本文為英文版的機器翻譯版本，如內容有任何歧義或不一致之處，概以英文版為準。

# Resources ASFF 物件
<a name="asff-resources"></a>

在 AWS 安全調查結果格式 (ASFF) 中， `Resources` 物件會提供調查結果所涉及資源的相關資訊。它包含最多 32 個資源物件的陣列。若要判斷資源名稱的格式，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。如需每個資源物件的範例，請從下列清單中選取資源。

**Topics**
+ [ASFF 中的資源屬性](asff-resources-attributes.md)
+ [AwsAmazonMQ ASFF 中的 資源](asff-resourcedetails-awsamazonmq.md)
+ [AwsApiGateway ASFF 中的 資源](asff-resourcedetails-awsapigateway.md)
+ [AwsAppSync ASFF 中的 資源](asff-resourcedetails-awsappsync.md)
+ [AwsAthena ASFF 中的 資源](asff-resourcedetails-awsathena.md)
+ [AwsAutoScaling ASFF 中的 資源](asff-resourcedetails-awsautoscaling.md)
+ [AwsBackup ASFF 中的 資源](asff-resourcedetails-awsbackup.md)
+ [AwsCertificateManager ASFF 中的 資源](asff-resourcedetails-awscertificatemanager.md)
+ [AwsCloudFormation ASFF 中的 資源](asff-resourcedetails-awscloudformation.md)
+ [AwsCloudFront ASFF 中的 資源](asff-resourcedetails-awscloudfront.md)
+ [AwsCloudTrail ASFF 中的 資源](asff-resourcedetails-awscloudtrail.md)
+ [AwsCloudWatch ASFF 中的 資源](asff-resourcedetails-awscloudwatch.md)
+ [AwsCodeBuild ASFF 中的 資源](asff-resourcedetails-awscodebuild.md)
+ [AwsDms ASFF 中的 資源](asff-resourcedetails-awsdms.md)
+ [AwsDynamoDB ASFF 中的 資源](asff-resourcedetails-awsdynamodb.md)
+ [AwsEc2 ASFF 中的 資源](asff-resourcedetails-awsec2.md)
+ [AwsEcr ASFF 中的 資源](asff-resourcedetails-awsecr.md)
+ [AwsEcs ASFF 中的 資源](asff-resourcedetails-awsecs.md)
+ [AwsEfs ASFF 中的 資源](asff-resourcedetails-awsefs.md)
+ [AwsEks ASFF 中的 資源](asff-resourcedetails-awseks.md)
+ [AwsElasticBeanstalk ASFF 中的 資源](asff-resourcedetails-awselasticbeanstalk.md)
+ [AwsElasticSearch ASFF 中的 資源](asff-resourcedetails-awselasticsearch.md)
+ [AwsElb ASFF 中的 資源](asff-resourcedetails-awselb.md)
+ [AwsEventBridge ASFF 中的 資源](asff-resourcedetails-awsevent.md)
+ [AwsGuardDuty ASFF 中的 資源](asff-resourcedetails-awsguardduty.md)
+ [AwsIam ASFF 中的 資源](asff-resourcedetails-awsiam.md)
+ [AwsKinesis ASFF 中的 資源](asff-resourcedetails-awskinesis.md)
+ [AwsKms ASFF 中的 資源](asff-resourcedetails-awskms.md)
+ [AwsLambda](asff-resourcedetails-awslambda.md)
+ [AwsMsk ASFF 中的 資源](asff-resourcedetails-awsmsk.md)
+ [AwsNetworkFirewall ASFF 中的 資源](asff-resourcedetails-awsnetworkfirewall.md)
+ [AwsOpenSearchService ASFF 中的 資源](asff-resourcedetails-awsopensearchservice.md)
+ [AwsRds ASFF 中的 資源](asff-resourcedetails-awsrds.md)
+ [AwsRedshift ASFF 中的 資源](asff-resourcedetails-awsredshift.md)
+ [AwsRoute53 ASFF 中的 資源](asff-resourcedetails-awsroute53.md)
+ [AwsS3 ASFF 中的 資源](asff-resourcedetails-awss3.md)
+ [AwsSageMaker ASFF 中的 資源](asff-resourcedetails-awssagemaker.md)
+ [AwsSecretsManager ASFF 中的 資源](asff-resourcedetails-awssecretsmanager.md)
+ [AwsSns ASFF 中的 資源](asff-resourcedetails-awssns.md)
+ [AwsSqs ASFF 中的 資源](asff-resourcedetails-awssqs.md)
+ [AwsSsm ASFF 中的 資源](asff-resourcedetails-awsssm.md)
+ [AwsStepFunctions ASFF 中的 資源](asff-resourcedetails-awsstepfunctions.md)
+ [AwsWaf ASFF 中的 資源](asff-resourcedetails-awswaf.md)
+ [AwsXray ASFF 中的 資源](asff-resourcedetails-awsxray.md)
+ [CodeRepository ASFF 中的 物件](asff-resourcedetails-coderepository.md)
+ [Container ASFF 中的 物件](asff-resourcedetails-container.md)
+ [Other ASFF 中的 物件](asff-resourcedetails-other.md)

# ASFF 中的資源屬性
<a name="asff-resources-attributes"></a>

以下是 AWS 安全性調查結果格式 (ASFF) 中`Resources`物件的描述和範例。如需有關這些欄位的詳細資訊，請參閱 [Resources](asff-required-attributes.md#Resources)。

## ApplicationArn
<a name="asff-resources-applicationarn"></a>

識別問題清單所涉及應用程式的 Amazon Resource Name (ARN)。

**範例**

```
"ApplicationArn": "arn:aws:resource-groups:us-west-2:123456789012:group/SampleApp/1234567890abcdef0"
```

## ApplicationName
<a name="asff-resources-applicationname"></a>

識別問題清單所涉及的應用程式名稱。

**範例**

```
"ApplicationName": "SampleApp"
```

## DataClassification
<a name="asff-resources-dataclassification"></a>

[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DataClassificationDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DataClassificationDetails.html) 欄位提供有關在資源上偵測到的敏感資料的資訊。

**範例**

```
"DataClassification": {
    "DetailedResultsLocation": "Path_to_Folder_Or_File",
    "Result": {
        "MimeType": "text/plain",
        "SizeClassified": 2966026,
        "AdditionalOccurrences": false,
        "Status": {
            "Code": "COMPLETE",
            "Reason": "Unsupportedfield"
        },
       "SensitiveData": [
            {
                "Category": "PERSONAL_INFORMATION",
                "Detections": [
                    {
                        "Count": 34,
                        "Type": "GE_PERSONAL_ID",
                        "Occurrences": {
                            "LineRanges": [
                                {
                                    "Start": 1,
                                    "End": 10,
                                    "StartColumn": 20
                                }
                            ],
                            "Pages": [],
                            "Records": [],
                            "Cells": []
                        }
                    },
                    {
                        "Count": 59,
                        "Type": "EMAIL_ADDRESS",
                        "Occurrences": {
                            "Pages": [
                                {
                                    "PageNumber": 1,
                                    "OffsetRange": {
                                        "Start": 1,
                                        "End": 100,
                                        "StartColumn": 10
                                     },
                                    "LineRange": {
                                        "Start": 1,
                                        "End": 100,
                                        "StartColumn": 10
                                    }
                                }
                            ]
                        }
                    },
                    {
                        "Count": 2229,
                        "Type": "URL",
                        "Occurrences": {
                           "LineRanges": [
                               {
                                   "Start": 1,
                                   "End": 13
                               }
                           ]
                       }
                   },
                   {
                       "Count": 13826,
                       "Type": "NameDetection",
                       "Occurrences": {
                            "Records": [
                                {
                                    "RecordIndex": 1,
                                    "JsonPath": "$.ssn.value"
                                }
                            ]
                        }
                   },
                   {
                       "Count": 32,
                       "Type": "AddressDetection"
                   }
               ],
               "TotalCount": 32
           }
        ],
        "CustomDataIdentifiers": {
            "Detections": [
                 {
                     "Arn": "1712be25e7c7f53c731fe464f1c869b8", 
                     "Name": "1712be25e7c7f53c731fe464f1c869b8", 
                     "Count": 2,
                 }
            ],
            "TotalCount": 2
        }
    }
}
```

## 詳細資訊
<a name="asff-resources-details"></a>

[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html) 欄位提供使用適當物件之單一資源的其他資訊。每個資源都必須在物件中的個別資源`Resources`物件中提供。

請注意，如果調查結果大小超過 240 KB 的上限，則會從調查結果中移除`Details`物件。對於使用 AWS Config 規則的控制項調查結果，您可以在 AWS Config 主控台上檢視資源詳細資訊。

Security Hub CSPM 為其支援的資源類型提供一組可用的資源詳細資訊。這些詳細資訊對應至 `Type` 物件的值。盡可能使用提供的類型。

例如，如果資源是 S3 儲存貯體，請將資源設定為 `Type``AwsS3Bucket`，並在 [`AwsS3Bucket`](asff-resourcedetails-awss3.md#asff-resourcedetails-awss3bucket) 物件中提供資源詳細資訊。

[`Other`](asff-resourcedetails-other.md) 物件可讓您提供自訂欄位和值。在下列情況下，您可以使用 `Other` 物件：
+ 資源類型 （資源 的值`Type`) 沒有對應的詳細資訊物件。若要提供資源的詳細資訊，您可以使用 [`Other`](asff-resourcedetails-other.md) 物件。
+ 資源類型的 物件不包含您要填入的所有欄位。在此情況下，請使用資源類型的詳細資訊物件來填入可用的欄位。使用 `Other` 物件來填入不在類型特定物件中的欄位。
+ 資源類型不是提供的類型之一。在此情況下，將 `Resource.Type`設定為 `Other`，並使用 `Other` 物件填入詳細資訊。

**範例**

```
"Details": {
  "AwsEc2Instance": {
    "IamInstanceProfileArn": "arn:aws:iam::123456789012:role/IamInstanceProfileArn",
    "ImageId": "ami-79fd7eee",
    "IpV4Addresses": ["1.1.1.1"],
    "IpV6Addresses": ["2001:db8:1234:1a2b::123"],
    "KeyName": "testkey",
    "LaunchedAt": "2018-09-29T01:25:54Z",
    "MetadataOptions": {
      "HttpEndpoint": "enabled",
      "HttpProtocolIpv6": "enabled",
      "HttpPutResponseHopLimit": 1,
      "HttpTokens": "optional",
      "InstanceMetadataTags": "disabled"
    },
    "NetworkInterfaces": [
    {
      "NetworkInterfaceId": "eni-e5aa89a3"
    }
    ],
    "SubnetId": "PublicSubnet",
    "Type": "i3.xlarge",
    "VirtualizationType": "hvm",
    "VpcId": "TestVPCIpv6"
  },
  "AwsS3Bucket": {
    "OwnerId": "da4d66eac431652a4d44d490a00500bded52c97d235b7b4752f9f688566fe6de",
    "OwnerName": "acmes3bucketowner"
  },
  "Other": { "LightPen": "blinky", "SerialNo": "1234abcd"}  
}
```

## Id
<a name="asff-resources-id"></a>

指定資源類型的識別符。

對於 Amazon Resource Name (ARNs) 識別 AWS 的資源，這是 ARN。

對於缺少 ARNs AWS 的資源，這是建立資源之 AWS 服務定義的識別符。

對於非AWS 資源，這是與資源相關聯的唯一識別符。

**範例**

```
"Id": "arn:aws:s3:::amzn-s3-demo-bucket"
```

## 分割區
<a name="asff-resources-partition"></a>

資源所在的分割區。分割區是 的群組 AWS 區域。每個 的範圍 AWS 帳戶 都是一個分割區。

支援下列分割區：
+ `aws` – AWS 區域
+ `aws-cn` - 中國區域
+ `aws-us-gov` – AWS GovCloud (US) Region

**範例**

```
"Partition": "aws"
```

## 區域
<a name="asff-resources-region"></a>

 AWS 區域 此資源所在的 程式碼。如需區域代碼清單，請參閱[區域端點](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints)。

**範例**

```
"Region": "us-west-2"
```

## ResourceRole
<a name="asff-resources-resourcerole"></a>

識別調查結果中資源的角色。資源是調查結果活動的目標或執行活動的動作者。

**範例**

```
"ResourceRole": "target"
```

## Tags (標籤)
<a name="asff-resources-tags"></a>

此欄位提供問題清單所涉及資源的標籤索引鍵和值資訊。您可以標記 AWS Resource Groups 標記 API `GetResources`操作[支援的資源](https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/supported-services.html)。Security Hub CSPM 透過[服務連結角色](using-service-linked-roles.md)呼叫此操作，並在 AWS Security Finding Format (ASFF) `Resource.Id` 欄位填入資源 ARN 時擷取 AWS 資源標籤。系統會忽略無效的資源 IDs。

您可以將資源標籤新增至 Security Hub CSPM 擷取的問題清單，包括整合 AWS 服務 和第三方產品的問題清單。

新增標籤會告訴您在處理問題清單時與資源相關聯的標籤。您只能針對具有關聯標籤的資源包含 `Tags` 屬性。如果資源沒有相關聯的標籤，請不要在問題清單中包含 `Tags` 屬性。

在問題清單中包含資源標籤，不需要建置資料擴充管道或手動擴充安全問題清單的中繼資料。您也可以使用標籤來搜尋或篩選問題清單和洞見，並建立[自動化規則](automation-rules.md)。

如需適用於標籤的限制資訊，請參閱[標籤命名限制和要求](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html#tag-conventions)。

您只能提供存在於此欄位中 AWS 資源上的標籤。若要提供未在 AWS 安全調查結果格式中定義的資料，請使用`Other`詳細資訊子欄位。

**範例**

```
"Tags": {
    "billingCode": "Lotus-1-2-3",
    "needsPatching": "true"
}
```

## Type
<a name="asff-resources-type"></a>

您要提供詳細資訊的資源類型。

盡可能使用提供的資源類型之一，例如 `AwsEc2Instance` 或 `AwsS3Bucket`。

如果資源類型不符合任何提供的資源類型，請將資源設定為 `Type` `Other`，並使用`Other`詳細資訊子欄位填入詳細資訊。

支援的值會列在[資源](asff-resources.md)下。

**範例**

```
"Type": "AwsS3Bucket"
```

# AwsAmazonMQ ASFF 中的 資源
<a name="asff-resourcedetails-awsamazonmq"></a>

以下是 `AwsAmazonMQ` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsAmazonMQBroker
<a name="asff-resourcedetails-awsamazonmqbroker"></a>

`AwsAmazonMQBroker` 提供 Amazon MQ 代理程式的相關資訊，這是在 Amazon MQ 上執行的訊息代理程式環境。

下列範例顯示`AwsAmazonMQBroker`物件的 ASFF。若要檢視`AwsAmazonMQBroker`屬性的說明，請參閱 *AWS Security Hub API 參考*中的 [AwsAmazonMQBroker](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAmazonMQBrokerDetails.html)。

**範例**

```
"AwsAmazonMQBroker": {
    "AutoMinorVersionUpgrade": true,
    "BrokerArn": "arn:aws:mq:us-east-1:123456789012:broker:TestBroker:b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "BrokerId": "b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "BrokerName": "TestBroker",
    "Configuration": {
        "Id": "c-a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
        "Revision": 1
    },
    "DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ",
    "EncryptionOptions": {
        "UseAwsOwnedKey": true
    },
    "EngineType": "ActiveMQ",
    "EngineVersion": "5.17.2",
    "HostInstanceType": "mq.t2.micro",
    "Logs": {
        "Audit": false,
        "AuditLogGroup": "/aws/amazonmq/broker/b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111/audit",
        "General": false,
        "GeneralLogGroup": "/aws/amazonmq/broker/b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111/general"
    },
    "MaintenanceWindowStartTime": {
        "DayOfWeek": "MONDAY",
        "TimeOfDay": "22:00",
        "TimeZone": "UTC"
    },
    "PubliclyAccessible": true,
    "SecurityGroups": [
        "sg-021345abcdef6789"
    ],
    "StorageType": "efs",
    "SubnetIds": [
        "subnet-1234567890abcdef0",
        "subnet-abcdef01234567890"
    ],
    "Users": [
        {
            "Username": "admin"
        }
    ]
}
```

# AwsApiGateway ASFF 中的 資源
<a name="asff-resourcedetails-awsapigateway"></a>

以下是 `AwsApiGateway` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsApiGatewayRestApi
<a name="asff-resourcedetails-awsapigatewayrestapi"></a>

`AwsApiGatewayRestApi` 物件包含 Amazon API Gateway 第 1 版中 REST API 的相關資訊。

以下是安全`AwsApiGatewayRestApi`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayRestApi`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayRestApiDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayRestApiDetails.html)。

**範例**

```
AwsApiGatewayRestApi: {
    "Id": "exampleapi",
    "Name": "Security Hub",
    "Description": "AWS Security Hub",
    "CreatedDate": "2018-11-18T10:20:05-08:00",
    "Version": "2018-10-26",
    "BinaryMediaTypes" : ["-'*~1*'"],
    "MinimumCompressionSize": 1024,
    "ApiKeySource": "AWS_ACCOUNT_ID",
    "EndpointConfiguration": {
        "Types": [
            "REGIONAL"
        ]
    }
}
```

## AwsApiGatewayStage
<a name="asff-resourcedetails-awsapigatewaystage"></a>

`AwsApiGatewayStage` 物件提供第 1 版 Amazon API Gateway 階段的相關資訊。

以下是安全`AwsApiGatewayStage`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayStage`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayStageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayStageDetails.html)。

**範例**

```
"AwsApiGatewayStage": {
    "DeploymentId": "n7hlmf",
    "ClientCertificateId": "a1b2c3", 
    "StageName": "Prod",
    "Description" : "Stage Description",
    "CacheClusterEnabled": false,
    "CacheClusterSize" : "1.6",
    "CacheClusterStatus": "NOT_AVAILABLE",
    "MethodSettings": [
        {
            "MetricsEnabled": true,
            "LoggingLevel": "INFO",
            "DataTraceEnabled": false,
            "ThrottlingBurstLimit": 100,
            "ThrottlingRateLimit": 5.0,
            "CachingEnabled": false,
            "CacheTtlInSeconds": 300,
            "CacheDataEncrypted": false,
            "RequireAuthorizationForCacheControl": true,
            "UnauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER",
            "HttpMethod": "POST",
            "ResourcePath": "/echo"
        }
    ],
    "Variables": {"test": "value"},
    "DocumentationVersion": "2.0",
    "AccessLogSettings": {
        "Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }",
        "DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod"
    },
    "CanarySettings": {
        "PercentTraffic": 0.0,
        "DeploymentId": "ul73s8",
        "StageVariableOverrides" : [
            "String" : "String"
        ],
        "UseStageCache": false
    },
    "TracingEnabled": false,
    "CreatedDate": "2018-07-11T10:55:18-07:00",
    "LastUpdatedDate": "2020-08-26T11:51:04-07:00",
    "WebAclArn" : "arn:aws:waf-regional:us-west-2:111122223333:webacl/cb606bd8-5b0b-4f0b-830a-dd304e48a822"
}
```

## AwsApiGatewayV2Api
<a name="asff-resourcedetails-awsapigatewayv2api"></a>

`AwsApiGatewayV2Api` 物件包含 Amazon API Gateway 中第 2 版 API 的相關資訊。

以下是安全`AwsApiGatewayV2Api`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Api`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayV2ApiDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayV2ApiDetails.html)。

**範例**

```
"AwsApiGatewayV2Api": {
    "ApiEndpoint": "https://example.us-west-2.amazonaws.com",
    "ApiId": "a1b2c3d4",
    "ApiKeySelectionExpression": "$request.header.x-api-key",
    "CreatedDate": "2020-03-28T00:32:37Z",
   "Description": "ApiGatewayV2 Api",
   "Version": "string",
    "Name": "my-api",
    "ProtocolType": "HTTP",
    "RouteSelectionExpression": "$request.method $request.path",
   "CorsConfiguration": {
        "AllowOrigins": [ "*" ],
        "AllowCredentials": true,
        "ExposeHeaders": [ "string" ],
        "MaxAge": 3000,
        "AllowMethods": [
          "GET",
          "PUT",
          "POST",
          "DELETE",
          "HEAD"
        ],
        "AllowHeaders": [ "*" ]
    }
}
```

## AwsApiGatewayV2Stage
<a name="asff-resourcedetails-awsapigatewayv2stage"></a>

`AwsApiGatewayV2Stage` 包含 Amazon API Gateway 第 2 版階段的相關資訊。

以下是安全`AwsApiGatewayV2Stage`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayV2StageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayV2StageDetails.html)。

**範例**

```
"AwsApiGatewayV2Stage": {
    "CreatedDate": "2020-04-08T00:36:05Z",
    "Description" : "ApiGatewayV2",
    "DefaultRouteSettings": {
        "DetailedMetricsEnabled": false,
        "LoggingLevel": "INFO",
        "DataTraceEnabled": true,
        "ThrottlingBurstLimit": 100,
        "ThrottlingRateLimit": 50
    },
    "DeploymentId": "x1zwyv",
    "LastUpdatedDate": "2020-04-08T00:36:13Z",
    "RouteSettings": {
        "DetailedMetricsEnabled": false,
        "LoggingLevel": "INFO",
        "DataTraceEnabled": true,
        "ThrottlingBurstLimit": 100,
        "ThrottlingRateLimit": 50
    },
    "StageName": "prod",
    "StageVariables": [
        "function": "my-prod-function"
    ],
    "AccessLogSettings": {
        "Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }",
        "DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod"
    },
    "AutoDeploy": false,
    "LastDeploymentStatusMessage": "Message",
    "ApiGatewayManaged": true,
}
```

# AwsAppSync ASFF 中的 資源
<a name="asff-resourcedetails-awsappsync"></a>

以下是 `AwsAppSync` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsAppSyncGraphQLApi
<a name="asff-resourcedetails-awsappsyncgraphqlapi"></a>

`AwsAppSyncGraphQLApi` 提供 AWS AppSync GraphQL API 的相關資訊，這是應用程式的頂層建構。

下列範例顯示`AwsAppSyncGraphQLApi`物件的 ASFF。若要檢視`AwsAppSyncGraphQLApi`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsAppSyncGraphQLApi](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAppSyncGraphQLApiDetails.html)。

**範例**

```
"AwsAppSyncGraphQLApi": {
    "AdditionalAuthenticationProviders": [
    {
    	"AuthenticationType": "AWS_LAMBDA",
    	"LambdaAuthorizerConfig": {
    		"AuthorizerResultTtlInSeconds": 300,
    		"AuthorizerUri": "arn:aws:lambda:us-east-1:123456789012:function:mylambdafunc"
    	}
    },
    {
    	"AuthenticationType": "AWS_IAM"
    }
    ],
    "ApiId": "021345abcdef6789",
    "Arn": "arn:aws:appsync:eu-central-1:123456789012:apis/021345abcdef6789",
    "AuthenticationType": "API_KEY",
    "Id": "021345abcdef6789",
    "LogConfig": {
    	"CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/appsync-graphqlapi-logs-eu-central-1",
    	"ExcludeVerboseContent": true,
    	"FieldLogLevel": "ALL"
    },
    "Name": "My AppSync App",
    "XrayEnabled": true,
}
```

# AwsAthena ASFF 中的 資源
<a name="asff-resourcedetails-awsathena"></a>

以下是 `AwsAthena` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsAthenaWorkGroup
<a name="asff-resourcedetails-awsathenaworkgroup"></a>

`AwsAthenaWorkGroup` 提供 Amazon Athena 工作群組的相關資訊。工作群組可協助您區隔使用者、團隊、應用程式或工作負載。它還可協助您設定資料處理和追蹤成本的限制。

下列範例顯示`AwsAthenaWorkGroup`物件的 ASFF。若要檢視`AwsAthenaWorkGroup`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsAthenaWorkGroup](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAthenaWorkGroupDetails.html)。

**範例**

```
"AwsAthenaWorkGroup": {
    "Description": "My workgroup for prod workloads",
    "Name": "MyWorkgroup",
    "WorkgroupConfiguration" {
        "ResultConfiguration": {
            "EncryptionConfiguration": {
                "EncryptionOption": "SSE_KMS",
                "KmsKey": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            }
        }
    },
        "State": "ENABLED"
}
```

# AwsAutoScaling ASFF 中的 資源
<a name="asff-resourcedetails-awsautoscaling"></a>

以下是 `AwsAutoScaling` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsAutoScalingAutoScalingGroup
<a name="asff-resourcedetails-awsautoscalingautoscalinggroup"></a>

`AwsAutoScalingAutoScalingGroup` 物件提供自動擴展群組的詳細資訊。

以下是 AWS 安全`AwsAutoScalingAutoScalingGroup`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsAutoScalingAutoScalingGroup`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsAutoScalingAutoScalingGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAutoScalingAutoScalingGroupDetails.html)。

**範例**

```
"AwsAutoScalingAutoScalingGroup": {
        "CreatedTime": "2017-10-17T14:47:11Z",
        "HealthCheckGracePeriod": 300,
        "HealthCheckType": "EC2",
        "LaunchConfigurationName": "mylaunchconf",
        "LoadBalancerNames": [],
        "LaunchTemplate": {                            
            "LaunchTemplateId": "string",
            "LaunchTemplateName": "string",
            "Version": "string"
        },
        "MixedInstancesPolicy": {
            "InstancesDistribution": {
                "OnDemandAllocationStrategy": "prioritized",
                "OnDemandBaseCapacity": number,
                "OnDemandPercentageAboveBaseCapacity": number,
                "SpotAllocationStrategy": "lowest-price",
                "SpotInstancePools": number,
                "SpotMaxPrice": "string"
            },
            "LaunchTemplate": {
                "LaunchTemplateSpecification": {
                    "LaunchTemplateId": "string",
                    "LaunchTemplateName": "string",
                    "Version": "string"
                 },
                "CapacityRebalance": true,
                "Overrides": [
                    {
                       "InstanceType": "string",
                       "WeightedCapacity": "string"
                    }
                ]
            }
        }
    }
}
```

## AwsAutoScalingLaunchConfiguration
<a name="asff-resourcedetails-awsautoscalinglaunchconfiguration"></a>

`AwsAutoScalingLaunchConfiguration` 物件提供啟動組態的詳細資訊。

以下是 AWS 安全`AwsAutoScalingLaunchConfiguration`調查結果格式 (ASFF) 中的範例調查結果。

若要檢視`AwsAutoScalingLaunchConfiguration`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsAutoScalingLaunchConfigurationDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAutoScalingLaunchConfigurationDetails.html)。

**範例**

```
AwsAutoScalingLaunchConfiguration: {
    "LaunchConfigurationName": "newtest",
    "ImageId": "ami-058a3739b02263842",
    "KeyName": "55hundredinstance",
    "SecurityGroups": [ "sg-01fce87ad6e019725" ],
    "ClassicLinkVpcSecurityGroups": [],
    "UserData": "...Base64-Encoded user data..."
    "InstanceType": "a1.metal",
    "KernelId": "",
    "RamdiskId": "ari-a51cf9cc",
    "BlockDeviceMappings": [
        {
            "DeviceName": "/dev/sdh",
            "Ebs": {
                "VolumeSize": 30,
                "VolumeType": "gp2",
                "DeleteOnTermination": false,
                "Encrypted": true,
                "SnapshotId": "snap-ffaa1e69",
                "VirtualName": "ephemeral1"
            }
        },
        {
            "DeviceName": "/dev/sdb",
            "NoDevice": true
        },
        {
            "DeviceName": "/dev/sda1",
            "Ebs": {
                "SnapshotId": "snap-02420cd3d2dea1bc0",
                "VolumeSize": 8,
                "VolumeType": "gp2",
                "DeleteOnTermination": true,
                "Encrypted": false
            }
        },
        {
            "DeviceName": "/dev/sdi",
            "Ebs": {
                "VolumeSize": 20,
                "VolumeType": "gp2",
                "DeleteOnTermination": false,
                "Encrypted": true
            }
        },
        {
            "DeviceName": "/dev/sdc",
            "NoDevice": true
        }
    ],
    "InstanceMonitoring": {
        "Enabled": false
    },
    "CreatedTime": 1620842933453,
    "EbsOptimized": false,
    "AssociatePublicIpAddress": true,
    "SpotPrice": "0.045"
}
```

# AwsBackup ASFF 中的 資源
<a name="asff-resourcedetails-awsbackup"></a>

以下是 `AwsBackup` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsBackupBackupPlan
<a name="asff-resourcedetails-awsbackupbackupplan"></a>

`AwsBackupBackupPlan` 物件提供備份計畫的相關資訊 AWS Backup 。 AWS Backup 備份計畫是一種政策表達式，可定義您要備份 AWS 資源的時間和方式。

下列範例顯示 `AwsBackupBackupPlan` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsBackupBackupPlan`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsBackupBackupPlan](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupBackupPlanDetails.html)。

**範例**

```
"AwsBackupBackupPlan": {
    "BackupPlan": {
    	"AdvancedBackupSettings": [{
    		"BackupOptions": {
    			"WindowsVSS":"enabled"
    		},
    		"ResourceType":"EC2"
    	}],
    	"BackupPlanName": "test",
    	"BackupPlanRule": [{
    		"CompletionWindowMinutes": 10080,
    		"CopyActions": [{
    			"DestinationBackupVaultArn": "arn:aws:backup:us-east-1:858726136373:backup-vault:aws/efs/automatic-backup-vault",
    			"Lifecycle": {
    				"DeleteAfterDays": 365,
    				"MoveToColdStorageAfterDays": 30
    			}
    		}],
    		"Lifecycle": {
    			"DeleteAfterDays": 35
    		},
    		"RuleName": "DailyBackups",
    		"ScheduleExpression": "cron(0 5 ? * * *)",
    		"StartWindowMinutes": 480,
    		"TargetBackupVault": "Default"
    		},
    		{
    		"CompletionWindowMinutes": 10080,
    		"CopyActions": [{
    			"DestinationBackupVaultArn": "arn:aws:backup:us-east-1:858726136373:backup-vault:aws/efs/automatic-backup-vault",
    			"Lifecycle": {
    				"DeleteAfterDays": 365,
    				"MoveToColdStorageAfterDays": 30
    			}
    		}],
    		"Lifecycle": {
    			"DeleteAfterDays": 35
    		},
    		"RuleName": "Monthly",
    		"ScheduleExpression": "cron(0 5 1 * ? *)",
    		"StartWindowMinutes": 480,
    		"TargetBackupVault": "Default"
    	}]
    },
    "BackupPlanArn": "arn:aws:backup:us-east-1:858726136373:backup-plan:b6d6b896-590d-4ee1-bf29-c5ccae63f4e7",
    "BackupPlanId": "b6d6b896-590d-4ee1-bf29-c5ccae63f4e7",
    "VersionId": "ZDVjNDIzMjItYTZiNS00NzczLTg4YzctNmExMWM2NjZhY2E1"
}
```

## AwsBackupBackupVault
<a name="asff-resourcedetails-awsbackupbackupvault"></a>

`AwsBackupBackupVault` 物件提供備份保存庫的相關資訊 AWS Backup 。 AWS Backup 備份文件庫是存放和組織備份的容器。

下列範例顯示 `AwsBackupBackupVault` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsBackupBackupVault`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsBackupBackupVault](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupBackupVaultDetails.html)。

**範例**

```
"AwsBackupBackupVault": {
    "AccessPolicy": {
    	"Statement": [{
    		"Action": [
    			"backup:DeleteBackupVault",
    			"backup:DeleteBackupVaultAccessPolicy",
    			"backup:DeleteRecoveryPoint",
    			"backup:StartCopyJob",
    			"backup:StartRestoreJob",
    			"backup:UpdateRecoveryPointLifecycle"
    		],
    		"Effect": "Deny",
    		"Principal": {
    			"AWS": "*"
    		},
    		"Resource": "*"
    	}],
    	"Version": "2012-10-17"		 	 	 
    },
    "BackupVaultArn": "arn:aws:backup:us-east-1:123456789012:backup-vault:aws/efs/automatic-backup-vault",
    "BackupVaultName": "aws/efs/automatic-backup-vault",
    "EncrytionKeyArn": "arn:aws:kms:us-east-1:444455556666:key/72ba68d4-5e43-40b0-ba38-838bf8d06ca0",
    "Notifications": {
    	"BackupVaultEvents": ["BACKUP_JOB_STARTED", "BACKUP_JOB_COMPLETED", "COPY_JOB_STARTED"],
    	"SNSTopicArn": "arn:aws:sns:us-west-2:111122223333:MyVaultTopic"
    }
}
```

## AwsBackupRecoveryPoint
<a name="asff-resourcedetails-awsbackuprecoverypoint"></a>

`AwsBackupRecoveryPoint` 物件提供備份的相關資訊 AWS Backup ，也稱為復原點。 AWS Backup 復原點代表資源在指定時間的內容。

下列範例顯示 `AwsBackupRecoveryPoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsBackupBackupVault`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsBackupRecoveryPoint](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupRecoveryPointDetails.html)。

**範例**

```
"AwsBackupRecoveryPoint": {
    "BackupSizeInBytes": 0,
    "BackupVaultName": "aws/efs/automatic-backup-vault",
    "BackupVaultArn": "arn:aws:backup:us-east-1:111122223333:backup-vault:aws/efs/automatic-backup-vault",
    "CalculatedLifecycle": {
    	"DeleteAt": "2021-08-30T06:51:58.271Z",
    	"MoveToColdStorageAt": "2020-08-10T06:51:58.271Z"
    },
    "CompletionDate": "2021-07-26T07:21:40.361Z",
    "CreatedBy": {
    	"BackupPlanArn": "arn:aws:backup:us-east-1:111122223333:backup-plan:aws/efs/73d922fb-9312-3a70-99c3-e69367f9fdad",
    	"BackupPlanId": "aws/efs/73d922fb-9312-3a70-99c3-e69367f9fdad",
    	"BackupPlanVersion": "ZGM4YzY5YjktMWYxNC00ZTBmLWE5MjYtZmU5OWNiZmM5ZjIz",
    	"BackupRuleId": "2a600c2-42ad-4196-808e-084923ebfd25"
    },
    "CreationDate": "2021-07-26T06:51:58.271Z",
    "EncryptionKeyArn": "arn:aws:kms:us-east-1:111122223333:key/72ba68d4-5e43-40b0-ba38-838bf8d06ca0",
    "IamRoleArn": "arn:aws:iam::111122223333:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup",
    "IsEncrypted": true,
    "LastRestoreTime": "2021-07-26T06:51:58.271Z",
    "Lifecycle": {
    	"DeleteAfterDays": 35,
    	"MoveToColdStorageAfterDays": 15
    },
    "RecoveryPointArn": "arn:aws:backup:us-east-1:111122223333:recovery-point:151a59e4-f1d5-4587-a7fd-0774c6e91268",
    "ResourceArn": "arn:aws:elasticfilesystem:us-east-1:858726136373:file-system/fs-15bd31a1",
    "ResourceType": "EFS",
    "SourceBackupVaultArn": "arn:aws:backup:us-east-1:111122223333:backup-vault:aws/efs/automatic-backup-vault",
    "Status": "COMPLETED",
    "StatusMessage": "Failure message",
    "StorageClass": "WARM"
}
```

# AwsCertificateManager ASFF 中的 資源
<a name="asff-resourcedetails-awscertificatemanager"></a>

以下是 `AwsCertificateManager` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsCertificateManagerCertificate
<a name="asff-resourcedetails-awscertificatemanagercertificate"></a>

`AwsCertificateManagerCertificate` 物件提供 AWS Certificate Manager (ACM) 憑證的詳細資訊。

以下是 AWS 安全`AwsCertificateManagerCertificate`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsCertificateManagerCertificate`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsCertificateManagerCertificateDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCertificateManagerCertificateDetails.html)。

**範例**

```
"AwsCertificateManagerCertificate": {
    "CertificateAuthorityArn": "arn:aws:acm:us-west-2:444455556666:certificate-authority/example",
    "CreatedAt": "2019-05-24T18:12:02.000Z",
    "DomainName": "example.amazondomains.com",
    "DomainValidationOptions": [
        {
            "DomainName": "example.amazondomains.com",
            "ResourceRecord": {
                "Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com",
                "Type": "CNAME",
                "Value": "_example.acm-validations.aws."
             },
             "ValidationDomain": "example.amazondomains.com",
             "ValidationEmails": [sample_email@sample.com],
             "ValidationMethod": "DNS",
             "ValidationStatus": "SUCCESS"
        }
    ],
    "ExtendedKeyUsages": [
        {
            "Name": "TLS_WEB_SERVER_AUTHENTICATION",
            "OId": "1.3.6.1.5.5.7.3.1"
        },
        {
            "Name": "TLS_WEB_CLIENT_AUTHENTICATION",
            "OId": "1.3.6.1.5.5.7.3.2"
        }
    ],
    "FailureReason": "",
    "ImportedAt": "2018-08-17T00:13:00.000Z",
    "InUseBy": ["arn:aws:amazondomains:us-west-2:444455556666:loadbalancer/example"],
    "IssuedAt": "2020-04-26T00:41:17.000Z",
    "Issuer": "Amazon",
    "KeyAlgorithm": "RSA-1024",
    "KeyUsages": [
        {
            "Name": "DIGITAL_SIGNATURE",
        },
        {
            "Name": "KEY_ENCIPHERMENT",
        }
    ],
    "NotAfter": "2021-05-26T12:00:00.000Z",
    "NotBefore": "2020-04-26T00:00:00.000Z",
    "Options": {
        "CertificateTransparencyLoggingPreference": "ENABLED",
    }
    "RenewalEligibility": "ELIGIBLE",
    "RenewalSummary": {
        "DomainValidationOptions": [
            {
                "DomainName": "example.amazondomains.com",
                "ResourceRecord": {
                    "Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com",
                    "Type": "CNAME",
                    "Value": "_example.acm-validations.aws.com",
                },
                "ValidationDomain": "example.amazondomains.com",
                "ValidationEmails": ["sample_email@sample.com"],
                "ValidationMethod": "DNS",
                "ValidationStatus": "SUCCESS"
            }
        ],
        "RenewalStatus": "SUCCESS",
        "RenewalStatusReason": "",
        "UpdatedAt": "2020-04-26T00:41:35.000Z",
    },
    "Serial": "02:ac:86:b6:07:2f:0a:61:0e:3a:ac:fd:d9:ab:17:1a",
    "SignatureAlgorithm": "SHA256WITHRSA",
    "Status": "ISSUED",
    "Subject": "CN=example.amazondomains.com",
    "SubjectAlternativeNames": ["example.amazondomains.com"],
    "Type": "AMAZON_ISSUED"
}
```

# AwsCloudFormation ASFF 中的 資源
<a name="asff-resourcedetails-awscloudformation"></a>

以下是 `AwsCloudFormation` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsCloudFormationStack
<a name="asff-resourcedetails-awscloudformationstack"></a>

`AwsCloudFormationStack` 物件提供有關巢狀為最上層範本中資源之堆疊的詳細資訊 AWS CloudFormation 。

下列範例顯示 `AwsCloudFormationStack` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsCloudFormationStack`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsCloudFormationStackDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudFormationStackDetails.html)。

**範例**

```
"AwsCloudFormationStack": { 
	"Capabilities": [
		"CAPABILITY_IAM",
		"CAPABILITY_NAMED_IAM"
	],
	"CreationTime": "2022-02-18T15:31:53.161Z",
	"Description": "AWS CloudFormation Sample",
	"DisableRollback": true,
	"DriftInformation": {
		"StackDriftStatus": "DRIFTED"
	},
	"EnableTerminationProtection": false,
	"LastUpdatedTime": "2022-02-18T15:31:53.161Z",
	"NotificationArns": [
		"arn:aws:sns:us-east-1:978084797471:sample-sns-cfn"
	],
	"Outputs": [{
		"Description": "URL for newly created LAMP stack",
		"OutputKey": "WebsiteUrl",
		"OutputValue": "http://ec2-44-193-18-241.compute-1.amazonaws.com"
	}],
	"RoleArn": "arn:aws:iam::012345678910:role/exampleRole",
	"StackId": "arn:aws:cloudformation:us-east-1:978084797471:stack/sample-stack/e5d9f7e0-90cf-11ec-88c6-12ac1f91724b",
	"StackName": "sample-stack",
	"StackStatus": "CREATE_COMPLETE",
	"StackStatusReason": "Success",
	"TimeoutInMinutes": 1
}
```

# AwsCloudFront ASFF 中的 資源
<a name="asff-resourcedetails-awscloudfront"></a>

以下是 `AwsCloudFront` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsCloudFrontDistribution
<a name="asff-resourcedetails-awscloudfrontdistribution"></a>

`AwsCloudFrontDistribution` 物件提供 Amazon CloudFront 分佈組態的詳細資訊。

以下是 AWS 安全`AwsCloudFrontDistribution`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsCloudFrontDistribution`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsCloudFrontDistributionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudFrontDistributionDetails.html)。

**範例**

```
"AwsCloudFrontDistribution": {
    "CacheBehaviors": {
        "Items": [
            {
               "ViewerProtocolPolicy": "https-only"
            }
         ]
    },
    "DefaultCacheBehavior": {
         "ViewerProtocolPolicy": "https-only"
    },
    "DefaultRootObject": "index.html",
    "DomainName": "d2wkuj2w9l34gt.cloudfront.net",
    "Etag": "E37HOT42DHPVYH",
    "LastModifiedTime": "2015-08-31T21:11:29.093Z",
    "Logging": {
         "Bucket": "myawslogbucket.s3.amazonaws.com",
         "Enabled": false,
         "IncludeCookies": false,
         "Prefix": "myawslog/"
     },
     "OriginGroups": {
          "Items": [
              {
                 "FailoverCriteria": {
                     "StatusCodes": {
                          "Items": [
                              200,
                              301,
                              404
                          ]
                          "Quantity": 3
                      }
                 }
              }
           ]
     },
     "Origins": {
           "Items": [
               {
                  "CustomOriginConfig": {
                      "HttpPort": 80,
                      "HttpsPort": 443,
                      "OriginKeepaliveTimeout": 60,
                      "OriginProtocolPolicy": "match-viewer",
                      "OriginReadTimeout": 30,
                      "OriginSslProtocols": {
                        "Items": ["SSLv3", "TLSv1"],
                        "Quantity": 2
                      }                       
                  }
               },                  
           ]
     },
                  "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
                  "Id": "my-origin",
                  "OriginPath": "/production",
                  "S3OriginConfig": {
                      "OriginAccessIdentity": "origin-access-identity/cloudfront/E2YFS67H6VB6E4"
                  }
           ]
     },
     "Status": "Deployed",
     "ViewerCertificate": {
            "AcmCertificateArn": "arn:aws:acm::123456789012:AcmCertificateArn",
            "Certificate": "ASCAJRRE5XYF52TKRY5M4",
            "CertificateSource": "iam",
            "CloudFrontDefaultCertificate": true,
            "IamCertificateId": "ASCAJRRE5XYF52TKRY5M4",
            "MinimumProtocolVersion": "TLSv1.2_2021",
            "SslSupportMethod": "sni-only"
      },
      "WebAclId": "waf-1234567890"
}
```

# AwsCloudTrail ASFF 中的 資源
<a name="asff-resourcedetails-awscloudtrail"></a>

以下是 `AwsCloudTrail` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsCloudTrailTrail
<a name="asff-resourcedetails-awscloudtrailtrail"></a>

`AwsCloudTrailTrail` 物件提供線索的詳細資訊 AWS CloudTrail 。

以下是安全`AwsCloudTrailTrail`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsCloudTrailTrail`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsCloudTrailTrailDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudTrailTrailDetails.html)。

**範例**

```
"AwsCloudTrailTrail": {
    "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:CloudTrail/regression:*",
    "CloudWatchLogsRoleArn": "arn:aws:iam::866482105055:role/CloudTrail_CloudWatchLogs",
    "HasCustomEventSelectors": true,
    "HomeRegion": "us-west-2",
    "IncludeGlobalServiceEvents": true,
    "IsMultiRegionTrail": true,
    "IsOrganizationTrail": false,
    "KmsKeyId": "kmsKeyId",
    "LogFileValidationEnabled": true,
    "Name": "regression-trail",
    "S3BucketName": "cloudtrail-bucket",
    "S3KeyPrefix": "s3KeyPrefix",
    "SnsTopicArn": "arn:aws:sns:us-east-2:123456789012:MyTopic",
    "SnsTopicName": "snsTopicName",
    "TrailArn": "arn:aws:cloudtrail:us-west-2:123456789012:trail"
}
```

# AwsCloudWatch ASFF 中的 資源
<a name="asff-resourcedetails-awscloudwatch"></a>

以下是 `AwsCloudWatch` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsCloudWatchAlarm
<a name="asff-resourcedetails-awscloudwatchalarm"></a>

`AwsCloudWatchAlarm` 物件提供 Amazon CloudWatch 警示的詳細資訊，可在警示變更狀態時監看指標或執行動作。

下列範例顯示 `AwsCloudWatchAlarm` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsCloudWatchAlarm`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsCloudWatchAlarmDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudWatchAlarmDetails.html)。

**範例**

```
"AwsCloudWatchAlarm": { 
	"ActionsEnabled": true,
	"AlarmActions": [
		"arn:aws:automate:region:ec2:stop",
		"arn:aws:automate:region:ec2:terminate"
	],
	"AlarmArn": "arn:aws:cloudwatch:us-west-2:012345678910:alarm:sampleAlarm",
	"AlarmConfigurationUpdatedTimestamp": "2022-02-18T15:31:53.161Z",
	"AlarmDescription": "Alarm Example",
	"AlarmName": "Example",
	"ComparisonOperator": "GreaterThanOrEqualToThreshold",
	"DatapointsToAlarm": 1,
	"Dimensions": [{
		"Name": "InstanceId",
		"Value": "i-1234567890abcdef0"
	}],
	"EvaluateLowSampleCountPercentile": "evaluate",
	"EvaluationPeriods": 1,
	"ExtendedStatistic": "p99.9",
	"InsufficientDataActions": [
		"arn:aws:automate:region:ec2:stop"
	],
	"MetricName": "Sample Metric",
	"Namespace": "YourNamespace",
	"OkActions": [
		"arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0"
	],
	"Period": 1,
	"Statistic": "SampleCount",
	"Threshold": 12.3,
	"ThresholdMetricId": "t1",
	"TreatMissingData": "notBreaching",
	"Unit": "Kilobytes/Second"
}
```

# AwsCodeBuild ASFF 中的 資源
<a name="asff-resourcedetails-awscodebuild"></a>

以下是 `AwsCodeBuild` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsCodeBuildProject
<a name="asff-resourcedetails-awscodebuildproject"></a>

`AwsCodeBuildProject` 物件提供了 AWS CodeBuild 專案的資訊。

以下是安全`AwsCodeBuildProject`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsCodeBuildProject`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsCodeBuildProjectDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCodeBuildProjectDetails.html)。

**範例**

```
"AwsCodeBuildProject": {
   "Artifacts": [
      {
          "ArtifactIdentifier": "string",
          "EncryptionDisabled": boolean,
          "Location": "string",
          "Name": "string",
          "NamespaceType": "string",
          "OverrideArtifactName": boolean,
          "Packaging": "string",
          "Path": "string",
          "Type": "string"
       }
   ],
   "SecondaryArtifacts": [
      {
          "ArtifactIdentifier": "string",
          "EncryptionDisabled": boolean,
          "Location": "string",
          "Name": "string",
          "NamespaceType": "string",
          "OverrideArtifactName": boolean,
          "Packaging": "string",
          "Path": "string",
          "Type": "string"
       }
   ],
   "EncryptionKey": "string",
   "Certificate": "string",
   "Environment": {
      "Certificate": "string",
      "EnvironmentVariables": [
           {
                "Name": "string",
                "Type": "string",
                "Value": "string"
           }
      ],
   "ImagePullCredentialsType": "string",
   "PrivilegedMode": boolean, 
   "RegistryCredential": {
       "Credential": "string",
       "CredentialProvider": "string"
   },
   "Type": "string"
   },
   "LogsConfig": {
        "CloudWatchLogs": {
             "GroupName": "string",
             "Status": "string",
             "StreamName": "string"
        },
        "S3Logs": {
             "EncryptionDisabled": boolean,
             "Location": "string",
             "Status": "string"
        }
   },
   "Name": "string",
   "ServiceRole": "string",
   "Source": {
        "Type": "string",
        "Location": "string",
        "GitCloneDepth": integer
   },
   "VpcConfig": {
        "VpcId": "string",
        "Subnets": ["string"],
        "SecurityGroupIds": ["string"]
   }
}
```

# AwsDms ASFF 中的 資源
<a name="asff-resourcedetails-awsdms"></a>

以下是 `AwsDms` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsDmsEndpoint
<a name="asff-resourcedetails-awsdmsendpoint"></a>

`AwsDmsEndpoint` 物件提供有關 AWS Database Migration Service (AWS DMS) 端點的資訊。端點提供資料存放區的連線、資料存放區類型和位置資訊。

下列範例顯示 `AwsDmsEndpoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsDmsEndpoint`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsDmsEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsEndpointDeatils.html)。

**範例**

```
"AwsDmsEndpoint": {
    "CertificateArn": "arn:aws:dms:us-east-1:123456789012:cert:EXAMPLEIGDURVZGVJQZDPWJ5A7F2YDJVSMTBWFI",
    "DatabaseName": "Test",
    "EndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:EXAMPLEQB3CZY33F7XV253NAJVBNPK6MJQVFVQA",
    "EndpointIdentifier": "target-db",
    "EndpointType": "TARGET", 
    "EngineName": "mariadb",
    "KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "Port": 3306,
    "ServerName": "target-db.exampletafyu.us-east-1.rds.amazonaws.com",
    "SslMode": "verify-ca",
    "Username": "admin"
}
```

## AwsDmsReplicationInstance
<a name="asff-resourcedetails-awsdmsreplicationinstance"></a>

`AwsDmsReplicationInstance` 物件提供有關 AWS Database Migration Service (AWS DMS) 複寫執行個體的資訊。DMS 使用複寫執行個體來連線至來源資料存放區、讀取來源資料，以及格式化資料以供目標資料存放區使用。

下列範例顯示 `AwsDmsReplicationInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsDmsReplicationInstance`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsDmsReplicationInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsReplicationInstanceDetails.html)。

**範例**

```
"AwsDmsReplicationInstance": {
    "AllocatedStorage": 50,
    "AutoMinorVersionUpgrade": true,
    "AvailabilityZone": "us-east-1b",
    "EngineVersion": "3.5.1",
    "KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "MultiAZ": false,
    "PreferredMaintenanceWindow": "wed:08:08-wed:08:38",
    "PubliclyAccessible": true,
    "ReplicationInstanceClass": "dms.c5.xlarge",
    "ReplicationInstanceIdentifier": "second-replication-instance",
    "ReplicationSubnetGroup": {
        "ReplicationSubnetGroupIdentifier": "default-vpc-2344f44f"
    },
    "VpcSecurityGroups": [
        {
            "VpcSecurityGroupId": "sg-003a34e205138138b"
        }
    ]
}
```

## AwsDmsReplicationTask
<a name="asff-resourcedetails-awsdmsreplicationtask"></a>

`AwsDmsReplicationTask` 物件提供有關 AWS Database Migration Service (AWS DMS) 複寫任務的資訊。複寫任務會將一組資料從來源端點移至目標端點。

下列範例顯示 `AwsDmsReplicationInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsDmsReplicationInstance`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsDmsReplicationInstance](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsReplicationTaskDetails.html)。

**範例**

```
"AwsDmsReplicationTask": {
    "CdcStartPosition": "2023-08-28T14:26:22",
    "Id": "arn:aws:dms:us-east-1:123456789012:task:YDYUOHZIXWKQSUCBMUCQCNY44SJW74VJNB5DFWQ",
    "MigrationType": "cdc",
    "ReplicationInstanceArn": "arn:aws:dms:us-east-1:123456789012:rep:T7V6RFDP23PYQWUL26N3PF5REKML4YOUGIMYJUI",
    "ReplicationTaskIdentifier": "test-task",
    "ReplicationTaskSettings": "{\"Logging\":{\"EnableLogging\":false,\"EnableLogContext\":false,\"LogComponents\":[{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TRANSFORMATION\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SOURCE_UNLOAD\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"IO\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TARGET_LOAD\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"PERFORMANCE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SOURCE_CAPTURE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SORTER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"REST_SERVER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"VALIDATOR_EXT\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TARGET_APPLY\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TASK_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TABLES_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"METADATA_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"FILE_FACTORY\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"COMMON\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"ADDONS\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"DATA_STRUCTURE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"COMMUNICATION\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"FILE_TRANSFER\"}],\"CloudWatchLogGroup\":null,\"CloudWatchLogStream\":null},\"StreamBufferSettings\":{\"StreamBufferCount\":3,\"CtrlStreamBufferSizeInMB\":5,\"StreamBufferSizeInMB\":8},\"ErrorBehavior\":{\"FailOnNoTablesCaptured\":true,\"ApplyErrorUpdatePolicy\":\"LOG_ERROR\",\"FailOnTransactionConsistencyBreached\":false,\"RecoverableErrorThrottlingMax\":1800,\"DataErrorEscalationPolicy\":\"SUSPEND_TABLE\",\"ApplyErrorEscalationCount\":0,\"RecoverableErrorStopRetryAfterThrottlingMax\":true,\"RecoverableErrorThrottling\":true,\"ApplyErrorFailOnTruncationDdl\":false,\"DataTruncationErrorPolicy\":\"LOG_ERROR\",\"ApplyErrorInsertPolicy\":\"LOG_ERROR\",\"EventErrorPolicy\":\"IGNORE\",\"ApplyErrorEscalationPolicy\":\"LOG_ERROR\",\"RecoverableErrorCount\":-1,\"DataErrorEscalationCount\":0,\"TableErrorEscalationPolicy\":\"STOP_TASK\",\"RecoverableErrorInterval\":5,\"ApplyErrorDeletePolicy\":\"IGNORE_RECORD\",\"TableErrorEscalationCount\":0,\"FullLoadIgnoreConflicts\":true,\"DataErrorPolicy\":\"LOG_ERROR\",\"TableErrorPolicy\":\"SUSPEND_TABLE\"},\"TTSettings\":{\"TTS3Settings\":null,\"TTRecordSettings\":null,\"EnableTT\":false},\"FullLoadSettings\":{\"CommitRate\":10000,\"StopTaskCachedChangesApplied\":false,\"StopTaskCachedChangesNotApplied\":false,\"MaxFullLoadSubTasks\":8,\"TransactionConsistencyTimeout\":600,\"CreatePkAfterFullLoad\":false,\"TargetTablePrepMode\":\"DO_NOTHING\"},\"TargetMetadata\":{\"ParallelApplyBufferSize\":0,\"ParallelApplyQueuesPerThread\":0,\"ParallelApplyThreads\":0,\"TargetSchema\":\"\",\"InlineLobMaxSize\":0,\"ParallelLoadQueuesPerThread\":0,\"SupportLobs\":true,\"LobChunkSize\":64,\"TaskRecoveryTableEnabled\":false,\"ParallelLoadThreads\":0,\"LobMaxSize\":0,\"BatchApplyEnabled\":false,\"FullLobMode\":true,\"LimitedSizeLobMode\":false,\"LoadMaxFileSize\":0,\"ParallelLoadBufferSize\":0},\"BeforeImageSettings\":null,\"ControlTablesSettings\":{\"historyTimeslotInMinutes\":5,\"HistoryTimeslotInMinutes\":5,\"StatusTableEnabled\":false,\"SuspendedTablesTableEnabled\":false,\"HistoryTableEnabled\":false,\"ControlSchema\":\"\",\"FullLoadExceptionTableEnabled\":false},\"LoopbackPreventionSettings\":null,\"CharacterSetSettings\":null,\"FailTaskWhenCleanTaskResourceFailed\":false,\"ChangeProcessingTuning\":{\"StatementCacheSize\":50,\"CommitTimeout\":1,\"BatchApplyPreserveTransaction\":true,\"BatchApplyTimeoutMin\":1,\"BatchSplitSize\":0,\"BatchApplyTimeoutMax\":30,\"MinTransactionSize\":1000,\"MemoryKeepTime\":60,\"BatchApplyMemoryLimit\":500,\"MemoryLimitTotal\":1024},\"ChangeProcessingDdlHandlingPolicy\":{\"HandleSourceTableDropped\":true,\"HandleSourceTableTruncated\":true,\"HandleSourceTableAltered\":true},\"PostProcessingRules\":null}",
    "SourceEndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:TZPWV2VCXEGHYOKVKRNHAKJ4Q3RUXACNGFGYWRI",
    "TableMappings": "{\"rules\":[{\"rule-type\":\"selection\",\"rule-id\":\"969761702\",\"rule-name\":\"969761702\",\"object-locator\":{\"schema-name\":\"%table\",\"table-name\":\"%example\"},\"rule-action\":\"exclude\",\"filters\":[]}]}",
    "TargetEndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:ABR8LBOQB3CZY33F7XV253NAJVBNPK6MJQVFVQA"
}
```

# AwsDynamoDB ASFF 中的 資源
<a name="asff-resourcedetails-awsdynamodb"></a>

以下是 `AwsDynamoDB` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsDynamoDbTable
<a name="asff-resourcedetails-awsdynamodbtable"></a>

`AwsDynamoDbTable` 物件提供 Amazon DynamoDB 資料表的詳細資訊。

以下是安全`AwsDynamoDbTable`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsDynamoDbTable`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsDynamoDbTableDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDynamoDbTableDetails.html)。

**範例**

```
"AwsDynamoDbTable": {
    "AttributeDefinitions": [   
        {        
            "AttributeName": "attribute1",
            "AttributeType": "value 1"
        },
        {
            "AttributeName": "attribute2",
            "AttributeType": "value 2"
        },
        {
            "AttributeName": "attribute3",
            "AttributeType": "value 3"
        }
    ],
    "BillingModeSummary": {
        "BillingMode": "PAY_PER_REQUEST",
        "LastUpdateToPayPerRequestDateTime": "2019-12-03T15:23:10.323Z"
    },
    "CreationDateTime": "2019-12-03T15:23:10.248Z",
    "DeletionProtectionEnabled": true,
    "GlobalSecondaryIndexes": [
        {
            "Backfilling": false,
            "IndexArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/index/exampleIndex",                
            "IndexName": "standardsControlArnIndex",
            "IndexSizeBytes": 1862513,
            "IndexStatus": "ACTIVE",
            "ItemCount": 20,
            "KeySchema": [
                {
                    "AttributeName": "City",
                    "KeyType": "HASH"
                },     
                {
                    "AttributeName": "Date",
                    "KeyType": "RANGE"
                }
            ],      
            "Projection": {
                "NonKeyAttributes": ["predictorName"],
                "ProjectionType": "ALL"
            },     
            "ProvisionedThroughput": {
                "LastIncreaseDateTime": "2019-03-14T13:21:00.399Z",
                "LastDecreaseDateTime": "2019-03-14T12:47:35.193Z",
                "NumberOfDecreasesToday": 0,
                "ReadCapacityUnits": 100,
                "WriteCapacityUnits": 50
            },
        }
   ],
   "GlobalTableVersion": "V1",
   "ItemCount": 2705,
   "KeySchema": [
        {
            "AttributeName": "zipcode",
            "KeyType": "HASH"
        }
    ],
    "LatestStreamArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/stream/2019-12-03T23:23:10.248",
    "LatestStreamLabel": "2019-12-03T23:23:10.248",
    "LocalSecondaryIndexes": [
        {
            "IndexArn": "arn:aws:dynamodb:us-east-1:111122223333:table/exampleGroup/index/exampleId",
            "IndexName": "CITY_DATE_INDEX_NAME",
            "KeySchema": [
                {
                    "AttributeName": "zipcode",
                    "KeyType": "HASH"
                }
            ],
            "Projection": {
                "NonKeyAttributes": ["predictorName"],
                "ProjectionType": "ALL"
            },  
        }
    ],
    "ProvisionedThroughput": {
        "LastIncreaseDateTime": "2019-03-14T13:21:00.399Z",
        "LastDecreaseDateTime": "2019-03-14T12:47:35.193Z",
        "NumberOfDecreasesToday": 0,
        "ReadCapacityUnits": 100,
        "WriteCapacityUnits": 50
    },
    "Replicas": [
        {
            "GlobalSecondaryIndexes":[
                {
                    "IndexName": "CITY_DATE_INDEX_NAME", 
                    "ProvisionedThroughputOverride": {
                        "ReadCapacityUnits": 10
                    }
                }
            ],
            "KmsMasterKeyId" : "KmsKeyId"
            "ProvisionedThroughputOverride": {
                "ReadCapacityUnits": 10
            },
            "RegionName": "regionName",
            "ReplicaStatus": "CREATING",
            "ReplicaStatusDescription": "replicaStatusDescription"
        }
    ],
    "RestoreSummary" : {
        "SourceBackupArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/backup/backup1",
        "SourceTableArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable",
        "RestoreDateTime": "2020-06-22T17:40:12.322Z",
        "RestoreInProgress": true
    },
    "SseDescription": {
        "InaccessibleEncryptionDateTime": "2018-01-26T23:50:05.000Z",
        "Status": "ENABLED",
        "SseType": "KMS",
        "KmsMasterKeyArn": "arn:aws:kms:us-east-1:111122223333:key/key1"
    },
    "StreamSpecification" : {
        "StreamEnabled": true,
        "StreamViewType": "NEW_IMAGE"
    },
    "TableId": "example-table-id-1",
    "TableName": "example-table",
    "TableSizeBytes": 1862513,
    "TableStatus": "ACTIVE"
}
```

# AwsEc2 ASFF 中的 資源
<a name="asff-resourcedetails-awsec2"></a>

以下是 `AwsEc2` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsEc2ClientVpnEndpoint
<a name="asff-resourcedetails-awsec2clientvpnendpoint"></a>

`AwsEc2ClientVpnEndpoint` 物件提供 AWS Client VPN 端點的相關資訊。Client VPN 端點是您建立和設定以啟用和管理用戶端 VPN 工作階段的資源。它是所有用户端 VPN 工作階段的終止點。

下列範例顯示 `AwsEc2ClientVpnEndpoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2ClientVpnEndpoint`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2ClientVpnEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2ClientVpnEndpointDetails.html)。

**範例**

```
"AwsEc2ClientVpnEndpoint": {
    "AuthenticationOptions": [
        {
            "MutualAuthentication": {
                "ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            },
            "Type": "certificate-authentication"
        }
    ],
    "ClientCidrBlock": "10.0.0.0/22",
    "ClientConnectOptions": {
        "Enabled": false
    },
    "ClientLoginBannerOptions": {
        "Enabled": false
    },
    "ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5",
    "ConnectionLogOptions": {
        "Enabled": false
    },
    "Description": "test",
    "DnsServer": ["10.0.0.0"],
    "ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "SecurityGroupIdSet": [
        "sg-0f7a177b82b443691"
    ],
    "SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5",
    "SessionTimeoutHours": 24,
    "SplitTunnel": false,
    "TransportProtocol": "udp",
    "VpcId": "vpc-1a2b3c4d5e6f1a2b3",
    "VpnPort": 443
}
```

## AwsEc2Eip
<a name="asff-resourcedetails-awsec2eip"></a>

`AwsEc2Eip` 物件提供彈性 IP 地址的相關資訊。

下列範例顯示 `AwsEc2Eip` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Eip`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2EipDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2EipDetails.html)。

**範例**

```
"AwsEc2Eip": {
    "InstanceId": "instance1",
    "PublicIp": "192.0.2.04",
    "AllocationId": "eipalloc-example-id-1",
    "AssociationId": "eipassoc-example-id-1",
    "Domain": "vpc",
    "PublicIpv4Pool": "anycompany",
    "NetworkBorderGroup": "eu-central-1",
    "NetworkInterfaceId": "eni-example-id-1",
    "NetworkInterfaceOwnerId": "777788889999",
    "PrivateIpAddress": "192.0.2.03"
}
```

## AwsEc2Instance
<a name="asff-resourcedetails-awsec2instance"></a>

`AwsEc2Instance` 物件提供 Amazon EC2 執行個體的詳細資訊。

下列範例顯示 `AwsEc2Instance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Instance`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2InstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2InstanceDetails.html)。

**範例**

```
"AwsEc2Instance": { 
    "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole",
    "ImageId": "ami-1234",
    "IpV4Addresses": [ "1.1.1.1" ],
    "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ],
    "KeyName": "my_keypair",
    "LaunchedAt": "2018-05-08T16:46:19.000Z",
    "MetadataOptions": {
    	"HttpEndpoint": "enabled",
    	"HttpProtocolIpv6": "enabled",
    	"HttpPutResponseHopLimit": 1,
    	"HttpTokens": "optional",
    	"InstanceMetadataTags": "disabled",
    },
    "Monitoring": {
    	"State": "disabled"
    },
    "NetworkInterfaces": [
      {
         "NetworkInterfaceId": "eni-e5aa89a3"
      }
    ],
    "SubnetId": "subnet-123",
    "Type": "i3.xlarge",
    "VpcId": "vpc-123"
}
```

## AwsEc2LaunchTemplate
<a name="asff-resourcedetails-awsec2launchtemplate"></a>

`AwsEc2LaunchTemplate` 物件包含指定執行個體組態資訊的 Amazon Elastic Compute Cloud 啟動範本詳細資訊。

下列範例顯示 `AwsEc2LaunchTemplate` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2LaunchTemplate`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2LaunchTemplateDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2LaunchTemplateDetals.html)。

**範例**

```
"AwsEc2LaunchTemplate": {
    "DefaultVersionNumber": "1",
    "ElasticGpuSpecifications": ["string"],
    "ElasticInferenceAccelerators": ["string"],
    "Id": "lt-0a16e9802800bdd85",
    "ImageId": "ami-0d5eff06f840b45e9",
    "LatestVersionNumber": "1",
    "LaunchTemplateData": {
    	"BlockDeviceMappings": [{
    		"DeviceName": "/dev/xvda",
    		"Ebs": {
    			"DeleteonTermination": true,
    			"Encrypted": true,
    			"SnapshotId": "snap-01047646ec075f543",
    			"VolumeSize": 8,
    			"VolumeType:" "gp2"
    		}
    	}],
    	"MetadataOptions": {
    		"HttpTokens": "enabled",
    		"HttpPutResponseHopLimit" : 1
    	},
    	"Monitoring": {
    		"Enabled": true,
    	"NetworkInterfaces": [{
    		"AssociatePublicIpAddress" : true,
    	}],
    "LaunchTemplateName": "string",
    "LicenseSpecifications": ["string"],
    "SecurityGroupIds": ["sg-01fce87ad6e019725"],
    "SecurityGroups": ["string"],
    "TagSpecifications": ["string"]
}
```

## AwsEc2NetworkAcl
<a name="asff-resourcedetails-awsec2networkacl"></a>

`AwsEc2NetworkAcl` 物件包含 Amazon EC2 網路存取控制清單 (ACL) 的詳細資訊。

下列範例顯示 `AwsEc2NetworkAcl` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2NetworkAcl`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2NetworkAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2NetworkAclDetails.html)。

**範例**

```
"AwsEc2NetworkAcl": {
    "IsDefault": false,
    "NetworkAclId": "acl-1234567890abcdef0",
    "OwnerId": "123456789012",
    "VpcId": "vpc-1234abcd",
    "Associations": [{
        "NetworkAclAssociationId": "aclassoc-abcd1234",
        "NetworkAclId": "acl-021345abcdef6789",
        "SubnetId": "subnet-abcd1234"
   }],
   "Entries": [{
        "CidrBlock": "10.24.34.0/23",
        "Egress": true,
        "IcmpTypeCode": {
            "Code": 10,
            "Type": 30
        },
        "Ipv6CidrBlock": "2001:DB8::/32",
        "PortRange": {
            "From": 20,
            "To": 40
        },
        "Protocol": "tcp",
        "RuleAction": "allow",
        "RuleNumber": 100
   }]
}
```

## AwsEc2NetworkInterface
<a name="asff-resourcedetails-awsec2networkinterface"></a>

`AwsEc2NetworkInterface` 物件提供有關 Amazon EC2 網路介面的資訊。

下列範例顯示 `AwsEc2NetworkInterface` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2NetworkInterface`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2NetworkInterfaceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2NetworkInterfaceDetails.html)。

**範例**

```
"AwsEc2NetworkInterface": {
    "Attachment": {
        "AttachTime": "2019-01-01T03:03:21Z",
        "AttachmentId": "eni-attach-43348162",
        "DeleteOnTermination": true,
        "DeviceIndex": 123,
        "InstanceId": "i-1234567890abcdef0",
        "InstanceOwnerId": "123456789012",
        "Status": 'ATTACHED'
    },
    "SecurityGroups": [
        {
            "GroupName": "my-security-group",
            "GroupId": "sg-903004f8"
        },
    ],
    "NetworkInterfaceId": 'eni-686ea200',
    "SourceDestCheck": false
}
```

## AwsEc2RouteTable
<a name="asff-resourcedetails-awsec2routetable"></a>

`AwsEc2RouteTable` 物件提供有關 Amazon EC2 路由表的資訊。

下列範例顯示 `AwsEc2RouteTable` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2RouteTable`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2RouteTableDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2RouteTableDetails.html)。

**範例**

```
"AwsEc2RouteTable": {
    "AssociationSet": [{
    	"AssociationSet": {
    		"State": "associated"
    				},
    	"Main": true,
    	"RouteTableAssociationId": "rtbassoc-08e706c45de9f7512",
    	"RouteTableId": "rtb-0a59bde9cf2548e34",
    }],
    "PropogatingVgwSet": [],
    "RouteTableId": "rtb-0a59bde9cf2548e34",
    "RouteSet": [
    	{
    		"DestinationCidrBlock": "10.24.34.0/23",
    		"GatewayId": "local",
    		"Origin": "CreateRouteTable",
    		"State": "active"
    	},
    	{
    		"DestinationCidrBlock": "10.24.34.0/24",
    		"GatewayId": "igw-0242c2d7d513fc5d3",
    		"Origin": "CreateRoute",
    		"State": "active"
    	}
    ],
    "VpcId": "vpc-0c250a5c33f51d456"
}
```

## AwsEc2SecurityGroup
<a name="asff-resourcedetails-awsec2securitygroup"></a>

`AwsEc2SecurityGroup` 物件描述 Amazon EC2 安全群組。

下列範例顯示 `AwsEc2SecurityGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2SecurityGroup`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2SecurityGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2SecurityGroupDetails.html)。

**範例**

```
"AwsEc2SecurityGroup": {
    "GroupName": "MySecurityGroup",
    "GroupId": "sg-903004f8",
    "OwnerId": "123456789012",
    "VpcId": "vpc-1a2b3c4d",
    "IpPermissions": [
        {
            "IpProtocol": "-1",
            "IpRanges": [],
            "UserIdGroupPairs": [
                {
                    "UserId": "123456789012",
                    "GroupId": "sg-903004f8"
                }
            ],
            "PrefixListIds": [
                {"PrefixListId": "pl-63a5400a"}
            ]
        },
        {
            "PrefixListIds": [],
            "FromPort": 22,
            "IpRanges": [
                {
                    "CidrIp": "203.0.113.0/24"
                }
            ],
            "ToPort": 22,
            "IpProtocol": "tcp",
            "UserIdGroupPairs": []
        }
    ]
}
```

## AwsEc2Subnet
<a name="asff-resourcedetails-awsec2subnet"></a>

`AwsEc2Subnet` 物件提供 Amazon EC2 中子網路的相關資訊。

下列範例顯示 `AwsEc2Subnet` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Subnet`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2SubnetDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2SubnetDetails.html)。

**範例**

```
AwsEc2Subnet: {
    "AssignIpv6AddressOnCreation": false,
    "AvailabilityZone": "us-west-2c",
    "AvailabilityZoneId": "usw2-az3",
    "AvailableIpAddressCount": 8185,
    "CidrBlock": "10.0.0.0/24",
    "DefaultForAz": false,
    "MapPublicIpOnLaunch": false,
    "OwnerId": "123456789012",
    "State": "available",
    "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93",
    "SubnetId": "subnet-d5436c93",
    "VpcId": "vpc-153ade70",
    "Ipv6CidrBlockAssociationSet": [{
        "AssociationId": "subnet-cidr-assoc-EXAMPLE",
        "Ipv6CidrBlock": "2001:DB8::/32",
        "CidrBlockState": "associated"
   }]
}
```

## AwsEc2TransitGateway
<a name="asff-resourcedetails-awsec2transitgateway"></a>

`AwsEc2TransitGateway` 物件提供 Amazon EC2 傳輸閘道的詳細資訊，可互連您的虛擬私有雲端 (VPCs) 和內部部署網路。

以下是 AWS 安全`AwsEc2TransitGateway`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsEc2TransitGateway`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2TransitGatewayDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2TransitGatewayDetails.html)。

**範例**

```
"AwsEc2TransitGateway": {
	"AmazonSideAsn": 65000,
	"AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
	"AutoAcceptSharedAttachments": "disable",
	"DefaultRouteTableAssociation": "enable",
	"DefaultRouteTablePropagation": "enable",
	"Description": "sample transit gateway",
	"DnsSupport": "enable",
	"Id": "tgw-042ae6bf7a5c126c3",
	"MulticastSupport": "disable",
	"PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
	"TransitGatewayCidrBlocks": ["10.0.0.0/16"],
	"VpnEcmpSupport": "enable"
}
```

## AwsEc2Volume
<a name="asff-resourcedetails-awsec2volume"></a>

`AwsEc2Volume` 物件提供 Amazon EC2 磁碟區的詳細資訊。

下列範例顯示 `AwsEc2Volume` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Volume`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VolumeDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VolumeDetails.html)。

**範例**

```
"AwsEc2Volume": {
    "Attachments": [
      {
        "AttachTime": "2017-10-17T14:47:11Z",
        "DeleteOnTermination": true,
        "InstanceId": "i-123abc456def789g",
        "Status": "attached"
      }
     ],
    "CreateTime": "2020-02-24T15:54:30Z",
    "Encrypted": true,
    "KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
    "Size": 80,
    "SnapshotId": "",
    "Status": "available"
}
```

## AwsEc2Vpc
<a name="asff-resourcedetails-awsec2vpc"></a>

`AwsEc2Vpc` 物件提供 Amazon EC2 VPC 的詳細資訊。

下列範例顯示 `AwsEc2Vpc` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Vpc`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VpcDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcDetails.html)。

**範例**

```
"AwsEc2Vpc": {
    "CidrBlockAssociationSet": [
        {
            "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
            "CidrBlock": "192.0.2.0/24",
            "CidrBlockState": "associated"
        }
    ],
    "DhcpOptionsId": "dopt-4e42ce28",
    "Ipv6CidrBlockAssociationSet": [
        {
            "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
            "CidrBlockState": "associated",
            "Ipv6CidrBlock": "192.0.2.0/24"
       }

    ],
    "State": "available"
}
```

## AwsEc2VpcEndpointService
<a name="asff-resourcedetails-awsec2vpcendpointservice"></a>

`AwsEc2VpcEndpointService` 物件包含 VPC 端點服務的服務組態詳細資訊。

下列範例顯示 `AwsEc2VpcEndpointService` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2VpcEndpointService`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VpcEndpointServiceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcEndpointServiceDetails.html)。

**範例**

```
"AwsEc2VpcEndpointService": {
    "ServiceType": [
      {
        "ServiceType": "Interface"
      }
    ],
    "ServiceId": "vpce-svc-example1",
    "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1",
    "ServiceState": "Available",
    "AvailabilityZones": [
      "us-east-1"
    ],
    "AcceptanceRequired": true,
    "ManagesVpcEndpoints": false,
    "NetworkLoadBalancerArns": [
      "arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1"
    ],
    "GatewayLoadBalancerArns": [],
    "BaseEndpointDnsNames": [
      "vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com"
    ],
    "PrivateDnsName": "my-private-dns"
}
```

## AwsEc2VpcPeeringConnection
<a name="asff-resourcedetails-awsec2vpcpeeringconnection"></a>

`AwsEc2VpcPeeringConnection` 物件提供兩個 VPCs之間網路連線的詳細資訊。

下列範例顯示 `AwsEc2VpcPeeringConnection` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2VpcPeeringConnection`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VpcPeeringConnectionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcPeeringConnectionDetails.html)。

**範例**

```
"AwsEc2VpcPeeringConnection": { 
	"AccepterVpcInfo": {
		"CidrBlock": "10.0.0.0/28",
		"CidrBlockSet": [{
			"CidrBlock": "10.0.0.0/28"
		}],
		"Ipv6CidrBlockSet": [{
			"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
		}],
		"OwnerId": "012345678910",
		"PeeringOptions": {
			"AllowDnsResolutionFromRemoteVpc": true,
			"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
			"AllowEgressFromLocalVpcToRemoteClassicLink": true
		},
		"Region": "us-west-2",
		"VpcId": "vpc-i123456"
	},
	"ExpirationTime": "2022-02-18T15:31:53.161Z",
	"RequesterVpcInfo": {
		"CidrBlock": "192.168.0.0/28",
		"CidrBlockSet": [{
			"CidrBlock": "192.168.0.0/28"
		}],
		"Ipv6CidrBlockSet": [{
			"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
		}],
		"OwnerId": "012345678910",
		"PeeringOptions": {
			"AllowDnsResolutionFromRemoteVpc": true,
			"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
			"AllowEgressFromLocalVpcToRemoteClassicLink": true
		},
		"Region": "us-west-2",
		"VpcId": "vpc-i123456"
	},
	"Status": {
		"Code": "initiating-request",
		"Message": "Active"
	},
	"VpcPeeringConnectionId": "pcx-1a2b3c4d"
}
```

# AwsEcr ASFF 中的 資源
<a name="asff-resourcedetails-awsecr"></a>

以下是 `AwsEcr` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsEcrContainerImage
<a name="asff-resourcedetails-awsecrcontainerimage"></a>

`AwsEcrContainerImage` 物件提供 Amazon ECR 映像的相關資訊。

下列範例顯示 `AwsEcrContainerImage` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcrContainerImage`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEcrContainerImageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcrContainerImageDetails.html)。

**範例**

```
"AwsEcrContainerImage": {
    "RegistryId": "123456789012",
    "RepositoryName": "repository-name",
    "Architecture": "amd64"
    "ImageDigest": "sha256:a568e5c7a953fbeaa2904ac83401f93e4a076972dc1bae527832f5349cd2fb10",
    "ImageTags": ["00000000-0000-0000-0000-000000000000"],
    "ImagePublishedAt": "2019-10-01T20:06:12Z"
}
```

## AwsEcrRepository
<a name="asff-resourcedetails-awsecrrepository"></a>

`AwsEcrRepository` 物件提供有關 Amazon Elastic Container Registry 儲存庫的資訊。

下列範例顯示 `AwsEcrRepository` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcrRepository`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEcrRepositoryDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcrRepositoryDetails.html)。

**範例**

```
"AwsEcrRepository": {
    "LifecyclePolicy": {
        "RegistryId": "123456789012",
    },  
    "RepositoryName": "sample-repo",
    "Arn": "arn:aws:ecr:us-west-2:111122223333:repository/sample-repo",
    "ImageScanningConfiguration": {
        "ScanOnPush": true
    },
    "ImageTagMutability": "IMMUTABLE"
}
```

# AwsEcs ASFF 中的 資源
<a name="asff-resourcedetails-awsecs"></a>

以下是 `AwsEcs` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsEcsCluster
<a name="asff-resourcedetails-awsecscluster"></a>

`AwsEcsCluster` 物件提供有關 Amazon Elastic Container Service 叢集的詳細資訊。

下列範例顯示 `AwsEcsCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsCluster`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEcsClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsClusterDetails.html)。

**範例**

```
    "AwsEcsCluster": {
        "CapacityProviders": [],
        "ClusterSettings": [
            {
                "Name": "containerInsights",
                "Value": "enabled"
            }
        ],
        "Configuration": {
            "ExecuteCommandConfiguration": {
                "KmsKeyId": "kmsKeyId",
                "LogConfiguration": {
                    "CloudWatchEncryptionEnabled": true,
                    "CloudWatchLogGroupName": "cloudWatchLogGroupName",
                    "S3BucketName": "s3BucketName",
                    "S3EncryptionEnabled": true,
                    "S3KeyPrefix": "s3KeyPrefix"
                },
                "Logging": "DEFAULT"
            }
        }
        "DefaultCapacityProviderStrategy": [
            {
                "Base": 0,
                "CapacityProvider": "capacityProvider",
                "Weight": 1
            }
        ]
    }
```

## AwsEcsContainer
<a name="asff-resourcedetails-awsecscontainer"></a>

`AwsEcsContainer` 物件包含 Amazon ECS 容器的詳細資訊。

下列範例顯示 `AwsEcsContainer` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsContainer`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEcsContainerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsContainerDetails.html)。

**範例**

```
"AwsEcsContainer": {
    "Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3",
    "MountPoints": [{
        "ContainerPath": "/mnt/etc",
        "SourceVolume": "vol-03909e9"
    }],
    "Name": "knote",
    "Privileged": true 
}
```

## AwsEcsService
<a name="asff-resourcedetails-awsecsservice"></a>

`AwsEcsService` 物件提供 Amazon ECS 叢集內服務的詳細資訊。

下列範例顯示 `AwsEcsService` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsService`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEcsServiceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsServiceDetails.html)。

**範例**

```
"AwsEcsService": {
    "CapacityProviderStrategy": [
        {
            "Base": 12,
            "CapacityProvider": "",
            "Weight": ""
        }
    ],
    "Cluster": "arn:aws:ecs:us-east-1:111122223333:cluster/example-ecs-cluster",
    "DeploymentConfiguration": {
        "DeploymentCircuitBreaker": {
            "Enable": false,
            "Rollback": false
        },
        "MaximumPercent": 200,
        "MinimumHealthyPercent": 100
    },
    "DeploymentController": "",
    "DesiredCount": 1,
    "EnableEcsManagedTags": false,
    "EnableExecuteCommand": false,
    "HealthCheckGracePeriodSeconds": 1,
    "LaunchType": "FARGATE",
    "LoadBalancers": [
        {
            "ContainerName": "",
            "ContainerPort": 23,
            "LoadBalancerName": "",
            "TargetGroupArn": ""
        }
    ],
    "Name": "sample-app-service",
    "NetworkConfiguration": {
        "AwsVpcConfiguration": {
            "Subnets": [
                "Subnet-example1",
                "Subnet-example2"
            ],
        "SecurityGroups": [
                "Sg-0ce48e9a6e5b457f5"
        ],
        "AssignPublicIp": "ENABLED"
        }
    },
    "PlacementConstraints": [
        {
            "Expression": "",
            "Type": ""
        }
    ],
    "PlacementStrategies": [
        {
            "Field": "",
            "Type": ""
        }
    ],
    "PlatformVersion": "LATEST",
    "PropagateTags": "",
    "Role": "arn:aws:iam::111122223333:role/aws-servicerole/ecs.amazonaws.com/ServiceRoleForECS",
    "SchedulingStrategy": "REPLICA",
    "ServiceName": "sample-app-service",
    "ServiceArn": "arn:aws:ecs:us-east-1:111122223333:service/example-ecs-cluster/sample-app-service",
    "ServiceRegistries": [
        {
            "ContainerName": "",
            "ContainerPort": 1212,
            "Port": 1221,
            "RegistryArn": ""
        }
    ],
    "TaskDefinition": "arn:aws:ecs:us-east-1:111122223333:task-definition/example-taskdef:1"
}
```

## AwsEcsTask
<a name="asff-resourcedetails-awsecstask"></a>

`AwsEcsTask` 物件提供 Amazon ECS 任務的詳細資訊。

下列範例顯示 `AwsEcsTask` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsTask`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEcsTask](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsTaskDetails.html)。

**範例**

```
"AwsEcsTask": {
	"ClusterArn": "arn:aws:ecs:us-west-2:123456789012:task/MyCluster/1234567890123456789",
	"CreatedAt": "1557134011644",
	"Group": "service:fargate-service",
	"StartedAt": "1557134011644",
	"StartedBy": "ecs-svc/1234567890123456789",
	"TaskDefinitionArn": "arn:aws:ecs:us-west-2:123456789012:task-definition/sample-fargate:2",
	"Version": 3,
	"Volumes": [{
		"Name": "string",
		"Host": {
			"SourcePath": "string"
		}
	}],
	"Containers": {
		"Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3",
		"MountPoints": [{
			"ContainerPath": "/mnt/etc",
			"SourceVolume": "vol-03909e9"
		}],
		"Name": "knote",
		"Privileged": true
	}
}
```

## AwsEcsTaskDefinition
<a name="asff-resourcedetails-awsecstaskdefinition"></a>

`AwsEcsTaskDefinition` 物件包含任務定義的詳細資訊。任務定義說明 Amazon Elastic Container Service 任務的容器和磁碟區定義。

下列範例顯示 `AwsEcsTaskDefinition` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsTaskDefinition`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEcsTaskDefinitionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsTaskDefinitionDetails.html)。

**範例**

```
    "AwsEcsTaskDefinition": {
        "ContainerDefinitions": [
            {
                "Command": ['ruby', 'hi.rb'],
                "Cpu":128,
                "Essential": true,
                "HealthCheck": {
                    "Command": ["CMD-SHELL", "curl -f http://localhost/ || exit 1"],
                    "Interval": 10,
                    "Retries": 3,
                    "StartPeriod": 5,
                    "Timeout": 20
                },
                "Image": "tongueroo/sinatra:latest",
                "Interactive": true,
                "Links": [],
                "LogConfiguration": {
                    "LogDriver": "awslogs",
                    "Options": {
                        "awslogs-group": "/ecs/sinatra-hi",
                        "awslogs-region": "ap-southeast-1",
                        "awslogs-stream-prefix": "ecs"
                    },
                    "SecretOptions": []
                    
                },
                "MemoryReservation": 128,
                "Name": "web",
                "PortMappings": [
                    {
                        "ContainerPort": 4567,
                        "HostPort":4567,
                        "Protocol": "tcp"
                    }
                ],
                "Privileged": true,
                "StartTimeout": 10,
                "StopTimeout": 100,
            }
        ],
        "Family": "sinatra-hi",
        "NetworkMode": "host",
        "RequiresCompatibilities": ["EC2"],
        "Status": "ACTIVE",
        "TaskRoleArn": "arn:aws:iam::111122223333:role/ecsTaskExecutionRole",
    }
```

# AwsEfs ASFF 中的 資源
<a name="asff-resourcedetails-awsefs"></a>

以下是 `AwsEfs` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsEfsAccessPoint
<a name="asff-resourcedetails-awsefsaccesspoint"></a>

`AwsEfsAccessPoint` 物件提供存放在 Amazon Elastic File System 中的檔案詳細資訊。

下列範例顯示 `AwsEfsAccessPoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEfsAccessPoint`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEfsAccessPointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEfsAccessPointDetails.html)。

**範例**

```
"AwsEfsAccessPoint": { 
	"AccessPointId": "fsap-05c4c0e79ba0b118a",
	"Arn": "arn:aws:elasticfilesystem:us-east-1:863155670886:access-point/fsap-05c4c0e79ba0b118a",
	"ClientToken": "AccessPointCompliant-ASk06ZZSXsEp",
	"FileSystemId": "fs-0f8137f731cb32146",
	"PosixUser": {
		"Gid": "1000",
		"SecondaryGids": ["0", "4294967295"],
		"Uid": "1234"
	},
	"RootDirectory": {
		"CreationInfo": {
			"OwnerGid": "1000",
			"OwnerUid": "1234",
			"Permissions": "777"
		},
		"Path": "/tmp/example"
	}
}
```

# AwsEks ASFF 中的 資源
<a name="asff-resourcedetails-awseks"></a>

以下是 `AwsEks` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsEksCluster
<a name="asff-resourcedetails-awsekscluster"></a>

`AwsEksCluster` 物件提供 Amazon EKS 叢集的詳細資訊。

下列範例顯示 `AwsEksCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEksCluster`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEksClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEksClusterDetails.html)。

**範例**

```
{
  "AwsEksCluster": {
    "Name": "example",
    "Arn": "arn:aws:eks:us-west-2:222222222222:cluster/example",
    "CreatedAt": 1565804921.901,
    "Version": "1.12",
    "RoleArn": "arn:aws:iam::222222222222:role/example-cluster-ServiceRole-1XWBQWYSFRE2Q",
    "ResourcesVpcConfig": {
      "EndpointPublicAccess": false,
      "SubnetIds": [
        "subnet-021345abcdef6789",
        "subnet-abcdef01234567890",
        "subnet-1234567890abcdef0"
      ],
      "SecurityGroupIds": [
        "sg-abcdef01234567890"
      ]
    },
    "Logging": {
      "ClusterLogging": [
        {
          "Types": [
            "api",
            "audit",
            "authenticator",
            "controllerManager",
            "scheduler"
          ],
          "Enabled": true
        }
      ]
    },
    "Status": "CREATING",
    "CertificateAuthorityData": {},
  }
}
```

# AwsElasticBeanstalk ASFF 中的 資源
<a name="asff-resourcedetails-awselasticbeanstalk"></a>

以下是 `AwsElasticBeanstalk` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsElasticBeanstalkEnvironment
<a name="asff-resourcedetails-awselasticbeanstalkenvironment"></a>

`AwsElasticBeanstalkEnvironment` 物件包含 AWS Elastic Beanstalk 環境的詳細資訊。

下列範例顯示 `AwsElasticBeanstalkEnvironment` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElasticBeanstalkEnvironment`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsElasticBeanstalkEnvironmentDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElasticBeanstalkEnvironmentDetails.html)。

**範例**

```
"AwsElasticBeanstalkEnvironment": {
    "ApplicationName": "MyApplication",
    "Cname": "myexampleapp-env.devo-2.elasticbeanstalk-internal.com",
    "DateCreated": "2021-04-30T01:38:01.090Z",
    "DateUpdated": "2021-04-30T01:38:01.090Z",
    "Description": "Example description of my awesome application",
    "EndpointUrl": "eb-dv-e-p-AWSEBLoa-abcdef01234567890-021345abcdef6789.us-east-1.elb.amazonaws.com",
    "EnvironmentArn": "arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/MyApplication/myapplication-env",
    "EnvironmentId": "e-abcd1234",
    "EnvironmentLinks": [
        {
            "EnvironmentName": "myexampleapp-env",
            "LinkName": "myapplicationLink"
        }
    ],
    "EnvironmentName": "myapplication-env",
    "OptionSettings": [
        {
            "Namespace": "aws:elasticbeanstalk:command",
            "OptionName": "BatchSize",
            "Value": "100"
        },
        {
            "Namespace": "aws:elasticbeanstalk:command",
            "OptionName": "Timeout",
            "Value": "600"
        },
        {
            "Namespace": "aws:elasticbeanstalk:command",
            "OptionName": "BatchSizeType",
            "Value": "Percentage"
        },
        {
            "Namespace": "aws:elasticbeanstalk:command",
            "OptionName": "IgnoreHealthCheck",
            "Value": "false"
        },
        {
            "Namespace": "aws:elasticbeanstalk:application",
            "OptionName": "Application Healthcheck URL",
            "Value": "TCP:80"
        }
    ],
    "PlatformArn": "arn:aws:elasticbeanstalk:us-east-1::platform/Tomcat 8 with Java 8 running on 64bit Amazon Linux/2.7.7",
    "SolutionStackName": "64bit Amazon Linux 2017.09 v2.7.7 running Tomcat 8 Java 8",
    "Status": "Ready",
    "Tier": {
        "Name": "WebServer"
       "Type": "Standard"
       "Version": "1.0"
    },
    "VersionLabel": "Sample Application"
}
```

# AwsElasticSearch ASFF 中的 資源
<a name="asff-resourcedetails-awselasticsearch"></a>

以下是 `AwsElasticSearch` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsElasticSearchDomain
<a name="asff-resourcedetails-awselasticsearchdomain"></a>

`AwsElasticSearchDomain` 物件提供 Amazon OpenSearch Service 網域的詳細資訊。

下列範例顯示 `AwsElasticSearchDomain` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElasticSearchDomain`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsElasticSearchDomainDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElasticsearchDomainDetails.html)。

**範例**

```
"AwsElasticSearchDomain": {
    "AccessPolicies": "string",
    "DomainStatus": {
           "DomainId": "string",
           "DomainName": "string",
           "Endpoint": "string",
           "Endpoints": {
                  "string": "string"
           }
    },
    "DomainEndpointOptions": {
           "EnforceHTTPS": boolean,
           "TLSSecurityPolicy": "string"
    },
    "ElasticsearchClusterConfig": {
           "DedicatedMasterCount": number,
           "DedicatedMasterEnabled": boolean,
           "DedicatedMasterType": "string",
           "InstanceCount": number,
           "InstanceType": "string",
           "ZoneAwarenessConfig": {
                  "AvailabilityZoneCount": number
           },
           "ZoneAwarenessEnabled": boolean
    },
    "ElasticsearchVersion": "string",
    "EncryptionAtRestOptions": {
           "Enabled": boolean,
           "KmsKeyId": "string"
    },
    "LogPublishingOptions": {
           "AuditLogs": {
                  "CloudWatchLogsLogGroupArn": "string",
                  "Enabled": boolean
           },
           "IndexSlowLogs": {
                  "CloudWatchLogsLogGroupArn": "string",
                  "Enabled": boolean
           },
           "SearchSlowLogs": {
                  "CloudWatchLogsLogGroupArn": "string",
                  "Enabled": boolean
           }
    },
    "NodeToNodeEncryptionOptions": {
           "Enabled": boolean
    },
    "ServiceSoftwareOptions": {
           "AutomatedUpdateDate": "string",
           "Cancellable": boolean,
           "CurrentVersion": "string",
           "Description": "string",
           "NewVersion": "string",
           "UpdateAvailable": boolean,
           "UpdateStatus": "string"
    },
    "VPCOptions": {
           "AvailabilityZones": [
                 "string"
           ],
           "SecurityGroupIds": [
                 "string"
           ],
           "SubnetIds": [
                 "string"
           ],
          "VPCId": "string"
    }
}
```

# AwsElb ASFF 中的 資源
<a name="asff-resourcedetails-awselb"></a>

以下是 `AwsElb` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsElbLoadBalancer
<a name="asff-resourcedetails-awselbloadbalancer"></a>

`AwsElbLoadBalancer` 物件包含 Classic Load Balancer 的詳細資訊。

下列範例顯示 `AwsElbLoadBalancer` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElbLoadBalancer`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsElbLoadBalancerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElbLoadBalancerDetails.html)。

**範例**

```
"AwsElbLoadBalancer": {
    "AvailabilityZones": ["us-west-2a"],
    "BackendServerDescriptions": [
         {
            "InstancePort": 80,
            "PolicyNames": ["doc-example-policy"]
        }
    ],
    "CanonicalHostedZoneName": "Z3DZXE0EXAMPLE",
    "CanonicalHostedZoneNameID": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com",
    "CreatedTime": "2020-08-03T19:22:44.637Z",
    "DnsName": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com",
    "HealthCheck": {
        "HealthyThreshold": 2,
        "Interval": 30,
        "Target": "HTTP:80/png",
        "Timeout": 3,
        "UnhealthyThreshold": 2
    },
    "Instances": [
        {
            "InstanceId": "i-example"
        }
    ],
    "ListenerDescriptions": [
        {
            "Listener": {
                "InstancePort": 443,
                "InstanceProtocol": "HTTPS",
                "LoadBalancerPort": 443,
                "Protocol": "HTTPS",
                "SslCertificateId": "arn:aws:iam::444455556666:server-certificate/my-server-cert"
            },
            "PolicyNames": ["ELBSecurityPolicy-TLS-1-2-2017-01"]
        }
    ],
    "LoadBalancerAttributes": {
        "AccessLog": {
            "EmitInterval": 60,
            "Enabled": true,
            "S3BucketName": "amzn-s3-demo-bucket",
            "S3BucketPrefix": "doc-example-prefix"
        },
        "ConnectionDraining": {
            "Enabled": false,
            "Timeout": 300
        },
        "ConnectionSettings": {
            "IdleTimeout": 30
        },
        "CrossZoneLoadBalancing": {
            "Enabled": true
        },
        "AdditionalAttributes": [{
            "Key": "elb.http.desyncmitigationmode",
            "Value": "strictest"
        }]

    },
    "LoadBalancerName": "example-load-balancer",
    "Policies": {
        "AppCookieStickinessPolicies": [
            {
                "CookieName": "",
                "PolicyName": ""
            }
        ],
        "LbCookieStickinessPolicies": [
            {
                "CookieExpirationPeriod": 60,
                "PolicyName": "my-example-cookie-policy"
            }
        ],
        "OtherPolicies": [
            "my-PublicKey-policy",
            "my-authentication-policy",
            "my-SSLNegotiation-policy",
            "my-ProxyProtocol-policy",
            "ELBSecurityPolicy-2015-03"
        ]
    },
    "Scheme": "internet-facing",
    "SecurityGroups": ["sg-example"],
    "SourceSecurityGroup": {
        "GroupName": "my-elb-example-group",
        "OwnerAlias": "444455556666"
    },
    "Subnets": ["subnet-example"],
    "VpcId": "vpc-a01106c2"
}
```

## AwsElbv2LoadBalancer
<a name="asff-resourcedetails-awselbv2loadbalancer"></a>

`AwsElbv2LoadBalancer` 物件提供了負載平衡器的資訊。

下列範例顯示 `AwsElbv2LoadBalancer` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElbv2LoadBalancer`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsElbv2LoadBalancerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElbv2LoadBalancerDetails.html)。

**範例**

```
"AwsElbv2LoadBalancer": {
                        "AvailabilityZones": {
                            "SubnetId": "string",
                            "ZoneName": "string"
                        },
                        "CanonicalHostedZoneId": "string",
                        "CreatedTime": "string",
                        "DNSName": "string",
                        "IpAddressType": "string",
                        "LoadBalancerAttributes": [
                            {
                                "Key": "string",
                                "Value": "string"
                            }
                        ],
                        "Scheme": "string",
                        "SecurityGroups": [ "string" ],
                        "State": {
                            "Code": "string",
                            "Reason": "string"
                        },
                        "Type": "string",
                        "VpcId": "string"
                    }
```

# AwsEventBridge ASFF 中的 資源
<a name="asff-resourcedetails-awsevent"></a>

以下是 `AwsEventBridge` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsEventSchemasRegistry
<a name="asff-resourcedetails-awseventschemasregistry"></a>

`AwsEventSchemasRegistry` 物件提供有關 Amazon EventBridge 結構描述登錄檔的資訊。結構描述會定義傳送至 EventBridge 的事件結構。結構描述登錄檔是收集結構描述並將其邏輯分組的容器。

下列範例顯示 `AwsEventSchemasRegistry` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEventSchemasRegistry`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEventSchemasRegistry](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventSchemasRegistryDetails.html)。

**範例**

```
"AwsEventSchemasRegistry": {
    "Description": "This is an example event schema registry.",
    "RegistryArn": "arn:aws:schemas:us-east-1:123456789012:registry/schema-registry",
    "RegistryName": "schema-registry"
}
```

## AwsEventsEndpoint
<a name="asff-resourcedetails-awseventsendpoint"></a>

`AwsEventsEndpoint` 物件提供有關 Amazon EventBridge 全域端點的資訊。端點可以透過提高區域容錯能力來改善應用程式的可用性。

下列範例顯示 `AwsEventsEndpoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEventsEndpoint`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEventsEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventsEndpointDetails.html)。

**範例**

```
"AwsEventsEndpoint": {
    "Arn": "arn:aws:events:us-east-1:123456789012:endpoint/my-endpoint",
    "Description": "This is a sample endpoint.",
    "EndpointId": "04k1exajoy.veo",
    "EndpointUrl": "https://04k1exajoy.veo.endpoint.events.amazonaws.com",
    "EventBuses": [
        {
            "EventBusArn": "arn:aws:events:us-east-1:123456789012:event-bus/default"
        },
        {
            "EventBusArn": "arn:aws:events:us-east-2:123456789012:event-bus/default"
        }
    ],
    "Name": "my-endpoint",
    "ReplicationConfig": {
        "State": "ENABLED"
    },
    "RoleArn": "arn:aws:iam::123456789012:role/service-role/Amazon_EventBridge_Invoke_Event_Bus_1258925394",
    "RoutingConfig": {
        "FailoverConfig": {
            "Primary": {
                "HealthCheck": "arn:aws:route53:::healthcheck/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            },
            "Secondary": {
                "Route": "us-east-2"
            }
        }
    },
    "State": "ACTIVE"
}
```

## AwsEventsEventbus
<a name="asff-resourcedetails-awseventseventbus"></a>

`AwsEventsEventbus` 物件提供有關 Amazon EventBridge 全域端點的資訊。端點可以透過提高區域容錯能力來改善應用程式的可用性。

下列範例顯示 `AwsEventsEventbus` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEventsEventbus`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsEventsEventbusDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventsEventbusDetails.html)。

**範例**

```
"AwsEventsEventbus": 
    "Arn": "arn:aws:events:us-east-1:123456789012:event-bus/my-event-bus",
    "Name": "my-event-bus",
    "Policy": "{\"Version\":\"2012-10-17\",		 	 	 \"Statement\":[{\"Sid\":\"AllowAllAccountsFromOrganizationToPutEvents\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"events:PutEvents\",\"Resource\":\"arn:aws:events:us-east-1:123456789012:event-bus/my-event-bus\",\"Condition\":{\"StringEquals\":{\"aws:PrincipalOrgID\":\"o-ki7yjtkjv5\"}}},{\"Sid\":\"AllowAccountToManageRulesTheyCreated\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:root\"},\"Action\":[\"events:PutRule\",\"events:PutTargets\",\"events:DeleteRule\",\"events:RemoveTargets\",\"events:DisableRule\",\"events:EnableRule\",\"events:TagResource\",\"events:UntagResource\",\"events:DescribeRule\",\"events:ListTargetsByRule\",\"events:ListTagsForResource\"],\"Resource\":\"arn:aws:events:us-east-1:123456789012:rule/my-event-bus\",\"Condition\":{\"StringEqualsIfExists\":{\"events:creatorAccount\":\"123456789012\"}}}]}"
```

# AwsGuardDuty ASFF 中的 資源
<a name="asff-resourcedetails-awsguardduty"></a>

以下是 `AwsGuardDuty` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsGuardDutyDetector
<a name="asff-resourcedetails-awsguarddutydetector"></a>

`AwsGuardDutyDetector` 物件提供 Amazon GuardDuty 偵測器的相關資訊。偵測器是一種用來代表 GuardDuty 服務的物件。GuardDuty 需要偵測器才能運作。

下列範例顯示 `AwsGuardDutyDetector` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsGuardDutyDetector`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsGuardDutyDetector](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsGuardDutyDetectorDetails.html)。

**範例**

```
"AwsGuardDutyDetector": {
    "FindingPublishingFrequency": "SIX_HOURS",
    "ServiceRole": "arn:aws:iam::123456789012:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty",
    "Status": "ENABLED",
    "DataSources": {
        "CloudTrail": {
            "Status": "ENABLED"
        },
        "DnsLogs": {
            "Status": "ENABLED"
        },
        "FlowLogs": {
            "Status": "ENABLED"
        },
        "S3Logs": {
             "Status": "ENABLED"
         },
         "Kubernetes": {
             "AuditLogs": {
                "Status": "ENABLED"
             }
         },
         "MalwareProtection": {
             "ScanEc2InstanceWithFindings": {
                "EbsVolumes": {
                    "Status": "ENABLED"
                 }
             },
            "ServiceRole": "arn:aws:iam::123456789012:role/aws-service-role/malware-protection.guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDutyMalwareProtection"
         }
    }
}
```

# AwsIam ASFF 中的 資源
<a name="asff-resourcedetails-awsiam"></a>

以下是 `AwsIam` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsIamAccessKey
<a name="asff-resourcedetails-awsiamaccesskey"></a>

`AwsIamAccessKey` 物件包含與問題清單相關的 IAM 存取金鑰詳細資訊。

下列範例顯示 `AwsIamAccessKey` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamAccessKey`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsIamAccessKeyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamAccessKeyDetails.html)。

**範例**

```
"AwsIamAccessKey": { 
                        "AccessKeyId": "string",
                        "AccountId": "string",
                        "CreatedAt": "string",
                        "PrincipalId": "string",
                        "PrincipalName": "string",
                        "PrincipalType": "string",
                        "SessionContext": {
                            "Attributes": {
                                "CreationDate": "string",
                                "MfaAuthenticated": boolean
                            },
                            "SessionIssuer": {
                                "AccountId": "string",
                                "Arn": "string",
                                "PrincipalId": "string",
                                "Type": "string",
                                "UserName": "string"
                            }
                        },
                        "Status": "string"
                    }
```

## AwsIamGroup
<a name="asff-resourcedetails-awsiamgroup"></a>

`AwsIamGroup` 物件包含 IAM 群組的詳細資訊。

下列範例顯示 `AwsIamGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamGroup`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsIamGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamGroupDetails.html)。

**範例**

```
"AwsIamGroup": {
    "AttachedManagedPolicies": [
        {
            "PolicyArn": "arn:aws:iam::aws:policy/ExampleManagedAccess",
            "PolicyName": "ExampleManagedAccess",
        }
    ],
    "CreateDate": "2020-04-28T14:08:37.000Z",
    "GroupId": "AGPA4TPS3VLP7QEXAMPLE",
    "GroupName": "Example_User_Group",
    "GroupPolicyList": [
        {
            "PolicyName": "ExampleGroupPolicy"
        }
    ],
    "Path": "/"
}
```

## AwsIamPolicy
<a name="asff-resourcedetails-awsiampolicy"></a>

`AwsIamPolicy` 物件代表 IAM 許可政策。

下列範例顯示 `AwsIamPolicy` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamPolicy`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsIamPolicyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamPolicyDetails.html)。

**範例**

```
"AwsIamPolicy": {
    "AttachmentCount": 1,
    "CreateDate": "2017-09-14T08:17:29.000Z",
    "DefaultVersionId": "v1",
    "Description": "Example IAM policy",
    "IsAttachable": true,
    "Path": "/",
    "PermissionsBoundaryUsageCount": 5,
    "PolicyId": "ANPAJ2UCCR6DPCEXAMPLE",
    "PolicyName": "EXAMPLE-MANAGED-POLICY",
    "PolicyVersionList": [
        {
            "VersionId": "v1",
            "IsDefaultVersion": true,
            "CreateDate": "2017-09-14T08:17:29.000Z"
        }
    ],
    "UpdateDate": "2017-09-14T08:17:29.000Z"
}
```

## AwsIamRole
<a name="asff-resourcedetails-awsiamrole"></a>

`AwsIamRole` 物件包含 IAM 角色的相關資訊，包括角色的所有政策。

下列範例顯示 `AwsIamRole` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamRole`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsIamRoleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamRoleDetails.html)。

**範例**

```
"AwsIamRole": {
    "AssumeRolePolicyDocument": "{'Version': '2012-10-17',		 	 	 'Statement': [{'Effect': 'Allow','Action': 'sts:AssumeRole'}]}",
    "AttachedManagedPolicies": [
        {
            "PolicyArn": "arn:aws:iam::aws:policy/ExamplePolicy1",
            "PolicyName": "Example policy 1"
        },
        {
            "PolicyArn": "arn:aws:iam::444455556666:policy/ExamplePolicy2",
            "PolicyName": "Example policy 2"
        }
        ],
        "CreateDate": "2020-03-14T07:19:14.000Z",
        "InstanceProfileList": [
            {
                "Arn": "arn:aws:iam::333333333333:ExampleProfile",
                "CreateDate": "2020-03-11T00:02:27Z",
                "InstanceProfileId": "AIPAIXEU4NUHUPEXAMPLE",
                "InstanceProfileName": "ExampleInstanceProfile",
                "Path": "/",
                "Roles": [
                    {
                       "Arn": "arn:aws:iam::444455556666:role/example-role",
                        "AssumeRolePolicyDocument": "",
                        "CreateDate": "2020-03-11T00:02:27Z",
                        "Path": "/",
                        "RoleId": "AROAJ52OTH4H7LEXAMPLE",
                        "RoleName": "example-role",
                    }
                ]
            }
        ],
        "MaxSessionDuration": 3600,
        "Path": "/",
        "PermissionsBoundary": {
            "PermissionsBoundaryArn": "arn:aws:iam::aws:policy/AdministratorAccess",
            "PermissionsBoundaryType": "PermissionsBoundaryPolicy"
        },
        "RoleId": "AROA4TPS3VLEXAMPLE",
        "RoleName": "BONESBootstrapHydra-OverbridgeOpsFunctionsLambda",
        "RolePolicyList": [
            {
                "PolicyName": "Example role policy"
            }
        ]
    }
```

## AwsIamUser
<a name="asff-resourcedetails-awsiamuser"></a>

`AwsIamUser` 物件提供使用者的相關資訊。

下列範例顯示 `AwsIamUser` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamUser`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsIamUserDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamUserDetails.html)。

**範例**

```
"AwsIamUser": {
    "AttachedManagedPolicies": [
        {
            "PolicyName": "ExamplePolicy",
            "PolicyArn": "arn:aws:iam::aws:policy/ExampleAccess"
        }
    ],
    "CreateDate": "2018-01-26T23:50:05.000Z",
    "GroupList": [],
    "Path": "/",
    "PermissionsBoundary" : {
        "PermissionsBoundaryArn" : "arn:aws:iam::aws:policy/AdministratorAccess",
        "PermissionsBoundaryType" : "PermissionsBoundaryPolicy"
    },
    "UserId": "AIDACKCEVSQ6C2EXAMPLE",
    "UserName": "ExampleUser",
    "UserPolicyList": [
        {
            "PolicyName": "InstancePolicy"
        }
    ]
}
```

# AwsKinesis ASFF 中的 資源
<a name="asff-resourcedetails-awskinesis"></a>

以下是 `AwsKinesis` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsKinesisStream
<a name="asff-resourcedetails-awskinesisstream"></a>

`AwsKinesisStream` 物件提供有關 Amazon Kinesis Data Streams 的詳細資訊。

下列範例顯示 `AwsKinesisStream` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsKinesisStream`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsKinesisStreamDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsKinesisStreamDetails.html)。

**範例**

```
"AwsKinesisStream": { 
	"Name": "test-vir-kinesis-stream",
	"Arn": "arn:aws:kinesis:us-east-1:293279581038:stream/test-vir-kinesis-stream",
	"RetentionPeriodHours": 24,
	"ShardCount": 2,
	"StreamEncryption": {
		"EncryptionType": "KMS",
		"KeyId": "arn:aws:kms:us-east-1:293279581038:key/849cf029-4143-4c59-91f8-ea76007247eb"
	}
}
```

# AwsKms ASFF 中的 資源
<a name="asff-resourcedetails-awskms"></a>

以下是 `AwsKms` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsKmsKey
<a name="asff-resourcedetails-awskmskey"></a>

`AwsKmsKey` 物件提供有關 的詳細資訊 AWS KMS key。

下列範例顯示 `AwsKmsKey` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsKmsKey`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsKmsKeyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsKmsKeyDetails.html)。

**範例**

```
"AwsKmsKey": {
                        "AWSAccountId": "string",
                        "CreationDate": "string",
                        "Description": "string",
                        "KeyId": "string",
                        "KeyManager": "string",
                        "KeyRotationStatus": boolean,
                        "KeyState": "string",
                        "Origin": "string"
                    }
```

# AwsLambda
<a name="asff-resourcedetails-awslambda"></a>

以下是 `AwsLambda` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsLambdaFunction
<a name="asff-resourcedetails-awslambdafunction"></a>

`AwsLambdaFunction` 物件提供 Lambda 函數組態的詳細資訊。

下列範例顯示 `AwsLambdaFunction` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsLambdaFunction`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsLambdaFunctionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsLambdaFunctionDetails.html)。

**範例**

```
"AwsLambdaFunction": {
    "Architectures": [
        "x86_64"
    ],
    "Code": {
        "S3Bucket": "amzn-s3-demo-bucket",
        "S3Key": "samplekey",
        "S3ObjectVersion": "2",
        "ZipFile": "myzip.zip"
    },
    "CodeSha256": "1111111111111abcdef",
    "DeadLetterConfig": {
        "TargetArn": "arn:aws:lambda:us-east-2:123456789012:queue:myqueue:2"
    },
    "Environment": {
        "Variables": {
            "Stage": "foobar"
         },
        "Error": {
            "ErrorCode": "Sample-error-code",
            "Message": "Caller principal is a manager."
         }
     },
    "FunctionName": "CheckOut",
    "Handler": "main.py:lambda_handler",
    "KmsKeyArn": "arn:aws:kms:us-west-2:123456789012:key/mykey",
    "LastModified": "2001-09-11T09:00:00Z",
    "Layers": {
        "Arn": "arn:aws:lambda:us-east-2:123456789012:layer:my-layer:3",
        "CodeSize": 169
    },
    "PackageType": "Zip",
    "RevisionId": "23",
    "Role": "arn:aws:iam::123456789012:role/Accounting-Role",
    "Runtime": "go1.7",
    "Timeout": 15,
    "TracingConfig": {
        "Mode": "Active"
    },
    "Version": "$LATEST$",
    "VpcConfig": {
        "SecurityGroupIds": ["sg-085912345678492fb", "sg-08591234567bdgdc"],
         "SubnetIds": ["subnet-071f712345678e7c8", "subnet-07fd123456788a036"]
    },
    "MasterArn": "arn:aws:lambda:us-east-2:123456789012:\$LATEST",
    "MemorySize": 2048
}
```

## AwsLambdaLayerVersion
<a name="asff-resourcedetails-awslambdalayerversion"></a>

`AwsLambdaLayerVersion` 物件提供 Lambda layer 版本的詳細資訊。

下列範例顯示 `AwsLambdaLayerVersion` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsLambdaLayerVersion`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsLambdaLayerVersionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsLambdaLayerVersionDetails.html)。

**範例**

```
"AwsLambdaLayerVersion": {
    "Version": 2,
    "CompatibleRuntimes": [
        "java8"
    ],
    "CreatedDate": "2019-10-09T22:02:00.274+0000"
}
```

# AwsMsk ASFF 中的 資源
<a name="asff-resourcedetails-awsmsk"></a>

以下是 `AwsMsk` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsMskCluster
<a name="asff-resourcedetails-awsmskcluster"></a>

`AwsMskCluster` 物件提供有關 Amazon Managed Streaming for Apache Kafka (Amazon MSK) 叢集的資訊。

下列範例顯示 `AwsMskCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsMskCluster`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsMskClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsMskClusterDetails.html)。

**範例**

```
"AwsMskCluster": {
        "ClusterInfo": {
            "ClientAuthentication": {
                "Sasl": {
                    "Scram": {
                        "Enabled": true
                    },
                    "Iam": {
                        "Enabled": true
                    }
                },
                "Tls": {
                    "CertificateAuthorityArnList": [],
                    "Enabled": false
                },
                "Unauthenticated": {
                    "Enabled": false
                }
            },
            "ClusterName": "my-cluster",
            "CurrentVersion": "K2PWKAKR8XB7XF",
            "EncryptionInfo": {
                "EncryptionAtRest": {
                    "DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
                },
                "EncryptionInTransit": {
                    "ClientBroker": "TLS",
                    "InCluster": true
                }
            },
            "EnhancedMonitoring": "PER_TOPIC_PER_BROKER",
            "NumberOfBrokerNodes": 3
        }
}
```

# AwsNetworkFirewall ASFF 中的 資源
<a name="asff-resourcedetails-awsnetworkfirewall"></a>

以下是 `AwsNetworkFirewall` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsNetworkFirewallFirewall
<a name="asff-resourcedetails-awsnetworkfirewallfirewall"></a>

`AwsNetworkFirewallFirewall` 物件包含 AWS Network Firewall 防火牆的詳細資訊。

下列範例顯示 `AwsNetworkFirewallFirewall` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsNetworkFirewallFirewall`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsNetworkFirewallFirewallDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallFirewallDetails.html)。

**範例**

```
"AwsNetworkFirewallFirewall": {
    "DeleteProtection": false,
    "FirewallArn": "arn:aws:network-firewall:us-east-1:024665936331:firewall/testfirewall", 
    "FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall",
    "FirewallId": "dea7d8e9-ae38-4a8a-b022-672a830a99fa",
    "FirewallName": "testfirewall",
    "FirewallPolicyChangeProtection": false,
    "SubnetChangeProtection": false,
    "SubnetMappings": [
        {
            "SubnetId": "subnet-0183481095e588cdc"
        },
        {
            "SubnetId": "subnet-01f518fad1b1c90b0"
        }
    ],
    "VpcId": "vpc-40e83c38"
}
```

## AwsNetworkFirewallFirewallPolicy
<a name="asff-resourcedetails-awsnetworkfirewallfirewallpolicy"></a>

`AwsNetworkFirewallFirewallPolicy` 物件提供防火牆政策的詳細資訊。防火牆政策會定義網路防火牆的行為。

下列範例顯示 `AwsNetworkFirewallFirewallPolicy` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsNetworkFirewallFirewallPolicy`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsNetworkFirewallFirewallPolicyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallFirewallPolicyDetails.html)。

**範例**

```
"AwsNetworkFirewallFirewallPolicy": {
   "FirewallPolicy": {  
    "StatefulRuleGroupReferences": [
        {
            "ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/PatchesOnly"
        }
    ],
    "StatelessDefaultActions": [ "aws:forward_to_sfe" ],
    "StatelessFragmentDefaultActions": [ "aws:forward_to_sfe" ],
    "StatelessRuleGroupReferences": [
       {
          "Priority": 1,
          "ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1"
       }
     ]
   },
   "FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall",
   "FirewallPolicyId": "9ceeda22-6050-4048-a0ca-50ce47f0cc65",
   "FirewallPolicyName": "InitialFirewall",
   "Description": "Initial firewall"
}
```

## AwsNetworkFirewallRuleGroup
<a name="asff-resourcedetails-awsnetworkfirewallrulegroup"></a>

`AwsNetworkFirewallRuleGroup` 物件提供 AWS Network Firewall 規則群組的詳細資訊。規則群組用於檢查和控制網路流量。無狀態規則群組適用於個別封包。狀態規則群組會套用到流量流程中的封包。

防火牆政策中會參考規則群組。

下列範例顯示 `AwsNetworkFirewallRuleGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsNetworkFirewallRuleGroup`屬性的說明，請參閱 *AWS Security Hub API 參考*中的 [AwsNetworkFirewallRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallRuleGroupDetails.html)。

**範例 – 無狀態規則群組**

```
"AwsNetworkFirewallRuleGroup": {
    "Capacity": 600,
    "RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1",
    "RuleGroupId": "fb13c4df-b6da-4c1e-91ec-84b7a5487493",
    "RuleGroupName": "Stateless-1"
    "Description": "Example of a stateless rule group",
    "Type": "STATELESS",
    "RuleGroup": {
        "RulesSource": {
            "StatelessRulesAndCustomActions": {
                "CustomActions": [],
                "StatelessRules": [
                    {
                        "Priority": 1,
                        "RuleDefinition": {
                            "Actions": [
                                "aws:pass"
                            ],
                            "MatchAttributes": {
                                "DestinationPorts": [
                                    {
                                        "FromPort": 443,
                                        "ToPort": 443
                                    }
                                ],
                                "Destinations": [
                                    {
                                        "AddressDefinition": "192.0.2.0/24"
                                    }
                                ],
                                "Protocols": [
                                            6
                                ],
                                "SourcePorts": [
                                    {
                                        "FromPort": 0,
                                        "ToPort": 65535
                                    }
                                ],
                                "Sources": [
                                    {
                                         "AddressDefinition": "198.51.100.0/24"
                                    }
                                ]
                            }
                        }
                    }
                ]
            }
        }
    }
}
```

**範例 – 狀態規則群組**

```
"AwsNetworkFirewallRuleGroup": {
    "Capacity": 100,
    "RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/tupletest",
    "RuleGroupId": "38b71c12-da80-4643-a6c5-03337f8933e0",
    "RuleGroupName": "ExampleRuleGroup",
    "Description": "Example of a stateful rule group",
    "Type": "STATEFUL",
    "RuleGroup": {
        "RuleSource": {
             "StatefulRules": [
                 {
                     "Action": "PASS",
                     "Header": {
                         "Destination": "Any",
                         "DestinationPort": "443",
                         "Direction": "ANY",
                         "Protocol": "TCP",
                         "Source": "Any",
                         "SourcePort": "Any"
                     },
                     "RuleOptions": [
                         {
                            "Keyword": "sid:1"
                         }
                     ]      
                 }
             ]
         }
    }
}
```

以下是`AwsNetworkFirewallRuleGroup`屬性的有效值範例清單：
+ `Action`

  有效值：`PASS` \$1 `DROP` \$1 `ALERT`
+ `Protocol`

  有效值： `IP` \$1 `TCP` \$1 `UDP` \$1 `ICMP` \$1 `HTTP` `FTP` \$1 \$1 `TLS` \$1 `SMB` \$1 `DNS` \$1 `DCERPC` \$1 `SSH` \$1 `SMTP` `IMAP` \$1 `MSN` \$1 `KRB5` \$1 `IKEV2` \$1 `TFTP` \$1 \$1 `NTP` \$1 \$1 \$1 `DHCP`
+ `Flags`

  有效值：`FIN` \$1 `SYN` \$1 `RST` \$1 `PSH` \$1 `ACK` \$1 `URG` \$1 `ECE` \$1 `CWR`
+ `Masks`

  有效值：`FIN` \$1 `SYN` \$1 `RST` \$1 `PSH` \$1 `ACK` \$1 `URG` \$1 `ECE` \$1 `CWR`

# AwsOpenSearchService ASFF 中的 資源
<a name="asff-resourcedetails-awsopensearchservice"></a>

以下是 `AwsOpenSearchService` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsOpenSearchServiceDomain
<a name="asff-resourcedetails-awsopensearchservicedomain"></a>

`AwsOpenSearchServiceDomain` 物件包含 Amazon OpenSearch Service 網域的相關資訊。

下列範例顯示 `AwsOpenSearchServiceDomain` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsOpenSearchServiceDomain`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsOpenSearchServiceDomainDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsOpenSearchServiceDomainDetails.html)。

**範例**

```
"AwsOpenSearchServiceDomain": {
    "AccessPolicies": "IAM_Id",
    "AdvancedSecurityOptions": {
        "Enabled": true,
        "InternalUserDatabaseEnabled": true,
        "MasterUserOptions": {
            "MasterUserArn": "arn:aws:iam::123456789012:user/third-master-use",
            "MasterUserName": "third-master-use",
            "MasterUserPassword": "some-password"
        }
    },
    "Arn": "arn:aws:Opensearch:us-east-1:111122223333:somedomain",
    "ClusterConfig": {
        "InstanceType": "c5.large.search",
        "InstanceCount": 1,
        "DedicatedMasterEnabled": true,
        "ZoneAwarenessEnabled": false,
        "ZoneAwarenessConfig": {
            "AvailabilityZoneCount": 2
        },
        "DedicatedMasterType": "c5.large.search",
        "DedicatedMasterCount": 3,
        "WarmEnabled": true,
        "WarmCount": 3,
        "WarmType": "ultrawarm1.large.search"
    },
    "DomainEndpoint": "https://es-2021-06-23t17-04-qowmgghud5vofgb5e4wmi.eu-central-1.es.amazonaws.com",
    "DomainEndpointOptions": {
        "EnforceHTTPS": false,
        "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
        "CustomEndpointCertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/bda1bff1-79c0-49d0-abe6-50a15a7477d4",
        "CustomEndpointEnabled": true,
        "CustomEndpoint": "example.com"
    },
    "DomainEndpoints": {
        "vpc": "vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com"
    },
    "DomainName": "my-domain",
    "EncryptionAtRestOptions": {
        "Enabled": false,
        "KmsKeyId": "1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a"
    },
    "EngineVersion": "7.1",
    "Id": "123456789012",
    "LogPublishingOptions": {
        "IndexSlowLogs": {
            "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-index-slow-logs",
            "Enabled": true
        },
        "SearchSlowLogs": {
            "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-slow-logs",
            "Enabled": true
        },
        "AuditLogs": {
            "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-slow-logs",
            "Enabled": true
        }
    },
    "NodeToNodeEncryptionOptions": {
        "Enabled": true
    },
    "ServiceSoftwareOptions": {
        "AutomatedUpdateDate": "2022-04-28T14:08:37.000Z",
        "Cancellable": false,
        "CurrentVersion": "R20210331",
        "Description": "There is no software update available for this domain.",
        "NewVersion": "OpenSearch_1.0",
        "UpdateAvailable": false,
        "UpdateStatus": "COMPLETED",
        "OptionalDeployment": false
    },
    "VpcOptions": {
        "SecurityGroupIds": [
            "sg-2a3a4a5a"
        ],
        "SubnetIds": [
            "subnet-1a2a3a4a"
        ],
    }
}
```

# AwsRds ASFF 中的 資源
<a name="asff-resourcedetails-awsrds"></a>

以下是 `AwsRds` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsRdsDbCluster
<a name="asff-resourcedetails-awsrdsdbcluster"></a>

`AwsRdsDbCluster` 物件提供 Amazon RDS 資料庫叢集的詳細資訊。

下列範例顯示 `AwsRdsDbCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbCluster`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbClusterDetails.html)。

**範例**

```
"AwsRdsDbCluster": {
    "ActivityStreamStatus": "stopped",
    "AllocatedStorage": 1,
    "AssociatedRoles": [
        {
        "RoleArn": "arn:aws:iam::777788889999:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
        "Status": "PENDING"
        }
    ],
    "AutoMinorVersionUpgrade": true,
    "AvailabilityZones": [
        "us-east-1a",
        "us-east-1c",
        "us-east-1e"
    ],
    "BackupRetentionPeriod": 1,
    "ClusterCreateTime": "2020-06-22T17:40:12.322Z",
    "CopyTagsToSnapshot": true,
    "CrossAccountClone": false,
    "CustomEndpoints": [],
    "DatabaseName": "Sample name",
    "DbClusterIdentifier": "database-3",
    "DbClusterMembers": [
        {
        "DbClusterParameterGroupStatus": "in-sync",
        "DbInstanceIdentifier": "database-3-instance-1",
        "IsClusterWriter": true,
        "PromotionTier": 1,
        }
    ],
    "DbClusterOptionGroupMemberships": [],
    "DbClusterParameterGroup": "cluster-parameter-group",
    "DbClusterResourceId": "cluster-example",
    "DbSubnetGroup": "subnet-group",
    "DeletionProtection": false,
    "DomainMemberships": [],
    "Status": "modifying",
    "EnabledCloudwatchLogsExports": [
        "audit",
        "error",
        "general",
        "slowquery"
    ],
    "Endpoint": "database-3.cluster-example.us-east-1.rds.amazonaws.com",
    "Engine": "aurora-mysql",
    "EngineMode": "provisioned",
    "EngineVersion": "5.7.mysql_aurora.2.03.4",
    "HostedZoneId": "ZONE1",
    "HttpEndpointEnabled": false,
    "IamDatabaseAuthenticationEnabled": false,
    "KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
    "MasterUsername": "admin",
    "MultiAz": false,
    "Port": 3306,
    "PreferredBackupWindow": "04:52-05:22",
    "PreferredMaintenanceWindow": "sun:09:32-sun:10:02",
    "ReaderEndpoint": "database-3.cluster-ro-example.us-east-1.rds.amazonaws.com",
    "ReadReplicaIdentifiers": [],
    "Status": "Modifying",
    "StorageEncrypted": true,
    "VpcSecurityGroups": [
        {
            "Status": "active",
            "VpcSecurityGroupId": "sg-example-1"
        }
    ],
}
```

## AwsRdsDbClusterSnapshot
<a name="asff-resourcedetails-awsrdsdbclustersnapshot"></a>

`AwsRdsDbClusterSnapshot` 物件包含 Amazon RDS 資料庫叢集快照的相關資訊。

下列範例顯示 `AwsRdsDbClusterSnapshot` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbClusterSnapshot`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbClusterSnapshotDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbClusterSnapshotDetails.html)。

**範例**

```
"AwsRdsDbClusterSnapshot": {
    "AllocatedStorage": 0,
    "AvailabilityZones": [
        "us-east-1a",
        "us-east-1d",
        "us-east-1e"
    ],
    "ClusterCreateTime": "2020-06-12T13:23:15.577Z",
    "DbClusterIdentifier": "database-2",
    "DbClusterSnapshotAttributes": [{
        "AttributeName": "restore",
        "AttributeValues": ["123456789012"]
    }],
    "DbClusterSnapshotIdentifier": "rds:database-2-2020-06-23-03-52",
    "Engine": "aurora",
    "EngineVersion": "5.6.10a",
    "IamDatabaseAuthenticationEnabled": false,
    "KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
    "LicenseModel": "aurora",
    "MasterUsername": "admin",
    "PercentProgress": 100,
    "Port": 0,
    "SnapshotCreateTime": "2020-06-22T17:40:12.322Z",
    "SnapshotType": "automated",
    "Status": "available",
    "StorageEncrypted": true,
    "VpcId": "vpc-faf7e380"
}
```

## AwsRdsDbInstance
<a name="asff-resourcedetails-awsrdsdbinstance"></a>

`AwsRdsDbInstance` 物件提供 Amazon RDS 資料庫執行個體的詳細資訊。

下列範例顯示 `AwsRdsDbInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbInstance`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbInstanceDetails.html)。

**範例**

```
"AwsRdsDbInstance": {
    "AllocatedStorage": 20,
    "AssociatedRoles": [],
    "AutoMinorVersionUpgrade": true,
    "AvailabilityZone": "us-east-1d",
    "BackupRetentionPeriod": 7,
    "CaCertificateIdentifier": "certificate1",
    "CharacterSetName": "",
    "CopyTagsToSnapshot": true,
    "DbClusterIdentifier": "",
    "DbInstanceArn": "arn:aws:rds:us-east-1:111122223333:db:database-1",
    "DbInstanceClass": "db.t2.micro",
    "DbInstanceIdentifier": "database-1",
    "DbInstancePort": 0,
    "DbInstanceStatus": "available",
    "DbiResourceId": "db-EXAMPLE123",
    "DbName": "",
    "DbParameterGroups": [
        {
            "DbParameterGroupName": "default.mysql5.7",
            "ParameterApplyStatus": "in-sync"
        }
    ],
    "DbSecurityGroups": [],                                                                                                                                                                                                 
    "DbSubnetGroup": {
        "DbSubnetGroupName": "my-group-123abc",
        "DbSubnetGroupDescription": "My subnet group",
        "VpcId": "vpc-example1",
        "SubnetGroupStatus": "Complete",
        "Subnets": [
            {
                "SubnetIdentifier": "subnet-123abc",
                "SubnetAvailabilityZone": {
                    "Name": "us-east-1d"
                },
                "SubnetStatus": "Active"
            },
            {
                "SubnetIdentifier": "subnet-456def",
                "SubnetAvailabilityZone": {
                    "Name": "us-east-1c"
                },
                "SubnetStatus": "Active"
            }
      ],
        "DbSubnetGroupArn": ""
    },
    "DeletionProtection": false,
    "DomainMemberships": [],
    "EnabledCloudWatchLogsExports": [],
    "Endpoint": {
        "address": "database-1.example.us-east-1.rds.amazonaws.com",
        "port": 3306,
        "hostedZoneId": "ZONEID1"
    },
    "Engine": "mysql",
    "EngineVersion": "5.7.22",
    "EnhancedMonitoringResourceArn": "arn:aws:logs:us-east-1:111122223333:log-group:Example:log-stream:db-EXAMPLE1",
    "IamDatabaseAuthenticationEnabled": false,
    "InstanceCreateTime": "2020-06-22T17:40:12.322Z",
    "Iops": "",
    "KmsKeyId": "",
    "LatestRestorableTime": "2020-06-24T05:50:00.000Z",
    "LicenseModel": "general-public-license",
    "ListenerEndpoint": "",
    "MasterUsername": "admin",
    "MaxAllocatedStorage": 1000,
    "MonitoringInterval": 60,
    "MonitoringRoleArn": "arn:aws:iam::111122223333:role/rds-monitoring-role",
    "MultiAz": false,
    "OptionGroupMemberships": [
        {
            "OptionGroupName": "default:mysql-5-7",
            "Status": "in-sync"
        }
    ],
    "PreferredBackupWindow": "03:57-04:27",
    "PreferredMaintenanceWindow": "thu:10:13-thu:10:43",
    "PendingModifiedValues": {
        "DbInstanceClass": "",
        "AllocatedStorage": "",
        "MasterUserPassword": "",
        "Port": "",
        "BackupRetentionPeriod": "",
        "MultiAZ": "",
        "EngineVersion": "",
        "LicenseModel": "",
        "Iops": "",
        "DbInstanceIdentifier": "",
        "StorageType": "",
        "CaCertificateIdentifier": "",
        "DbSubnetGroupName": "",
        "PendingCloudWatchLogsExports": "",
        "ProcessorFeatures": []
    },
    "PerformanceInsightsEnabled": false,
    "PerformanceInsightsKmsKeyId": "",
    "PerformanceInsightsRetentionPeriod": "",
    "ProcessorFeatures": [],
    "PromotionTier": "",
    "PubliclyAccessible": false,
    "ReadReplicaDBClusterIdentifiers": [],
    "ReadReplicaDBInstanceIdentifiers": [],
    "ReadReplicaSourceDBInstanceIdentifier": "",
    "SecondaryAvailabilityZone": "",
    "StatusInfos": [],
    "StorageEncrypted": false,
    "StorageType": "gp2",
    "TdeCredentialArn": "",
    "Timezone": "",
    "VpcSecurityGroups": [
        {
            "VpcSecurityGroupId": "sg-example1",
            "Status": "active"
        }
    ]
}
```

## AwsRdsDbSecurityGroup
<a name="asff-resourcedetails-awsrdsdbsecuritygroup"></a>

`AwsRdsDbSecurityGroup` 物件包含 Amazon Relational Database Service 的相關資訊

下列範例顯示 `AwsRdsDbSecurityGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbSecurityGroup`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbSecurityGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbSecurityGroupDetails.html)。

**範例**

```
"AwsRdsDbSecurityGroup": {
    "DbSecurityGroupArn": "arn:aws:rds:us-west-1:111122223333:secgrp:default",
    "DbSecurityGroupDescription": "default",
    "DbSecurityGroupName": "mysecgroup",
    "Ec2SecurityGroups": [
        {
          "Ec2SecurityGroupuId": "myec2group",
          "Ec2SecurityGroupName": "default",
          "Ec2SecurityGroupOwnerId": "987654321021",
          "Status": "authorizing"
        }
    ],
    "IpRanges": [
        {
          "Cidrip": "0.0.0.0/0",
          "Status": "authorizing"
        }
    ],
    "OwnerId": "123456789012",
    "VpcId": "vpc-1234567f"
}
```

## AwsRdsDbSnapshot
<a name="asff-resourcedetails-awsrdsdbsnapshot"></a>

`AwsRdsDbSnapshot` 物件包含 Amazon RDS 資料庫叢集快照的詳細資訊。

下列範例顯示 `AwsRdsDbSnapshot` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbSnapshot`屬性的說明，請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbSnapshotDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbSnapshotDetails.html)。

**範例**

```
"AwsRdsDbSnapshot": {
    "DbSnapshotIdentifier": "rds:database-1-2020-06-22-17-41",
    "DbInstanceIdentifier": "database-1",
    "SnapshotCreateTime": "2020-06-22T17:41:29.967Z",
    "Engine": "mysql",
    "AllocatedStorage": 20,
    "Status": "available",
    "Port": 3306,
    "AvailabilityZone": "us-east-1d",
    "VpcId": "vpc-example1",
    "InstanceCreateTime": "2020-06-22T17:40:12.322Z",
    "MasterUsername": "admin",
    "EngineVersion": "5.7.22",
    "LicenseModel": "general-public-license",
    "SnapshotType": "automated",
    "Iops": null,
    "OptionGroupName": "default:mysql-5-7",
    "PercentProgress": 100,
    "SourceRegion": null,
    "SourceDbSnapshotIdentifier": "",
    "StorageType": "gp2",
    "TdeCredentialArn": "",
    "Encrypted": false,
    "KmsKeyId": "",
    "Timezone": "",
    "IamDatabaseAuthenticationEnabled": false,
    "ProcessorFeatures": [],
    "DbiResourceId": "db-resourceexample1"
}
```

## AwsRdsEventSubscription
<a name="asff-resourcedetails-awsrdseventsubscription"></a>

`AwsRdsEventSubscription` 包含 RDS 事件通知訂閱的詳細資訊。訂閱可讓 RDS 將事件發佈至 SNS 主題。

下列範例顯示 `AwsRdsEventSubscription` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsEventSubscription`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsRdsEventSubscriptionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsEventSubscriptionDetails.html)。

**範例**

```
"AwsRdsEventSubscription": {
    "CustSubscriptionId": "myawsuser-secgrp",
    "CustomerAwsId": "111111111111",
    "Enabled": true,
    "EventCategoriesList": [
        "configuration change",
        "failure"
    ],
    "EventSubscriptionArn": "arn:aws:rds:us-east-1:111111111111:es:my-instance-events",
    "SnsTopicArn": "arn:aws:sns:us-east-1:111111111111:myawsuser-RDS",
    "SourceIdsList": [
        "si-sample",
        "mysqldb-rr"
    ],
    "SourceType": "db-security-group",
    "Status": "creating",
    "SubscriptionCreationTime": "2021-06-27T01:38:01.090Z"
}
```

# AwsRedshift ASFF 中的 資源
<a name="asff-resourcedetails-awsredshift"></a>

以下是 `AwsRedshift` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsRedshiftCluster
<a name="asff-resourcedetails-awsredshiftcluster"></a>

`AwsRedshiftCluster` 物件包含 Amazon Redshift 叢集的詳細資訊。

下列範例顯示 `AwsRedshiftCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRedshiftCluster`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsRedshiftClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRedshiftClusterDetails.html)。

**範例**

```
"AwsRedshiftCluster": {
    "AllowVersionUpgrade": true,
    "AutomatedSnapshotRetentionPeriod": 1,
    "AvailabilityZone": "us-west-2d",
    "ClusterAvailabilityStatus": "Unavailable",
    "ClusterCreateTime": "2020-08-03T19:22:44.637Z",
    "ClusterIdentifier": "redshift-cluster-1",
    "ClusterNodes": [
        {
            "NodeRole": "LEADER",
            "PrivateIPAddress": "192.0.2.108",
            "PublicIPAddress": "198.51.100.29"
        },
        {
            "NodeRole": "COMPUTE-0",
            "PrivateIPAddress": "192.0.2.22",
            "PublicIPAddress": "198.51.100.63"
        },
        {
             "NodeRole": "COMPUTE-1",
             "PrivateIPAddress": "192.0.2.224",
             "PublicIPAddress": "198.51.100.226"
        }
        ],
    "ClusterParameterGroups": [
        { 
            "ClusterParameterStatusList": [
                {
                    "ParameterName": "max_concurrency_scaling_clusters",
                    "ParameterApplyStatus": "in-sync",
                    "ParameterApplyErrorDescription": "parameterApplyErrorDescription"
                },
                {
                    "ParameterName": "enable_user_activity_logging",
                    "ParameterApplyStatus": "in-sync",
                    "ParameterApplyErrorDescription": "parameterApplyErrorDescription"
                },
                {
                    "ParameterName": "auto_analyze",
                    "ParameterApplyStatus": "in-sync",
                    "ParameterApplyErrorDescription": "parameterApplyErrorDescription"
                },
                {
                    "ParameterName": "query_group",
                    "ParameterApplyStatus": "in-sync",
                    "ParameterApplyErrorDescription": "parameterApplyErrorDescription"
                },
                {
                    "ParameterName": "datestyle",
                    "ParameterApplyStatus": "in-sync",
                    "ParameterApplyErrorDescription": "parameterApplyErrorDescription"
                },
                {
                    "ParameterName": "extra_float_digits",
                    "ParameterApplyStatus": "in-sync",
                    "ParameterApplyErrorDescription": "parameterApplyErrorDescription"
                },
                {
                    "ParameterName": "search_path",
                    "ParameterApplyStatus": "in-sync",
                    "ParameterApplyErrorDescription": "parameterApplyErrorDescription"
                },
                {
                    "ParameterName": "statement_timeout",
                    "ParameterApplyStatus": "in-sync",
                    "ParameterApplyErrorDescription": "parameterApplyErrorDescription"
                },
                {
                    "ParameterName": "wlm_json_configuration",
                    "ParameterApplyStatus": "in-sync",
                    "ParameterApplyErrorDescription": "parameterApplyErrorDescription"
                },
                {
                    "ParameterName": "require_ssl",
                    "ParameterApplyStatus": "in-sync",
                    "ParameterApplyErrorDescription": "parameterApplyErrorDescription"
                },
                {
                    "ParameterName": "use_fips_ssl",
                    "ParameterApplyStatus": "in-sync",
                    "ParameterApplyErrorDescription": "parameterApplyErrorDescription"
                }
            ],
            "ParameterApplyStatus": "in-sync",
            "ParameterGroupName": "temp"
        }
    ], 
    "ClusterPublicKey": "JalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Amazon-Redshift",
    "ClusterRevisionNumber": 17498,
    "ClusterSecurityGroups": [
        {
            "ClusterSecurityGroupName": "default",
            "Status": "active"
        }
    ],
    "ClusterSnapshotCopyStatus": {
        "DestinationRegion": "us-west-2",
        "ManualSnapshotRetentionPeriod": -1,
        "RetentionPeriod": 1,
        "SnapshotCopyGrantName": "snapshotCopyGrantName"
    },
    "ClusterStatus": "available",
    "ClusterSubnetGroupName": "default",
    "ClusterVersion": "1.0",
    "DBName": "dev",
    "DeferredMaintenanceWindows": [
        {
            "DeferMaintenanceEndTime": "2020-10-07T20:34:01.000Z",
            "DeferMaintenanceIdentifier": "deferMaintenanceIdentifier",
            "DeferMaintenanceStartTime": "2020-09-07T20:34:01.000Z"
        }
     ],
    "ElasticIpStatus": {
        "ElasticIp": "203.0.113.29",
        "Status": "active"
    },
    "ElasticResizeNumberOfNodeOptions": "4",  
    "Encrypted": false,
    "Endpoint": {
        "Address": "redshift-cluster-1.example.us-west-2.redshift.amazonaws.com",
        "Port": 5439
    },
    "EnhancedVpcRouting": false,
    "ExpectedNextSnapshotScheduleTime": "2020-10-13T20:34:01.000Z",
    "ExpectedNextSnapshotScheduleTimeStatus": "OnTrack",
    "HsmStatus": {
        "HsmClientCertificateIdentifier": "hsmClientCertificateIdentifier",
        "HsmConfigurationIdentifier": "hsmConfigurationIdentifier",
        "Status": "applying"
    },
    "IamRoles": [
        {
             "ApplyStatus": "in-sync",
             "IamRoleArn": "arn:aws:iam::111122223333:role/RedshiftCopyUnload"   
        }
    ],
    "KmsKeyId": "kmsKeyId",
    "LoggingStatus": {
        "BucketName": "amzn-s3-demo-bucket",
        "LastFailureMessage": "test message",
        "LastFailureTime": "2020-08-09T13:00:00.000Z",
        "LastSuccessfulDeliveryTime": "2020-08-08T13:00:00.000Z",
        "LoggingEnabled": true,
        "S3KeyPrefix": "/"
    },
    "MaintenanceTrackName": "current",
    "ManualSnapshotRetentionPeriod": -1,
    "MasterUsername": "awsuser",
    "NextMaintenanceWindowStartTime": "2020-08-09T13:00:00.000Z",
    "NodeType": "dc2.large",
    "NumberOfNodes": 2,
    "PendingActions": [],
    "PendingModifiedValues": {
        "AutomatedSnapshotRetentionPeriod": 0,
        "ClusterIdentifier": "clusterIdentifier",
        "ClusterType": "clusterType",
        "ClusterVersion": "clusterVersion",
        "EncryptionType": "None",
        "EnhancedVpcRouting": false,
        "MaintenanceTrackName": "maintenanceTrackName",
        "MasterUserPassword": "masterUserPassword",
        "NodeType": "dc2.large",
        "NumberOfNodes": 1,
        "PubliclyAccessible": true
    },
    "PreferredMaintenanceWindow": "sun:13:00-sun:13:30",
    "PubliclyAccessible": true,
    "ResizeInfo": {
        "AllowCancelResize": true,
        "ResizeType": "ClassicResize"
    },
    "RestoreStatus": {
        "CurrentRestoreRateInMegaBytesPerSecond": 15,
        "ElapsedTimeInSeconds": 120,
        "EstimatedTimeToCompletionInSeconds": 100,
        "ProgressInMegaBytes": 10,
        "SnapshotSizeInMegaBytes": 1500,
        "Status": "restoring"
    },
    "SnapshotScheduleIdentifier": "snapshotScheduleIdentifier",
    "SnapshotScheduleState": "ACTIVE",
     "VpcId": "vpc-example",
    "VpcSecurityGroups": [
        {
            "Status": "active",
            "VpcSecurityGroupId": "sg-example"
        }
    ]
}
```

# AwsRoute53 ASFF 中的 資源
<a name="asff-resourcedetails-awsroute53"></a>

以下是 `AwsRoute53` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsRoute53HostedZone
<a name="asff-resourcedetails-awsroute53hostedzone"></a>

`AwsRoute53HostedZone` 物件提供有關 Amazon Route 53 託管區域的資訊，包括指派給託管區域的四個名稱伺服器。託管區域代表可一起管理的記錄集合，屬於單一父系網域名稱。

下列範例顯示 `AwsRoute53HostedZone` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRoute53HostedZone`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsRoute53HostedZoneDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRoute53HostedZoneDetails.html)。

**範例**

```
"AwsRoute53HostedZone": {
    "HostedZone": {
        "Id": "Z06419652JEMGO9TA2XKL",
        "Name": "asff.testing",
        "Config": {
            "Comment": "This is an example comment."
        }
    },
    "NameServers": [
        "ns-470.awsdns-32.net",
        "ns-1220.awsdns-12.org",
        "ns-205.awsdns-13.com",
        "ns-1960.awsdns-51.co.uk"
    ],
    "QueryLoggingConfig": {
        "CloudWatchLogsLogGroupArn": {
            "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:asfftesting:*",
            "Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
            "HostedZoneId": "Z00932193AF5H180PPNZD"
        }
    },
    "Vpcs": [
        {
            "Id": "vpc-05d7c6e36bc03ea76",
            "Region": "us-east-1"
        }
    ]
}
```

# AwsS3 ASFF 中的 資源
<a name="asff-resourcedetails-awss3"></a>

以下是 `AwsS3` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsS3AccessPoint
<a name="asff-resourcedetails-awss3accesspoint"></a>

`AwsS3AccessPoint` 提供 Amazon S3 存取點的相關資訊。S3 存取點是連接至 S3 儲存貯體的具名網路端點，可用來執行 S3 物件操作。

下列範例顯示 `AwsS3AccessPoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3AccessPoint`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsS3AccessPointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3AccessPointDetails.html)。

**範例**

```
"AwsS3AccessPoint": {
        "AccessPointArn": "arn:aws:s3:us-east-1:123456789012:accesspoint/asff-access-point",
        "Alias": "asff-access-point-hrzrlukc5m36ft7okagglf3gmwluquse1b-s3alias",
        "Bucket": "amzn-s3-demo-bucket",
        "BucketAccountId": "123456789012",
        "Name": "asff-access-point",
        "NetworkOrigin": "VPC",
        "PublicAccessBlockConfiguration": {
            "BlockPublicAcls": true,
            "BlockPublicPolicy": true,
            "IgnorePublicAcls": true,
            "RestrictPublicBuckets": true
        },
        "VpcConfiguration": {
            "VpcId": "vpc-1a2b3c4d5e6f1a2b3"
        }
}
```

## AwsS3AccountPublicAccessBlock
<a name="asff-resourcedetails-awss3accountpublicaccessblock"></a>

`AwsS3AccountPublicAccessBlock` 提供帳戶 Amazon S3 公有存取區塊組態的相關資訊。

下列範例顯示 `AwsS3AccountPublicAccessBlock` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3AccountPublicAccessBlock`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsS3AccountPublicAccessBlockDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3AccountPublicAccessBlockDetails.html)。

**範例**

```
"AwsS3AccountPublicAccessBlock": {
    "BlockPublicAcls": true,
    "BlockPublicPolicy": true,
    "IgnorePublicAcls": false,
    "RestrictPublicBuckets": true
}
```

## AwsS3Bucket
<a name="asff-resourcedetails-awss3bucket"></a>

`AwsS3Bucket` 物件提供 Amazon S3 儲存貯體的詳細資訊。

下列範例顯示 `AwsS3Bucket` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3Bucket`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsS3BucketDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3BucketDetails.html)。

**範例**

```
"AwsS3Bucket": {
    "AccessControlList": "{\"grantSet\":null,\"grantList\":[{\"grantee\":{\"id\":\"4df55416215956920d9d056aa8b99803a294ea221222bb668b55a8c6bca81094\",\"displayName\":null},\"permission\":\"FullControl\"},{\"grantee\":\"AllUsers\",\"permission\":\"ReadAcp\"},{\"grantee\":\"AuthenticatedUsers\",\"permission\":\"ReadAcp\"}",,
    "BucketLifecycleConfiguration": {
       "Rules": [
           {
               "AbortIncompleteMultipartUpload": {
                   "DaysAfterInitiation": 5
               },
               "ExpirationDate": "2021-11-10T00:00:00.000Z",
               "ExpirationInDays": 365,
               "ExpiredObjectDeleteMarker": false,
               "Filter": {
                   "Predicate": {
                       "Operands": [
                           {
                               "Prefix": "tmp/",
                               "Type": "LifecyclePrefixPredicate"
                           },
                           {
                               "Tag": {
                                   "Key": "ArchiveAge",
                                   "Value": "9m"
                               },
                               "Type": "LifecycleTagPredicate"
                           }
                       ],
                       "Type": "LifecycleAndOperator"
                   }
               },
               "ID": "Move rotated logs to Glacier",
               "NoncurrentVersionExpirationInDays": -1,
               "NoncurrentVersionTransitions": [
                   {
                       "Days": 2,
                       "StorageClass": "GLACIER"
                   }
               ],
               "Prefix": "rotated/",
               "Status": "Enabled",
               "Transitions": [
                   {
                       "Date": "2020-11-10T00:00:00.000Z",
                       "Days": 100,
                       "StorageClass": "GLACIER"
                   }
               ]
           }
       ]
    },
    "BucketLoggingConfiguration": {
    	"DestinationBucketName": "s3serversideloggingbucket-123456789012",
    	"LogFilePrefix": "buckettestreadwrite23435/"
    },
    "BucketName": "amzn-s3-demo-bucket",
    "BucketNotificationConfiguration": {
    	"Configurations": [{
    		"Destination": "arn:aws:lambda:us-east-1:123456789012:function:s3_public_write",
    		"Events": [
    			"s3:ObjectCreated:Put"
    		],
    		"Filter": {
    			"S3KeyFilter": {
    				"FilterRules": [
    				{
    					"Name": "AffS3BucketNotificationConfigurationS3KeyFilterRuleName.PREFIX",
    					"Value": "pre"
    				},
    				{
    					"Name": "AffS3BucketNotificationConfigurationS3KeyFilterRuleName.SUFFIX",
    					"Value": "suf"
    				},
    				]
    			}
    		},
    		"Type": "LambdaConfiguration"
    	}]
    },
    "BucketVersioningConfiguration": {
    	"IsMfaDeleteEnabled": true,
    	"Status": "Off"
    },
    "BucketWebsiteConfiguration": {
    	"ErrorDocument": "error.html",
    	"IndexDocumentSuffix": "index.html",
    	"RedirectAllRequestsTo": {
    		"HostName": "example.com",
    		"Protocol": "http"
    	},
    	"RoutingRules": [{
    		"Condition": {
    			"HttpErrorCodeReturnedEquals": "Redirected",
    			"KeyPrefixEquals": "index"
    					},
    		"Redirect": {
    			"HostName": "example.com",
    			"HttpRedirectCode": "401",
    			"Protocol": "HTTP",
    			"ReplaceKeyPrefixWith": "string",
    			"ReplaceKeyWith": "string"
    		}
    	}]
    },
    "CreatedAt": "2007-11-30T01:46:56.000Z",
    "ObjectLockConfiguration": {
    	"ObjectLockEnabled": "Enabled",
    	"Rule": {
    		"DefaultRetention": {
    			"Days": null,
    			"Mode": "GOVERNANCE",
    			"Years": 12
    		},
    	},
    },
    "OwnerId": "AIDACKCEVSQ6C2EXAMPLE",
    "OwnerName": "s3bucketowner",
    "PublicAccessBlockConfiguration": {
        "BlockPublicAcls": true,
        "BlockPublicPolicy": true,
        "IgnorePublicAcls": true,
        "RestrictPublicBuckets": true,
    },
    "ServerSideEncryptionConfiguration": {
        "Rules": [
            {
                "ApplyServerSideEncryptionByDefault": {
                    "SSEAlgorithm": "AES256",
                    "KMSMasterKeyID": "12345678-abcd-abcd-abcd-123456789012"
                }
            }
        ]
     }
}
```

## AwsS3Object
<a name="asff-resourcedetails-awss3object"></a>

`AwsS3Object` 物件提供 Amazon S3 物件的相關資訊。

下列範例顯示 `AwsS3Object` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3Object`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsS3ObjectDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3ObjectDetails.html)。

**範例**

```
"AwsS3Object": {
    "ContentType": "text/html",
    "ETag": "\"30a6ec7e1a9ad79c203d05a589c8b400\"",
    "LastModified": "2012-04-23T18:25:43.511Z",
    "ServerSideEncryption": "aws:kms",
    "SSEKMSKeyId": "arn:aws:kms:us-west-2:123456789012:key/4dff8393-e225-4793-a9a0-608ec069e5a7",
    "VersionId": "ws31OurgOOjH_HHllIxPE35P.MELYaYh"
}
```

# AwsSageMaker ASFF 中的 資源
<a name="asff-resourcedetails-awssagemaker"></a>

以下是 `AwsSageMaker` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsSageMakerNotebookInstance
<a name="asff-resourcedetails-awssagemakernotebookinstance"></a>

`AwsSageMakerNotebookInstance` 物件提供有關 Amazon SageMaker AI 筆記本執行個體的資訊，這是執行 Jupyter 筆記本應用程式的機器學習運算執行個體。

下列範例顯示 `AwsSageMakerNotebookInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSageMakerNotebookInstance`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsSageMakerNotebookInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSageMakerNotebookInstanceDetails.html)。

**範例**

```
"AwsSageMakerNotebookInstance": {
    "DirectInternetAccess": "Disabled",
    "InstanceMetadataServiceConfiguration": {
    	"MinimumInstanceMetadataServiceVersion": "1",
    },
    "InstanceType": "ml.t2.medium",
    "LastModifiedTime": "2022-09-09 22:48:32.012000+00:00",
    "NetworkInterfaceId": "eni-06c09ac2541a1bed3",
    "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:001098605940:notebook-instance/sagemakernotebookinstancerootaccessdisabledcomplia-8myjcyofzixm",
    "NotebookInstanceName": "SagemakerNotebookInstanceRootAccessDisabledComplia-8MYjcyofZiXm",
    "NotebookInstanceStatus": "InService",
    "PlatformIdentifier": "notebook-al1-v1",
    "RoleArn": "arn:aws:iam::001098605940:role/sechub-SageMaker-1-scenar-SageMakerCustomExecution-1R0X32HGC38IW",
    "RootAccess": "Disabled",
    "SecurityGroups": [
    	"sg-06b347359ab068745"
    ],
    "SubnetId": "subnet-02c0deea5fa64578e",
    "Url": "sagemakernotebookinstancerootaccessdisabledcomplia-8myjcyofzixm.notebook.us-east-1.sagemaker.aws",
    "VolumeSizeInGB": 5
}
```

# AwsSecretsManager ASFF 中的 資源
<a name="asff-resourcedetails-awssecretsmanager"></a>

以下是 `AwsSecretsManager` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsSecretsManagerSecret
<a name="asff-resourcedetails-awssecretsmanagersecret"></a>

`AwsSecretsManagerSecret` 物件提供 Secrets Manager 秘密的詳細資訊。

下列範例顯示 `AwsSecretsManagerSecret` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSecretsManagerSecret`屬性的說明，請參閱 *AWS Security Hub API 參考*中的 [AwsSecretsManagerSecretDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecretsManagerSecretDetails.html)。

**範例**

```
"AwsSecretsManagerSecret": {
    "RotationRules": {
        "AutomaticallyAfterDays": 30
    },
    "RotationOccurredWithinFrequency": true,
    "KmsKeyId": "kmsKeyId",
    "RotationEnabled": true,
    "RotationLambdaArn": "arn:aws:lambda:us-west-2:777788889999:function:MyTestRotationLambda",
    "Deleted": false,
    "Name": "MyTestDatabaseSecret",
    "Description": "My test database secret"
}
```

# AwsSns ASFF 中的 資源
<a name="asff-resourcedetails-awssns"></a>

以下是 `AwsSns` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsSnsTopic
<a name="asff-resourcedetails-awssnstopic"></a>

`AwsSnsTopic` 物件包含 Amazon Simple Notification Service 主題的詳細資訊。

下列範例顯示 `AwsSnsTopic` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSnsTopic`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsSnsTopicDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSnsTopicDetails.html)。

**範例**

```
"AwsSnsTopic": {
    "ApplicationSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/ApplicationSuccessFeedbackRoleArn",                        
    "FirehoseFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/FirehoseFailureFeedbackRoleArn",
    "FirehoseSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/FirehoseSuccessFeedbackRoleArn",
    "HttpFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/HttpFailureFeedbackRoleArn",
    "HttpSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/HttpSuccessFeedbackRoleArn",                         
    "KmsMasterKeyId": "alias/ExampleAlias",
    "Owner": "123456789012",
    "SqsFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/SqsFailureFeedbackRoleArn",
    "SqsSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/SqsSuccessFeedbackRoleArn",                         
    "Subscription": {
         "Endpoint": "http://sampleendpoint.com",
         "Protocol": "http"
    },
    "TopicName": "SampleTopic"
}
```

# AwsSqs ASFF 中的 資源
<a name="asff-resourcedetails-awssqs"></a>

以下是 `AwsSqs` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsSqsQueue
<a name="asff-resourcedetails-awssqsqueue"></a>

`AwsSqsQueue` 物件包含 Amazon Simple Queue Service 佇列的相關資訊。

下列範例顯示 `AwsSqsQueue` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSqsQueue`屬性的說明，請參閱 *AWS Security Hub API 參考*中的 [AwsSqsQueueDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSqsQueueDetails.html)。

**範例**

```
"AwsSqsQueue": {
    "DeadLetterTargetArn": "arn:aws:sqs:us-west-2:123456789012:queue/target",
    "KmsDataKeyReusePeriodSeconds": 60,,
    "KmsMasterKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
    "QueueName": "sample-queue"
}
```

# AwsSsm ASFF 中的 資源
<a name="asff-resourcedetails-awsssm"></a>

以下是 `AwsSsm` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsSsmPatchCompliance
<a name="asff-resourcedetails-awsssmpatchcompliance"></a>

`AwsSsmPatchCompliance` 物件會根據用來修補執行個體的修補程式基準，提供執行個體上修補程式狀態的相關資訊。

下列範例顯示 `AwsSsmPatchCompliance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSsmPatchCompliance`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsSsmPatchComplianceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSsmPatchComplianceDetails.html)。

**範例**

```
"AwsSsmPatchCompliance": {
    "Patch": {
        "ComplianceSummary": {
            "ComplianceType": "Patch",
            "CompliantCriticalCount": 0,
            "CompliantHighCount": 0,
            "CompliantInformationalCount": 0,
            "CompliantLowCount": 0,
            "CompliantMediumCount": 0,
            "CompliantUnspecifiedCount": 461,
            "ExecutionType": "Command",
            "NonCompliantCriticalCount": 0,
            "NonCompliantHighCount": 0,
            "NonCompliantInformationalCount": 0,
            "NonCompliantLowCount": 0,
            "NonCompliantMediumCount": 0,
            "NonCompliantUnspecifiedCount": 0,
            "OverallSeverity": "UNSPECIFIED",
            "PatchBaselineId": "pb-0c5b2769ef7cbe587",
            "PatchGroup": "ExamplePatchGroup",
            "Status": "COMPLIANT"
        }
    }
}
```

# AwsStepFunctions ASFF 中的 資源
<a name="asff-resourcedetails-awsstepfunctions"></a>

以下是 `AwsStepFunctions` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsStepFunctionStateMachine
<a name="asff-resourcedetails-awsstepfunctionstatemachine"></a>

`AwsStepFunctionStateMachine` 物件提供有關 AWS Step Functions 狀態機器的資訊，這是由一系列事件驅動步驟組成的工作流程。

下列範例顯示 `AwsStepFunctionStateMachine` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsStepFunctionStateMachine`屬性的說明，請參閱 *AWS Security Hub API 參考*中的 [AwsStepFunctionStateMachine](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsStepFunctionStateMachineDetails.html)。

**範例**

```
"AwsStepFunctionStateMachine": {
    "StateMachineArn": "arn:aws:states:us-east-1:123456789012:stateMachine:StepFunctionsLogDisableNonCompliantResource-fQLujTeXvwsb",
    "Name": "StepFunctionsLogDisableNonCompliantResource-fQLujTeXvwsb",
    "Status": "ACTIVE",
    "RoleArn": "arn:aws:iam::123456789012:role/teststepfunc-StatesExecutionRole-1PNM71RVO1UKT",
    "Type": "STANDARD",
    "LoggingConfiguration": {
        "Level": "OFF",
        "IncludeExecutionData": false
    },
    "TracingConfiguration": {
        "Enabled": false
    }
}
```

# AwsWaf ASFF 中的 資源
<a name="asff-resourcedetails-awswaf"></a>

以下是 `AwsWaf` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsWafRateBasedRule
<a name="asff-resourcedetails-awswafratebasedrule"></a>

`AwsWafRateBasedRule` 物件包含全域 AWS WAF 資源的速率型規則詳細資訊。以 AWS WAF 速率為基礎的規則提供設定，指出何時允許、封鎖或計數請求。以速率為基礎的規則包括在指定期間內到達的請求數量。

下列範例顯示 `AwsWafRateBasedRule` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRateBasedRule`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsWafRateBasedRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRateBasedRuleDetails.html)。

**範例**

```
"AwsWafRateBasedRule":{
    "MatchPredicates" : [{
        "DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0",
        "Negated" : "True",
        "Type" : "IPMatch" ,
    }],
    "MetricName" : "MetricName",
    "Name" : "Test",
    "RateKey" : "IP",
    "RateLimit" : 235000,
    "RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f"
}
```

## AwsWafRegionalRateBasedRule
<a name="asff-resourcedetails-awswafregionalratebasedrule"></a>

`AwsWafRegionalRateBasedRule` 物件包含區域資源的速率型規則詳細資訊。以速率為基礎的規則提供設定，指出何時允許、封鎖或計數請求。以速率為基礎的規則包括在指定期間內到達的請求數量。

下列範例顯示 `AwsWafRegionalRateBasedRule` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRegionalRateBasedRule`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalRateBasedRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRateBasedRuleDetails.html)。

**範例**

```
"AwsWafRegionalRateBasedRule":{
    "MatchPredicates" : [{
        "DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0",
        "Negated" : "True",
        "Type" : "IPMatch" ,
    }],
    "MetricName" : "MetricName",
    "Name" : "Test",
    "RateKey" : "IP",
    "RateLimit" : 235000,
    "RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f"
}
```

## AwsWafRegionalRule
<a name="asff-resourcedetails-awswafregionalrule"></a>

`AwsWafRegionalRule` 物件提供有關 AWS WAF 區域性規則 的詳細資訊。此規則會識別您要允許、封鎖或計數的 Web 請求。

下列範例顯示 `AwsWafRegionalRule` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRegionalRule`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRuleDetails.html)。

**範例**

```
"AwsWafRegionalRule": { 
    "MetricName": "SampleWAF_Rule__Metric_1",
    "Name": "bb-waf-regional-rule-not-empty-conditions-compliant",
    "RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de95fe",
    "PredicateList": [{
        "DataId": "127d9346-e607-4e93-9286-c1296fb5445a",
        "Negated": false,
        "Type": "GeoMatch"
    }]
}
```

## AwsWafRegionalRuleGroup
<a name="asff-resourcedetails-awswafregionalrulegroup"></a>

`AwsWafRegionalRuleGroup` 物件提供區域性規則群組的詳細資訊 AWS WAF 。規則群組是您新增至 Web 存取控制清單 (Web ACL) 的預先定義規則集合。

下列範例顯示 `AwsWafRegionalRuleGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRegionalRuleGroup`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRuleGroupDetails.html)。

**範例**

```
"AwsWafRegionalRuleGroup": { 
    "MetricName": "SampleWAF_Metric_1",
    "Name": "bb-WAFClassicRuleGroupWithRuleCompliant",
    "RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb",
    "Rules": [{
        "Action": {
            "Type": "ALLOW"
        }
    }],
        "Priority": 1,
        "RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c",
        "Type": "REGULAR"
}
```

## AwsWafRegionalWebAcl
<a name="asff-resourcedetails-awswafregionalwebacl"></a>

`AwsWafRegionalWebAcl` 提供有關 AWS WAF 區域 Web 存取控制清單 (Web ACL) 的詳細資訊。Web ACL 包含規則，可識別您要允許、封鎖或計數的請求。

以下是安全`AwsWafRegionalWebAcl`調查結果格式 (ASFF) 中 AWS 的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalWebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalWebAclDetails.html)。

**範例**

```
"AwsWafRegionalWebAcl": {
    "DefaultAction": "ALLOW",
    "MetricName" : "web-regional-webacl-metric-1",
    "Name": "WebACL_123",
    "RulesList": [
        {
            "Action": {
                "Type": "Block"
            },
            "Priority": 3,
            "RuleId": "24445857-852b-4d47-bd9c-61f05e4d223c",
            "Type": "REGULAR",
            "ExcludedRules": [
                {
                    "ExclusionType": "Exclusion",
                    "RuleId": "Rule_id_1"
                }
            ],
            "OverrideAction": {
                "Type": "OVERRIDE"
            }
        }
    ],
    "WebAclId": "443c76f4-2e72-4c89-a2ee-389d501c1f67"
}
```

## AwsWafRule
<a name="asff-resourcedetails-awswafrule"></a>

`AwsWafRule` 提供 AWS WAF 規則的相關資訊。 AWS WAF 規則會識別您要允許、封鎖或計數的 Web 請求。

以下是 AWS 安全`AwsWafRule`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsWafRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRuleDetails.html)。

**範例**

```
"AwsWafRule": {
    "MetricName": "AwsWafRule_Metric_1",
    "Name": "AwsWafRule_Name_1",
    "PredicateList": [{
        "DataId": "cdd225da-32cf-4773-1dc2-3bca3ed9c19c",
        "Negated": false,
        "Type": "GeoMatch"
    }],
    "RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de953e"
}
```

## AwsWafRuleGroup
<a name="asff-resourcedetails-awswafrulegroup"></a>

`AwsWafRuleGroup` 提供 AWS WAF 規則群組的相關資訊。規則群組是您新增至 Web AWS WAF 存取控制清單 (Web ACL) 的預先定義規則集合。

以下是 AWS 安全`AwsWafRuleGroup`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsWafRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRuleGroupDetails.html)。

**範例**

```
"AwsWafRuleGroup": {
    "MetricName": "SampleWAF_Metric_1",
    "Name": "bb-WAFRuleGroupWithRuleCompliant",
    "RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb",
    "Rules": [{
        "Action": {
            "Type": "ALLOW",
        },
        "Priority": 1,
        "RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c",
        "Type": "REGULAR"
    }]
}
```

## AwsWafv2RuleGroup
<a name="asff-resourcedetails-awswafv2rulegroup"></a>

`AwsWafv2RuleGroup` 物件提供有關 an AWS WAF V2 規則群組的詳細資訊。

下列範例顯示 `AwsWafv2RuleGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafv2RuleGroup`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsWafv2RuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafv2RuleGroupDetails.html)。

**範例**

```
"AwsWafv2RuleGroup": {
    "Arn": "arn:aws:wafv2:us-east-1:123456789012:global/rulegroup/wafv2rulegroupasff/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "Capacity": 1000,
    "Description": "Resource for ASFF",
    "Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "Name": "wafv2rulegroupasff",
    "Rules": [{
    	"Action": {
    	"Allow": {
    		"CustomRequestHandling": {
    			"InsertHeaders": [
    				{
    				"Name": "AllowActionHeader1Name",
    				"Value": "AllowActionHeader1Value"
    				},
    				{
    				"Name": "AllowActionHeader2Name",
    				"Value": "AllowActionHeader2Value"
    				}
    			]
    		}
    	},
    	"Name": "RuleOne",
    	"Priority": 1,
    	"VisibilityConfig": {
    		"CloudWatchMetricsEnabled": true,
    		"MetricName": "rulegroupasff",
    		"SampledRequestsEnabled": false
    	}
    }],
    "VisibilityConfig": {
    	"CloudWatchMetricsEnabled": true,
    	"MetricName": "rulegroupasff",
    	"SampledRequestsEnabled": false
    }
}
```

## AwsWafWebAcl
<a name="asff-resourcedetails-awswafwebacl"></a>

`AwsWafWebAcl` 物件提供 AWS WAF Web ACL 的詳細資訊。

下列範例顯示 `AwsWafWebAcl` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafWebAcl`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsWafWebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafWebAclDetails.html)。

**範例**

```
"AwsWafWebAcl": {
    "DefaultAction": "ALLOW",
    "Name": "MyWafAcl",
    "Rules": [
        {
            "Action": {
                "Type": "ALLOW"
            },
            "ExcludedRules": [
                {
                    "RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98"
                }
            ],
            "OverrideAction": {
                "Type": "NONE"
            },
            "Priority": 1,
            "RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98",
            "Type": "REGULAR"
        }
    ],
    "WebAclId": "waf-1234567890"
}
```

## AwsWafv2WebAcl
<a name="asff-resourcedetails-awswafv2webacl"></a>

`AwsWafv2WebAcl` 物件提供有關 an AWS WAF V2 Web ACL 的詳細資訊。

下列範例顯示 `AwsWafv2WebAcl` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafv2WebAcl`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsWafv2WebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafv2WebAclDetails.html)。

**範例**

```
"AwsWafv2WebAcl": {
    "Arn": "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/WebACL-RoaD4QexqSxG/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "Capacity": 1326,
    "CaptchaConfig": {
    	"ImmunityTimeProperty": {
    		"ImmunityTime": 500
    	}
    },
    "DefaultAction": {
    	"Block": {}
    },
    "Description": "Web ACL for JsonBody testing",
    "ManagedbyFirewallManager": false,
    "Name": "WebACL-RoaD4QexqSxG",
    "Rules": [{
    	"Action": {
    		"RuleAction": {
    			"Block": {}
    		}
    	},
    	"Name": "TestJsonBodyRule",
    	"Priority": 1,
    	"VisibilityConfig": {
    		"SampledRequestsEnabled": true,
    		"CloudWatchMetricsEnabled": true,
    		"MetricName": "JsonBodyMatchMetric"
    	}
    }],
    "VisibilityConfig": {
    	"SampledRequestsEnabled": true,
    	"CloudWatchMetricsEnabled": true,
    	"MetricName": "TestingJsonBodyMetric"
    }
}
```

# AwsXray ASFF 中的 資源
<a name="asff-resourcedetails-awsxray"></a>

以下是 `AwsXray` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。

AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

## AwsXrayEncryptionConfig
<a name="asff-resourcedetails-awsxrayencryptionconfig"></a>

`AwsXrayEncryptionConfig` 物件包含 加密組態的相關資訊 AWS X-Ray。

下列範例顯示 `AwsXrayEncryptionConfig` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsXrayEncryptionConfig`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [AwsXrayEncryptionConfigDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsXrayEncryptionConfigDetails.html)。

**範例**

```
"AwsXRayEncryptionConfig":{
    "KeyId": "arn:aws:kms:us-east-2:222222222222:key/example-key",
    "Status": "UPDATING",
    "Type":"KMS"
}
```

# CodeRepository ASFF 中的 物件
<a name="asff-resourcedetails-coderepository"></a>

`CodeRepository` 物件提供連線至 AWS 資源的外部程式碼儲存庫相關資訊，並設定 Amazon Inspector 掃描漏洞。

下列範例顯示 `CodeRepository` 物件 AWS 的安全調查結果格式 (ASFF) 語法。若要檢視`CodeRepository`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [CodeRepositoryDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CodeRepositoryDetails.html)。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

**範例**

```
"CodeRepository": {
    "ProviderType": "GITLAB_SELF_MANAGED",
    "ProjectName": "projectName",
    "CodeSecurityIntegrationArn": "arn:aws:inspector2:us-east-1:123456789012:codesecurity-integration/00000000-0000-0000-0000-000000000000"
}
```

# Container ASFF 中的 物件
<a name="asff-resourcedetails-container"></a>

下列範例顯示 `Container` 物件 AWS 的安全調查結果格式 (ASFF) 語法。若要檢視`Container`屬性的描述，請參閱 *AWS Security Hub API 參考*中的 [ContainerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ContainerDetails.html)。如需 ASFF 的背景資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

**範例**

```
"Container": {
    "ContainerRuntime": "docker",
    "ImageId": "image12",
    "ImageName": "1111111/knotejs@sha256:372131c9fef111111111111115f4ed3ea5f9dce4dc3bd34ce21846588a3",
    "LaunchedAt": "2018-09-29T01:25:54Z",
    "Name": "knote",
    "Privileged": true,
    "VolumeMounts": [{
        "Name": "vol-03909e9",
        "MountPath": "/mnt/etc"
    }]
}
```

# Other ASFF 中的 物件
<a name="asff-resourcedetails-other"></a>

在 AWS 安全調查結果格式 (ASFF) 中， `Other` 物件會指定自訂欄位和值。如需 ASFF 的詳細資訊，請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。

透過使用 `Other` 物件，您可以指定資源的自訂欄位和值。您可以針對下列案例使用 `Other` 物件：
+ 資源類型沒有對應的`Details`物件。若要指定資源的詳細資訊，請使用 `Other` 物件。
+ 資源類型的 `Details` 物件不包含您要指定的所有屬性。在此情況下，請使用 資源類型的 `Details` 物件來指定可用的屬性。使用 `Other` 物件來指定不在類型特定`Details`物件中的屬性。
+ 資源類型不是提供的類型之一。在此情況下，將 `Resource.Type` 設定為 `Other`並使用 `Other` 物件來指定詳細資訊。

**類型：**最多 50 個鍵值對的映射

每個鍵/值對必須符合下列需求。
+ 金鑰必須包含少於 128 個字元。
+ 此值必須包含少於 1,024 個字元。