatedAt": "2018-09-27T23:37:31Z"
}
```
## ProcessedAt
指示 Security Hub CSPM 何时收到调查发现并开始对其进行处理。
与 `CreatedAt` 和 `UpdatedAt` 不同,这二者是必需的时间戳,与调查发现提供者与安全问题和调查发现的交互有关。`ProcessedAt` 时间戳指示 Security Hub CSPM 何时开始处理调查发现。处理完成后,调查发现会出现在用户的账户中。
```
"ProcessedAt": "2023-03-23T13:22:13.933Z"
```
## ProductFields
一种数据类型,其中安全调查结果产品可以包含其他特定于解决方案的详细信息,这些详细信息不是定义 AWS 的安全调查结果格式的一部分。
有关由 Security Hub CSPM 控件生成的调查发现,`ProductFields` 包括有关控件的信息。请参阅[生成和更新控件调查发现](controls-findings-create-update.md)。
此字段不应包含冗余数据,也不得包含与 AWS 安全调查结果格式字段冲突的数据。
“`aws/`” 前缀仅代表为 AWS 产品和服务保留的命名空间,不得与第三方集成的发现一起提交。
虽然不是必需的,但产品应将字段名称格式化为 `company-id/product-id/field-name`,其中 `company-id` 和 `product-id` 与结果的 `ProductArn` 中提供的名称匹配。
当 Security Hub CSPM 存档现有调查发现时,将使用引用 `Archival` 的字段。例如,当您禁用控件或标准以及打开或关闭[整合的控件调查发现](controls-findings-create-update.md#consolidated-control-findings)时,Security Hub CSPM 会存档现有调查发现。
此字段还可能包含有关标准的信息,标准中包括产生调查发现的控件。
**示例**
```
"ProductFields": {
"API", "DeleteTrail",
"ArchivalReasons:0/Description": "The finding is in an ARCHIVED state because consolidated control findings has been turned on or off. This causes findings in the previous state to be archived when new findings are being generated.",
"ArchivalReasons:0/ReasonCode": "CONSOLIDATED_CONTROL_FINDINGS_UPDATE",
"aws/inspector/AssessmentTargetName": "My prod env",
"aws/inspector/AssessmentTemplateName": "My daily CVE assessment",
"aws/inspector/RulesPackageName": "Common Vulnerabilities and Exposures",
"generico/secure-pro/Action.Type", "AWS_API_CALL",
"generico/secure-pro/Count": "6",
"Service_Name": "cloudtrail.amazonaws.com"
}
```
## ProductName
提供生成调查发现的产品的名称。对于基于控件的调查发现,产品名称为 Security Hub CSPM。
Security Hub CSPM 会为每个调查发现自动填充此属性。您无法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 或 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 对其进行更新。使用自定义集成是此规则的例外。请参阅[将 Security Hub CSPM 与自定义产品集成](securityhub-custom-providers.md)。
当您使用 Security Hub CSPM 控制台按产品名称筛选调查发现时,请使用此属性。
当您使用 Security Hub CSPM API 按产品名称筛选调查发现时,请使用 `ProductFields` 下面的 `aws/securityhub/ProductName` 属性。
Security Hub CSPM 不会同步这两个属性。
## RecordState
提供调查发现的记录状态。
默认情况下,在最初由服务生成时,结果被视为 `ACTIVE`。
`ARCHIVED` 状态表示应从视图中隐藏结果。存档的调查发现不会立即删除。您可以搜索、查看和报告这些结果。如果关联的资源被删除、资源不存在或控件被禁用,Security Hub CSPM 会自动存档基于控件的调查发现。
`RecordState` 适用于调查发现提供者,并且只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 操作进行更新。您不能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 操作进行更新。
要跟踪调查发现的状态,请使用 [`Workflow`](#asff-workflow) 而不是 `RecordState`。
如果记录状态从 `ARCHIVED` 变为 `ACTIVE`,并且调查发现的工作流状态为 `NOTIFIED` 或 `RESOLVED`,则 Security Hub CSPM 会自动将工作流状态更改为 `NEW`。
**示例**
```
"RecordState": "ACTIVE"
```
## Region
指定生成查找结果 AWS 区域 的依据。
Security Hub CSPM 会为每个调查发现自动填充此属性。您无法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 或 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 对其进行更新。
**示例**
```
"Region": "us-west-2"
```
## RelatedFindings
提供与当前发现相关的调查发现列表。
`RelatedFindings` 只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 操作进行更新。您不应使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 更新此对象。
对于 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html) 请求,调查发现提供商应使用 [`FindingProviderFields`](#asff-findingproviderfields) 下面的 `RelatedFindings` 对象。
要查看 `RelatedFindings` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_RelatedFinding.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_RelatedFinding.html)。
**示例**
```
"RelatedFindings": [
{ "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "123e4567-e89b-12d3-a456-426655440000" },
{ "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "AcmeNerfHerder-111111111111-x189dx7824" }
]
```
## RiskAssessment
**示例**
```
"RiskAssessment": {
"Posture": {
"FindingTotal": 4,
"Indicators": [
{
"Type": "Reachability",
"Findings": [
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/1234567890abcdef0",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
},
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/abcdef01234567890",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
}
]
},
{
"Type": "Vulnerability",
"Findings": [
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/021345abcdef6789",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
},
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/021345ghijkl6789",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
}
]
}
]
}
}
```
## 修复
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Remediation.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Remediation.html) 对象提供有关为解决调查发现问题而建议的修复步骤的信息。
**示例**
```
"Remediation": {
"Recommendation": {
"Text": "For instructions on how to fix this issue, see the AWS Security Hub CSPM documentation for EC2.2.",
"Url": "https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation"
}
}
```
## 样本
指定调查发现是否为调查发现样本。
```
"Sample": true
```
## SourceUrl
`SourceUrl` 对象提供一个 URL,指向有关调查发现产品中当前调查发现的页面
```
"SourceUrl": "http://sourceurl.com"
```
## ThreatIntelIndicators
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ThreatIntelIndicator.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ThreatIntelIndicator.html) 对象提供与调查发现相关的威胁情报详细信息。
**示例**
```
"ThreatIntelIndicators": [
{
"Category": "BACKDOOR",
"LastObservedAt": "2018-09-27T23:37:31Z",
"Source": "Threat Intel Weekly",
"SourceUrl": "http://threatintelweekly.org/backdoors/8888",
"Type": "IPV4_ADDRESS",
"Value": "8.8.8.8",
}
]
```
## 威胁
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Threat.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Threat.html) 对象提供调查发现所检测到的威胁的详细信息。
**示例**
```
"Threats": [{
"FilePaths": [{
"FileName": "b.txt",
"FilePath": "/tmp/b.txt",
"Hash": "sha256",
"ResourceId": "arn:aws:ec2:us-west-2:123456789012:volume/vol-032f3bdd89aee112f"
}],
"ItemCount": 3,
"Name": "Iot.linux.mirai.vwisi",
"Severity": "HIGH"
}]
```
## UserDefinedFields
提供与调查发现关联的名称/值字符串对的列表。这些是添加到结果的自定义用户定义字段。这些字段可以通过特定配置自动生成。
调查发现提供商不应将此字段用于产品生成的数据。相反,查找提供者可以将该`ProductFields`字段用于未映射到任何标准 AWS 安全查找格式字段的数据。
这些字段只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 进行更新。
**示例**
```
"UserDefinedFields": {
"reviewedByCio": "true",
"comeBackToLater": "Check this again on Monday"
}
```
## VerificationState
提供调查发现的准确性。结果产品可以提供 `UNKNOWN` 作为该字段的值。如果在结果产品的系统中存在有意义的类比,则结果产品应该为该字段提供值。该字段通常由用户在对调查发现进行调查后做出的决定或操作填充。
结果提供商可以为此属性提供初始值,但在此之后无法更新它。您只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 来更新此属性。
```
"VerificationState": "Confirmed"
```
## 漏洞
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html) 对象提供与调查发现相关的漏洞列表。
**示例**
```
"Vulnerabilities" : [
{
"CodeVulnerabilities": [{
"Cwes": [
"CWE-798",
"CWE-799"
],
"FilePath": {
"EndLine": 421,
"FileName": "package-lock.json",
"FilePath": "package-lock.json",
"StartLine": 420
},
"SourceArn":"arn:aws:lambda:us-east-1:123456789012:layer:AWS-AppConfig-Extension:114"
}],
"Cvss": [
{
"BaseScore": 4.7,
"BaseVector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"Version": "V3"
},
{
"BaseScore": 4.7,
"BaseVector": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"Version": "V2"
}
],
"EpssScore": 0.015,
"ExploitAvailable": "YES",
"FixAvailable": "YES",
"Id": "CVE-2020-12345",
"LastKnownExploitAt": "2020-01-16T00:01:35Z",
"ReferenceUrls":[
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418",
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563"
],
"RelatedVulnerabilities": ["CVE-2020-12345"],
"Vendor": {
"Name": "Alas",
"Url":"https://alas.aws.amazon.com/ALAS-2020-1337.html",
"VendorCreatedAt":"2020-01-16T00:01:43Z",
"VendorSeverity":"Medium",
"VendorUpdatedAt":"2020-01-16T00:01:43Z"
},
"VulnerablePackages": [
{
"Architecture": "x86_64",
"Epoch": "1",
"FilePath": "/tmp",
"FixedInVersion": "0.14.0",
"Name": "openssl",
"PackageManager": "OS",
"Release": "16.amzn2.0.3",
"Remediation": "Update aws-crt to 0.14.0",
"SourceLayerArn": "arn:aws:lambda:us-west-2:123456789012:layer:id",
"SourceLayerHash": "sha256:c1962c35b63a6ff6ce7df6e042ee82371a605ca9515569edec46ff14f926f001",
"Version": "1.0.2k"
}
]
}
]
```
## 工作流
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Workflow.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Workflow.html) 对象提供有关调查发现调查状态的信息。
此字段专供客户与修复、编排和票务工具配合使用。它不适用于结果提供商。
您只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 更新 `Workflow` 字段。客户还可以从控制台更新它。请参阅[在 Security Hub CSPM 中设置调查发现的工作流状态](findings-workflow-status.md)。
**示例**
```
"Workflow": {
"Status": "NEW"
}
```
## WorkflowState (已退休)
此对象已停用,已被 `Workflow` 对象的 `Status` 字段所取代。
此字段提供调查发现的工作流程状态。结果产品可以提供 `NEW` 作为该字段的值。如果在结果产品的系统中存在有意义的类比,则结果产品可以为该字段提供值。
**示例**
```
"WorkflowState": "NEW"
```
# Resources ASFF 对象
在 AWS 安全调查结果格式 (ASFF) 中,`Resources`对象提供有关查找结果中涉及的资源的信息。它包含最多 32 个资源对象的数组。要确定资源名称的格式,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。有关每个资源对象的示例,请从以下列表中选择资源。
**Topics**
+ [ASFF 中的资源属性](asff-resources-attributes.md)
+ [ASFF 中的 AwsAmazonMQ 资源](asff-resourcedetails-awsamazonmq.md)
+ [ASFF 中的 AwsApiGateway 资源](asff-resourcedetails-awsapigateway.md)
+ [ASFF 中的 AwsAppSync 资源](asff-resourcedetails-awsappsync.md)
+ [ASFF 中的 AwsAthena 资源](asff-resourcedetails-awsathena.md)
+ [ASFF 中的 AwsAutoScaling 资源](asff-resourcedetails-awsautoscaling.md)
+ [ASFF 中的 AwsBackup 资源](asff-resourcedetails-awsbackup.md)
+ [ASFF 中的 AwsCertificateManager 资源](asff-resourcedetails-awscertificatemanager.md)
+ [ASFF 中的 AwsCloudFormation 资源](asff-resourcedetails-awscloudformation.md)
+ [ASFF 中的 AwsCloudFront 资源](asff-resourcedetails-awscloudfront.md)
+ [ASFF 中的 AwsCloudTrail 资源](asff-resourcedetails-awscloudtrail.md)
+ [ASFF 中的 AwsCloudWatch 资源](asff-resourcedetails-awscloudwatch.md)
+ [ASFF 中的 AwsCodeBuild 资源](asff-resourcedetails-awscodebuild.md)
+ [ASFF 中的 AwsDms 资源](asff-resourcedetails-awsdms.md)
+ [ASFF 中的 AwsDynamoDB 资源](asff-resourcedetails-awsdynamodb.md)
+ [ASFF 中的 AwsEc2 资源](asff-resourcedetails-awsec2.md)
+ [ASFF 中的 AwsEcr 资源](asff-resourcedetails-awsecr.md)
+ [ASFF 中的 AwsEcs 资源](asff-resourcedetails-awsecs.md)
+ [ASFF 中的 AwsEfs 资源](asff-resourcedetails-awsefs.md)
+ [ASFF 中的 AwsEks 资源](asff-resourcedetails-awseks.md)
+ [ASFF 中的 AwsElasticBeanstalk 资源](asff-resourcedetails-awselasticbeanstalk.md)
+ [ASFF 中的 AwsElasticSearch 资源](asff-resourcedetails-awselasticsearch.md)
+ [ASFF 中的 AwsElb 资源](asff-resourcedetails-awselb.md)
+ [ASFF 中的 AwsEventBridge 资源](asff-resourcedetails-awsevent.md)
+ [ASFF 中的 AwsGuardDuty 资源](asff-resourcedetails-awsguardduty.md)
+ [ASFF 中的 AwsIam 资源](asff-resourcedetails-awsiam.md)
+ [ASFF 中的 AwsKinesis 资源](asff-resourcedetails-awskinesis.md)
+ [ASFF 中的 AwsKms 资源](asff-resourcedetails-awskms.md)
+ [AwsLambda](asff-resourcedetails-awslambda.md)
+ [ASFF 中的 AwsMsk 资源](asff-resourcedetails-awsmsk.md)
+ [ASFF 中的 AwsNetworkFirewall 资源](asff-resourcedetails-awsnetworkfirewall.md)
+ [ASFF 中的 AwsOpenSearchService 资源](asff-resourcedetails-awsopensearchservice.md)
+ [ASFF 中的 AwsRds 资源](asff-resourcedetails-awsrds.md)
+ [ASFF 中的 AwsRedshift 资源](asff-resourcedetails-awsredshift.md)
+ [ASFF 中的 AwsRoute53 资源](asff-resourcedetails-awsroute53.md)
+ [ASFF 中的 AwsS3 资源](asff-resourcedetails-awss3.md)
+ [ASFF 中的 AwsSageMaker 资源](asff-resourcedetails-awssagemaker.md)
+ [ASFF 中的 AwsSecretsManager 资源](asff-resourcedetails-awssecretsmanager.md)
+ [ASFF 中的 AwsSns 资源](asff-resourcedetails-awssns.md)
+ [ASFF 中的 AwsSqs 资源](asff-resourcedetails-awssqs.md)
+ [ASFF 中的 AwsSsm 资源](asff-resourcedetails-awsssm.md)
+ [ASFF 中的 AwsStepFunctions 资源](asff-resourcedetails-awsstepfunctions.md)
+ [ASFF 中的 AwsWaf 资源](asff-resourcedetails-awswaf.md)
+ [ASFF 中的 AwsXray 资源](asff-resourcedetails-awsxray.md)
+ [ASFF 中的 CodeRepository 对象](asff-resourcedetails-coderepository.md)
+ [ASFF 中的 Container 对象](asff-resourcedetails-container.md)
+ [ASFF 中的 Other 对象](asff-resourcedetails-other.md)
# ASFF 中的资源属性
以下是 AWS 安全调查结果格式 (ASFF) 中该`Resources`对象的描述和示例。有关这些字段的更多信息,请参阅[资源](asff-required-attributes.md#Resources)。
## ApplicationArn
确定调查发现中涉及的应用程序的 Amazon 资源名称(ARN)。
**示例**
```
"ApplicationArn": "arn:aws:resource-groups:us-west-2:123456789012:group/SampleApp/1234567890abcdef0"
```
## ApplicationName
确定调查发现中涉及的应用程序的名称。
**示例**
```
"ApplicationName": "SampleApp"
```
## DataClassification
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DataClassificationDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DataClassificationDetails.html) 字段提供有关在资源上检测到的敏感数据的信息。
**示例**
```
"DataClassification": {
"DetailedResultsLocation": "Path_to_Folder_Or_File",
"Result": {
"MimeType": "text/plain",
"SizeClassified": 2966026,
"AdditionalOccurrences": false,
"Status": {
"Code": "COMPLETE",
"Reason": "Unsupportedfield"
},
"SensitiveData": [
{
"Category": "PERSONAL_INFORMATION",
"Detections": [
{
"Count": 34,
"Type": "GE_PERSONAL_ID",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 10,
"StartColumn": 20
}
],
"Pages": [],
"Records": [],
"Cells": []
}
},
{
"Count": 59,
"Type": "EMAIL_ADDRESS",
"Occurrences": {
"Pages": [
{
"PageNumber": 1,
"OffsetRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
},
"LineRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
}
}
]
}
},
{
"Count": 2229,
"Type": "URL",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 13
}
]
}
},
{
"Count": 13826,
"Type": "NameDetection",
"Occurrences": {
"Records": [
{
"RecordIndex": 1,
"JsonPath": "$.ssn.value"
}
]
}
},
{
"Count": 32,
"Type": "AddressDetection"
}
],
"TotalCount": 32
}
],
"CustomDataIdentifiers": {
"Detections": [
{
"Arn": "1712be25e7c7f53c731fe464f1c869b8",
"Name": "1712be25e7c7f53c731fe464f1c869b8",
"Count": 2,
}
],
"TotalCount": 2
}
}
}
```
## Details
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html) 字段使用相应对象提供有关单个资源的更多信息。必须在 `Resources` 对象中的单独资源对象中提供每个资源。
请注意,如果调查发现大小超过最大值 240 KB,则 `Details` 对象将从调查发现中移除。对于使用 AWS Config 规则的控制结果,您可以在 AWS Config 控制台上查看资源详细信息。
Security Hub CSPM 为其支持的资源类型提供了一组可用的资源详细信息。这些细节对应于 `Type` 对象的值。尽可能使用提供的类型。
例如,如果资源是 S3 存储桶,则将资源 `Type` 设置为 `AwsS3Bucket` 并在 [`AwsS3Bucket`](asff-resourcedetails-awss3.md#asff-resourcedetails-awss3bucket) 对象中提供资源详细信息。
[`Other`](asff-resourcedetails-other.md) 对象允许您提供自定义字段和值。您在以下情况下使用 `Other` 对象:
+ 资源类型(资源 `Type` 的值)没有对应的详细信息对象。要提供资源的详细信息,您可以使用 [`Other`](asff-resourcedetails-other.md) 对象。
+ 资源类型的对象不包括您要填充的所有字段。在这种情况下,请使用资源类型的详细信息对象来填充可用字段。使用 `Other` 对象填充不在特定于类型的对象中的字段。
+ 资源类型不是提供的类型之一。在此情况下,将 `Resource.Type` 设置为 `Other`,并使用 `Other` 对象填充详细信息。
**示例**
```
"Details": {
"AwsEc2Instance": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:role/IamInstanceProfileArn",
"ImageId": "ami-79fd7eee",
"IpV4Addresses": ["1.1.1.1"],
"IpV6Addresses": ["2001:db8:1234:1a2b::123"],
"KeyName": "testkey",
"LaunchedAt": "2018-09-29T01:25:54Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled"
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "PublicSubnet",
"Type": "i3.xlarge",
"VirtualizationType": "hvm",
"VpcId": "TestVPCIpv6"
},
"AwsS3Bucket": {
"OwnerId": "da4d66eac431652a4d44d490a00500bded52c97d235b7b4752f9f688566fe6de",
"OwnerName": "acmes3bucketowner"
},
"Other": { "LightPen": "blinky", "SerialNo": "1234abcd"}
}
```
## Id
给定资源类型的标识符。
对于 AWS 由 Amazon 资源名称 (ARNs) 标识的资源,这是 ARN。
对于缺少的 AWS 资源 ARNs,这是创建资源的 AWS 服务所定义的标识符。
对于非AWS 资源,这是与资源关联的唯一标识符。
**示例**
```
"Id": "arn:aws:s3:::amzn-s3-demo-bucket"
```
## 分区
资源所在的分区。分区是一组 AWS 区域。每个分区的作用域 AWS 账户 仅限于一个分区。
支持以下分区:
+ `aws` – AWS 区域
+ `aws-cn` – 中国区域
+ `aws-us-gov` – AWS GovCloud (US) Region
**示例**
```
"Partition": "aws"
```
## Region
此资源 AWS 区域 所在位置的代码。有关区域代码的列表,请参阅[区域端点](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints)。
**示例**
```
"Region": "us-west-2"
```
## ResourceRole
标识资源在调查发现中的作用。资源要么是调查发现活动的目标,要么是执行该活动的行为者。
**示例**
```
"ResourceRole": "target"
```
## 标签
此字段会提供调查发现中涉及的资源的标签的键值信息。您可以为标记 API `GetResources` 操作[支持的资源](https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/supported-services.html) AWS Resource Groups 添加标签。Security Hub CSPM 通过[服务相关角色](using-service-linked-roles.md)调用此操作,如果 AWS 安全调查结果格式 (ASFF) `Resource.Id` 字段填充了资源 ARN,则会检索资源标签。 AWS 无效 IDs 的资源将被忽略。
您可以向 Security Hub CSPM 提取的调查结果(包括来自集成产品 AWS 服务 和第三方产品的发现)添加资源标签。
添加标签会指明在处理调查发现时与资源关联的标签的列表。您仅可以包含具有关联标签的资源的 `Tags` 属性。如果资源没有关联的标签,请不要在结果中包含 `Tags` 属性。
在调查发现中包含资源标签后,无需构建数据扩充管线或手动扩充调查发现的元数据。您还可以使用标签搜索或筛选调查发现和见解,并创建[自动化规则](automation-rules.md)。
有关适用于标签的限制的信息,请参阅 [Tag naming limits and requirements](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html#tag-conventions)。
您只能在此字段中提供 AWS 资源上存在的标签。要提供未在 AWS 安全调查结果格式中定义的数据,请使用`Other`详细信息子字段。
**示例**
```
"Tags": {
"billingCode": "Lotus-1-2-3",
"needsPatching": "true"
}
```
## Type
要为其提供详细信息的资源的类型。
如果可能,使用提供的资源类型之一,例如 `AwsEc2Instance` 或 `AwsS3Bucket`。
如果资源类型与提供的任何资源类型不匹配,则将资源 `Type` 设置为 `Other`,并使用 `Other` 详细信息子字段填写详细信息。
支持的值列在[资源](asff-resources.md)下。
**示例**
```
"Type": "AwsS3Bucket"
```
# ASFF 中的 AwsAmazonMQ 资源
以下是`AwsAmazonMQ`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAmazonMQBroker
`AwsAmazonMQBroker` 提供有关 Amazon MQ 代理的信息,该代理是运行在 Amazon MQ 上的消息代理环境。
以下示例显示了 `AwsAmazonMQBroker` 对象的 ASFF。要查看 `AwsAmazonMQBroker` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsAmazonMQBroker](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAmazonMQBrokerDetails.html)。
**示例**
```
"AwsAmazonMQBroker": {
"AutoMinorVersionUpgrade": true,
"BrokerArn": "arn:aws:mq:us-east-1:123456789012:broker:TestBroker:b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"BrokerId": "b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"BrokerName": "TestBroker",
"Configuration": {
"Id": "c-a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
"Revision": 1
},
"DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ",
"EncryptionOptions": {
"UseAwsOwnedKey": true
},
"EngineType": "ActiveMQ",
"EngineVersion": "5.17.2",
"HostInstanceType": "mq.t2.micro",
"Logs": {
"Audit": false,
"AuditLogGroup": "/aws/amazonmq/broker/b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111/audit",
"General": false,
"GeneralLogGroup": "/aws/amazonmq/broker/b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111/general"
},
"MaintenanceWindowStartTime": {
"DayOfWeek": "MONDAY",
"TimeOfDay": "22:00",
"TimeZone": "UTC"
},
"PubliclyAccessible": true,
"SecurityGroups": [
"sg-021345abcdef6789"
],
"StorageType": "efs",
"SubnetIds": [
"subnet-1234567890abcdef0",
"subnet-abcdef01234567890"
],
"Users": [
{
"Username": "admin"
}
]
}
```
# ASFF 中的 AwsApiGateway 资源
以下是`AwsApiGateway`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsApiGatewayRestApi
`AwsApiGatewayRestApi` 对象包含有关 Amazon API Gateway 版本 1 中的 REST API 的信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsApiGatewayRestApi` 调查发现示例。要查看 `AwsApiGatewayRestApi` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsApiGatewayRestApiDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayRestApiDetails.html)。
**示例**
```
AwsApiGatewayRestApi: {
"Id": "exampleapi",
"Name": "Security Hub",
"Description": "AWS Security Hub",
"CreatedDate": "2018-11-18T10:20:05-08:00",
"Version": "2018-10-26",
"BinaryMediaTypes" : ["-'*~1*'"],
"MinimumCompressionSize": 1024,
"ApiKeySource": "AWS_ACCOUNT_ID",
"EndpointConfiguration": {
"Types": [
"REGIONAL"
]
}
}
```
## AwsApiGatewayStage
`AwsApiGatewayStage` 对象提供有关版本 1 的 Amazon API Gateway 阶段的信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsApiGatewayStage` 调查发现示例。要查看 `AwsApiGatewayStage` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsApiGatewayStageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayStageDetails.html)。
**示例**
```
"AwsApiGatewayStage": {
"DeploymentId": "n7hlmf",
"ClientCertificateId": "a1b2c3",
"StageName": "Prod",
"Description" : "Stage Description",
"CacheClusterEnabled": false,
"CacheClusterSize" : "1.6",
"CacheClusterStatus": "NOT_AVAILABLE",
"MethodSettings": [
{
"MetricsEnabled": true,
"LoggingLevel": "INFO",
"DataTraceEnabled": false,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 5.0,
"CachingEnabled": false,
"CacheTtlInSeconds": 300,
"CacheDataEncrypted": false,
"RequireAuthorizationForCacheControl": true,
"UnauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER",
"HttpMethod": "POST",
"ResourcePath": "/echo"
}
],
"Variables": {"test": "value"},
"DocumentationVersion": "2.0",
"AccessLogSettings": {
"Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }",
"DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod"
},
"CanarySettings": {
"PercentTraffic": 0.0,
"DeploymentId": "ul73s8",
"StageVariableOverrides" : [
"String" : "String"
],
"UseStageCache": false
},
"TracingEnabled": false,
"CreatedDate": "2018-07-11T10:55:18-07:00",
"LastUpdatedDate": "2020-08-26T11:51:04-07:00",
"WebAclArn" : "arn:aws:waf-regional:us-west-2:111122223333:webacl/cb606bd8-5b0b-4f0b-830a-dd304e48a822"
}
```
## AwsApiGatewayV2Api
`AwsApiGatewayV2Api` 对象包含有关 Amazon API Gateway 中版本 2 API 的信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsApiGatewayV2Api` 调查发现示例。要查看`AwsApiGatewayV2Api`属性的描述,请参阅《*AWS Security Hub API 参考*》ApiDetails中的 [AwsApiGatewayV2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayV2ApiDetails.html)。
**示例**
```
"AwsApiGatewayV2Api": {
"ApiEndpoint": "https://example.us-west-2.amazonaws.com",
"ApiId": "a1b2c3d4",
"ApiKeySelectionExpression": "$request.header.x-api-key",
"CreatedDate": "2020-03-28T00:32:37Z",
"Description": "ApiGatewayV2 Api",
"Version": "string",
"Name": "my-api",
"ProtocolType": "HTTP",
"RouteSelectionExpression": "$request.method $request.path",
"CorsConfiguration": {
"AllowOrigins": [ "*" ],
"AllowCredentials": true,
"ExposeHeaders": [ "string" ],
"MaxAge": 3000,
"AllowMethods": [
"GET",
"PUT",
"POST",
"DELETE",
"HEAD"
],
"AllowHeaders": [ "*" ]
}
}
```
## AwsApiGatewayV2Stage
`AwsApiGatewayV2Stage` 包含有关 Amazon API Gateway 的版本 2 阶段的信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsApiGatewayV2Stage` 调查发现示例。要查看`AwsApiGatewayV2Stage`属性的描述,请参阅《*AWS Security Hub API 参考*》StageDetails中的 [AwsApiGatewayV2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayV2StageDetails.html)。
**示例**
```
"AwsApiGatewayV2Stage": {
"CreatedDate": "2020-04-08T00:36:05Z",
"Description" : "ApiGatewayV2",
"DefaultRouteSettings": {
"DetailedMetricsEnabled": false,
"LoggingLevel": "INFO",
"DataTraceEnabled": true,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 50
},
"DeploymentId": "x1zwyv",
"LastUpdatedDate": "2020-04-08T00:36:13Z",
"RouteSettings": {
"DetailedMetricsEnabled": false,
"LoggingLevel": "INFO",
"DataTraceEnabled": true,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 50
},
"StageName": "prod",
"StageVariables": [
"function": "my-prod-function"
],
"AccessLogSettings": {
"Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }",
"DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod"
},
"AutoDeploy": false,
"LastDeploymentStatusMessage": "Message",
"ApiGatewayManaged": true,
}
```
# ASFF 中的 AwsAppSync 资源
以下是`AwsAppSync`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAppSyncGraphQLApi
`AwsAppSyncGraphQLApi`提供有关 AWS AppSync GraphQL API 的信息,该API是您的应用程序的顶级结构。
以下示例显示了 `AwsAppSyncGraphQLApi` 对象的 ASFF。要查看 `AwsAppSyncGraphQLApi` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsAppSyncGraphQLApi](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAppSyncGraphQLApiDetails.html)。
**示例**
```
"AwsAppSyncGraphQLApi": {
"AdditionalAuthenticationProviders": [
{
"AuthenticationType": "AWS_LAMBDA",
"LambdaAuthorizerConfig": {
"AuthorizerResultTtlInSeconds": 300,
"AuthorizerUri": "arn:aws:lambda:us-east-1:123456789012:function:mylambdafunc"
}
},
{
"AuthenticationType": "AWS_IAM"
}
],
"ApiId": "021345abcdef6789",
"Arn": "arn:aws:appsync:eu-central-1:123456789012:apis/021345abcdef6789",
"AuthenticationType": "API_KEY",
"Id": "021345abcdef6789",
"LogConfig": {
"CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/appsync-graphqlapi-logs-eu-central-1",
"ExcludeVerboseContent": true,
"FieldLogLevel": "ALL"
},
"Name": "My AppSync App",
"XrayEnabled": true,
}
```
# ASFF 中的 AwsAthena 资源
以下是`AwsAthena`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAthenaWorkGroup
`AwsAthenaWorkGroup` 提供了有关 Amazon Athena 工作组的信息。工作组可帮助您分离用户、团队、应用程序或工作负载。它还可以帮助您设置数据处理限制并跟踪成本。
以下示例显示了 `AwsAthenaWorkGroup` 对象的 ASFF。要查看 `AwsAthenaWorkGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsAthenaWorkGroup](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAthenaWorkGroupDetails.html)。
**示例**
```
"AwsAthenaWorkGroup": {
"Description": "My workgroup for prod workloads",
"Name": "MyWorkgroup",
"WorkgroupConfiguration" {
"ResultConfiguration": {
"EncryptionConfiguration": {
"EncryptionOption": "SSE_KMS",
"KmsKey": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
}
}
},
"State": "ENABLED"
}
```
# ASFF 中的 AwsAutoScaling 资源
以下是`AwsAutoScaling`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAutoScalingAutoScalingGroup
`AwsAutoScalingAutoScalingGroup` 对象提供有关自动扩展组的详细信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsAutoScalingAutoScalingGroup` 调查发现示例。要查看 `AwsAutoScalingAutoScalingGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsAutoScalingAutoScalingGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAutoScalingAutoScalingGroupDetails.html)。
**示例**
```
"AwsAutoScalingAutoScalingGroup": {
"CreatedTime": "2017-10-17T14:47:11Z",
"HealthCheckGracePeriod": 300,
"HealthCheckType": "EC2",
"LaunchConfigurationName": "mylaunchconf",
"LoadBalancerNames": [],
"LaunchTemplate": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"MixedInstancesPolicy": {
"InstancesDistribution": {
"OnDemandAllocationStrategy": "prioritized",
"OnDemandBaseCapacity": number,
"OnDemandPercentageAboveBaseCapacity": number,
"SpotAllocationStrategy": "lowest-price",
"SpotInstancePools": number,
"SpotMaxPrice": "string"
},
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"CapacityRebalance": true,
"Overrides": [
{
"InstanceType": "string",
"WeightedCapacity": "string"
}
]
}
}
}
}
```
## AwsAutoScalingLaunchConfiguration
`AwsAutoScalingLaunchConfiguration` 对象提供有关启动配置的详细信息。
以下是 AWS 安全`AwsAutoScalingLaunchConfiguration`调查结果格式 (ASFF) 中的示例发现。
要查看 `AwsAutoScalingLaunchConfiguration` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsAutoScalingLaunchConfigurationDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAutoScalingLaunchConfigurationDetails.html)。
**示例**
```
AwsAutoScalingLaunchConfiguration: {
"LaunchConfigurationName": "newtest",
"ImageId": "ami-058a3739b02263842",
"KeyName": "55hundredinstance",
"SecurityGroups": [ "sg-01fce87ad6e019725" ],
"ClassicLinkVpcSecurityGroups": [],
"UserData": "...Base64-Encoded user data..."
"InstanceType": "a1.metal",
"KernelId": "",
"RamdiskId": "ari-a51cf9cc",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sdh",
"Ebs": {
"VolumeSize": 30,
"VolumeType": "gp2",
"DeleteOnTermination": false,
"Encrypted": true,
"SnapshotId": "snap-ffaa1e69",
"VirtualName": "ephemeral1"
}
},
{
"DeviceName": "/dev/sdb",
"NoDevice": true
},
{
"DeviceName": "/dev/sda1",
"Ebs": {
"SnapshotId": "snap-02420cd3d2dea1bc0",
"VolumeSize": 8,
"VolumeType": "gp2",
"DeleteOnTermination": true,
"Encrypted": false
}
},
{
"DeviceName": "/dev/sdi",
"Ebs": {
"VolumeSize": 20,
"VolumeType": "gp2",
"DeleteOnTermination": false,
"Encrypted": true
}
},
{
"DeviceName": "/dev/sdc",
"NoDevice": true
}
],
"InstanceMonitoring": {
"Enabled": false
},
"CreatedTime": 1620842933453,
"EbsOptimized": false,
"AssociatePublicIpAddress": true,
"SpotPrice": "0.045"
}
```
# ASFF 中的 AwsBackup 资源
以下是`AwsBackup`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsBackupBackupPlan
`AwsBackupBackupPlan` 对象提供有关 AWS Backup 备份计划的信息。 AWS Backup 备份计划是一种策略表达式,用于定义何时以及如何备份 AWS 资源。
以下示例显示了`AwsBackupBackupPlan`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsBackupBackupPlan` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsBackupBackupPlan](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupBackupPlanDetails.html)。
**示例**
```
"AwsBackupBackupPlan": {
"BackupPlan": {
"AdvancedBackupSettings": [{
"BackupOptions": {
"WindowsVSS":"enabled"
},
"ResourceType":"EC2"
}],
"BackupPlanName": "test",
"BackupPlanRule": [{
"CompletionWindowMinutes": 10080,
"CopyActions": [{
"DestinationBackupVaultArn": "arn:aws:backup:us-east-1:858726136373:backup-vault:aws/efs/automatic-backup-vault",
"Lifecycle": {
"DeleteAfterDays": 365,
"MoveToColdStorageAfterDays": 30
}
}],
"Lifecycle": {
"DeleteAfterDays": 35
},
"RuleName": "DailyBackups",
"ScheduleExpression": "cron(0 5 ? * * *)",
"StartWindowMinutes": 480,
"TargetBackupVault": "Default"
},
{
"CompletionWindowMinutes": 10080,
"CopyActions": [{
"DestinationBackupVaultArn": "arn:aws:backup:us-east-1:858726136373:backup-vault:aws/efs/automatic-backup-vault",
"Lifecycle": {
"DeleteAfterDays": 365,
"MoveToColdStorageAfterDays": 30
}
}],
"Lifecycle": {
"DeleteAfterDays": 35
},
"RuleName": "Monthly",
"ScheduleExpression": "cron(0 5 1 * ? *)",
"StartWindowMinutes": 480,
"TargetBackupVault": "Default"
}]
},
"BackupPlanArn": "arn:aws:backup:us-east-1:858726136373:backup-plan:b6d6b896-590d-4ee1-bf29-c5ccae63f4e7",
"BackupPlanId": "b6d6b896-590d-4ee1-bf29-c5ccae63f4e7",
"VersionId": "ZDVjNDIzMjItYTZiNS00NzczLTg4YzctNmExMWM2NjZhY2E1"
}
```
## AwsBackupBackupVault
`AwsBackupBackupVault` 对象提供有关 AWS Backup 备份文件库的信息。 AWS Backup 备份保管库是一个用于存储和组织备份的容器。
以下示例显示了`AwsBackupBackupVault`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsBackupBackupVault` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsBackupBackupVault](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupBackupVaultDetails.html)。
**示例**
```
"AwsBackupBackupVault": {
"AccessPolicy": {
"Statement": [{
"Action": [
"backup:DeleteBackupVault",
"backup:DeleteBackupVaultAccessPolicy",
"backup:DeleteRecoveryPoint",
"backup:StartCopyJob",
"backup:StartRestoreJob",
"backup:UpdateRecoveryPointLifecycle"
],
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": "*"
}],
"Version": "2012-10-17"
},
"BackupVaultArn": "arn:aws:backup:us-east-1:123456789012:backup-vault:aws/efs/automatic-backup-vault",
"BackupVaultName": "aws/efs/automatic-backup-vault",
"EncrytionKeyArn": "arn:aws:kms:us-east-1:444455556666:key/72ba68d4-5e43-40b0-ba38-838bf8d06ca0",
"Notifications": {
"BackupVaultEvents": ["BACKUP_JOB_STARTED", "BACKUP_JOB_COMPLETED", "COPY_JOB_STARTED"],
"SNSTopicArn": "arn:aws:sns:us-west-2:111122223333:MyVaultTopic"
}
}
```
## AwsBackupRecoveryPoint
`AwsBackupRecoveryPoint` 对象提供有关 AWS Backup 备份的信息,也称为恢复点。 AWS Backup 恢复点表示资源在指定时间的内容。
以下示例显示了`AwsBackupRecoveryPoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsBackupBackupVault` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsBackupRecoveryPoint](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupRecoveryPointDetails.html)。
**示例**
```
"AwsBackupRecoveryPoint": {
"BackupSizeInBytes": 0,
"BackupVaultName": "aws/efs/automatic-backup-vault",
"BackupVaultArn": "arn:aws:backup:us-east-1:111122223333:backup-vault:aws/efs/automatic-backup-vault",
"CalculatedLifecycle": {
"DeleteAt": "2021-08-30T06:51:58.271Z",
"MoveToColdStorageAt": "2020-08-10T06:51:58.271Z"
},
"CompletionDate": "2021-07-26T07:21:40.361Z",
"CreatedBy": {
"BackupPlanArn": "arn:aws:backup:us-east-1:111122223333:backup-plan:aws/efs/73d922fb-9312-3a70-99c3-e69367f9fdad",
"BackupPlanId": "aws/efs/73d922fb-9312-3a70-99c3-e69367f9fdad",
"BackupPlanVersion": "ZGM4YzY5YjktMWYxNC00ZTBmLWE5MjYtZmU5OWNiZmM5ZjIz",
"BackupRuleId": "2a600c2-42ad-4196-808e-084923ebfd25"
},
"CreationDate": "2021-07-26T06:51:58.271Z",
"EncryptionKeyArn": "arn:aws:kms:us-east-1:111122223333:key/72ba68d4-5e43-40b0-ba38-838bf8d06ca0",
"IamRoleArn": "arn:aws:iam::111122223333:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup",
"IsEncrypted": true,
"LastRestoreTime": "2021-07-26T06:51:58.271Z",
"Lifecycle": {
"DeleteAfterDays": 35,
"MoveToColdStorageAfterDays": 15
},
"RecoveryPointArn": "arn:aws:backup:us-east-1:111122223333:recovery-point:151a59e4-f1d5-4587-a7fd-0774c6e91268",
"ResourceArn": "arn:aws:elasticfilesystem:us-east-1:858726136373:file-system/fs-15bd31a1",
"ResourceType": "EFS",
"SourceBackupVaultArn": "arn:aws:backup:us-east-1:111122223333:backup-vault:aws/efs/automatic-backup-vault",
"Status": "COMPLETED",
"StatusMessage": "Failure message",
"StorageClass": "WARM"
}
```
# ASFF 中的 AwsCertificateManager 资源
以下是`AwsCertificateManager`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCertificateManagerCertificate
`AwsCertificateManagerCertificate` 对象提供有关 AWS Certificate Manager (ACM)证书的详细信息。
以下是 AWS 安全`AwsCertificateManagerCertificate`调查结果格式 (ASFF) 中的示例发现。要查看 `AwsCertificateManagerCertificate` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCertificateManagerCertificateDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCertificateManagerCertificateDetails.html)。
**示例**
```
"AwsCertificateManagerCertificate": {
"CertificateAuthorityArn": "arn:aws:acm:us-west-2:444455556666:certificate-authority/example",
"CreatedAt": "2019-05-24T18:12:02.000Z",
"DomainName": "example.amazondomains.com",
"DomainValidationOptions": [
{
"DomainName": "example.amazondomains.com",
"ResourceRecord": {
"Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com",
"Type": "CNAME",
"Value": "_example.acm-validations.aws."
},
"ValidationDomain": "example.amazondomains.com",
"ValidationEmails": [sample_email@sample.com],
"ValidationMethod": "DNS",
"ValidationStatus": "SUCCESS"
}
],
"ExtendedKeyUsages": [
{
"Name": "TLS_WEB_SERVER_AUTHENTICATION",
"OId": "1.3.6.1.5.5.7.3.1"
},
{
"Name": "TLS_WEB_CLIENT_AUTHENTICATION",
"OId": "1.3.6.1.5.5.7.3.2"
}
],
"FailureReason": "",
"ImportedAt": "2018-08-17T00:13:00.000Z",
"InUseBy": ["arn:aws:amazondomains:us-west-2:444455556666:loadbalancer/example"],
"IssuedAt": "2020-04-26T00:41:17.000Z",
"Issuer": "Amazon",
"KeyAlgorithm": "RSA-1024",
"KeyUsages": [
{
"Name": "DIGITAL_SIGNATURE",
},
{
"Name": "KEY_ENCIPHERMENT",
}
],
"NotAfter": "2021-05-26T12:00:00.000Z",
"NotBefore": "2020-04-26T00:00:00.000Z",
"Options": {
"CertificateTransparencyLoggingPreference": "ENABLED",
}
"RenewalEligibility": "ELIGIBLE",
"RenewalSummary": {
"DomainValidationOptions": [
{
"DomainName": "example.amazondomains.com",
"ResourceRecord": {
"Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com",
"Type": "CNAME",
"Value": "_example.acm-validations.aws.com",
},
"ValidationDomain": "example.amazondomains.com",
"ValidationEmails": ["sample_email@sample.com"],
"ValidationMethod": "DNS",
"ValidationStatus": "SUCCESS"
}
],
"RenewalStatus": "SUCCESS",
"RenewalStatusReason": "",
"UpdatedAt": "2020-04-26T00:41:35.000Z",
},
"Serial": "02:ac:86:b6:07:2f:0a:61:0e:3a:ac:fd:d9:ab:17:1a",
"SignatureAlgorithm": "SHA256WITHRSA",
"Status": "ISSUED",
"Subject": "CN=example.amazondomains.com",
"SubjectAlternativeNames": ["example.amazondomains.com"],
"Type": "AMAZON_ISSUED"
}
```
# ASFF 中的 AwsCloudFormation 资源
以下是`AwsCloudFormation`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudFormationStack
`AwsCloudFormationStack` 对象提供有关在顶级模板中作为资源进行嵌套的 AWS CloudFormation 堆栈的详细信息。
以下示例显示了`AwsCloudFormationStack`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsCloudFormationStack` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCloudFormationStackDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudFormationStackDetails.html)。
**示例**
```
"AwsCloudFormationStack": {
"Capabilities": [
"CAPABILITY_IAM",
"CAPABILITY_NAMED_IAM"
],
"CreationTime": "2022-02-18T15:31:53.161Z",
"Description": "AWS CloudFormation Sample",
"DisableRollback": true,
"DriftInformation": {
"StackDriftStatus": "DRIFTED"
},
"EnableTerminationProtection": false,
"LastUpdatedTime": "2022-02-18T15:31:53.161Z",
"NotificationArns": [
"arn:aws:sns:us-east-1:978084797471:sample-sns-cfn"
],
"Outputs": [{
"Description": "URL for newly created LAMP stack",
"OutputKey": "WebsiteUrl",
"OutputValue": "http://ec2-44-193-18-241.compute-1.amazonaws.com"
}],
"RoleArn": "arn:aws:iam::012345678910:role/exampleRole",
"StackId": "arn:aws:cloudformation:us-east-1:978084797471:stack/sample-stack/e5d9f7e0-90cf-11ec-88c6-12ac1f91724b",
"StackName": "sample-stack",
"StackStatus": "CREATE_COMPLETE",
"StackStatusReason": "Success",
"TimeoutInMinutes": 1
}
```
# ASFF 中的 AwsCloudFront 资源
以下是`AwsCloudFront`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudFrontDistribution
该`AwsCloudFrontDistribution`对象提供有关 Amazon CloudFront 分配配置的详细信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsCloudFrontDistribution` 调查发现示例。要查看 `AwsCloudFrontDistribution` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCloudFrontDistributionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudFrontDistributionDetails.html)。
**示例**
```
"AwsCloudFrontDistribution": {
"CacheBehaviors": {
"Items": [
{
"ViewerProtocolPolicy": "https-only"
}
]
},
"DefaultCacheBehavior": {
"ViewerProtocolPolicy": "https-only"
},
"DefaultRootObject": "index.html",
"DomainName": "d2wkuj2w9l34gt.cloudfront.net",
"Etag": "E37HOT42DHPVYH",
"LastModifiedTime": "2015-08-31T21:11:29.093Z",
"Logging": {
"Bucket": "myawslogbucket.s3.amazonaws.com",
"Enabled": false,
"IncludeCookies": false,
"Prefix": "myawslog/"
},
"OriginGroups": {
"Items": [
{
"FailoverCriteria": {
"StatusCodes": {
"Items": [
200,
301,
404
]
"Quantity": 3
}
}
}
]
},
"Origins": {
"Items": [
{
"CustomOriginConfig": {
"HttpPort": 80,
"HttpsPort": 443,
"OriginKeepaliveTimeout": 60,
"OriginProtocolPolicy": "match-viewer",
"OriginReadTimeout": 30,
"OriginSslProtocols": {
"Items": ["SSLv3", "TLSv1"],
"Quantity": 2
}
}
},
]
},
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"Id": "my-origin",
"OriginPath": "/production",
"S3OriginConfig": {
"OriginAccessIdentity": "origin-access-identity/cloudfront/E2YFS67H6VB6E4"
}
]
},
"Status": "Deployed",
"ViewerCertificate": {
"AcmCertificateArn": "arn:aws:acm::123456789012:AcmCertificateArn",
"Certificate": "ASCAJRRE5XYF52TKRY5M4",
"CertificateSource": "iam",
"CloudFrontDefaultCertificate": true,
"IamCertificateId": "ASCAJRRE5XYF52TKRY5M4",
"MinimumProtocolVersion": "TLSv1.2_2021",
"SslSupportMethod": "sni-only"
},
"WebAclId": "waf-1234567890"
}
```
# ASFF 中的 AwsCloudTrail 资源
以下是`AwsCloudTrail`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudTrailTrail
`AwsCloudTrailTrail` 对象提供有关 AWS CloudTrail 路径的详细信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsCloudTrailTrail` 调查发现示例。要查看 `AwsCloudTrailTrail` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCloudTrailTrailDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudTrailTrailDetails.html)。
**示例**
```
"AwsCloudTrailTrail": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:CloudTrail/regression:*",
"CloudWatchLogsRoleArn": "arn:aws:iam::866482105055:role/CloudTrail_CloudWatchLogs",
"HasCustomEventSelectors": true,
"HomeRegion": "us-west-2",
"IncludeGlobalServiceEvents": true,
"IsMultiRegionTrail": true,
"IsOrganizationTrail": false,
"KmsKeyId": "kmsKeyId",
"LogFileValidationEnabled": true,
"Name": "regression-trail",
"S3BucketName": "cloudtrail-bucket",
"S3KeyPrefix": "s3KeyPrefix",
"SnsTopicArn": "arn:aws:sns:us-east-2:123456789012:MyTopic",
"SnsTopicName": "snsTopicName",
"TrailArn": "arn:aws:cloudtrail:us-west-2:123456789012:trail"
}
```
# ASFF 中的 AwsCloudWatch 资源
以下是`AwsCloudWatch`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudWatchAlarm
该`AwsCloudWatchAlarm`对象提供有关 Amazon CloudWatch 警报的详细信息,这些警报会监视指标或在警报状态发生变化时执行操作。
以下示例显示了`AwsCloudWatchAlarm`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsCloudWatchAlarm` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCloudWatchAlarmDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudWatchAlarmDetails.html)。
**示例**
```
"AwsCloudWatchAlarm": {
"ActionsEnabled": true,
"AlarmActions": [
"arn:aws:automate:region:ec2:stop",
"arn:aws:automate:region:ec2:terminate"
],
"AlarmArn": "arn:aws:cloudwatch:us-west-2:012345678910:alarm:sampleAlarm",
"AlarmConfigurationUpdatedTimestamp": "2022-02-18T15:31:53.161Z",
"AlarmDescription": "Alarm Example",
"AlarmName": "Example",
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"DatapointsToAlarm": 1,
"Dimensions": [{
"Name": "InstanceId",
"Value": "i-1234567890abcdef0"
}],
"EvaluateLowSampleCountPercentile": "evaluate",
"EvaluationPeriods": 1,
"ExtendedStatistic": "p99.9",
"InsufficientDataActions": [
"arn:aws:automate:region:ec2:stop"
],
"MetricName": "Sample Metric",
"Namespace": "YourNamespace",
"OkActions": [
"arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0"
],
"Period": 1,
"Statistic": "SampleCount",
"Threshold": 12.3,
"ThresholdMetricId": "t1",
"TreatMissingData": "notBreaching",
"Unit": "Kilobytes/Second"
}
```
# ASFF 中的 AwsCodeBuild 资源
以下是`AwsCodeBuild`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCodeBuildProject
`AwsCodeBuildProject` 对象提供有关 AWS CodeBuild 项目的信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsCodeBuildProject` 调查发现示例。要查看 `AwsCodeBuildProject` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsCodeBuildProjectDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCodeBuildProjectDetails.html)。
**示例**
```
"AwsCodeBuildProject": {
"Artifacts": [
{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}
],
"SecondaryArtifacts": [
{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}
],
"EncryptionKey": "string",
"Certificate": "string",
"Environment": {
"Certificate": "string",
"EnvironmentVariables": [
{
"Name": "string",
"Type": "string",
"Value": "string"
}
],
"ImagePullCredentialsType": "string",
"PrivilegedMode": boolean,
"RegistryCredential": {
"Credential": "string",
"CredentialProvider": "string"
},
"Type": "string"
},
"LogsConfig": {
"CloudWatchLogs": {
"GroupName": "string",
"Status": "string",
"StreamName": "string"
},
"S3Logs": {
"EncryptionDisabled": boolean,
"Location": "string",
"Status": "string"
}
},
"Name": "string",
"ServiceRole": "string",
"Source": {
"Type": "string",
"Location": "string",
"GitCloneDepth": integer
},
"VpcConfig": {
"VpcId": "string",
"Subnets": ["string"],
"SecurityGroupIds": ["string"]
}
}
```
# ASFF 中的 AwsDms 资源
以下是`AwsDms`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsDmsEndpoint
该`AwsDmsEndpoint`对象提供有关 AWS Database Migration Service (AWS DMS) 端点的信息。端点提供有关数据存储的连接、数据存储类型和位置信息。
以下示例显示了`AwsDmsEndpoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsDmsEndpoint` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsDmsEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsEndpointDeatils.html)。
**示例**
```
"AwsDmsEndpoint": {
"CertificateArn": "arn:aws:dms:us-east-1:123456789012:cert:EXAMPLEIGDURVZGVJQZDPWJ5A7F2YDJVSMTBWFI",
"DatabaseName": "Test",
"EndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:EXAMPLEQB3CZY33F7XV253NAJVBNPK6MJQVFVQA",
"EndpointIdentifier": "target-db",
"EndpointType": "TARGET",
"EngineName": "mariadb",
"KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Port": 3306,
"ServerName": "target-db.exampletafyu.us-east-1.rds.amazonaws.com",
"SslMode": "verify-ca",
"Username": "admin"
}
```
## AwsDmsReplicationInstance
该`AwsDmsReplicationInstance`对象提供有关 AWS Database Migration Service (AWS DMS) 复制实例的信息。DMS 使用复制实例连接到源数据存储,读取源数据并设置数据格式以供目标数据存储使用。
以下示例显示了`AwsDmsReplicationInstance`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsDmsReplicationInstance` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsDmsReplicationInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsReplicationInstanceDetails.html)。
**示例**
```
"AwsDmsReplicationInstance": {
"AllocatedStorage": 50,
"AutoMinorVersionUpgrade": true,
"AvailabilityZone": "us-east-1b",
"EngineVersion": "3.5.1",
"KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"MultiAZ": false,
"PreferredMaintenanceWindow": "wed:08:08-wed:08:38",
"PubliclyAccessible": true,
"ReplicationInstanceClass": "dms.c5.xlarge",
"ReplicationInstanceIdentifier": "second-replication-instance",
"ReplicationSubnetGroup": {
"ReplicationSubnetGroupIdentifier": "default-vpc-2344f44f"
},
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-003a34e205138138b"
}
]
}
```
## AwsDmsReplicationTask
该`AwsDmsReplicationTask`对象提供有关 AWS Database Migration Service (AWS DMS) 复制任务的信息。复制任务将一组数据从源端点移动到目标端点。
以下示例显示了`AwsDmsReplicationInstance`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsDmsReplicationInstance` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsDmsReplicationInstance](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsReplicationTaskDetails.html)。
**示例**
```
"AwsDmsReplicationTask": {
"CdcStartPosition": "2023-08-28T14:26:22",
"Id": "arn:aws:dms:us-east-1:123456789012:task:YDYUOHZIXWKQSUCBMUCQCNY44SJW74VJNB5DFWQ",
"MigrationType": "cdc",
"ReplicationInstanceArn": "arn:aws:dms:us-east-1:123456789012:rep:T7V6RFDP23PYQWUL26N3PF5REKML4YOUGIMYJUI",
"ReplicationTaskIdentifier": "test-task",
"ReplicationTaskSettings": "{\"Logging\":{\"EnableLogging\":false,\"EnableLogContext\":false,\"LogComponents\":[{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TRANSFORMATION\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SOURCE_UNLOAD\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"IO\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TARGET_LOAD\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"PERFORMANCE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SOURCE_CAPTURE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SORTER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"REST_SERVER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"VALIDATOR_EXT\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TARGET_APPLY\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TASK_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TABLES_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"METADATA_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"FILE_FACTORY\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"COMMON\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"ADDONS\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"DATA_STRUCTURE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"COMMUNICATION\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"FILE_TRANSFER\"}],\"CloudWatchLogGroup\":null,\"CloudWatchLogStream\":null},\"StreamBufferSettings\":{\"StreamBufferCount\":3,\"CtrlStreamBufferSizeInMB\":5,\"StreamBufferSizeInMB\":8},\"ErrorBehavior\":{\"FailOnNoTablesCaptured\":true,\"ApplyErrorUpdatePolicy\":\"LOG_ERROR\",\"FailOnTransactionConsistencyBreached\":false,\"RecoverableErrorThrottlingMax\":1800,\"DataErrorEscalationPolicy\":\"SUSPEND_TABLE\",\"ApplyErrorEscalationCount\":0,\"RecoverableErrorStopRetryAfterThrottlingMax\":true,\"RecoverableErrorThrottling\":true,\"ApplyErrorFailOnTruncationDdl\":false,\"DataTruncationErrorPolicy\":\"LOG_ERROR\",\"ApplyErrorInsertPolicy\":\"LOG_ERROR\",\"EventErrorPolicy\":\"IGNORE\",\"ApplyErrorEscalationPolicy\":\"LOG_ERROR\",\"RecoverableErrorCount\":-1,\"DataErrorEscalationCount\":0,\"TableErrorEscalationPolicy\":\"STOP_TASK\",\"RecoverableErrorInterval\":5,\"ApplyErrorDeletePolicy\":\"IGNORE_RECORD\",\"TableErrorEscalationCount\":0,\"FullLoadIgnoreConflicts\":true,\"DataErrorPolicy\":\"LOG_ERROR\",\"TableErrorPolicy\":\"SUSPEND_TABLE\"},\"TTSettings\":{\"TTS3Settings\":null,\"TTRecordSettings\":null,\"EnableTT\":false},\"FullLoadSettings\":{\"CommitRate\":10000,\"StopTaskCachedChangesApplied\":false,\"StopTaskCachedChangesNotApplied\":false,\"MaxFullLoadSubTasks\":8,\"TransactionConsistencyTimeout\":600,\"CreatePkAfterFullLoad\":false,\"TargetTablePrepMode\":\"DO_NOTHING\"},\"TargetMetadata\":{\"ParallelApplyBufferSize\":0,\"ParallelApplyQueuesPerThread\":0,\"ParallelApplyThreads\":0,\"TargetSchema\":\"\",\"InlineLobMaxSize\":0,\"ParallelLoadQueuesPerThread\":0,\"SupportLobs\":true,\"LobChunkSize\":64,\"TaskRecoveryTableEnabled\":false,\"ParallelLoadThreads\":0,\"LobMaxSize\":0,\"BatchApplyEnabled\":false,\"FullLobMode\":true,\"LimitedSizeLobMode\":false,\"LoadMaxFileSize\":0,\"ParallelLoadBufferSize\":0},\"BeforeImageSettings\":null,\"ControlTablesSettings\":{\"historyTimeslotInMinutes\":5,\"HistoryTimeslotInMinutes\":5,\"StatusTableEnabled\":false,\"SuspendedTablesTableEnabled\":false,\"HistoryTableEnabled\":false,\"ControlSchema\":\"\",\"FullLoadExceptionTableEnabled\":false},\"LoopbackPreventionSettings\":null,\"CharacterSetSettings\":null,\"FailTaskWhenCleanTaskResourceFailed\":false,\"ChangeProcessingTuning\":{\"StatementCacheSize\":50,\"CommitTimeout\":1,\"BatchApplyPreserveTransaction\":true,\"BatchApplyTimeoutMin\":1,\"BatchSplitSize\":0,\"BatchApplyTimeoutMax\":30,\"MinTransactionSize\":1000,\"MemoryKeepTime\":60,\"BatchApplyMemoryLimit\":500,\"MemoryLimitTotal\":1024},\"ChangeProcessingDdlHandlingPolicy\":{\"HandleSourceTableDropped\":true,\"HandleSourceTableTruncated\":true,\"HandleSourceTableAltered\":true},\"PostProcessingRules\":null}",
"SourceEndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:TZPWV2VCXEGHYOKVKRNHAKJ4Q3RUXACNGFGYWRI",
"TableMappings": "{\"rules\":[{\"rule-type\":\"selection\",\"rule-id\":\"969761702\",\"rule-name\":\"969761702\",\"object-locator\":{\"schema-name\":\"%table\",\"table-name\":\"%example\"},\"rule-action\":\"exclude\",\"filters\":[]}]}",
"TargetEndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:ABR8LBOQB3CZY33F7XV253NAJVBNPK6MJQVFVQA"
}
```
# ASFF 中的 AwsDynamoDB 资源
以下是`AwsDynamoDB`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsDynamoDbTable
`AwsDynamoDbTable` 对象提供有关 Amazon DynamoDB 表的详细信息。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsDynamoDbTable` 调查发现示例。要查看 `AwsDynamoDbTable` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsDynamoDbTableDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDynamoDbTableDetails.html)。
**示例**
```
"AwsDynamoDbTable": {
"AttributeDefinitions": [
{
"AttributeName": "attribute1",
"AttributeType": "value 1"
},
{
"AttributeName": "attribute2",
"AttributeType": "value 2"
},
{
"AttributeName": "attribute3",
"AttributeType": "value 3"
}
],
"BillingModeSummary": {
"BillingMode": "PAY_PER_REQUEST",
"LastUpdateToPayPerRequestDateTime": "2019-12-03T15:23:10.323Z"
},
"CreationDateTime": "2019-12-03T15:23:10.248Z",
"DeletionProtectionEnabled": true,
"GlobalSecondaryIndexes": [
{
"Backfilling": false,
"IndexArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/index/exampleIndex",
"IndexName": "standardsControlArnIndex",
"IndexSizeBytes": 1862513,
"IndexStatus": "ACTIVE",
"ItemCount": 20,
"KeySchema": [
{
"AttributeName": "City",
"KeyType": "HASH"
},
{
"AttributeName": "Date",
"KeyType": "RANGE"
}
],
"Projection": {
"NonKeyAttributes": ["predictorName"],
"ProjectionType": "ALL"
},
"ProvisionedThroughput": {
"LastIncreaseDateTime": "2019-03-14T13:21:00.399Z",
"LastDecreaseDateTime": "2019-03-14T12:47:35.193Z",
"NumberOfDecreasesToday": 0,
"ReadCapacityUnits": 100,
"WriteCapacityUnits": 50
},
}
],
"GlobalTableVersion": "V1",
"ItemCount": 2705,
"KeySchema": [
{
"AttributeName": "zipcode",
"KeyType": "HASH"
}
],
"LatestStreamArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/stream/2019-12-03T23:23:10.248",
"LatestStreamLabel": "2019-12-03T23:23:10.248",
"LocalSecondaryIndexes": [
{
"IndexArn": "arn:aws:dynamodb:us-east-1:111122223333:table/exampleGroup/index/exampleId",
"IndexName": "CITY_DATE_INDEX_NAME",
"KeySchema": [
{
"AttributeName": "zipcode",
"KeyType": "HASH"
}
],
"Projection": {
"NonKeyAttributes": ["predictorName"],
"ProjectionType": "ALL"
},
}
],
"ProvisionedThroughput": {
"LastIncreaseDateTime": "2019-03-14T13:21:00.399Z",
"LastDecreaseDateTime": "2019-03-14T12:47:35.193Z",
"NumberOfDecreasesToday": 0,
"ReadCapacityUnits": 100,
"WriteCapacityUnits": 50
},
"Replicas": [
{
"GlobalSecondaryIndexes":[
{
"IndexName": "CITY_DATE_INDEX_NAME",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": 10
}
}
],
"KmsMasterKeyId" : "KmsKeyId"
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": 10
},
"RegionName": "regionName",
"ReplicaStatus": "CREATING",
"ReplicaStatusDescription": "replicaStatusDescription"
}
],
"RestoreSummary" : {
"SourceBackupArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/backup/backup1",
"SourceTableArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable",
"RestoreDateTime": "2020-06-22T17:40:12.322Z",
"RestoreInProgress": true
},
"SseDescription": {
"InaccessibleEncryptionDateTime": "2018-01-26T23:50:05.000Z",
"Status": "ENABLED",
"SseType": "KMS",
"KmsMasterKeyArn": "arn:aws:kms:us-east-1:111122223333:key/key1"
},
"StreamSpecification" : {
"StreamEnabled": true,
"StreamViewType": "NEW_IMAGE"
},
"TableId": "example-table-id-1",
"TableName": "example-table",
"TableSizeBytes": 1862513,
"TableStatus": "ACTIVE"
}
```
# ASFF 中的 AwsEc2 资源
以下是`AwsEc2`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEc2ClientVpnEndpoint
该`AwsEc2ClientVpnEndpoint`对象提供有关 AWS Client VPN 端点的信息。客户端 VPN 端点是您创建并配置以用于启用和管理客户端 VPN 会话的资源。这是所有 Client VPN 会话的终止点。
以下示例显示了`AwsEc2ClientVpnEndpoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2ClientVpnEndpoint`属性的描述,请参阅《*AWS Security Hub API 参考*》ClientVpnEndpointDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2ClientVpnEndpointDetails.html)。
**示例**
```
"AwsEc2ClientVpnEndpoint": {
"AuthenticationOptions": [
{
"MutualAuthentication": {
"ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Type": "certificate-authentication"
}
],
"ClientCidrBlock": "10.0.0.0/22",
"ClientConnectOptions": {
"Enabled": false
},
"ClientLoginBannerOptions": {
"Enabled": false
},
"ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5",
"ConnectionLogOptions": {
"Enabled": false
},
"Description": "test",
"DnsServer": ["10.0.0.0"],
"ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"SecurityGroupIdSet": [
"sg-0f7a177b82b443691"
],
"SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5",
"SessionTimeoutHours": 24,
"SplitTunnel": false,
"TransportProtocol": "udp",
"VpcId": "vpc-1a2b3c4d5e6f1a2b3",
"VpnPort": 443
}
```
## AwsEc2Eip
`AwsEc2Eip` 对象提供有关弹性 IP 地址的信息。
以下示例显示了`AwsEc2Eip`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2Eip`属性的描述,请参阅《*AWS Security Hub API 参考*》EipDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2EipDetails.html)。
**示例**
```
"AwsEc2Eip": {
"InstanceId": "instance1",
"PublicIp": "192.0.2.04",
"AllocationId": "eipalloc-example-id-1",
"AssociationId": "eipassoc-example-id-1",
"Domain": "vpc",
"PublicIpv4Pool": "anycompany",
"NetworkBorderGroup": "eu-central-1",
"NetworkInterfaceId": "eni-example-id-1",
"NetworkInterfaceOwnerId": "777788889999",
"PrivateIpAddress": "192.0.2.03"
}
```
## AwsEc2Instance
`AwsEc2Instance` 对象提供有关 Amazon EC2 实例的详细信息。
以下示例显示了`AwsEc2Instance`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2Instance`属性的描述,请参阅《*AWS Security Hub API 参考*》InstanceDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2InstanceDetails.html)。
**示例**
```
"AwsEc2Instance": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole",
"ImageId": "ami-1234",
"IpV4Addresses": [ "1.1.1.1" ],
"IpV6Addresses": [ "2001:db8:1234:1a2b::123" ],
"KeyName": "my_keypair",
"LaunchedAt": "2018-05-08T16:46:19.000Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled",
},
"Monitoring": {
"State": "disabled"
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "subnet-123",
"Type": "i3.xlarge",
"VpcId": "vpc-123"
}
```
## AwsEc2LaunchTemplate
`AwsEc2LaunchTemplate` 对象包含有关指定实例配置信息的 Amazon Elastic Compute Cloud 启动模板的详细信息。
以下示例显示了`AwsEc2LaunchTemplate`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2LaunchTemplate`属性的描述,请参阅《*AWS Security Hub API 参考*》LaunchTemplateDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2LaunchTemplateDetals.html)。
**示例**
```
"AwsEc2LaunchTemplate": {
"DefaultVersionNumber": "1",
"ElasticGpuSpecifications": ["string"],
"ElasticInferenceAccelerators": ["string"],
"Id": "lt-0a16e9802800bdd85",
"ImageId": "ami-0d5eff06f840b45e9",
"LatestVersionNumber": "1",
"LaunchTemplateData": {
"BlockDeviceMappings": [{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteonTermination": true,
"Encrypted": true,
"SnapshotId": "snap-01047646ec075f543",
"VolumeSize": 8,
"VolumeType:" "gp2"
}
}],
"MetadataOptions": {
"HttpTokens": "enabled",
"HttpPutResponseHopLimit" : 1
},
"Monitoring": {
"Enabled": true,
"NetworkInterfaces": [{
"AssociatePublicIpAddress" : true,
}],
"LaunchTemplateName": "string",
"LicenseSpecifications": ["string"],
"SecurityGroupIds": ["sg-01fce87ad6e019725"],
"SecurityGroups": ["string"],
"TagSpecifications": ["string"]
}
```
## AwsEc2NetworkAcl
`AwsEc2NetworkAcl` 对象包含有关 Amazon EC2 网络访问控制列表(ACL)的详细信息。
以下示例显示了`AwsEc2NetworkAcl`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2NetworkAcl`属性的描述,请参阅《*AWS Security Hub API 参考*》NetworkAclDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2NetworkAclDetails.html)。
**示例**
```
"AwsEc2NetworkAcl": {
"IsDefault": false,
"NetworkAclId": "acl-1234567890abcdef0",
"OwnerId": "123456789012",
"VpcId": "vpc-1234abcd",
"Associations": [{
"NetworkAclAssociationId": "aclassoc-abcd1234",
"NetworkAclId": "acl-021345abcdef6789",
"SubnetId": "subnet-abcd1234"
}],
"Entries": [{
"CidrBlock": "10.24.34.0/23",
"Egress": true,
"IcmpTypeCode": {
"Code": 10,
"Type": 30
},
"Ipv6CidrBlock": "2001:DB8::/32",
"PortRange": {
"From": 20,
"To": 40
},
"Protocol": "tcp",
"RuleAction": "allow",
"RuleNumber": 100
}]
}
```
## AwsEc2NetworkInterface
`AwsEc2NetworkInterface` 对象提供有关 Amazon EC2 网络接口的信息。
以下示例显示了`AwsEc2NetworkInterface`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2NetworkInterface`属性的描述,请参阅《*AWS Security Hub API 参考*》NetworkInterfaceDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2NetworkInterfaceDetails.html)。
**示例**
```
"AwsEc2NetworkInterface": {
"Attachment": {
"AttachTime": "2019-01-01T03:03:21Z",
"AttachmentId": "eni-attach-43348162",
"DeleteOnTermination": true,
"DeviceIndex": 123,
"InstanceId": "i-1234567890abcdef0",
"InstanceOwnerId": "123456789012",
"Status": 'ATTACHED'
},
"SecurityGroups": [
{
"GroupName": "my-security-group",
"GroupId": "sg-903004f8"
},
],
"NetworkInterfaceId": 'eni-686ea200',
"SourceDestCheck": false
}
```
## AwsEc2RouteTable
`AwsEc2RouteTable` 对象提供有关 Amazon EC2 路由表的信息。
以下示例显示了`AwsEc2RouteTable`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2RouteTable`属性的描述,请参阅《*AWS Security Hub API 参考*》RouteTableDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2RouteTableDetails.html)。
**示例**
```
"AwsEc2RouteTable": {
"AssociationSet": [{
"AssociationSet": {
"State": "associated"
},
"Main": true,
"RouteTableAssociationId": "rtbassoc-08e706c45de9f7512",
"RouteTableId": "rtb-0a59bde9cf2548e34",
}],
"PropogatingVgwSet": [],
"RouteTableId": "rtb-0a59bde9cf2548e34",
"RouteSet": [
{
"DestinationCidrBlock": "10.24.34.0/23",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "10.24.34.0/24",
"GatewayId": "igw-0242c2d7d513fc5d3",
"Origin": "CreateRoute",
"State": "active"
}
],
"VpcId": "vpc-0c250a5c33f51d456"
}
```
## AwsEc2SecurityGroup
`AwsEc2SecurityGroup` 对象描述 Amazon EC2 安全组。
以下示例显示了`AwsEc2SecurityGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2SecurityGroup`属性的描述,请参阅《*AWS Security Hub API 参考*》SecurityGroupDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2SecurityGroupDetails.html)。
**示例**
```
"AwsEc2SecurityGroup": {
"GroupName": "MySecurityGroup",
"GroupId": "sg-903004f8",
"OwnerId": "123456789012",
"VpcId": "vpc-1a2b3c4d",
"IpPermissions": [
{
"IpProtocol": "-1",
"IpRanges": [],
"UserIdGroupPairs": [
{
"UserId": "123456789012",
"GroupId": "sg-903004f8"
}
],
"PrefixListIds": [
{"PrefixListId": "pl-63a5400a"}
]
},
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "203.0.113.0/24"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": []
}
]
}
```
## AwsEc2Subnet
`AwsEc2Subnet` 对象提供有关 Amazon EC2 中子网的信息。
以下示例显示了`AwsEc2Subnet`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2Subnet`属性的描述,请参阅《*AWS Security Hub API 参考*》SubnetDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2SubnetDetails.html)。
**示例**
```
AwsEc2Subnet: {
"AssignIpv6AddressOnCreation": false,
"AvailabilityZone": "us-west-2c",
"AvailabilityZoneId": "usw2-az3",
"AvailableIpAddressCount": 8185,
"CidrBlock": "10.0.0.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"OwnerId": "123456789012",
"State": "available",
"SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93",
"SubnetId": "subnet-d5436c93",
"VpcId": "vpc-153ade70",
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "subnet-cidr-assoc-EXAMPLE",
"Ipv6CidrBlock": "2001:DB8::/32",
"CidrBlockState": "associated"
}]
}
```
## AwsEc2TransitGateway
该`AwsEc2TransitGateway`对象提供有关将您的虚拟私有云 (VPCs) 和本地网络互连的 Amazon EC2 传输网关的详细信息。
以下是 AWS 安全`AwsEc2TransitGateway`调查结果格式 (ASFF) 中的示例发现。要查看`AwsEc2TransitGateway`属性的描述,请参阅《*AWS Security Hub API 参考*》TransitGatewayDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2TransitGatewayDetails.html)。
**示例**
```
"AwsEc2TransitGateway": {
"AmazonSideAsn": 65000,
"AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
"AutoAcceptSharedAttachments": "disable",
"DefaultRouteTableAssociation": "enable",
"DefaultRouteTablePropagation": "enable",
"Description": "sample transit gateway",
"DnsSupport": "enable",
"Id": "tgw-042ae6bf7a5c126c3",
"MulticastSupport": "disable",
"PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
"TransitGatewayCidrBlocks": ["10.0.0.0/16"],
"VpnEcmpSupport": "enable"
}
```
## AwsEc2Volume
`AwsEc2Volume` 对象提供有关 Amazon EC2 卷的详细信息。
以下示例显示了`AwsEc2Volume`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2Volume`属性的描述,请参阅《*AWS Security Hub API 参考*》VolumeDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VolumeDetails.html)。
**示例**
```
"AwsEc2Volume": {
"Attachments": [
{
"AttachTime": "2017-10-17T14:47:11Z",
"DeleteOnTermination": true,
"InstanceId": "i-123abc456def789g",
"Status": "attached"
}
],
"CreateTime": "2020-02-24T15:54:30Z",
"Encrypted": true,
"KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"Size": 80,
"SnapshotId": "",
"Status": "available"
}
```
## AwsEc2Vpc
`AwsEc2Vpc` 对象提供有关 Amazon EC2 VPC 的详细信息。
以下示例显示了`AwsEc2Vpc`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2Vpc`属性的描述,请参阅《*AWS Security Hub API 参考*》VpcDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcDetails.html)。
**示例**
```
"AwsEc2Vpc": {
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
"CidrBlock": "192.0.2.0/24",
"CidrBlockState": "associated"
}
],
"DhcpOptionsId": "dopt-4e42ce28",
"Ipv6CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
"CidrBlockState": "associated",
"Ipv6CidrBlock": "192.0.2.0/24"
}
],
"State": "available"
}
```
## AwsEc2VpcEndpointService
`AwsEc2VpcEndpointService` 对象包含有关 VPC 端点服务的服务配置的详细信息。
以下示例显示了`AwsEc2VpcEndpointService`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2VpcEndpointService`属性的描述,请参阅《*AWS Security Hub API 参考*》VpcEndpointServiceDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcEndpointServiceDetails.html)。
**示例**
```
"AwsEc2VpcEndpointService": {
"ServiceType": [
{
"ServiceType": "Interface"
}
],
"ServiceId": "vpce-svc-example1",
"ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1",
"ServiceState": "Available",
"AvailabilityZones": [
"us-east-1"
],
"AcceptanceRequired": true,
"ManagesVpcEndpoints": false,
"NetworkLoadBalancerArns": [
"arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1"
],
"GatewayLoadBalancerArns": [],
"BaseEndpointDnsNames": [
"vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com"
],
"PrivateDnsName": "my-private-dns"
}
```
## AwsEc2VpcPeeringConnection
该`AwsEc2VpcPeeringConnection`对象提供有关两者之间网络连接的详细信息 VPCs。
以下示例显示了`AwsEc2VpcPeeringConnection`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsEc2VpcPeeringConnection`属性的描述,请参阅《*AWS Security Hub API 参考*》VpcPeeringConnectionDetails中的 [AwsEc2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcPeeringConnectionDetails.html)。
**示例**
```
"AwsEc2VpcPeeringConnection": {
"AccepterVpcInfo": {
"CidrBlock": "10.0.0.0/28",
"CidrBlockSet": [{
"CidrBlock": "10.0.0.0/28"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
}],
"OwnerId": "012345678910",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": true,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": true
},
"Region": "us-west-2",
"VpcId": "vpc-i123456"
},
"ExpirationTime": "2022-02-18T15:31:53.161Z",
"RequesterVpcInfo": {
"CidrBlock": "192.168.0.0/28",
"CidrBlockSet": [{
"CidrBlock": "192.168.0.0/28"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
}],
"OwnerId": "012345678910",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": true,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": true
},
"Region": "us-west-2",
"VpcId": "vpc-i123456"
},
"Status": {
"Code": "initiating-request",
"Message": "Active"
},
"VpcPeeringConnectionId": "pcx-1a2b3c4d"
}
```
# ASFF 中的 AwsEcr 资源
以下是`AwsEcr`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEcrContainerImage
`AwsEcrContainerImage` 对象提供 Amazon ECR 镜像的信息。
以下示例显示了`AwsEcrContainerImage`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcrContainerImage` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcrContainerImageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcrContainerImageDetails.html)。
**示例**
```
"AwsEcrContainerImage": {
"RegistryId": "123456789012",
"RepositoryName": "repository-name",
"Architecture": "amd64"
"ImageDigest": "sha256:a568e5c7a953fbeaa2904ac83401f93e4a076972dc1bae527832f5349cd2fb10",
"ImageTags": ["00000000-0000-0000-0000-000000000000"],
"ImagePublishedAt": "2019-10-01T20:06:12Z"
}
```
## AwsEcrRepository
`AwsEcrRepository` 对象提供有关 Amazon Elastic Container Registry 存储库的信息。
以下示例显示了`AwsEcrRepository`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcrRepository` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcrRepositoryDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcrRepositoryDetails.html)。
**示例**
```
"AwsEcrRepository": {
"LifecyclePolicy": {
"RegistryId": "123456789012",
},
"RepositoryName": "sample-repo",
"Arn": "arn:aws:ecr:us-west-2:111122223333:repository/sample-repo",
"ImageScanningConfiguration": {
"ScanOnPush": true
},
"ImageTagMutability": "IMMUTABLE"
}
```
# ASFF 中的 AwsEcs 资源
以下是`AwsEcs`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEcsCluster
`AwsEcsCluster` 对象提供有关 Amazon Elastic Container Service 集群的详细信息。
以下示例显示了`AwsEcsCluster`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcsCluster` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcsClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsClusterDetails.html)。
**示例**
```
"AwsEcsCluster": {
"CapacityProviders": [],
"ClusterSettings": [
{
"Name": "containerInsights",
"Value": "enabled"
}
],
"Configuration": {
"ExecuteCommandConfiguration": {
"KmsKeyId": "kmsKeyId",
"LogConfiguration": {
"CloudWatchEncryptionEnabled": true,
"CloudWatchLogGroupName": "cloudWatchLogGroupName",
"S3BucketName": "s3BucketName",
"S3EncryptionEnabled": true,
"S3KeyPrefix": "s3KeyPrefix"
},
"Logging": "DEFAULT"
}
}
"DefaultCapacityProviderStrategy": [
{
"Base": 0,
"CapacityProvider": "capacityProvider",
"Weight": 1
}
]
}
```
## AwsEcsContainer
`AwsEcsContainer` 对象包含有关 Amazon ECS 容器的详细信息。
以下示例显示了`AwsEcsContainer`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcsContainer` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcsContainerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsContainerDetails.html)。
**示例**
```
"AwsEcsContainer": {
"Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3",
"MountPoints": [{
"ContainerPath": "/mnt/etc",
"SourceVolume": "vol-03909e9"
}],
"Name": "knote",
"Privileged": true
}
```
## AwsEcsService
`AwsEcsService` 对象提供有关 Amazon ECS 集群内的服务的详细信息。
以下示例显示了`AwsEcsService`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcsService` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcsServiceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsServiceDetails.html)。
**示例**
```
"AwsEcsService": {
"CapacityProviderStrategy": [
{
"Base": 12,
"CapacityProvider": "",
"Weight": ""
}
],
"Cluster": "arn:aws:ecs:us-east-1:111122223333:cluster/example-ecs-cluster",
"DeploymentConfiguration": {
"DeploymentCircuitBreaker": {
"Enable": false,
"Rollback": false
},
"MaximumPercent": 200,
"MinimumHealthyPercent": 100
},
"DeploymentController": "",
"DesiredCount": 1,
"EnableEcsManagedTags": false,
"EnableExecuteCommand": false,
"HealthCheckGracePeriodSeconds": 1,
"LaunchType": "FARGATE",
"LoadBalancers": [
{
"ContainerName": "",
"ContainerPort": 23,
"LoadBalancerName": "",
"TargetGroupArn": ""
}
],
"Name": "sample-app-service",
"NetworkConfiguration": {
"AwsVpcConfiguration": {
"Subnets": [
"Subnet-example1",
"Subnet-example2"
],
"SecurityGroups": [
"Sg-0ce48e9a6e5b457f5"
],
"AssignPublicIp": "ENABLED"
}
},
"PlacementConstraints": [
{
"Expression": "",
"Type": ""
}
],
"PlacementStrategies": [
{
"Field": "",
"Type": ""
}
],
"PlatformVersion": "LATEST",
"PropagateTags": "",
"Role": "arn:aws:iam::111122223333:role/aws-servicerole/ecs.amazonaws.com/ServiceRoleForECS",
"SchedulingStrategy": "REPLICA",
"ServiceName": "sample-app-service",
"ServiceArn": "arn:aws:ecs:us-east-1:111122223333:service/example-ecs-cluster/sample-app-service",
"ServiceRegistries": [
{
"ContainerName": "",
"ContainerPort": 1212,
"Port": 1221,
"RegistryArn": ""
}
],
"TaskDefinition": "arn:aws:ecs:us-east-1:111122223333:task-definition/example-taskdef:1"
}
```
## AwsEcsTask
`AwsEcsTask` 对象提供有关 Amazon ECS 任务的详细信息。
以下示例显示了`AwsEcsTask`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcsTask` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcsTask](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsTaskDetails.html)。
**示例**
```
"AwsEcsTask": {
"ClusterArn": "arn:aws:ecs:us-west-2:123456789012:task/MyCluster/1234567890123456789",
"CreatedAt": "1557134011644",
"Group": "service:fargate-service",
"StartedAt": "1557134011644",
"StartedBy": "ecs-svc/1234567890123456789",
"TaskDefinitionArn": "arn:aws:ecs:us-west-2:123456789012:task-definition/sample-fargate:2",
"Version": 3,
"Volumes": [{
"Name": "string",
"Host": {
"SourcePath": "string"
}
}],
"Containers": {
"Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3",
"MountPoints": [{
"ContainerPath": "/mnt/etc",
"SourceVolume": "vol-03909e9"
}],
"Name": "knote",
"Privileged": true
}
}
```
## AwsEcsTaskDefinition
`AwsEcsTaskDefinition` 对象包含有关任务定义的详细信息。任务定义描述 Amazon Elastic Container Service 任务的容器和卷定义。
以下示例显示了`AwsEcsTaskDefinition`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEcsTaskDefinition` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEcsTaskDefinitionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsTaskDefinitionDetails.html)。
**示例**
```
"AwsEcsTaskDefinition": {
"ContainerDefinitions": [
{
"Command": ['ruby', 'hi.rb'],
"Cpu":128,
"Essential": true,
"HealthCheck": {
"Command": ["CMD-SHELL", "curl -f http://localhost/ || exit 1"],
"Interval": 10,
"Retries": 3,
"StartPeriod": 5,
"Timeout": 20
},
"Image": "tongueroo/sinatra:latest",
"Interactive": true,
"Links": [],
"LogConfiguration": {
"LogDriver": "awslogs",
"Options": {
"awslogs-group": "/ecs/sinatra-hi",
"awslogs-region": "ap-southeast-1",
"awslogs-stream-prefix": "ecs"
},
"SecretOptions": []
},
"MemoryReservation": 128,
"Name": "web",
"PortMappings": [
{
"ContainerPort": 4567,
"HostPort":4567,
"Protocol": "tcp"
}
],
"Privileged": true,
"StartTimeout": 10,
"StopTimeout": 100,
}
],
"Family": "sinatra-hi",
"NetworkMode": "host",
"RequiresCompatibilities": ["EC2"],
"Status": "ACTIVE",
"TaskRoleArn": "arn:aws:iam::111122223333:role/ecsTaskExecutionRole",
}
```
# ASFF 中的 AwsEfs 资源
以下是`AwsEfs`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEfsAccessPoint
`AwsEfsAccessPoint` 对象提供有关存储在 Amazon Elastic File System 中的文件的详细信息。
以下示例显示了`AwsEfsAccessPoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEfsAccessPoint` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEfsAccessPointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEfsAccessPointDetails.html)。
**示例**
```
"AwsEfsAccessPoint": {
"AccessPointId": "fsap-05c4c0e79ba0b118a",
"Arn": "arn:aws:elasticfilesystem:us-east-1:863155670886:access-point/fsap-05c4c0e79ba0b118a",
"ClientToken": "AccessPointCompliant-ASk06ZZSXsEp",
"FileSystemId": "fs-0f8137f731cb32146",
"PosixUser": {
"Gid": "1000",
"SecondaryGids": ["0", "4294967295"],
"Uid": "1234"
},
"RootDirectory": {
"CreationInfo": {
"OwnerGid": "1000",
"OwnerUid": "1234",
"Permissions": "777"
},
"Path": "/tmp/example"
}
}
```
# ASFF 中的 AwsEks 资源
以下是`AwsEks`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEksCluster
`AwsEksCluster` 对象提供有关 Amazon EKS 集群的详细信息。
以下示例显示了`AwsEksCluster`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEksCluster` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEksClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEksClusterDetails.html)。
**示例**
```
{
"AwsEksCluster": {
"Name": "example",
"Arn": "arn:aws:eks:us-west-2:222222222222:cluster/example",
"CreatedAt": 1565804921.901,
"Version": "1.12",
"RoleArn": "arn:aws:iam::222222222222:role/example-cluster-ServiceRole-1XWBQWYSFRE2Q",
"ResourcesVpcConfig": {
"EndpointPublicAccess": false,
"SubnetIds": [
"subnet-021345abcdef6789",
"subnet-abcdef01234567890",
"subnet-1234567890abcdef0"
],
"SecurityGroupIds": [
"sg-abcdef01234567890"
]
},
"Logging": {
"ClusterLogging": [
{
"Types": [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
],
"Enabled": true
}
]
},
"Status": "CREATING",
"CertificateAuthorityData": {},
}
}
```
# ASFF 中的 AwsElasticBeanstalk 资源
以下是`AwsElasticBeanstalk`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElasticBeanstalkEnvironment
`AwsElasticBeanstalkEnvironment` 对象包含有关 AWS Elastic Beanstalk 环境的详细信息。
以下示例显示了`AwsElasticBeanstalkEnvironment`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsElasticBeanstalkEnvironment` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsElasticBeanstalkEnvironmentDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElasticBeanstalkEnvironmentDetails.html)。
**示例**
```
"AwsElasticBeanstalkEnvironment": {
"ApplicationName": "MyApplication",
"Cname": "myexampleapp-env.devo-2.elasticbeanstalk-internal.com",
"DateCreated": "2021-04-30T01:38:01.090Z",
"DateUpdated": "2021-04-30T01:38:01.090Z",
"Description": "Example description of my awesome application",
"EndpointUrl": "eb-dv-e-p-AWSEBLoa-abcdef01234567890-021345abcdef6789.us-east-1.elb.amazonaws.com",
"EnvironmentArn": "arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/MyApplication/myapplication-env",
"EnvironmentId": "e-abcd1234",
"EnvironmentLinks": [
{
"EnvironmentName": "myexampleapp-env",
"LinkName": "myapplicationLink"
}
],
"EnvironmentName": "myapplication-env",
"OptionSettings": [
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "BatchSize",
"Value": "100"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "Timeout",
"Value": "600"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "BatchSizeType",
"Value": "Percentage"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "IgnoreHealthCheck",
"Value": "false"
},
{
"Namespace": "aws:elasticbeanstalk:application",
"OptionName": "Application Healthcheck URL",
"Value": "TCP:80"
}
],
"PlatformArn": "arn:aws:elasticbeanstalk:us-east-1::platform/Tomcat 8 with Java 8 running on 64bit Amazon Linux/2.7.7",
"SolutionStackName": "64bit Amazon Linux 2017.09 v2.7.7 running Tomcat 8 Java 8",
"Status": "Ready",
"Tier": {
"Name": "WebServer"
"Type": "Standard"
"Version": "1.0"
},
"VersionLabel": "Sample Application"
}
```
# ASFF 中的 AwsElasticSearch 资源
以下是`AwsElasticSearch`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElasticSearchDomain
该`AwsElasticSearchDomain`对象提供有关亚马逊 OpenSearch 服务域的详细信息。
以下示例显示了`AwsElasticSearchDomain`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsElasticSearchDomain` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsElasticSearchDomainDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElasticsearchDomainDetails.html)。
**示例**
```
"AwsElasticSearchDomain": {
"AccessPolicies": "string",
"DomainStatus": {
"DomainId": "string",
"DomainName": "string",
"Endpoint": "string",
"Endpoints": {
"string": "string"
}
},
"DomainEndpointOptions": {
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"ElasticsearchClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"ElasticsearchVersion": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VPCOptions": {
"AvailabilityZones": [
"string"
],
"SecurityGroupIds": [
"string"
],
"SubnetIds": [
"string"
],
"VPCId": "string"
}
}
```
# ASFF 中的 AwsElb 资源
以下是`AwsElb`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElbLoadBalancer
`AwsElbLoadBalancer` 对象包含有关经典负载均衡器的详细信息。
以下示例显示了`AwsElbLoadBalancer`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsElbLoadBalancer` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsElbLoadBalancerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElbLoadBalancerDetails.html)。
**示例**
```
"AwsElbLoadBalancer": {
"AvailabilityZones": ["us-west-2a"],
"BackendServerDescriptions": [
{
"InstancePort": 80,
"PolicyNames": ["doc-example-policy"]
}
],
"CanonicalHostedZoneName": "Z3DZXE0EXAMPLE",
"CanonicalHostedZoneNameID": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com",
"CreatedTime": "2020-08-03T19:22:44.637Z",
"DnsName": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com",
"HealthCheck": {
"HealthyThreshold": 2,
"Interval": 30,
"Target": "HTTP:80/png",
"Timeout": 3,
"UnhealthyThreshold": 2
},
"Instances": [
{
"InstanceId": "i-example"
}
],
"ListenerDescriptions": [
{
"Listener": {
"InstancePort": 443,
"InstanceProtocol": "HTTPS",
"LoadBalancerPort": 443,
"Protocol": "HTTPS",
"SslCertificateId": "arn:aws:iam::444455556666:server-certificate/my-server-cert"
},
"PolicyNames": ["ELBSecurityPolicy-TLS-1-2-2017-01"]
}
],
"LoadBalancerAttributes": {
"AccessLog": {
"EmitInterval": 60,
"Enabled": true,
"S3BucketName": "amzn-s3-demo-bucket",
"S3BucketPrefix": "doc-example-prefix"
},
"ConnectionDraining": {
"Enabled": false,
"Timeout": 300
},
"ConnectionSettings": {
"IdleTimeout": 30
},
"CrossZoneLoadBalancing": {
"Enabled": true
},
"AdditionalAttributes": [{
"Key": "elb.http.desyncmitigationmode",
"Value": "strictest"
}]
},
"LoadBalancerName": "example-load-balancer",
"Policies": {
"AppCookieStickinessPolicies": [
{
"CookieName": "",
"PolicyName": ""
}
],
"LbCookieStickinessPolicies": [
{
"CookieExpirationPeriod": 60,
"PolicyName": "my-example-cookie-policy"
}
],
"OtherPolicies": [
"my-PublicKey-policy",
"my-authentication-policy",
"my-SSLNegotiation-policy",
"my-ProxyProtocol-policy",
"ELBSecurityPolicy-2015-03"
]
},
"Scheme": "internet-facing",
"SecurityGroups": ["sg-example"],
"SourceSecurityGroup": {
"GroupName": "my-elb-example-group",
"OwnerAlias": "444455556666"
},
"Subnets": ["subnet-example"],
"VpcId": "vpc-a01106c2"
}
```
## AwsElbv2LoadBalancer
`AwsElbv2LoadBalancer` 对象提供有关负载均衡器的信息。
以下示例显示了`AwsElbv2LoadBalancer`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsElbv2LoadBalancer`属性的描述,请参阅《*AWS Security Hub API 参考*》LoadBalancerDetails中的 [AwsElbv2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElbv2LoadBalancerDetails.html)。
**示例**
```
"AwsElbv2LoadBalancer": {
"AvailabilityZones": {
"SubnetId": "string",
"ZoneName": "string"
},
"CanonicalHostedZoneId": "string",
"CreatedTime": "string",
"DNSName": "string",
"IpAddressType": "string",
"LoadBalancerAttributes": [
{
"Key": "string",
"Value": "string"
}
],
"Scheme": "string",
"SecurityGroups": [ "string" ],
"State": {
"Code": "string",
"Reason": "string"
},
"Type": "string",
"VpcId": "string"
}
```
# ASFF 中的 AwsEventBridge 资源
以下是`AwsEventBridge`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEventSchemasRegistry
该`AwsEventSchemasRegistry`对象提供有关 Amazon EventBridge 架构注册表的信息。架构定义了发送到的事件的结构 EventBridge。架构注册表是收集架构并对其进行逻辑分组的容器。
以下示例显示了`AwsEventSchemasRegistry`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEventSchemasRegistry` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEventSchemasRegistry](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventSchemasRegistryDetails.html)。
**示例**
```
"AwsEventSchemasRegistry": {
"Description": "This is an example event schema registry.",
"RegistryArn": "arn:aws:schemas:us-east-1:123456789012:registry/schema-registry",
"RegistryName": "schema-registry"
}
```
## AwsEventsEndpoint
该`AwsEventsEndpoint`对象提供有关 Amazon EventBridge 全局终端节点的信息。端点可以通过使其具有区域容错能力来提高应用程序的可用性。
以下示例显示了`AwsEventsEndpoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEventsEndpoint` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEventsEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventsEndpointDetails.html)。
**示例**
```
"AwsEventsEndpoint": {
"Arn": "arn:aws:events:us-east-1:123456789012:endpoint/my-endpoint",
"Description": "This is a sample endpoint.",
"EndpointId": "04k1exajoy.veo",
"EndpointUrl": "https://04k1exajoy.veo.endpoint.events.amazonaws.com",
"EventBuses": [
{
"EventBusArn": "arn:aws:events:us-east-1:123456789012:event-bus/default"
},
{
"EventBusArn": "arn:aws:events:us-east-2:123456789012:event-bus/default"
}
],
"Name": "my-endpoint",
"ReplicationConfig": {
"State": "ENABLED"
},
"RoleArn": "arn:aws:iam::123456789012:role/service-role/Amazon_EventBridge_Invoke_Event_Bus_1258925394",
"RoutingConfig": {
"FailoverConfig": {
"Primary": {
"HealthCheck": "arn:aws:route53:::healthcheck/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Secondary": {
"Route": "us-east-2"
}
}
},
"State": "ACTIVE"
}
```
## AwsEventsEventbus
该`AwsEventsEventbus`对象提供有关 Amazon EventBridge 全局终端节点的信息。端点可以通过使其具有区域容错能力来提高应用程序的可用性。
以下示例显示了`AwsEventsEventbus`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsEventsEventbus` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsEventsEventbusDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventsEventbusDetails.html)。
**示例**
```
"AwsEventsEventbus":
"Arn": "arn:aws:events:us-east-1:123456789012:event-bus/my-event-bus",
"Name": "my-event-bus",
"Policy": "{\"Version\":\"2012-10-17\", \"Statement\":[{\"Sid\":\"AllowAllAccountsFromOrganizationToPutEvents\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"events:PutEvents\",\"Resource\":\"arn:aws:events:us-east-1:123456789012:event-bus/my-event-bus\",\"Condition\":{\"StringEquals\":{\"aws:PrincipalOrgID\":\"o-ki7yjtkjv5\"}}},{\"Sid\":\"AllowAccountToManageRulesTheyCreated\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:root\"},\"Action\":[\"events:PutRule\",\"events:PutTargets\",\"events:DeleteRule\",\"events:RemoveTargets\",\"events:DisableRule\",\"events:EnableRule\",\"events:TagResource\",\"events:UntagResource\",\"events:DescribeRule\",\"events:ListTargetsByRule\",\"events:ListTagsForResource\"],\"Resource\":\"arn:aws:events:us-east-1:123456789012:rule/my-event-bus\",\"Condition\":{\"StringEqualsIfExists\":{\"events:creatorAccount\":\"123456789012\"}}}]}"
```
# ASFF 中的 AwsGuardDuty 资源
以下是`AwsGuardDuty`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsGuardDutyDetector
该`AwsGuardDutyDetector`对象提供有关 Amazon GuardDuty 探测器的信息。探测器是代表 GuardDuty 服务的对象。需要探测器 GuardDuty 才能开始运行。
以下示例显示了`AwsGuardDutyDetector`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsGuardDutyDetector` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsGuardDutyDetector](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsGuardDutyDetectorDetails.html)。
**示例**
```
"AwsGuardDutyDetector": {
"FindingPublishingFrequency": "SIX_HOURS",
"ServiceRole": "arn:aws:iam::123456789012:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty",
"Status": "ENABLED",
"DataSources": {
"CloudTrail": {
"Status": "ENABLED"
},
"DnsLogs": {
"Status": "ENABLED"
},
"FlowLogs": {
"Status": "ENABLED"
},
"S3Logs": {
"Status": "ENABLED"
},
"Kubernetes": {
"AuditLogs": {
"Status": "ENABLED"
}
},
"MalwareProtection": {
"ScanEc2InstanceWithFindings": {
"EbsVolumes": {
"Status": "ENABLED"
}
},
"ServiceRole": "arn:aws:iam::123456789012:role/aws-service-role/malware-protection.guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDutyMalwareProtection"
}
}
}
```
# ASFF 中的 AwsIam 资源
以下是`AwsIam`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsIamAccessKey
`AwsIamAccessKey` 对象包含与调查发现相关的 IAM 访问密钥的详细信息。
以下示例显示了`AwsIamAccessKey`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamAccessKey` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamAccessKeyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamAccessKeyDetails.html)。
**示例**
```
"AwsIamAccessKey": {
"AccessKeyId": "string",
"AccountId": "string",
"CreatedAt": "string",
"PrincipalId": "string",
"PrincipalName": "string",
"PrincipalType": "string",
"SessionContext": {
"Attributes": {
"CreationDate": "string",
"MfaAuthenticated": boolean
},
"SessionIssuer": {
"AccountId": "string",
"Arn": "string",
"PrincipalId": "string",
"Type": "string",
"UserName": "string"
}
},
"Status": "string"
}
```
## AwsIamGroup
`AwsIamGroup` 对象包含有关 IAM 组的详细信息。
以下示例显示了`AwsIamGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamGroupDetails.html)。
**示例**
```
"AwsIamGroup": {
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/ExampleManagedAccess",
"PolicyName": "ExampleManagedAccess",
}
],
"CreateDate": "2020-04-28T14:08:37.000Z",
"GroupId": "AGPA4TPS3VLP7QEXAMPLE",
"GroupName": "Example_User_Group",
"GroupPolicyList": [
{
"PolicyName": "ExampleGroupPolicy"
}
],
"Path": "/"
}
```
## AwsIamPolicy
`AwsIamPolicy` 对象代表一个 IAM 权限策略。
以下示例显示了`AwsIamPolicy`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamPolicy` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamPolicyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamPolicyDetails.html)。
**示例**
```
"AwsIamPolicy": {
"AttachmentCount": 1,
"CreateDate": "2017-09-14T08:17:29.000Z",
"DefaultVersionId": "v1",
"Description": "Example IAM policy",
"IsAttachable": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 5,
"PolicyId": "ANPAJ2UCCR6DPCEXAMPLE",
"PolicyName": "EXAMPLE-MANAGED-POLICY",
"PolicyVersionList": [
{
"VersionId": "v1",
"IsDefaultVersion": true,
"CreateDate": "2017-09-14T08:17:29.000Z"
}
],
"UpdateDate": "2017-09-14T08:17:29.000Z"
}
```
## AwsIamRole
`AwsIamRole` 对象包含有关 IAM 角色的信息,包括该角色的所有策略。
以下示例显示了`AwsIamRole`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamRole` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamRoleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamRoleDetails.html)。
**示例**
```
"AwsIamRole": {
"AssumeRolePolicyDocument": "{'Version': '2012-10-17', 'Statement': [{'Effect': 'Allow','Action': 'sts:AssumeRole'}]}",
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/ExamplePolicy1",
"PolicyName": "Example policy 1"
},
{
"PolicyArn": "arn:aws:iam::444455556666:policy/ExamplePolicy2",
"PolicyName": "Example policy 2"
}
],
"CreateDate": "2020-03-14T07:19:14.000Z",
"InstanceProfileList": [
{
"Arn": "arn:aws:iam::333333333333:ExampleProfile",
"CreateDate": "2020-03-11T00:02:27Z",
"InstanceProfileId": "AIPAIXEU4NUHUPEXAMPLE",
"InstanceProfileName": "ExampleInstanceProfile",
"Path": "/",
"Roles": [
{
"Arn": "arn:aws:iam::444455556666:role/example-role",
"AssumeRolePolicyDocument": "",
"CreateDate": "2020-03-11T00:02:27Z",
"Path": "/",
"RoleId": "AROAJ52OTH4H7LEXAMPLE",
"RoleName": "example-role",
}
]
}
],
"MaxSessionDuration": 3600,
"Path": "/",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "arn:aws:iam::aws:policy/AdministratorAccess",
"PermissionsBoundaryType": "PermissionsBoundaryPolicy"
},
"RoleId": "AROA4TPS3VLEXAMPLE",
"RoleName": "BONESBootstrapHydra-OverbridgeOpsFunctionsLambda",
"RolePolicyList": [
{
"PolicyName": "Example role policy"
}
]
}
```
## AwsIamUser
`AwsIamUser` 对象提供有关用户的信息。
以下示例显示了`AwsIamUser`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsIamUser` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsIamUserDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamUserDetails.html)。
**示例**
```
"AwsIamUser": {
"AttachedManagedPolicies": [
{
"PolicyName": "ExamplePolicy",
"PolicyArn": "arn:aws:iam::aws:policy/ExampleAccess"
}
],
"CreateDate": "2018-01-26T23:50:05.000Z",
"GroupList": [],
"Path": "/",
"PermissionsBoundary" : {
"PermissionsBoundaryArn" : "arn:aws:iam::aws:policy/AdministratorAccess",
"PermissionsBoundaryType" : "PermissionsBoundaryPolicy"
},
"UserId": "AIDACKCEVSQ6C2EXAMPLE",
"UserName": "ExampleUser",
"UserPolicyList": [
{
"PolicyName": "InstancePolicy"
}
]
}
```
# ASFF 中的 AwsKinesis 资源
以下是`AwsKinesis`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsKinesisStream
`AwsKinesisStream` 对象提供有关 Amazon Kinesis Data Streams 的详细信息。
以下示例显示了`AwsKinesisStream`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsKinesisStream` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsKinesisStreamDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsKinesisStreamDetails.html)。
**示例**
```
"AwsKinesisStream": {
"Name": "test-vir-kinesis-stream",
"Arn": "arn:aws:kinesis:us-east-1:293279581038:stream/test-vir-kinesis-stream",
"RetentionPeriodHours": 24,
"ShardCount": 2,
"StreamEncryption": {
"EncryptionType": "KMS",
"KeyId": "arn:aws:kms:us-east-1:293279581038:key/849cf029-4143-4c59-91f8-ea76007247eb"
}
}
```
# ASFF 中的 AwsKms 资源
以下是`AwsKms`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsKmsKey
该`AwsKmsKey`对象提供有关一个的详细信息 AWS KMS key。
以下示例显示了`AwsKmsKey`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsKmsKey` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsKmsKeyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsKmsKeyDetails.html)。
**示例**
```
"AwsKmsKey": {
"AWSAccountId": "string",
"CreationDate": "string",
"Description": "string",
"KeyId": "string",
"KeyManager": "string",
"KeyRotationStatus": boolean,
"KeyState": "string",
"Origin": "string"
}
```
# AwsLambda
以下是`AwsLambda`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsLambdaFunction
`AwsLambdaFunction` 对象提供有关 Lambda 函数配置的详细信息。
以下示例显示了`AwsLambdaFunction`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsLambdaFunction` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsLambdaFunctionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsLambdaFunctionDetails.html)。
**示例**
```
"AwsLambdaFunction": {
"Architectures": [
"x86_64"
],
"Code": {
"S3Bucket": "amzn-s3-demo-bucket",
"S3Key": "samplekey",
"S3ObjectVersion": "2",
"ZipFile": "myzip.zip"
},
"CodeSha256": "1111111111111abcdef",
"DeadLetterConfig": {
"TargetArn": "arn:aws:lambda:us-east-2:123456789012:queue:myqueue:2"
},
"Environment": {
"Variables": {
"Stage": "foobar"
},
"Error": {
"ErrorCode": "Sample-error-code",
"Message": "Caller principal is a manager."
}
},
"FunctionName": "CheckOut",
"Handler": "main.py:lambda_handler",
"KmsKeyArn": "arn:aws:kms:us-west-2:123456789012:key/mykey",
"LastModified": "2001-09-11T09:00:00Z",
"Layers": {
"Arn": "arn:aws:lambda:us-east-2:123456789012:layer:my-layer:3",
"CodeSize": 169
},
"PackageType": "Zip",
"RevisionId": "23",
"Role": "arn:aws:iam::123456789012:role/Accounting-Role",
"Runtime": "go1.7",
"Timeout": 15,
"TracingConfig": {
"Mode": "Active"
},
"Version": "$LATEST$",
"VpcConfig": {
"SecurityGroupIds": ["sg-085912345678492fb", "sg-08591234567bdgdc"],
"SubnetIds": ["subnet-071f712345678e7c8", "subnet-07fd123456788a036"]
},
"MasterArn": "arn:aws:lambda:us-east-2:123456789012:\$LATEST",
"MemorySize": 2048
}
```
## AwsLambdaLayerVersion
`AwsLambdaLayerVersion` 对象提供有关 Lambda 层版本的详细信息。
以下示例显示了`AwsLambdaLayerVersion`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsLambdaLayerVersion` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsLambdaLayerVersionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsLambdaLayerVersionDetails.html)。
**示例**
```
"AwsLambdaLayerVersion": {
"Version": 2,
"CompatibleRuntimes": [
"java8"
],
"CreatedDate": "2019-10-09T22:02:00.274+0000"
}
```
# ASFF 中的 AwsMsk 资源
以下是`AwsMsk`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsMskCluster
`AwsMskCluster` 对象提供有关 Amazon Managed Streaming for Apache Kafka(Amazon MSK)集群的信息。
以下示例显示了`AwsMskCluster`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsMskCluster` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsMskClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsMskClusterDetails.html)。
**示例**
```
"AwsMskCluster": {
"ClusterInfo": {
"ClientAuthentication": {
"Sasl": {
"Scram": {
"Enabled": true
},
"Iam": {
"Enabled": true
}
},
"Tls": {
"CertificateAuthorityArnList": [],
"Enabled": false
},
"Unauthenticated": {
"Enabled": false
}
},
"ClusterName": "my-cluster",
"CurrentVersion": "K2PWKAKR8XB7XF",
"EncryptionInfo": {
"EncryptionAtRest": {
"DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"EncryptionInTransit": {
"ClientBroker": "TLS",
"InCluster": true
}
},
"EnhancedMonitoring": "PER_TOPIC_PER_BROKER",
"NumberOfBrokerNodes": 3
}
}
```
# ASFF 中的 AwsNetworkFirewall 资源
以下是`AwsNetworkFirewall`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsNetworkFirewallFirewall
`AwsNetworkFirewallFirewall` 对象包含有关 AWS Network Firewall 防火墙的详细信息。
以下示例显示了`AwsNetworkFirewallFirewall`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsNetworkFirewallFirewall` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsNetworkFirewallFirewallDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallFirewallDetails.html)。
**示例**
```
"AwsNetworkFirewallFirewall": {
"DeleteProtection": false,
"FirewallArn": "arn:aws:network-firewall:us-east-1:024665936331:firewall/testfirewall",
"FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall",
"FirewallId": "dea7d8e9-ae38-4a8a-b022-672a830a99fa",
"FirewallName": "testfirewall",
"FirewallPolicyChangeProtection": false,
"SubnetChangeProtection": false,
"SubnetMappings": [
{
"SubnetId": "subnet-0183481095e588cdc"
},
{
"SubnetId": "subnet-01f518fad1b1c90b0"
}
],
"VpcId": "vpc-40e83c38"
}
```
## AwsNetworkFirewallFirewallPolicy
`AwsNetworkFirewallFirewallPolicy` 对象提供有关防火墙策略的详细信息。防火墙策略定义网络防火墙的行为。
以下示例显示了`AwsNetworkFirewallFirewallPolicy`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsNetworkFirewallFirewallPolicy` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsNetworkFirewallFirewallPolicyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallFirewallPolicyDetails.html)。
**示例**
```
"AwsNetworkFirewallFirewallPolicy": {
"FirewallPolicy": {
"StatefulRuleGroupReferences": [
{
"ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/PatchesOnly"
}
],
"StatelessDefaultActions": [ "aws:forward_to_sfe" ],
"StatelessFragmentDefaultActions": [ "aws:forward_to_sfe" ],
"StatelessRuleGroupReferences": [
{
"Priority": 1,
"ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1"
}
]
},
"FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall",
"FirewallPolicyId": "9ceeda22-6050-4048-a0ca-50ce47f0cc65",
"FirewallPolicyName": "InitialFirewall",
"Description": "Initial firewall"
}
```
## AwsNetworkFirewallRuleGroup
`AwsNetworkFirewallRuleGroup` 对象提供有关 AWS Network Firewall 规则组的详细信息。规则组用于检查和控制网络流量。无状态规则组适用于各个数据包。有状态规则组适用于其流量上下文中的数据包。
规则组在防火墙策略中引用。
以下示例显示了`AwsNetworkFirewallRuleGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsNetworkFirewallRuleGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsNetworkFirewallRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallRuleGroupDetails.html)。
**示例——无状态规则组**
```
"AwsNetworkFirewallRuleGroup": {
"Capacity": 600,
"RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1",
"RuleGroupId": "fb13c4df-b6da-4c1e-91ec-84b7a5487493",
"RuleGroupName": "Stateless-1"
"Description": "Example of a stateless rule group",
"Type": "STATELESS",
"RuleGroup": {
"RulesSource": {
"StatelessRulesAndCustomActions": {
"CustomActions": [],
"StatelessRules": [
{
"Priority": 1,
"RuleDefinition": {
"Actions": [
"aws:pass"
],
"MatchAttributes": {
"DestinationPorts": [
{
"FromPort": 443,
"ToPort": 443
}
],
"Destinations": [
{
"AddressDefinition": "192.0.2.0/24"
}
],
"Protocols": [
6
],
"SourcePorts": [
{
"FromPort": 0,
"ToPort": 65535
}
],
"Sources": [
{
"AddressDefinition": "198.51.100.0/24"
}
]
}
}
}
]
}
}
}
}
```
**示例——有状态规则组**
```
"AwsNetworkFirewallRuleGroup": {
"Capacity": 100,
"RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/tupletest",
"RuleGroupId": "38b71c12-da80-4643-a6c5-03337f8933e0",
"RuleGroupName": "ExampleRuleGroup",
"Description": "Example of a stateful rule group",
"Type": "STATEFUL",
"RuleGroup": {
"RuleSource": {
"StatefulRules": [
{
"Action": "PASS",
"Header": {
"Destination": "Any",
"DestinationPort": "443",
"Direction": "ANY",
"Protocol": "TCP",
"Source": "Any",
"SourcePort": "Any"
},
"RuleOptions": [
{
"Keyword": "sid:1"
}
]
}
]
}
}
}
```
以下是 `AwsNetworkFirewallRuleGroup` 属性的有效值示例列表:
+ `Action`
有效值:`PASS` \$1`DROP` \$1`ALERT`
+ `Protocol`
有效值:`IP` \$1 `TCP` \$1 `UDP` \$1 `ICMP` \$1 `HTTP` \$1 `FTP` \$1 `TLS` \$1 `SMB` \$1 `DNS` \$1 `DCERPC` \$1 `SSH` \$1 `SMTP` \$1 `IMAP` \$1 `MSN` \$1 `KRB5` \$1 `IKEV2` \$1 `TFTP` \$1 `NTP` \$1 `DHCP`
+ `Flags`
有效值:`FIN` \$1 `SYN` \$1 `RST` \$1 `PSH` \$1 `ACK` \$1 `URG` \$1 `ECE` \$1 `CWR`
+ `Masks`
有效值:`FIN` \$1 `SYN` \$1 `RST` \$1 `PSH` \$1 `ACK` \$1 `URG` \$1 `ECE` \$1 `CWR`
# ASFF 中的 AwsOpenSearchService 资源
以下是`AwsOpenSearchService`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsOpenSearchServiceDomain
该`AwsOpenSearchServiceDomain`对象包含有关亚马逊 OpenSearch 服务域的信息。
以下示例显示了`AwsOpenSearchServiceDomain`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsOpenSearchServiceDomain` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsOpenSearchServiceDomainDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsOpenSearchServiceDomainDetails.html)。
**示例**
```
"AwsOpenSearchServiceDomain": {
"AccessPolicies": "IAM_Id",
"AdvancedSecurityOptions": {
"Enabled": true,
"InternalUserDatabaseEnabled": true,
"MasterUserOptions": {
"MasterUserArn": "arn:aws:iam::123456789012:user/third-master-use",
"MasterUserName": "third-master-use",
"MasterUserPassword": "some-password"
}
},
"Arn": "arn:aws:Opensearch:us-east-1:111122223333:somedomain",
"ClusterConfig": {
"InstanceType": "c5.large.search",
"InstanceCount": 1,
"DedicatedMasterEnabled": true,
"ZoneAwarenessEnabled": false,
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": 2
},
"DedicatedMasterType": "c5.large.search",
"DedicatedMasterCount": 3,
"WarmEnabled": true,
"WarmCount": 3,
"WarmType": "ultrawarm1.large.search"
},
"DomainEndpoint": "https://es-2021-06-23t17-04-qowmgghud5vofgb5e4wmi.eu-central-1.es.amazonaws.com",
"DomainEndpointOptions": {
"EnforceHTTPS": false,
"TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
"CustomEndpointCertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/bda1bff1-79c0-49d0-abe6-50a15a7477d4",
"CustomEndpointEnabled": true,
"CustomEndpoint": "example.com"
},
"DomainEndpoints": {
"vpc": "vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com"
},
"DomainName": "my-domain",
"EncryptionAtRestOptions": {
"Enabled": false,
"KmsKeyId": "1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a"
},
"EngineVersion": "7.1",
"Id": "123456789012",
"LogPublishingOptions": {
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-index-slow-logs",
"Enabled": true
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-slow-logs",
"Enabled": true
},
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-slow-logs",
"Enabled": true
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": true
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "2022-04-28T14:08:37.000Z",
"Cancellable": false,
"CurrentVersion": "R20210331",
"Description": "There is no software update available for this domain.",
"NewVersion": "OpenSearch_1.0",
"UpdateAvailable": false,
"UpdateStatus": "COMPLETED",
"OptionalDeployment": false
},
"VpcOptions": {
"SecurityGroupIds": [
"sg-2a3a4a5a"
],
"SubnetIds": [
"subnet-1a2a3a4a"
],
}
}
```
# ASFF 中的 AwsRds 资源
以下是`AwsRds`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRdsDbCluster
`AwsRdsDbCluster` 对象提供有关 Amazon RDS 数据库集群的详细信息。
以下示例显示了`AwsRdsDbCluster`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsDbCluster` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsDbClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbClusterDetails.html)。
**示例**
```
"AwsRdsDbCluster": {
"ActivityStreamStatus": "stopped",
"AllocatedStorage": 1,
"AssociatedRoles": [
{
"RoleArn": "arn:aws:iam::777788889999:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
"Status": "PENDING"
}
],
"AutoMinorVersionUpgrade": true,
"AvailabilityZones": [
"us-east-1a",
"us-east-1c",
"us-east-1e"
],
"BackupRetentionPeriod": 1,
"ClusterCreateTime": "2020-06-22T17:40:12.322Z",
"CopyTagsToSnapshot": true,
"CrossAccountClone": false,
"CustomEndpoints": [],
"DatabaseName": "Sample name",
"DbClusterIdentifier": "database-3",
"DbClusterMembers": [
{
"DbClusterParameterGroupStatus": "in-sync",
"DbInstanceIdentifier": "database-3-instance-1",
"IsClusterWriter": true,
"PromotionTier": 1,
}
],
"DbClusterOptionGroupMemberships": [],
"DbClusterParameterGroup": "cluster-parameter-group",
"DbClusterResourceId": "cluster-example",
"DbSubnetGroup": "subnet-group",
"DeletionProtection": false,
"DomainMemberships": [],
"Status": "modifying",
"EnabledCloudwatchLogsExports": [
"audit",
"error",
"general",
"slowquery"
],
"Endpoint": "database-3.cluster-example.us-east-1.rds.amazonaws.com",
"Engine": "aurora-mysql",
"EngineMode": "provisioned",
"EngineVersion": "5.7.mysql_aurora.2.03.4",
"HostedZoneId": "ZONE1",
"HttpEndpointEnabled": false,
"IamDatabaseAuthenticationEnabled": false,
"KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
"MasterUsername": "admin",
"MultiAz": false,
"Port": 3306,
"PreferredBackupWindow": "04:52-05:22",
"PreferredMaintenanceWindow": "sun:09:32-sun:10:02",
"ReaderEndpoint": "database-3.cluster-ro-example.us-east-1.rds.amazonaws.com",
"ReadReplicaIdentifiers": [],
"Status": "Modifying",
"StorageEncrypted": true,
"VpcSecurityGroups": [
{
"Status": "active",
"VpcSecurityGroupId": "sg-example-1"
}
],
}
```
## AwsRdsDbClusterSnapshot
`AwsRdsDbClusterSnapshot` 对象包含有关 Amazon RDS DS集群快照的信息。
以下示例显示了`AwsRdsDbClusterSnapshot`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsDbClusterSnapshot` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsDbClusterSnapshotDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbClusterSnapshotDetails.html)。
**示例**
```
"AwsRdsDbClusterSnapshot": {
"AllocatedStorage": 0,
"AvailabilityZones": [
"us-east-1a",
"us-east-1d",
"us-east-1e"
],
"ClusterCreateTime": "2020-06-12T13:23:15.577Z",
"DbClusterIdentifier": "database-2",
"DbClusterSnapshotAttributes": [{
"AttributeName": "restore",
"AttributeValues": ["123456789012"]
}],
"DbClusterSnapshotIdentifier": "rds:database-2-2020-06-23-03-52",
"Engine": "aurora",
"EngineVersion": "5.6.10a",
"IamDatabaseAuthenticationEnabled": false,
"KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
"LicenseModel": "aurora",
"MasterUsername": "admin",
"PercentProgress": 100,
"Port": 0,
"SnapshotCreateTime": "2020-06-22T17:40:12.322Z",
"SnapshotType": "automated",
"Status": "available",
"StorageEncrypted": true,
"VpcId": "vpc-faf7e380"
}
```
## AwsRdsDbInstance
`AwsRdsDbInstance` 对象提供有关 Amazon RDS 数据库实例的详细信息。
以下示例显示了`AwsRdsDbInstance`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsDbInstance` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsDbInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbInstanceDetails.html)。
**示例**
```
"AwsRdsDbInstance": {
"AllocatedStorage": 20,
"AssociatedRoles": [],
"AutoMinorVersionUpgrade": true,
"AvailabilityZone": "us-east-1d",
"BackupRetentionPeriod": 7,
"CaCertificateIdentifier": "certificate1",
"CharacterSetName": "",
"CopyTagsToSnapshot": true,
"DbClusterIdentifier": "",
"DbInstanceArn": "arn:aws:rds:us-east-1:111122223333:db:database-1",
"DbInstanceClass": "db.t2.micro",
"DbInstanceIdentifier": "database-1",
"DbInstancePort": 0,
"DbInstanceStatus": "available",
"DbiResourceId": "db-EXAMPLE123",
"DbName": "",
"DbParameterGroups": [
{
"DbParameterGroupName": "default.mysql5.7",
"ParameterApplyStatus": "in-sync"
}
],
"DbSecurityGroups": [],
"DbSubnetGroup": {
"DbSubnetGroupName": "my-group-123abc",
"DbSubnetGroupDescription": "My subnet group",
"VpcId": "vpc-example1",
"SubnetGroupStatus": "Complete",
"Subnets": [
{
"SubnetIdentifier": "subnet-123abc",
"SubnetAvailabilityZone": {
"Name": "us-east-1d"
},
"SubnetStatus": "Active"
},
{
"SubnetIdentifier": "subnet-456def",
"SubnetAvailabilityZone": {
"Name": "us-east-1c"
},
"SubnetStatus": "Active"
}
],
"DbSubnetGroupArn": ""
},
"DeletionProtection": false,
"DomainMemberships": [],
"EnabledCloudWatchLogsExports": [],
"Endpoint": {
"address": "database-1.example.us-east-1.rds.amazonaws.com",
"port": 3306,
"hostedZoneId": "ZONEID1"
},
"Engine": "mysql",
"EngineVersion": "5.7.22",
"EnhancedMonitoringResourceArn": "arn:aws:logs:us-east-1:111122223333:log-group:Example:log-stream:db-EXAMPLE1",
"IamDatabaseAuthenticationEnabled": false,
"InstanceCreateTime": "2020-06-22T17:40:12.322Z",
"Iops": "",
"KmsKeyId": "",
"LatestRestorableTime": "2020-06-24T05:50:00.000Z",
"LicenseModel": "general-public-license",
"ListenerEndpoint": "",
"MasterUsername": "admin",
"MaxAllocatedStorage": 1000,
"MonitoringInterval": 60,
"MonitoringRoleArn": "arn:aws:iam::111122223333:role/rds-monitoring-role",
"MultiAz": false,
"OptionGroupMemberships": [
{
"OptionGroupName": "default:mysql-5-7",
"Status": "in-sync"
}
],
"PreferredBackupWindow": "03:57-04:27",
"PreferredMaintenanceWindow": "thu:10:13-thu:10:43",
"PendingModifiedValues": {
"DbInstanceClass": "",
"AllocatedStorage": "",
"MasterUserPassword": "",
"Port": "",
"BackupRetentionPeriod": "",
"MultiAZ": "",
"EngineVersion": "",
"LicenseModel": "",
"Iops": "",
"DbInstanceIdentifier": "",
"StorageType": "",
"CaCertificateIdentifier": "",
"DbSubnetGroupName": "",
"PendingCloudWatchLogsExports": "",
"ProcessorFeatures": []
},
"PerformanceInsightsEnabled": false,
"PerformanceInsightsKmsKeyId": "",
"PerformanceInsightsRetentionPeriod": "",
"ProcessorFeatures": [],
"PromotionTier": "",
"PubliclyAccessible": false,
"ReadReplicaDBClusterIdentifiers": [],
"ReadReplicaDBInstanceIdentifiers": [],
"ReadReplicaSourceDBInstanceIdentifier": "",
"SecondaryAvailabilityZone": "",
"StatusInfos": [],
"StorageEncrypted": false,
"StorageType": "gp2",
"TdeCredentialArn": "",
"Timezone": "",
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-example1",
"Status": "active"
}
]
}
```
## AwsRdsDbSecurityGroup
`AwsRdsDbSecurityGroup` 对象包含有关 Amazon Relational Database Service 的信息
以下示例显示了`AwsRdsDbSecurityGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsDbSecurityGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsDbSecurityGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbSecurityGroupDetails.html)。
**示例**
```
"AwsRdsDbSecurityGroup": {
"DbSecurityGroupArn": "arn:aws:rds:us-west-1:111122223333:secgrp:default",
"DbSecurityGroupDescription": "default",
"DbSecurityGroupName": "mysecgroup",
"Ec2SecurityGroups": [
{
"Ec2SecurityGroupuId": "myec2group",
"Ec2SecurityGroupName": "default",
"Ec2SecurityGroupOwnerId": "987654321021",
"Status": "authorizing"
}
],
"IpRanges": [
{
"Cidrip": "0.0.0.0/0",
"Status": "authorizing"
}
],
"OwnerId": "123456789012",
"VpcId": "vpc-1234567f"
}
```
## AwsRdsDbSnapshot
`AwsRdsDbSnapshot` 对象包含有关 Amazon RDS DS集群快照的详细信息。
以下示例显示了`AwsRdsDbSnapshot`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsDbSnapshot` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsDbSnapshotDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbSnapshotDetails.html)。
**示例**
```
"AwsRdsDbSnapshot": {
"DbSnapshotIdentifier": "rds:database-1-2020-06-22-17-41",
"DbInstanceIdentifier": "database-1",
"SnapshotCreateTime": "2020-06-22T17:41:29.967Z",
"Engine": "mysql",
"AllocatedStorage": 20,
"Status": "available",
"Port": 3306,
"AvailabilityZone": "us-east-1d",
"VpcId": "vpc-example1",
"InstanceCreateTime": "2020-06-22T17:40:12.322Z",
"MasterUsername": "admin",
"EngineVersion": "5.7.22",
"LicenseModel": "general-public-license",
"SnapshotType": "automated",
"Iops": null,
"OptionGroupName": "default:mysql-5-7",
"PercentProgress": 100,
"SourceRegion": null,
"SourceDbSnapshotIdentifier": "",
"StorageType": "gp2",
"TdeCredentialArn": "",
"Encrypted": false,
"KmsKeyId": "",
"Timezone": "",
"IamDatabaseAuthenticationEnabled": false,
"ProcessorFeatures": [],
"DbiResourceId": "db-resourceexample1"
}
```
## AwsRdsEventSubscription
`AwsRdsEventSubscription` 包含有关 RDS 事件通知订阅的详细信息。订阅允许 RDS 将事件发布到 SNS 主题。
以下示例显示了`AwsRdsEventSubscription`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRdsEventSubscription` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRdsEventSubscriptionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsEventSubscriptionDetails.html)。
**示例**
```
"AwsRdsEventSubscription": {
"CustSubscriptionId": "myawsuser-secgrp",
"CustomerAwsId": "111111111111",
"Enabled": true,
"EventCategoriesList": [
"configuration change",
"failure"
],
"EventSubscriptionArn": "arn:aws:rds:us-east-1:111111111111:es:my-instance-events",
"SnsTopicArn": "arn:aws:sns:us-east-1:111111111111:myawsuser-RDS",
"SourceIdsList": [
"si-sample",
"mysqldb-rr"
],
"SourceType": "db-security-group",
"Status": "creating",
"SubscriptionCreationTime": "2021-06-27T01:38:01.090Z"
}
```
# ASFF 中的 AwsRedshift 资源
以下是`AwsRedshift`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRedshiftCluster
`AwsRedshiftCluster` 对象包含有关 Amazon Redshift 集群的详细信息。
以下示例显示了`AwsRedshiftCluster`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsRedshiftCluster` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsRedshiftClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRedshiftClusterDetails.html)。
**示例**
```
"AwsRedshiftCluster": {
"AllowVersionUpgrade": true,
"AutomatedSnapshotRetentionPeriod": 1,
"AvailabilityZone": "us-west-2d",
"ClusterAvailabilityStatus": "Unavailable",
"ClusterCreateTime": "2020-08-03T19:22:44.637Z",
"ClusterIdentifier": "redshift-cluster-1",
"ClusterNodes": [
{
"NodeRole": "LEADER",
"PrivateIPAddress": "192.0.2.108",
"PublicIPAddress": "198.51.100.29"
},
{
"NodeRole": "COMPUTE-0",
"PrivateIPAddress": "192.0.2.22",
"PublicIPAddress": "198.51.100.63"
},
{
"NodeRole": "COMPUTE-1",
"PrivateIPAddress": "192.0.2.224",
"PublicIPAddress": "198.51.100.226"
}
],
"ClusterParameterGroups": [
{
"ClusterParameterStatusList": [
{
"ParameterName": "max_concurrency_scaling_clusters",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "enable_user_activity_logging",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "auto_analyze",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "query_group",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "datestyle",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "extra_float_digits",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "search_path",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "statement_timeout",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "wlm_json_configuration",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "require_ssl",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "use_fips_ssl",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
}
],
"ParameterApplyStatus": "in-sync",
"ParameterGroupName": "temp"
}
],
"ClusterPublicKey": "JalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Amazon-Redshift",
"ClusterRevisionNumber": 17498,
"ClusterSecurityGroups": [
{
"ClusterSecurityGroupName": "default",
"Status": "active"
}
],
"ClusterSnapshotCopyStatus": {
"DestinationRegion": "us-west-2",
"ManualSnapshotRetentionPeriod": -1,
"RetentionPeriod": 1,
"SnapshotCopyGrantName": "snapshotCopyGrantName"
},
"ClusterStatus": "available",
"ClusterSubnetGroupName": "default",
"ClusterVersion": "1.0",
"DBName": "dev",
"DeferredMaintenanceWindows": [
{
"DeferMaintenanceEndTime": "2020-10-07T20:34:01.000Z",
"DeferMaintenanceIdentifier": "deferMaintenanceIdentifier",
"DeferMaintenanceStartTime": "2020-09-07T20:34:01.000Z"
}
],
"ElasticIpStatus": {
"ElasticIp": "203.0.113.29",
"Status": "active"
},
"ElasticResizeNumberOfNodeOptions": "4",
"Encrypted": false,
"Endpoint": {
"Address": "redshift-cluster-1.example.us-west-2.redshift.amazonaws.com",
"Port": 5439
},
"EnhancedVpcRouting": false,
"ExpectedNextSnapshotScheduleTime": "2020-10-13T20:34:01.000Z",
"ExpectedNextSnapshotScheduleTimeStatus": "OnTrack",
"HsmStatus": {
"HsmClientCertificateIdentifier": "hsmClientCertificateIdentifier",
"HsmConfigurationIdentifier": "hsmConfigurationIdentifier",
"Status": "applying"
},
"IamRoles": [
{
"ApplyStatus": "in-sync",
"IamRoleArn": "arn:aws:iam::111122223333:role/RedshiftCopyUnload"
}
],
"KmsKeyId": "kmsKeyId",
"LoggingStatus": {
"BucketName": "amzn-s3-demo-bucket",
"LastFailureMessage": "test message",
"LastFailureTime": "2020-08-09T13:00:00.000Z",
"LastSuccessfulDeliveryTime": "2020-08-08T13:00:00.000Z",
"LoggingEnabled": true,
"S3KeyPrefix": "/"
},
"MaintenanceTrackName": "current",
"ManualSnapshotRetentionPeriod": -1,
"MasterUsername": "awsuser",
"NextMaintenanceWindowStartTime": "2020-08-09T13:00:00.000Z",
"NodeType": "dc2.large",
"NumberOfNodes": 2,
"PendingActions": [],
"PendingModifiedValues": {
"AutomatedSnapshotRetentionPeriod": 0,
"ClusterIdentifier": "clusterIdentifier",
"ClusterType": "clusterType",
"ClusterVersion": "clusterVersion",
"EncryptionType": "None",
"EnhancedVpcRouting": false,
"MaintenanceTrackName": "maintenanceTrackName",
"MasterUserPassword": "masterUserPassword",
"NodeType": "dc2.large",
"NumberOfNodes": 1,
"PubliclyAccessible": true
},
"PreferredMaintenanceWindow": "sun:13:00-sun:13:30",
"PubliclyAccessible": true,
"ResizeInfo": {
"AllowCancelResize": true,
"ResizeType": "ClassicResize"
},
"RestoreStatus": {
"CurrentRestoreRateInMegaBytesPerSecond": 15,
"ElapsedTimeInSeconds": 120,
"EstimatedTimeToCompletionInSeconds": 100,
"ProgressInMegaBytes": 10,
"SnapshotSizeInMegaBytes": 1500,
"Status": "restoring"
},
"SnapshotScheduleIdentifier": "snapshotScheduleIdentifier",
"SnapshotScheduleState": "ACTIVE",
"VpcId": "vpc-example",
"VpcSecurityGroups": [
{
"Status": "active",
"VpcSecurityGroupId": "sg-example"
}
]
}
```
# ASFF 中的 AwsRoute53 资源
以下是`AwsRoute53`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRoute53HostedZone
`AwsRoute53HostedZone` 对象提供有关 Amazon Route 53 托管区域的信息,包括分配给托管区域的四个名称服务器。托管区域表示可统一管理的一组记录,属于单一父域名。
以下示例显示了`AwsRoute53HostedZone`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsRoute53HostedZone`属性的描述,请参阅《*AWS Security Hub API 参考*》HostedZoneDetails中的 [AwsRoute53](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRoute53HostedZoneDetails.html)。
**示例**
```
"AwsRoute53HostedZone": {
"HostedZone": {
"Id": "Z06419652JEMGO9TA2XKL",
"Name": "asff.testing",
"Config": {
"Comment": "This is an example comment."
}
},
"NameServers": [
"ns-470.awsdns-32.net",
"ns-1220.awsdns-12.org",
"ns-205.awsdns-13.com",
"ns-1960.awsdns-51.co.uk"
],
"QueryLoggingConfig": {
"CloudWatchLogsLogGroupArn": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:asfftesting:*",
"Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"HostedZoneId": "Z00932193AF5H180PPNZD"
}
},
"Vpcs": [
{
"Id": "vpc-05d7c6e36bc03ea76",
"Region": "us-east-1"
}
]
}
```
# ASFF 中的 AwsS3 资源
以下是`AwsS3`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsS3AccessPoint
`AwsS3AccessPoint` 提供有关 Amazon S3 接入点的信息。S3 接入点是附加到 S3 存储桶的具名网络端点,您可以使用这些存储桶执行 S3 对象操作。
以下示例显示了`AwsS3AccessPoint`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsS3AccessPoint`属性的描述,请参阅 *AWS Security Hub API* 参考AccessPointDetails中的 [awss3](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3AccessPointDetails.html)。
**示例**
```
"AwsS3AccessPoint": {
"AccessPointArn": "arn:aws:s3:us-east-1:123456789012:accesspoint/asff-access-point",
"Alias": "asff-access-point-hrzrlukc5m36ft7okagglf3gmwluquse1b-s3alias",
"Bucket": "amzn-s3-demo-bucket",
"BucketAccountId": "123456789012",
"Name": "asff-access-point",
"NetworkOrigin": "VPC",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"VpcConfiguration": {
"VpcId": "vpc-1a2b3c4d5e6f1a2b3"
}
}
```
## AwsS3AccountPublicAccessBlock
`AwsS3AccountPublicAccessBlock` 提供了有关账户的 Amazon S3 公共访问屏蔽配置的信息。
以下示例显示了`AwsS3AccountPublicAccessBlock`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsS3AccountPublicAccessBlock`属性的描述,请参阅 *AWS Security Hub API* 参考AccountPublicAccessBlockDetails中的 [awss3](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3AccountPublicAccessBlockDetails.html)。
**示例**
```
"AwsS3AccountPublicAccessBlock": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": false,
"RestrictPublicBuckets": true
}
```
## AwsS3Bucket
`AwsS3Bucket` 对象提供有关 Amazon S3 存储桶的详细信息。
以下示例显示了`AwsS3Bucket`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsS3Bucket`属性的描述,请参阅 *AWS Security Hub API* 参考BucketDetails中的 [awss3](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3BucketDetails.html)。
**示例**
```
"AwsS3Bucket": {
"AccessControlList": "{\"grantSet\":null,\"grantList\":[{\"grantee\":{\"id\":\"4df55416215956920d9d056aa8b99803a294ea221222bb668b55a8c6bca81094\",\"displayName\":null},\"permission\":\"FullControl\"},{\"grantee\":\"AllUsers\",\"permission\":\"ReadAcp\"},{\"grantee\":\"AuthenticatedUsers\",\"permission\":\"ReadAcp\"}",,
"BucketLifecycleConfiguration": {
"Rules": [
{
"AbortIncompleteMultipartUpload": {
"DaysAfterInitiation": 5
},
"ExpirationDate": "2021-11-10T00:00:00.000Z",
"ExpirationInDays": 365,
"ExpiredObjectDeleteMarker": false,
"Filter": {
"Predicate": {
"Operands": [
{
"Prefix": "tmp/",
"Type": "LifecyclePrefixPredicate"
},
{
"Tag": {
"Key": "ArchiveAge",
"Value": "9m"
},
"Type": "LifecycleTagPredicate"
}
],
"Type": "LifecycleAndOperator"
}
},
"ID": "Move rotated logs to Glacier",
"NoncurrentVersionExpirationInDays": -1,
"NoncurrentVersionTransitions": [
{
"Days": 2,
"StorageClass": "GLACIER"
}
],
"Prefix": "rotated/",
"Status": "Enabled",
"Transitions": [
{
"Date": "2020-11-10T00:00:00.000Z",
"Days": 100,
"StorageClass": "GLACIER"
}
]
}
]
},
"BucketLoggingConfiguration": {
"DestinationBucketName": "s3serversideloggingbucket-123456789012",
"LogFilePrefix": "buckettestreadwrite23435/"
},
"BucketName": "amzn-s3-demo-bucket",
"BucketNotificationConfiguration": {
"Configurations": [{
"Destination": "arn:aws:lambda:us-east-1:123456789012:function:s3_public_write",
"Events": [
"s3:ObjectCreated:Put"
],
"Filter": {
"S3KeyFilter": {
"FilterRules": [
{
"Name": "AffS3BucketNotificationConfigurationS3KeyFilterRuleName.PREFIX",
"Value": "pre"
},
{
"Name": "AffS3BucketNotificationConfigurationS3KeyFilterRuleName.SUFFIX",
"Value": "suf"
},
]
}
},
"Type": "LambdaConfiguration"
}]
},
"BucketVersioningConfiguration": {
"IsMfaDeleteEnabled": true,
"Status": "Off"
},
"BucketWebsiteConfiguration": {
"ErrorDocument": "error.html",
"IndexDocumentSuffix": "index.html",
"RedirectAllRequestsTo": {
"HostName": "example.com",
"Protocol": "http"
},
"RoutingRules": [{
"Condition": {
"HttpErrorCodeReturnedEquals": "Redirected",
"KeyPrefixEquals": "index"
},
"Redirect": {
"HostName": "example.com",
"HttpRedirectCode": "401",
"Protocol": "HTTP",
"ReplaceKeyPrefixWith": "string",
"ReplaceKeyWith": "string"
}
}]
},
"CreatedAt": "2007-11-30T01:46:56.000Z",
"ObjectLockConfiguration": {
"ObjectLockEnabled": "Enabled",
"Rule": {
"DefaultRetention": {
"Days": null,
"Mode": "GOVERNANCE",
"Years": 12
},
},
},
"OwnerId": "AIDACKCEVSQ6C2EXAMPLE",
"OwnerName": "s3bucketowner",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true,
},
"ServerSideEncryptionConfiguration": {
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256",
"KMSMasterKeyID": "12345678-abcd-abcd-abcd-123456789012"
}
}
]
}
}
```
## AwsS3Object
`AwsS3Object` 对象提供有关 Amazon S3 对象的信息。
以下示例显示了`AwsS3Object`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsS3Object`属性的描述,请参阅 *AWS Security Hub API* 参考ObjectDetails中的 [awss3](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3ObjectDetails.html)。
**示例**
```
"AwsS3Object": {
"ContentType": "text/html",
"ETag": "\"30a6ec7e1a9ad79c203d05a589c8b400\"",
"LastModified": "2012-04-23T18:25:43.511Z",
"ServerSideEncryption": "aws:kms",
"SSEKMSKeyId": "arn:aws:kms:us-west-2:123456789012:key/4dff8393-e225-4793-a9a0-608ec069e5a7",
"VersionId": "ws31OurgOOjH_HHllIxPE35P.MELYaYh"
}
```
# ASFF 中的 AwsSageMaker 资源
以下是`AwsSageMaker`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSageMakerNotebookInstance
该`AwsSageMakerNotebookInstance`对象提供有关 Amazon A SageMaker I 笔记本实例的信息,该实例是运行 Jupyter Notebook 应用程序的机器学习计算实例。
以下示例显示了`AwsSageMakerNotebookInstance`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsSageMakerNotebookInstance` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsSageMakerNotebookInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSageMakerNotebookInstanceDetails.html)。
**示例**
```
"AwsSageMakerNotebookInstance": {
"DirectInternetAccess": "Disabled",
"InstanceMetadataServiceConfiguration": {
"MinimumInstanceMetadataServiceVersion": "1",
},
"InstanceType": "ml.t2.medium",
"LastModifiedTime": "2022-09-09 22:48:32.012000+00:00",
"NetworkInterfaceId": "eni-06c09ac2541a1bed3",
"NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:001098605940:notebook-instance/sagemakernotebookinstancerootaccessdisabledcomplia-8myjcyofzixm",
"NotebookInstanceName": "SagemakerNotebookInstanceRootAccessDisabledComplia-8MYjcyofZiXm",
"NotebookInstanceStatus": "InService",
"PlatformIdentifier": "notebook-al1-v1",
"RoleArn": "arn:aws:iam::001098605940:role/sechub-SageMaker-1-scenar-SageMakerCustomExecution-1R0X32HGC38IW",
"RootAccess": "Disabled",
"SecurityGroups": [
"sg-06b347359ab068745"
],
"SubnetId": "subnet-02c0deea5fa64578e",
"Url": "sagemakernotebookinstancerootaccessdisabledcomplia-8myjcyofzixm.notebook.us-east-1.sagemaker.aws",
"VolumeSizeInGB": 5
}
```
# ASFF 中的 AwsSecretsManager 资源
以下是`AwsSecretsManager`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSecretsManagerSecret
`AwsSecretsManagerSecret` 对象提供有关 Secrets Manager 密钥的详细信息。
以下示例显示了`AwsSecretsManagerSecret`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsSecretsManagerSecret` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsSecretsManagerSecretDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecretsManagerSecretDetails.html)。
**示例**
```
"AwsSecretsManagerSecret": {
"RotationRules": {
"AutomaticallyAfterDays": 30
},
"RotationOccurredWithinFrequency": true,
"KmsKeyId": "kmsKeyId",
"RotationEnabled": true,
"RotationLambdaArn": "arn:aws:lambda:us-west-2:777788889999:function:MyTestRotationLambda",
"Deleted": false,
"Name": "MyTestDatabaseSecret",
"Description": "My test database secret"
}
```
# ASFF 中的 AwsSns 资源
以下是`AwsSns`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSnsTopic
`AwsSnsTopic` 对象包含有关 Amazon Simple Notification Service 主题。
以下示例显示了`AwsSnsTopic`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsSnsTopic` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsSnsTopicDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSnsTopicDetails.html)。
**示例**
```
"AwsSnsTopic": {
"ApplicationSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/ApplicationSuccessFeedbackRoleArn",
"FirehoseFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/FirehoseFailureFeedbackRoleArn",
"FirehoseSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/FirehoseSuccessFeedbackRoleArn",
"HttpFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/HttpFailureFeedbackRoleArn",
"HttpSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/HttpSuccessFeedbackRoleArn",
"KmsMasterKeyId": "alias/ExampleAlias",
"Owner": "123456789012",
"SqsFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/SqsFailureFeedbackRoleArn",
"SqsSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/SqsSuccessFeedbackRoleArn",
"Subscription": {
"Endpoint": "http://sampleendpoint.com",
"Protocol": "http"
},
"TopicName": "SampleTopic"
}
```
# ASFF 中的 AwsSqs 资源
以下是`AwsSqs`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSqsQueue
`AwsSqsQueue` 对象包含有关 Amazon Simple Queue Service 队列的信息。
以下示例显示了`AwsSqsQueue`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsSqsQueue` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsSqsQueueDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSqsQueueDetails.html)。
**示例**
```
"AwsSqsQueue": {
"DeadLetterTargetArn": "arn:aws:sqs:us-west-2:123456789012:queue/target",
"KmsDataKeyReusePeriodSeconds": 60,,
"KmsMasterKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
"QueueName": "sample-queue"
}
```
# ASFF 中的 AwsSsm 资源
以下是`AwsSsm`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSsmPatchCompliance
`AwsSsmPatchCompliance` 对象根据用于修补实例的补丁基准提供有关实例补丁状态的信息。
以下示例显示了`AwsSsmPatchCompliance`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsSsmPatchCompliance` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsSsmPatchComplianceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSsmPatchComplianceDetails.html)。
**示例**
```
"AwsSsmPatchCompliance": {
"Patch": {
"ComplianceSummary": {
"ComplianceType": "Patch",
"CompliantCriticalCount": 0,
"CompliantHighCount": 0,
"CompliantInformationalCount": 0,
"CompliantLowCount": 0,
"CompliantMediumCount": 0,
"CompliantUnspecifiedCount": 461,
"ExecutionType": "Command",
"NonCompliantCriticalCount": 0,
"NonCompliantHighCount": 0,
"NonCompliantInformationalCount": 0,
"NonCompliantLowCount": 0,
"NonCompliantMediumCount": 0,
"NonCompliantUnspecifiedCount": 0,
"OverallSeverity": "UNSPECIFIED",
"PatchBaselineId": "pb-0c5b2769ef7cbe587",
"PatchGroup": "ExamplePatchGroup",
"Status": "COMPLIANT"
}
}
}
```
# ASFF 中的 AwsStepFunctions 资源
以下是`AwsStepFunctions`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsStepFunctionStateMachine
`AwsStepFunctionStateMachine` 对象提供有关 AWS Step Functions 状态机的信息,状态机是一个由一系列事件驱动步骤组成的工作流程。
以下示例显示了`AwsStepFunctionStateMachine`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsStepFunctionStateMachine` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsStepFunctionStateMachine](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsStepFunctionStateMachineDetails.html)。
**示例**
```
"AwsStepFunctionStateMachine": {
"StateMachineArn": "arn:aws:states:us-east-1:123456789012:stateMachine:StepFunctionsLogDisableNonCompliantResource-fQLujTeXvwsb",
"Name": "StepFunctionsLogDisableNonCompliantResource-fQLujTeXvwsb",
"Status": "ACTIVE",
"RoleArn": "arn:aws:iam::123456789012:role/teststepfunc-StatesExecutionRole-1PNM71RVO1UKT",
"Type": "STANDARD",
"LoggingConfiguration": {
"Level": "OFF",
"IncludeExecutionData": false
},
"TracingConfiguration": {
"Enabled": false
}
}
```
# ASFF 中的 AwsWaf 资源
以下是`AwsWaf`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsWafRateBasedRule
`AwsWafRateBasedRule` 对象包含有关 AWS WAF 基于速率的全局资源规则的详细信息。 AWS WAF 基于速率的规则提供设置,以指示何时允许、阻止或计算请求。基于速率的规则包括在指定时间段内到达的请求数。
以下示例显示了`AwsWafRateBasedRule`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsWafRateBasedRule` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRateBasedRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRateBasedRuleDetails.html)。
**示例**
```
"AwsWafRateBasedRule":{
"MatchPredicates" : [{
"DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0",
"Negated" : "True",
"Type" : "IPMatch" ,
}],
"MetricName" : "MetricName",
"Name" : "Test",
"RateKey" : "IP",
"RateLimit" : 235000,
"RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f"
}
```
## AwsWafRegionalRateBasedRule
`AwsWafRegionalRateBasedRule` 对象包含有关基于速率的区域性资源规则的详细信息。基于速率的规则提供设置,用于指示何时允许、阻止或计数请求。基于速率的规则包括在指定时间段内到达的请求数。
以下示例显示了`AwsWafRegionalRateBasedRule`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsWafRegionalRateBasedRule` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRegionalRateBasedRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRateBasedRuleDetails.html)。
**示例**
```
"AwsWafRegionalRateBasedRule":{
"MatchPredicates" : [{
"DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0",
"Negated" : "True",
"Type" : "IPMatch" ,
}],
"MetricName" : "MetricName",
"Name" : "Test",
"RateKey" : "IP",
"RateLimit" : 235000,
"RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f"
}
```
## AwsWafRegionalRule
该`AwsWafRegionalRule`对象提供有关 AWS WAF 区域规则的详细信息。此规则标识您想要允许、阻止或计数的 Web 请求。
以下示例显示了`AwsWafRegionalRule`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsWafRegionalRule` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRegionalRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRuleDetails.html)。
**示例**
```
"AwsWafRegionalRule": {
"MetricName": "SampleWAF_Rule__Metric_1",
"Name": "bb-waf-regional-rule-not-empty-conditions-compliant",
"RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de95fe",
"PredicateList": [{
"DataId": "127d9346-e607-4e93-9286-c1296fb5445a",
"Negated": false,
"Type": "GeoMatch"
}]
}
```
## AwsWafRegionalRuleGroup
`AwsWafRegionalRuleGroup` 对象提供有关 AWS WAF 区域规则组的详细信息。规则组是添加到 Web 访问控制列表(Web ACL)的预定义规则的集合。
以下示例显示了`AwsWafRegionalRuleGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsWafRegionalRuleGroup` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRegionalRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRuleGroupDetails.html)。
**示例**
```
"AwsWafRegionalRuleGroup": {
"MetricName": "SampleWAF_Metric_1",
"Name": "bb-WAFClassicRuleGroupWithRuleCompliant",
"RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb",
"Rules": [{
"Action": {
"Type": "ALLOW"
}
}],
"Priority": 1,
"RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c",
"Type": "REGULAR"
}
```
## AwsWafRegionalWebAcl
`AwsWafRegionalWebAcl`提供了有关 AWS WAF 区域 Web 访问控制列表 (Web ACL) 的详细信息。Web ACL 包含用于标识您要允许、阻止或计数的请求的规则。
以下是 AWS 安全调查发现格式(ASFF)中的 `AwsWafRegionalWebAcl` 调查发现示例。要查看 `AwsApiGatewayV2Stage` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRegionalWebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalWebAclDetails.html)。
**示例**
```
"AwsWafRegionalWebAcl": {
"DefaultAction": "ALLOW",
"MetricName" : "web-regional-webacl-metric-1",
"Name": "WebACL_123",
"RulesList": [
{
"Action": {
"Type": "Block"
},
"Priority": 3,
"RuleId": "24445857-852b-4d47-bd9c-61f05e4d223c",
"Type": "REGULAR",
"ExcludedRules": [
{
"ExclusionType": "Exclusion",
"RuleId": "Rule_id_1"
}
],
"OverrideAction": {
"Type": "OVERRIDE"
}
}
],
"WebAclId": "443c76f4-2e72-4c89-a2ee-389d501c1f67"
}
```
## AwsWafRule
`AwsWafRule`提供有关 AWS WAF 规则的信息。 AWS WAF 规则用于标识您想要允许、阻止或计数的 Web 请求。
以下是 AWS 安全`AwsWafRule`调查结果格式 (ASFF) 中的示例发现。要查看 `AwsApiGatewayV2Stage` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRuleDetails.html)。
**示例**
```
"AwsWafRule": {
"MetricName": "AwsWafRule_Metric_1",
"Name": "AwsWafRule_Name_1",
"PredicateList": [{
"DataId": "cdd225da-32cf-4773-1dc2-3bca3ed9c19c",
"Negated": false,
"Type": "GeoMatch"
}],
"RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de953e"
}
```
## AwsWafRuleGroup
`AwsWafRuleGroup`提供了有关 AWS WAF 规则组的信息。 AWS WAF 规则组是您添加到 Web 访问控制列表(Web ACL)中的预定义规则的集合。
以下是 AWS 安全`AwsWafRuleGroup`调查结果格式 (ASFF) 中的示例发现。要查看 `AwsApiGatewayV2Stage` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRuleGroupDetails.html)。
**示例**
```
"AwsWafRuleGroup": {
"MetricName": "SampleWAF_Metric_1",
"Name": "bb-WAFRuleGroupWithRuleCompliant",
"RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb",
"Rules": [{
"Action": {
"Type": "ALLOW",
},
"Priority": 1,
"RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c",
"Type": "REGULAR"
}]
}
```
## AwsWafv2RuleGroup
该`AwsWafv2RuleGroup`对象提供有关 AWS WAF V2 规则组的详细信息。
以下示例显示了`AwsWafv2RuleGroup`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsWafv2RuleGroup`属性的描述,请参阅《*AWS Security Hub API 参考*》RuleGroupDetails中的 [AwsWafv2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafv2RuleGroupDetails.html)。
**示例**
```
"AwsWafv2RuleGroup": {
"Arn": "arn:aws:wafv2:us-east-1:123456789012:global/rulegroup/wafv2rulegroupasff/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Capacity": 1000,
"Description": "Resource for ASFF",
"Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Name": "wafv2rulegroupasff",
"Rules": [{
"Action": {
"Allow": {
"CustomRequestHandling": {
"InsertHeaders": [
{
"Name": "AllowActionHeader1Name",
"Value": "AllowActionHeader1Value"
},
{
"Name": "AllowActionHeader2Name",
"Value": "AllowActionHeader2Value"
}
]
}
},
"Name": "RuleOne",
"Priority": 1,
"VisibilityConfig": {
"CloudWatchMetricsEnabled": true,
"MetricName": "rulegroupasff",
"SampledRequestsEnabled": false
}
}],
"VisibilityConfig": {
"CloudWatchMetricsEnabled": true,
"MetricName": "rulegroupasff",
"SampledRequestsEnabled": false
}
}
```
## AwsWafWebAcl
该`AwsWafWebAcl`对象提供有关 AWS WAF Web ACL 的详细信息。
以下示例显示了`AwsWafWebAcl`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsWafWebAcl` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsWafWebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafWebAclDetails.html)。
**示例**
```
"AwsWafWebAcl": {
"DefaultAction": "ALLOW",
"Name": "MyWafAcl",
"Rules": [
{
"Action": {
"Type": "ALLOW"
},
"ExcludedRules": [
{
"RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98"
}
],
"OverrideAction": {
"Type": "NONE"
},
"Priority": 1,
"RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98",
"Type": "REGULAR"
}
],
"WebAclId": "waf-1234567890"
}
```
## AwsWafv2WebAcl
该`AwsWafv2WebAcl`对象提供有关 AWS WAF V2 Web ACL 的详细信息。
以下示例显示了`AwsWafv2WebAcl`对象 AWS 的安全调查结果格式 (ASFF)。要查看`AwsWafv2WebAcl`属性的描述,请参阅《*AWS Security Hub API 参考*》WebAclDetails中的 [AwsWafv2](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafv2WebAclDetails.html)。
**示例**
```
"AwsWafv2WebAcl": {
"Arn": "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/WebACL-RoaD4QexqSxG/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Capacity": 1326,
"CaptchaConfig": {
"ImmunityTimeProperty": {
"ImmunityTime": 500
}
},
"DefaultAction": {
"Block": {}
},
"Description": "Web ACL for JsonBody testing",
"ManagedbyFirewallManager": false,
"Name": "WebACL-RoaD4QexqSxG",
"Rules": [{
"Action": {
"RuleAction": {
"Block": {}
}
},
"Name": "TestJsonBodyRule",
"Priority": 1,
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "JsonBodyMatchMetric"
}
}],
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "TestingJsonBodyMetric"
}
}
```
# ASFF 中的 AwsXray 资源
以下是`AwsXray`资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
## AwsXrayEncryptionConfig
该`AwsXrayEncryptionConfig`对象包含有关加密配置的信息 AWS X-Ray。
以下示例显示了`AwsXrayEncryptionConfig`对象 AWS 的安全调查结果格式 (ASFF)。要查看 `AwsXrayEncryptionConfig` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [AwsXrayEncryptionConfigDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsXrayEncryptionConfigDetails.html)。
**示例**
```
"AwsXRayEncryptionConfig":{
"KeyId": "arn:aws:kms:us-east-2:222222222222:key/example-key",
"Status": "UPDATING",
"Type":"KMS"
}
```
# ASFF 中的 CodeRepository 对象
该`CodeRepository`对象提供有关外部代码存储库的信息,您已将该代码存储库连接到 AWS 资源并将 Amazon Inspector 配置为扫描漏洞。
以下示例显示了该`CodeRepository`对象 AWS 的安全调查结果格式 (ASFF) 语法。要查看 `CodeRepository` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [CodeRepositoryDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CodeRepositoryDetails.html)。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
**示例**
```
"CodeRepository": {
"ProviderType": "GITLAB_SELF_MANAGED",
"ProjectName": "projectName",
"CodeSecurityIntegrationArn": "arn:aws:inspector2:us-east-1:123456789012:codesecurity-integration/00000000-0000-0000-0000-000000000000"
}
```
# ASFF 中的 Container 对象
以下示例显示了该`Container`对象 AWS 的安全调查结果格式 (ASFF) 语法。要查看 `Container` 属性的描述,请参阅 *AWS Security Hub API 参考*中的 [ContainerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ContainerDetails.html)。有关 ASFF 的背景信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
**示例**
```
"Container": {
"ContainerRuntime": "docker",
"ImageId": "image12",
"ImageName": "1111111/knotejs@sha256:372131c9fef111111111111115f4ed3ea5f9dce4dc3bd34ce21846588a3",
"LaunchedAt": "2018-09-29T01:25:54Z",
"Name": "knote",
"Privileged": true,
"VolumeMounts": [{
"Name": "vol-03909e9",
"MountPath": "/mnt/etc"
}]
}
```
# ASFF 中的 Other 对象
在 AWS 安全调查结果格式 (ASFF) 中,`Other`对象指定自定义字段和值。有关 ASFF 的更多信息,请参阅 [AWS 安全调查结果格式 (ASFF)](securityhub-findings-format.md)。
通过使用 `Other` 对象,您可以为资源指定自定义字段和值。您可以在以下情况下使用 `Other` 对象:
+ 该资源类型没有对应的 `Details` 对象。要指定资源的详细信息,请使用 `Other` 对象。
+ 资源类型的 `Details` 对象不包括要指定的所有属性。在这种情况下,请使用资源类型的 `Details` 对象来指定可用属性。使用 `Other` 对象指定不在特定于类型的 `Details` 对象中的属性。
+ 资源类型不是提供的类型之一。在这种情况下,请将 `Resource.Type` 设置为 `Other`,并使用 `Other` 对象指定详细信息。
**类型:**最多 50 个键/值对的映射
每个键-值对必须满足以下要求。
+ 密钥包含的字符数必须少于 128 个。
+ 该值包含的字符数必须少于 1024 个。