本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用 Amazon 監控 EventBridge
Amazon EventBridge 是一種無伺服器事件匯流排服務,可讓您輕鬆地將應用程式與各種來源的資料連接起來。 EventBridge 從您自己的應用程式、S oftware-as-a 服務 (SaaS) 應用程式以及服務提供即時資料串流,並 AWS 將該資料路由到目標 (例如 Lambda)。這可讓您監控在服務中發生的事件,並建置事件導向的架構。如需詳細資訊,請參閱 Amazon EventBridge 使用者指南。
作為受 S3 惡意軟體保護保護的 S3 儲存貯體的擁有者帳戶,在下列情況下,將 EventBridge 通知 GuardDuty發佈到預設事件匯流排:
-
惡意軟體防護規劃任何受保護值區的資源狀態變更。有關各种狀態的更多內容,敬請參閱惡意程式碼防護計劃資源。
-
發生標籤事件失敗,原因如下:
-
您的IAM角色缺少標記物件的權限。
新增IAM原則權限範本包括標記物件的權限。 GuardDuty
-
IAM角色中指定的值區資源或物件不再存在。
-
關聯的 S3 物件已達到標籤上限。如需有關標籤限制的詳細資訊,請參閱 Amazon S3 使用者指南中的使用標籤對儲存進行分類。
-
-
S3 物件掃描結果會發佈至您的預設 EventBridge 事件匯流排。
設定 EventBridge 規則
您可以在帳戶中設定 EventBridge 規則,將資源狀態、掃描後標籤失敗事件或 S3 物件掃描結果傳送給另一個 AWS 服務。身為委派的 GuardDuty 系統管理員帳戶,當狀態發生變更時,您會收到惡意程式碼防護計劃資源狀態通知。
將採用標準 EventBridge 定價。如需詳細資訊,請參閱 Amazon EventBridge 定價
顯示在中的所有值 red
是範例的預留位置。這些值將根據您帳戶中的值以及是否偵測到惡意程式碼而變更。
惡意程式碼防護計劃資源
您可以根據下列案例建立 EventBridge 事件模式:
潛在detail-type
值
-
"GuardDuty Malware Protection Resource Status Active"
-
"GuardDuty Malware Protection Resource Status Warning"
-
"GuardDuty Malware Protection Resource Status Error"
事件模式
{ "detail-type": ["potential detail-type"], "source": ["aws.guardduty"] }
範例通知結構描述 GuardDuty Malware Protection Resource Status Active
:
{ "version": "0", "id": "
6a7e8feb-b491-4cf7-a9f1-bf3703467718
", "detail-type": "GuardDuty Malware Protection Resource Status Active", "source": "aws.guardduty", "account": "111122223333
", "time": "2017-12-22T18:43:48Z
", "region": "us-east-1
", "resources": ["arn:aws:guardduty:
"], "detail": { "schemaVersion": "1.0", "eventTime": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE2024-02-28T01:01:01Z
", "s3BucketDetails": { "bucketName": "amzn-s3-demo-bucket
" }, "resourceStatus": "ACTIVE" } }
範例通知結構描述 GuardDuty Malware Protection Resource Status Warning
:
{ "version": "0", "id": "
6a7e8feb-b491-4cf7-a9f1-bf3703467718
", "detail-type": "GuardDuty Malware Protection Resource Status warning", "source": "aws.guardduty", "account": "111122223333
", "time": "2017-12-22T18:43:48Z
", "region": "us-east-1
", "resources": ["arn:aws:guardduty:
"], "detail": { "schemaVersion": "1.0", "eventTime": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE2024-02-28T01:01:01Z
", "s3BucketDetails": { "bucketName": "amzn-s3-demo-bucket
" }, "resourceStatus": "WARNING", "statusReasons": [ { "code": "INSUFFICIENT_TEST_OBJECT_PERMISSIONS" } ] } }
範例通知結構描述 GuardDuty Malware Protection Resource Status Error
:
{ "version": "0", "id": "
fc7a35b7-83bd-3c1f-ecfa-1b8de9e7f7d2
", "detail-type": "GuardDuty Malware Protection Resource StatusError
", "source": "aws.guardduty", "account": "111122223333
", "time": "2017-12-22T18:43:48Z
", "region": "us-east-1
", "resources": ["arn:aws:guardduty:
"], "detail": { "schemaVersion": "1.0", "eventTime": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE2024-02-28T01:01:01Z
", "s3BucketDetails": { "bucketName": "amzn-s3-demo-bucket
" }, "resourceStatus": "ERROR
", "statusReasons": [ { "code": "EVENTBRIDGE_MANAGED_EVENTS_DELIVERY_DISABLED
" } ] } }
根據背後的原因 resourceStatus
ERROR
,該statusReasons
值將被填充。
如需有關下列警告和錯誤之疑難排解步驟的資訊,請參閱疑難排解惡意程式碼防護計劃。
S3 物件掃描結果
{ "detail-type": ["GuardDuty Malware Protection Object Scan Result"], "source": ["aws.guardduty"] }
範例通知結構描述 NO_THREATS_FOUND
:
{ "version": "0", "id": "
72c7d362-737a-6dce-fc78-9e27a0171419
", "detail-type": "GuardDuty Malware Protection Object Scan Result", "source": "aws.guardduty", "account": "111122223333
", "time": "2024-02-28T01:01:01Z
", "region": "us-east-1
", "resources": [arn:aws:guardduty:
], "detail": { "schemaVersion": "1.0", "scanStatus": "COMPLETED", "resourceType": "S3_OBJECT", "s3ObjectDetails": { "bucketName": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLEamzn-s3-demo-bucket
", "objectKey": "APKAEIBAERJR2EXAMPLE
", "eTag": "ASIAI44QH8DHBEXAMPLE
", "versionId" : "d41d8cd98f00b204e9800998eEXAMPLE
" }, "scanResultDetails": { "scanResultStatus": "NO_THREATS_FOUND", "threats": null } } }
範例通知結構描述 THREATS_FOUND
:
{ "version": "0", "id": "
72c7d362-737a-6dce-fc78-9e27a0171419
", "detail-type": "GuardDuty Malware Protection Object Scan Result", "source": "aws.guardduty", "account": "111122223333
", "time": "2024-02-28T01:01:01Z
", "region": "us-east-1
", "resources": [arn:aws:guardduty:
], "detail": { "schemaVersion": "1.0", "scanStatus": "COMPLETED", "resourceType": "S3_OBJECT", "s3ObjectDetails": { "bucketName": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLEamzn-s3-demo-bucket
", "objectKey": "APKAEIBAERJR2EXAMPLE
", "eTag": "ASIAI44QH8DHBEXAMPLE
", "versionId" : "d41d8cd98f00b204e9800998eEXAMPLE
" }, "scanResultDetails": { "scanResultStatus": "THREATS_FOUND", "threats": [ { "name": "EICAR-Test-File (not a virus)
" } ] } } }
掃瞄結果狀態的通知結構描述範例UNSUPPORTED
(已略過):
{ "version": "0", "id": "
72c7d362-737a-6dce-fc78-9e27a0EXAMPLE
", "detail-type": "GuardDuty Malware Protection Object Scan Result", "source": "aws.guardduty", "account": "111122223333
", "time": "2024-02-28T01:01:01Z
", "region": "us-east-1
", "resources": [arn:aws:guardduty:
], "detail": { "schemaVersion": "1.0", "scanStatus": "SKIPPED", "resourceType": "S3_OBJECT", "s3ObjectDetails": { "bucketName": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLEamzn-s3-demo-bucket
", "objectKey": "APKAEIBAERJR2EXAMPLE
", "eTag": "ASIAI44QH8DHBEXAMPLE
", "versionId" : "d41d8cd98f00b204e9800998eEXAMPLE
" }, "scanResultDetails": { "scanResultStatus": "UNSUPPORTED", "threats": null } } }
掃瞄結果狀態的通知結構描述範例ACCESS_DENIED
(已略過):
{ "version": "0", "id": "
72c7d362-737a-6dce-fc78-9e27a0EXAMPLE
", "detail-type": "GuardDuty Malware Protection Object Scan Result", "source": "aws.guardduty", "account": "111122223333
", "time": "2024-02-28T01:01:01Z
", "region": "us-east-1
", "resources": [arn:aws:guardduty:
], "detail": { "schemaVersion": "1.0", "scanStatus": "SKIPPED", "resourceType": "S3_OBJECT", "s3ObjectDetails": { "bucketName": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLEamzn-s3-demo-bucket
", "objectKey": "APKAEIBAERJR2EXAMPLE
", "eTag": "ASIAI44QH8DHBEXAMPLE
", "versionId" : "d41d8cd98f00b204e9800998eEXAMPLE
" }, "scanResultDetails": { "scanResultStatus": "ACCESS_DENIED", "threats": null } } }
掃瞄結果狀態的通知結構描述範例 FAILED
:
{ "version": "0", "id": "
72c7d362-737a-6dce-fc78-9e27a0EXAMPLE
", "detail-type": "GuardDuty Malware Protection Object Scan Result", "source": "aws.guardduty", "account": "111122223333
", "time": "2024-02-28T01:01:01Z
", "region": "us-east-1
", "resources": [arn:aws:guardduty:
], "detail": { "schemaVersion": "1.0", "scanStatus": "FAILED", "resourceType": "S3_OBJECT", "s3ObjectDetails": { "bucketName": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLEamzn-s3-demo-bucket
", "objectKey": "APKAEIBAERJR2EXAMPLE
", "eTag": "ASIAI44QH8DHBEXAMPLE
", "versionId" : "d41d8cd98f00b204e9800998eEXAMPLE
" }, "scanResultDetails": { "scanResultStatus": "FAILED", "threats": null } } }
掃描後標籤失敗事件
事件模式:
{ "detail-type": "GuardDuty Malware Protection Post Scan Action Failed", "source": "aws.guardduty" }
範例通知結構描述 ACCESS_DENIED
:
{ "version": "0", "id": "
746acd83-d75c-5b84-91d2-dad5f13ba0d7
", "detail-type": "GuardDuty Malware Protection Post Scan Action Failed", "source": "aws.guardduty", "account": "111122223333
", "time": "2024-06-10T16:16:08Z
", "region": "us-east-1
", "resources": ["arn:aws:guardduty:
"], "detail": { "schemaVersion": "1.0", "eventTime": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE2024-06-10T16:16:08Z
", "s3ObjectDetails": { "bucketName": "amzn-s3-demo-bucket
", "objectKey": "2024-03-10-16-16-00-7D723DE8DBE9Y2E0
", "eTag": "0e9eeec810ad8b61d69112c15c2a5hb6
", "versionId" : "d41d8cd98f00b204e9800998eEXAMPLE
" }, "postScanActions": [{ "actionType": "TAGGING", "status": "FAILED", "failureReason": "ACCESS_DENIED
" }] } }
範例通知結構描述 MAX_TAG_LIMIT_EXCEEDED
:
{ "version": "0", "id": "
746acd83-d75c-5b84-91d2-dad5f13ba0d7
", "detail-type": "GuardDuty Malware Protection Post Scan Action Failed", "source": "aws.guardduty", "account": "111122223333
", "time": "2024-06-10T16:16:08Z
", "region": "us-east-1
", "resources": ["arn:aws:guardduty:
"], "detail": { "schemaVersion": "1.0", "eventTime": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE2024-06-10T16:16:08Z
", "s3ObjectDetails": { "bucketName": "amzn-s3-demo-bucket
", "objectKey": "2024-03-10-16-16-00-7D723DE8DBE9Y2E0
", "eTag": "0e9eeec810ad8b61d69112c15c2a5hb6
", "versionId" : "d41d8cd98f00b204e9800998eEXAMPLE
" }, "postScanActions": [{ "actionType": "TAGGING", "status": "FAILED", "failureReason": "MAX_TAG_LIMIT_EXCEEDED
" }] } }
若要疑難排解這些失敗原因,請參閱疑難排解 S3 物件掃描後標籤失敗。