本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
Amazon Inspector 與集成 AWS Security Hub
Security Hub 提供中安全性狀態的全面檢視, AWS 並協助您根據安全性產業標準和最佳做法來檢查您的環境。Security Hub 會從各個 AWS 帳戶、服務和其他支援的產品收集安全性資料。您可以使用它提供的資訊來分析您的安全趨勢,並找出最優先順序的安全性問題。
Amazon Inspector 與 Security Hub 的集成允許您將發現從 Amazon Inspector 發送到 Security Hub。Security Hub 接著可將這些問題清單納入其安全狀態的分析中。
在中 AWS Security Hub,安全性問題會追蹤為發現項目。某些發現項目是由其他 AWS 服務或協力廠商產品偵測到的問題所導致。Security Hub 也有一組規則,用來偵測安全問題並產生問題清單。Security Hub 提供用來跨所有這些來源管理問題清單的工具。您可以檢視和篩選發現項目清單,並檢視發現項目詳細資訊。如需有關 Security Hub 中發現項目的詳細資訊,請參閱AWS Security Hub 使用者指南中的檢視發現項目。您也可以追蹤問題清單的調查狀態。請參閱 AWS Security Hub 使用者指南中的對問題清單採取動作。
安全性中樞中的所有發現項目都使用稱為 AWS 安全性尋找格式 (ASFF) 的標準 JSON 格式。ASFF 包含問題來源、受影響的資源以及問題清單目前狀態的詳細資訊。請參閱 AWS Security Hub 使用者指南 中的 AWS 安全問題清單格式 (ASFF)。
一旦 Amazon Inspector 中解決並關閉了這些發現,Security Hub 將存檔 Amazon Inspector 的發現。
查看亞馬遜檢查器發現 AWS Security Hub
Amazon Inspector 經典版和新的 Amazon Inspector 的發現可在安全中心的同一個面板中找到。不過,您可以在篩選列中新增一個來篩選新 Amazon Inspector "aws/inspector/ProductVersion": "2" 的發現項目。新增此篩選器會從安全中心儀表板排除 Amazon Inspector 經典版中的發現項目。
從 Amazon Inspector 發現示例
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:inspector2:us-east-1:123456789012:finding/FINDING_ID", "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector", "ProductName": "Inspector", "CompanyName": "Amazon", "Region": "us-east-1", "GeneratorId": "AWSInspector", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ], "FirstObservedAt": "2023-01-31T20:25:38Z", "LastObservedAt": "2023-05-04T18:18:43Z", "CreatedAt": "2023-01-31T20:25:38Z", "UpdatedAt": "2023-05-04T18:18:43Z", "Severity": { "Label": "HIGH", "Normalized": 70 }, "Title": "CVE-2022-34918 - kernel", "Description": "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.", "Remediation": { "Recommendation": { "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above. For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." } }, "ProductFields": { "aws/inspector/FindingStatus": "ACTIVE", "aws/inspector/inspectorScore": "7.8", "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2", "aws/inspector/ProductVersion": "2", "aws/inspector/instanceId": "i-0f1ed287081bdf0fb", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/arn:aws:inspector2:us-east-1:123456789012:finding/FINDING_ID", "aws/securityhub/ProductName": "Inspector", "aws/securityhub/CompanyName": "Amazon" }, "Resources": [ { "Type": "AwsEc2Instance", "Id": "arn:aws:ec2:us-east-1:123456789012:i-0f1ed287081bdf0fb", "Partition": "aws", "Region": "us-east-1", "Tags": { "Patch Group": "SSM", "Name": "High-SEv-Test" }, "Details": { "AwsEc2Instance": { "Type": "t2.micro", "ImageId": "ami-0cff7528ff583bf9a", "IpV4Addresses": [ "52.87.229.97", "172.31.57.162" ], "KeyName": "ACloudGuru", "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AmazonSSMRoleForInstancesQuickSetup", "VpcId": "vpc-a0c2d7c7", "SubnetId": "subnet-9c934cb1", "LaunchedAt": "2022-07-26T21:49:46Z" } } } ], "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "Vulnerabilities": [ { "Id": "CVE-2022-34918", "VulnerablePackages": [ { "Name": "kernel", "Version": "5.10.118", "Epoch": "0", "Release": "111.515.amzn2", "Architecture": "X86_64", "PackageManager": "OS", "FixedInVersion": "0:5.10.130-118.517.amzn2", "Remediation": "yum update kernel" } ], "Cvss": [ { "Version": "2.0", "BaseScore": 7.2, "BaseVector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "Source": "NVD" }, { "Version": "3.1", "BaseScore": 7.8, "BaseVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Source": "NVD" }, { "Version": "3.1", "BaseScore": 7.8, "BaseVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Source": "NVD", "Adjustments": [] } ], "Vendor": { "Name": "NVD", "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34918", "VendorSeverity": "HIGH", "VendorCreatedAt": "2022-07-04T21:15:00Z", "VendorUpdatedAt": "2022-10-26T17:05:00Z" }, "ReferenceUrls": [ "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6", "https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/", "https://www.debian.org/security/2022/dsa-5191" ], "FixAvailable": "YES" } ], "FindingProviderFields": { "Severity": { "Label": "HIGH" }, "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ] }, "ProcessedAt": "2023-05-05T20:28:38.822Z" }
啟用和設定整合
若要使用 Amazon Inspector 整合 AWS Security Hub,您必須啟用 Security Hub。如需有關如何啟動 Security Hub 的資訊,請參閱AWS Security Hub 使用者指南中的設定安全性中樞。
當您同時啟用 Amazon Inspector 和 Security Hub 時,整合會自動啟動,而 Amazon Inspector 會開始將發現項目傳送到 Security Hub。Amazon Inspector 會使用安全尋找格式 (ASFF),將其產生的所有發現項目傳送至AWS 安全中樞。
停止發現項目的發佈至 AWS Security Hub
如何停止傳送發現項目
若要停止將問題清單傳送至 Security Hub,您可以使用 Security Hub 主控台或 API。
請參閱使用指南中的整合 (主控台) 停用和啟動發現項目流程或停AWS Security Hub 用整合中的發現項目流程 (Security Hub API AWS CLI)。
