本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# AWS 安全調查結果格式 (ASFF)
AWS Security Hub CSPM 會取用和彙總整合 AWS 服務 和第三方產品的問題清單。Security Hub CSPM 使用稱為 *AWS Security Finding Format (ASFF)* 的標準調查結果格式來處理這些調查結果,無需耗費時間進行資料轉換。
此頁面提供 AWS 安全性調查結果格式 (ASFF) 中調查結果的 JSON 完整大綱。格式衍生自 [JSON 結構描述](https://json-schema.org/)。選擇連結物件的名稱,以檢閱該物件的問題清單範例。將您的 Security Hub CSPM 問題清單與此處顯示的資源和範例進行比較,可協助您解譯問題清單。
如需個別 ASFF 屬性的說明,請參閱 [必要的頂層 ASFF 屬性](asff-required-attributes.md)和 [選用最上層 ASFF 屬性](asff-top-level-attributes.md)。
```
"Findings": [
{
"Action": {
"ActionType": "string",
"AwsApiCallAction": {
"AffectedResources": {
"string": "string"
},
"Api": "string",
"CallerType": "string",
"DomainDetails": {
"Domain": "string"
},
"FirstSeen": "string",
"LastSeen": "string",
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"IpAddressV4": "string",
"Geolocation": {
"Lat": number,
"Lon": number
},
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
},
"ServiceName": "string"
},
"DnsRequestAction": {
"Blocked": boolean,
"Domain": "string",
"Protocol": "string"
},
"NetworkConnectionAction": {
"Blocked": boolean,
"ConnectionDirection": "string",
"LocalPortDetails": {
"Port": number,
"PortName": "string"
},
"Protocol": "string",
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"IpAddressV4": "string",
"Geolocation": {
"Lat": number,
"Lon": number
},
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
},
"RemotePortDetails": {
"Port": number,
"PortName": "string"
}
},
"PortProbeAction": {
"Blocked": boolean,
"PortProbeDetails": [{
"LocalIpDetails": {
"IpAddressV4": "string"
},
"LocalPortDetails": {
"Port": number,
"PortName": "string"
},
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"GeoLocation": {
"Lat": number,
"Lon": number
},
"IpAddressV4": "string",
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
}
}]
}
},
"AwsAccountId": "string",
"AwsAccountName": "string",
"CompanyName": "string",
"Compliance": {
"AssociatedStandards": [{
"StandardsId": "string"
}],
"RelatedRequirements": ["string"],
"SecurityControlId": "string",
"SecurityControlParameters": [
{
"Name": "string",
"Value": ["string"]
}
],
"Status": "string",
"StatusReasons": [
{
"Description": "string",
"ReasonCode": "string"
}
]
},
"Confidence": number,
"CreatedAt": "string",
"Criticality": number,
"Description": "string",
"Detection": {
"Sequence": {
"Uid": "string",
"Actors": [{
"Id": "string",
"Session": {
"Uid": "string",
"MfAStatus": "string",
"CreatedTime": "string",
"Issuer": "string"
},
"User": {
"CredentialUid": "string",
"Name": "string",
"Type": "string",
"Uid": "string",
"Account": {
"Uid": "string",
"Name": "string"
}
}
}],
"Endpoints": [{
"Id": "string",
"Ip": "string",
"Domain": "string",
"Port": number,
"Location": {
"City": "string",
"Country": "string",
"Lat": number,
"Lon": number
},
"AutonomousSystem": {
"Name": "string",
"Number": number
},
"Connection": {
"Direction": "string"
}
}],
"Signals": [{
"Id": "string",
"Title": "string",
"ActorIds": ["string"],
"Count": number,
"FirstSeenAt": number,
"SignalIndicators": [
{
"Key": "string",
"Title": "string",
"Values": ["string"]
},
{
"Key": "string",
"Title": "string",
"Values": ["string"]
}
],
"LastSeenAt": number,
"Name": "string",
"ResourceIds": ["string"],
"Type": "string"
}],
"SequenceIndicators": [
{
"Key": "string",
"Title": "string",
"Values": ["string"]
},
{
"Key": "string",
"Title": "string",
"Values": ["string"]
}
]
}
},
"FindingProviderFields": {
"Confidence": number,
"Criticality": number,
"RelatedFindings": [{
"ProductArn": "string",
"Id": "string"
}],
"Severity": {
"Label": "string",
"Normalized": number,
"Original": "string"
},
"Types": ["string"]
},
"FirstObservedAt": "string",
"GeneratorId": "string",
"Id": "string",
"LastObservedAt": "string",
"Malware": [{
"Name": "string",
"Path": "string",
"State": "string",
"Type": "string"
}],
"Network": {
"DestinationDomain": "string",
"DestinationIpV4": "string",
"DestinationIpV6": "string",
"DestinationPort": number,
"Direction": "string",
"OpenPortRange": {
"Begin": integer,
"End": integer
},
"Protocol": "string",
"SourceDomain": "string",
"SourceIpV4": "string",
"SourceIpV6": "string",
"SourceMac": "string",
"SourcePort": number
},
"NetworkPath": [{
"ComponentId": "string",
"ComponentType": "string",
"Egress": {
"Destination": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
},
"Protocol": "string",
"Source": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
}
},
"Ingress": {
"Destination": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
},
"Protocol": "string",
"Source": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
}
}
}],
"Note": {
"Text": "string",
"UpdatedAt": "string",
"UpdatedBy": "string"
},
"PatchSummary": {
"FailedCount": number,
"Id": "string",
"InstalledCount": number,
"InstalledOtherCount": number,
"InstalledPendingReboot": number,
"InstalledRejectedCount": number,
"MissingCount": number,
"Operation": "string",
"OperationEndTime": "string",
"OperationStartTime": "string",
"RebootOption": "string"
},
"Process": {
"LaunchedAt": "string",
"Name": "string",
"ParentPid": number,
"Path": "string",
"Pid": number,
"TerminatedAt": "string"
},
"ProductArn": "string",
"ProductFields": {
"string": "string"
},
"ProductName": "string",
"RecordState": "string",
"Region": "string",
"RelatedFindings": [{
"Id": "string",
"ProductArn": "string"
}],
"Remediation": {
"Recommendation": {
"Text": "string",
"Url": "string"
}
},
"Resources": [{
"ApplicationArn": "string",
"ApplicationName": "string",
"DataClassification": {
"DetailedResultsLocation": "string",
"Result": {
"AdditionalOccurrences": boolean,
"CustomDataIdentifiers": {
"Detections": [{
"Arn": "string",
"Count": integer,
"Name": "string",
"Occurrences": {
"Cells": [{
"CellReference": "string",
"Column": integer,
"ColumnName": "string",
"Row": integer
}],
"LineRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"OffsetRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"Pages": [{
"LineRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"OffsetRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"PageNumber": integer
}],
"Records": [{
"JsonPath": "string",
"RecordIndex": integer
}]
}
}],
"TotalCount": integer
},
"MimeType": "string",
"SensitiveData": [{
"Category": "string",
"Detections": [{
"Count": integer,
"Occurrences": {
"Cells": [{
"CellReference": "string",
"Column": integer,
"ColumnName": "string",
"Row": integer
}],
"LineRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"OffsetRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"Pages": [{
"LineRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"OffsetRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"PageNumber": integer
}],
"Records": [{
"JsonPath": "string",
"RecordIndex": integer
}]
},
"Type": "string"
}],
"TotalCount": integer
}],
"SizeClassified": integer,
"Status": {
"Code": "string",
"Reason": "string"
}
}
},
"Details": {
"AwsAmazonMQBroker": {
"AutoMinorVersionUpgrade": boolean,
"BrokerArn": "string",
"BrokerId": "string",
"BrokerName": "string",
"Configuration": {
"Id": "string",
"Revision": integer
},
"DeploymentMode": "string",
"EncryptionOptions": {
"UseAwsOwnedKey": boolean
},
"EngineType": "string",
"EngineVersion": "string",
"HostInstanceType": "string",
"Logs": {
"Audit": boolean,
"AuditLogGroup": "string",
"General": boolean,
"GeneralLogGroup": "string"
},
"MaintenanceWindowStartTime": {
"DayOfWeek": "string",
"TimeOfDay": "string",
"TimeZone": "string"
},
"PubliclyAccessible": boolean,
"SecurityGroups": [
"string"
],
"StorageType": "string",
"SubnetIds": [
"string",
"string"
],
"Users": [{
"Username": "string"
}]
},
"AwsApiGatewayRestApi": {
"ApiKeySource": "string",
"BinaryMediaTypes": [" string"],
"CreatedDate": "string",
"Description": "string",
"EndpointConfiguration": {
"Types": ["string"]
},
"Id": "string",
"MinimumCompressionSize": number,
"Name": "string",
"Version": "string"
},
"AwsApiGatewayStage": {
"AccessLogSettings": {
"DestinationArn": "string",
"Format": "string"
},
"CacheClusterEnabled": boolean,
"CacheClusterSize": "string",
"CacheClusterStatus": "string",
"CanarySettings": {
"DeploymentId": "string",
"PercentTraffic": number,
"StageVariableOverrides": [{
"string": "string"
}],
"UseStageCache": boolean
},
"ClientCertificateId": "string",
"CreatedDate": "string",
"DeploymentId": "string",
"Description": "string",
"DocumentationVersion": "string",
"LastUpdatedDate": "string",
"MethodSettings": [{
"CacheDataEncrypted": boolean,
"CachingEnabled": boolean,
"CacheTtlInSeconds": number,
"DataTraceEnabled": boolean,
"HttpMethod": "string",
"LoggingLevel": "string",
"MetricsEnabled": boolean,
"RequireAuthorizationForCacheControl": boolean,
"ResourcePath": "string",
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number,
"UnauthorizedCacheControlHeaderStrategy": "string"
}],
"StageName": "string",
"TracingEnabled": boolean,
"Variables": {
"string": "string"
},
"WebAclArn": "string"
},
"AwsApiGatewayV2Api": {
"ApiEndpoint": "string",
"ApiId": "string",
"ApiKeySelectionExpression": "string",
"CorsConfiguration": {
"AllowCredentials": boolean,
"AllowHeaders": ["string"],
"AllowMethods": ["string"],
"AllowOrigins": ["string"],
"ExposeHeaders": ["string"],
"MaxAge": number
},
"CreatedDate": "string",
"Description": "string",
"Name": "string",
"ProtocolType": "string",
"RouteSelectionExpression": "string",
"Version": "string"
},
"AwsApiGatewayV2Stage": {
"AccessLogSettings": {
"DestinationArn": "string",
"Format": "string"
},
"ApiGatewayManaged": boolean,
"AutoDeploy": boolean,
"ClientCertificateId": "string",
"CreatedDate": "string",
"DefaultRouteSettings": {
"DataTraceEnabled": boolean,
"DetailedMetricsEnabled": boolean,
"LoggingLevel": "string",
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number
},
"DeploymentId": "string",
"Description": "string",
"LastDeploymentStatusMessage": "string",
"LastUpdatedDate": "string",
"RouteSettings": {
"DetailedMetricsEnabled": boolean,
"LoggingLevel": "string",
"DataTraceEnabled": boolean,
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number
},
"StageName": "string",
"StageVariables": [{
"string": "string"
}]
},
"AwsAppSyncGraphQLApi": {
"AwsAppSyncGraphQlApi": {
"AdditionalAuthenticationProviders": [
{
"AuthenticationType": "string",
"LambdaAuthorizerConfig": {
"AuthorizerResultTtlInSeconds": integer,
"AuthorizerUri": "string"
}
},
{
"AuthenticationType": "string"
}
],
"ApiId": "string",
"Arn": "string",
"AuthenticationType": "string",
"Id": "string",
"LogConfig": {
"CloudWatchLogsRoleArn": "string",
"ExcludeVerboseContent": boolean,
"FieldLogLevel": "string"
},
"Name": "string",
"XrayEnabled": boolean
}
},
"AwsAthenaWorkGroup": {
"Description": "string",
"Name": "string",
"WorkgroupConfiguration": {
"ResultConfiguration": {
"EncryptionConfiguration": {
"EncryptionOption": "string",
"KmsKey": "string"
}
}
},
"State": "string"
},
"AwsAutoScalingAutoScalingGroup": {
"AvailabilityZones": [{
"Value": "string"
}],
"CreatedTime": "string",
"HealthCheckGracePeriod": integer,
"HealthCheckType": "string",
"LaunchConfigurationName": "string",
"LoadBalancerNames": ["string"],
"LaunchTemplate": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"MixedInstancesPolicy": {
"InstancesDistribution": {
"OnDemandAllocationStrategy": "string",
"OnDemandBaseCapacity": number,
"OnDemandPercentageAboveBaseCapacity": number,
"SpotAllocationStrategy": "string",
"SpotInstancePools": number,
"SpotMaxPrice": "string"
},
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"CapacityRebalance": boolean,
"Overrides": [{
"InstanceType": "string",
"WeightedCapacity": "string"
}]
}
}
},
"AwsAutoScalingLaunchConfiguration": {
"AssociatePublicIpAddress": boolean,
"BlockDeviceMappings": [{
"DeviceName": "string",
"Ebs": {
"DeleteOnTermination": boolean,
"Encrypted": boolean,
"Iops": number,
"SnapshotId": "string",
"VolumeSize": number,
"VolumeType": "string"
},
"NoDevice": boolean,
"VirtualName": "string"
}],
"ClassicLinkVpcId": "string",
"ClassicLinkVpcSecurityGroups": ["string"],
"CreatedTime": "string",
"EbsOptimized": boolean,
"IamInstanceProfile": "string"
},
"ImageId": "string",
"InstanceMonitoring": {
"Enabled": boolean
},
"InstanceType": "string",
"KernelId": "string",
"KeyName": "string",
"LaunchConfigurationName": "string",
"MetadataOptions": {
"HttpEndPoint": "string",
"HttpPutReponseHopLimit": number,
"HttpTokens": "string"
},
"PlacementTenancy": "string",
"RamdiskId": "string",
"SecurityGroups": ["string"],
"SpotPrice": "string",
"UserData": "string"
},
"AwsBackupBackupPlan": {
"BackupPlan": {
"AdvancedBackupSettings": [{
"BackupOptions": {
"WindowsVSS":"string"
},
"ResourceType":"string"
}],
"BackupPlanName": "string",
"BackupPlanRule": [{
"CompletionWindowMinutes": integer,
"CopyActions": [{
"DestinationBackupVaultArn": "string",
"Lifecycle": {
"DeleteAfterDays": integer,
"MoveToColdStorageAfterDays": integer
}
}],
"Lifecycle": {
"DeleteAfterDays": integer
},
"RuleName": "string",
"ScheduleExpression": "string",
"StartWindowMinutes": integer,
"TargetBackupVault": "string"
}]
},
"BackupPlanArn": "string",
"BackupPlanId": "string",
"VersionId": "string"
},
"AwsBackupBackupVault": {
"AccessPolicy": {
"Statement": [{
"Action": ["string"],
"Effect": "string",
"Principal": {
"AWS": "string"
},
"Resource": "string"
}],
"Version": "string"
},
"BackupVaultArn": "string",
"BackupVaultName": "string",
"EncryptionKeyArn": "string",
"Notifications": {
"BackupVaultEvents": ["string"],
"SNSTopicArn": "string"
}
},
"AwsBackupRecoveryPoint": {
"BackupSizeInBytes": integer,
"BackupVaultName": "string",
"BackupVaultArn": "string",
"CalculatedLifecycle": {
"DeleteAt": "string",
"MoveToColdStorageAt": "string"
},
"CompletionDate": "string",
"CreatedBy": {
"BackupPlanArn": "string",
"BackupPlanId": "string",
"BackupPlanVersion": "string",
"BackupRuleId": "string"
},
"CreationDate": "string",
"EncryptionKeyArn": "string",
"IamRoleArn": "string",
"IsEncrypted": boolean,
"LastRestoreTime": "string",
"Lifecycle": {
"DeleteAfterDays": integer,
"MoveToColdStorageAfterDays": integer
},
"RecoveryPointArn": "string",
"ResourceArn": "string",
"ResourceType": "string",
"SourceBackupVaultArn": "string",
"Status": "string",
"StatusMessage": "string",
"StorageClass": "string"
},
"AwsCertificateManagerCertificate": {
"CertificateAuthorityArn": "string",
"CreatedAt": "string",
"DomainName": "string",
"DomainValidationOptions": [{
"DomainName": "string",
"ResourceRecord": {
"Name": "string",
"Type": "string",
"Value": "string"
},
"ValidationDomain": "string",
"ValidationEmails": ["string"],
"ValidationMethod": "string",
"ValidationStatus": "string"
}],
"ExtendedKeyUsages": [{
"Name": "string",
"OId": "string"
}],
"FailureReason": "string",
"ImportedAt": "string",
"InUseBy": ["string"],
"IssuedAt": "string",
"Issuer": "string",
"KeyAlgorithm": "string",
"KeyUsages": [{
"Name": "string"
}],
"NotAfter": "string",
"NotBefore": "string",
"Options": {
"CertificateTransparencyLoggingPreference": "string"
},
"RenewalEligibility": "string",
"RenewalSummary": {
"DomainValidationOptions": [{
"DomainName": "string",
"ResourceRecord": {
"Name": "string",
"Type": "string",
"Value": "string"
},
"ValidationDomain": "string",
"ValidationEmails": ["string"],
"ValidationMethod": "string",
"ValidationStatus": "string"
}],
"RenewalStatus": "string",
"RenewalStatusReason": "string",
"UpdatedAt": "string"
},
"Serial": "string",
"SignatureAlgorithm": "string",
"Status": "string",
"Subject": "string",
"SubjectAlternativeNames": ["string"],
"Type": "string"
},
"AwsCloudFormationStack": {
"Capabilities": ["string"],
"CreationTime": "string",
"Description": "string",
"DisableRollback": boolean,
"DriftInformation": {
"StackDriftStatus": "string"
},
"EnableTerminationProtection": boolean,
"LastUpdatedTime": "string",
"NotificationArns": ["string"],
"Outputs": [{
"Description": "string",
"OutputKey": "string",
"OutputValue": "string"
}],
"RoleArn": "string",
"StackId": "string",
"StackName": "string",
"StackStatus": "string",
"StackStatusReason": "string",
"TimeoutInMinutes": number
},
"AwsCloudFrontDistribution": {
"CacheBehaviors": {
"Items": [{
"ViewerProtocolPolicy": "string"
}]
},
"DefaultCacheBehavior": {
"ViewerProtocolPolicy": "string"
},
"DefaultRootObject": "string",
"DomainName": "string",
"Etag": "string",
"LastModifiedTime": "string",
"Logging": {
"Bucket": "string",
"Enabled": boolean,
"IncludeCookies": boolean,
"Prefix": "string"
},
"OriginGroups": {
"Items": [{
"FailoverCriteria": {
"StatusCodes": {
"Items": [number],
"Quantity": number
}
}
}]
},
"Origins": {
"Items": [{
"CustomOriginConfig": {
"HttpPort": number,
"HttpsPort": number,
"OriginKeepaliveTimeout": number,
"OriginProtocolPolicy": "string",
"OriginReadTimeout": number,
"OriginSslProtocols": {
"Items": ["string"],
"Quantity": number
}
},
"DomainName": "string",
"Id": "string",
"OriginPath": "string",
"S3OriginConfig": {
"OriginAccessIdentity": "string"
}
}]
},
"Status": "string",
"ViewerCertificate": {
"AcmCertificateArn": "string",
"Certificate": "string",
"CertificateSource": "string",
"CloudFrontDefaultCertificate": boolean,
"IamCertificateId": "string",
"MinimumProtocolVersion": "string",
"SslSupportMethod": "string"
},
"WebAclId": "string"
},
"AwsCloudTrailTrail": {
"CloudWatchLogsLogGroupArn": "string",
"CloudWatchLogsRoleArn": "string",
"HasCustomEventSelectors": boolean,
"HomeRegion": "string",
"IncludeGlobalServiceEvents": boolean,
"IsMultiRegionTrail": boolean,
"IsOrganizationTrail": boolean,
"KmsKeyId": "string",
"LogFileValidationEnabled": boolean,
"Name": "string",
"S3BucketName": "string",
"S3KeyPrefix": "string",
"SnsTopicArn": "string",
"SnsTopicName": "string",
"TrailArn": "string"
},
"AwsCloudWatchAlarm": {
"ActionsEnabled": boolean,
"AlarmActions": ["string"],
"AlarmArn": "string",
"AlarmConfigurationUpdatedTimestamp": "string",
"AlarmDescription": "string",
"AlarmName": "string",
"ComparisonOperator": "string",
"DatapointsToAlarm": number,
"Dimensions": [{
"Name": "string",
"Value": "string"
}],
"EvaluateLowSampleCountPercentile": "string",
"EvaluationPeriods": number,
"ExtendedStatistic": "string",
"InsufficientDataActions": ["string"],
"MetricName": "string",
"Namespace": "string",
"OkActions": ["string"],
"Period": number,
"Statistic": "string",
"Threshold": number,
"ThresholdMetricId": "string",
"TreatMissingData": "string",
"Unit": "string"
},
"AwsCodeBuildProject": {
"Artifacts": [{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}],
"SecondaryArtifacts": [{
"ArtifactIdentifier": "string",
"Type": "string",
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"Packaging": "string",
"Path": "string",
"EncryptionDisabled": boolean,
"OverrideArtifactName": boolean
}],
"EncryptionKey": "string",
"Certificate": "string",
"Environment": {
"Certificate": "string",
"EnvironmentVariables": [{
"Name": "string",
"Type": "string",
"Value": "string"
}],
"ImagePullCredentialsType": "string",
"PrivilegedMode": boolean,
"RegistryCredential": {
"Credential": "string",
"CredentialProvider": "string"
},
"Type": "string"
},
"LogsConfig": {
"CloudWatchLogs": {
"GroupName": "string",
"Status": "string",
"StreamName": "string"
},
"S3Logs": {
"EncryptionDisabled": boolean,
"Location": "string",
"Status": "string"
}
},
"Name": "string",
"ServiceRole": "string",
"Source": {
"Type": "string",
"Location": "string",
"GitCloneDepth": integer
},
"VpcConfig": {
"VpcId": "string",
"Subnets": ["string"],
"SecurityGroupIds": ["string"]
}
},
"AwsDmsEndpoint": {
"CertificateArn": "string",
"DatabaseName": "string",
"EndpointArn": "string",
"EndpointIdentifier": "string",
"EndpointType": "string",
"EngineName": "string",
"KmsKeyId": "string",
"Port": integer,
"ServerName": "string",
"SslMode": "string",
"Username": "string"
},
"AwsDmsReplicationInstance": {
"AllocatedStorage": integer,
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZone": "string",
"EngineVersion": "string",
"KmsKeyId": "string",
"MultiAZ": boolean,
"PreferredMaintenanceWindow": "string",
"PubliclyAccessible": boolean,
"ReplicationInstanceClass": "string",
"ReplicationInstanceIdentifier": "string",
"ReplicationSubnetGroup": {
"ReplicationSubnetGroupIdentifier": "string"
},
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "string"
}
]
},
"AwsDmsReplicationTask": {
"CdcStartPosition": "string",
"Id": "string",
"MigrationType": "string",
"ReplicationInstanceArn": "string",
"ReplicationTaskIdentifier": "string",
"ReplicationTaskSettings": {
"string": "string"
},
"SourceEndpointArn": "string",
"TableMappings": {
"string": "string"
},
"TargetEndpointArn": "string"
},
"AwsDynamoDbTable": {
"AttributeDefinitions": [{
"AttributeName": "string",
"AttributeType": "string"
}],
"BillingModeSummary": {
"BillingMode": "string",
"LastUpdateToPayPerRequestDateTime": "string"
},
"CreationDateTime": "string",
"DeletionProtectionEnabled": boolean,
"GlobalSecondaryIndexes": [{
"Backfilling": boolean,
"IndexArn": "string",
"IndexName": "string",
"IndexSizeBytes": number,
"IndexStatus": "string",
"ItemCount": number,
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"Projection": {
"NonKeyAttributes": ["string"],
"ProjectionType": "string"
},
"ProvisionedThroughput": {
"LastDecreaseDateTime": "string",
"LastIncreaseDateTime": "string",
"NumberOfDecreasesToday": number,
"ReadCapacityUnits": number,
"WriteCapacityUnits": number
}
}],
"GlobalTableVersion": "string",
"ItemCount": number,
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"LatestStreamArn": "string",
"LatestStreamLabel": "string",
"LocalSecondaryIndexes": [{
"IndexArn": "string",
"IndexName": "string",
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"Projection": {
"NonKeyAttributes": ["string"],
"ProjectionType": "string"
}
}],
"ProvisionedThroughput": {
"LastDecreaseDateTime": "string",
"LastIncreaseDateTime": "string",
"NumberOfDecreasesToday": number,
"ReadCapacityUnits": number,
"WriteCapacityUnits": number
},
"Replicas": [{
"GlobalSecondaryIndexes": [{
"IndexName": "string",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": number
}
}],
"KmsMasterKeyId": "string",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": number
},
"RegionName": "string",
"ReplicaStatus": "string",
"ReplicaStatusDescription": "string"
}],
"RestoreSummary": {
"RestoreDateTime": "string",
"RestoreInProgress": boolean,
"SourceBackupArn": "string",
"SourceTableArn": "string"
},
"SseDescription": {
"InaccessibleEncryptionDateTime": "string",
"KmsMasterKeyArn": "string",
"SseType": "string",
"Status": "string"
},
"StreamSpecification": {
"StreamEnabled": boolean,
"StreamViewType": "string"
},
"TableId": "string",
"TableName": "string",
"TableSizeBytes": number,
"TableStatus": "string"
},
"AwsEc2ClientVpnEndpoint": {
"AuthenticationOptions": [
{
"MutualAuthentication": {
"ClientRootCertificateChainArn": "string"
},
"Type": "string"
}
],
"ClientCidrBlock": "string",
"ClientConnectOptions": {
"Enabled": boolean
},
"ClientLoginBannerOptions": {
"Enabled": boolean
},
"ClientVpnEndpointId": "string",
"ConnectionLogOptions": {
"Enabled": boolean
},
"Description": "string",
"DnsServer": ["string"],
"ServerCertificateArn": "string",
"SecurityGroupIdSet": [
"string"
],
"SelfServicePortalUrl": "string",
"SessionTimeoutHours": "integer",
"SplitTunnel": boolean,
"TransportProtocol": "string",
"VpcId": "string",
"VpnPort": integer
},
"AwsEc2Eip": {
"AllocationId": "string",
"AssociationId": "string",
"Domain": "string",
"InstanceId": "string",
"NetworkBorderGroup": "string",
"NetworkInterfaceId": "string",
"NetworkInterfaceOwnerId": "string",
"PrivateIpAddress": "string",
"PublicIp": "string",
"PublicIpv4Pool": "string"
},
"AwsEc2Instance": {
"IamInstanceProfileArn": "string",
"ImageId": "string",
"IpV4Addresses": ["string"],
"IpV6Addresses": ["string"],
"KeyName": "string",
"LaunchedAt": "string",
"MetadataOptions": {
"HttpEndpoint": "string",
"HttpProtocolIpv6": "string",
"HttpPutResponseHopLimit": number,
"HttpTokens": "string",
"InstanceMetadataTags": "string"
},
"Monitoring": {
"State": "string"
},
"NetworkInterfaces": [{
"NetworkInterfaceId": "string"
}],
"SubnetId": "string",
"Type": "string",
"VirtualizationType": "string",
"VpcId": "string"
},
"AwsEc2LaunchTemplate": {
"DefaultVersionNumber": "string",
"ElasticGpuSpecifications": ["string"],
"ElasticInferenceAccelerators": ["string"],
"Id": "string",
"ImageId": "string",
"LatestVersionNumber": "string",
"LaunchTemplateData": {
"BlockDeviceMappings": [{
"DeviceName": "string",
"Ebs": {
"DeleteonTermination": boolean,
"Encrypted": boolean,
"SnapshotId": "string",
"VolumeSize": number,
"VolumeType": "string"
}
}],
"MetadataOptions": {
"HttpTokens": "string",
"HttpPutResponseHopLimit" : number
},
"Monitoring": {
"Enabled": boolean
},
"NetworkInterfaces": [{
"AssociatePublicIpAddress" : boolean
}]
},
"LaunchTemplateName": "string",
"LicenseSpecifications": ["string"],
"SecurityGroupIds": ["string"],
"SecurityGroups": ["string"],
"TagSpecifications": ["string"]
},
"AwsEc2NetworkAcl": {
"Associations": [{
"NetworkAclAssociationId": "string",
"NetworkAclId": "string",
"SubnetId": "string"
}],
"Entries": [{
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string",
"RuleNumber": number
}],
"IsDefault": boolean,
"NetworkAclId": "string",
"OwnerId": "string",
"VpcId": "string"
},
"AwsEc2NetworkInterface": {
"Attachment": {
"AttachmentId": "string",
"AttachTime": "string",
"DeleteOnTermination": boolean,
"DeviceIndex": number,
"InstanceId": "string",
"InstanceOwnerId": "string",
"Status": "string"
},
"Ipv6Addresses": [{
"Ipv6Address": "string"
}],
"NetworkInterfaceId": "string",
"PrivateIpAddresses": [{
"PrivateDnsName": "string",
"PrivateIpAddress": "string"
}],
"PublicDnsName": "string",
"PublicIp": "string",
"SecurityGroups": [{
"GroupId": "string",
"GroupName": "string"
}],
"SourceDestCheck": boolean
},
"AwsEc2RouteTable": {
"AssociationSet": [{
"AssociationState": {
"State": "string"
},
"Main": boolean,
"RouteTableAssociationId": "string",
"RouteTableId": "string"
}],
"PropogatingVgwSet": [],
"RouteTableId": "string",
"RouteSet": [
{
"DestinationCidrBlock": "string",
"GatewayId": "string",
"Origin": "string",
"State": "string"
},
{
"DestinationCidrBlock": "string",
"GatewayId": "string",
"Origin": "string",
"State": "string"
}
],
"VpcId": "string"
},
"AwsEc2SecurityGroup": {
"GroupId": "string",
"GroupName": "string",
"IpPermissions": [{
"FromPort": number,
"IpProtocol": "string",
"IpRanges": [{
"CidrIp": "string"
}],
"Ipv6Ranges": [{
"CidrIpv6": "string"
}],
"PrefixListIds": [{
"PrefixListId": "string"
}],
"ToPort": number,
"UserIdGroupPairs": [{
"GroupId": "string",
"GroupName": "string",
"PeeringStatus": "string",
"UserId": "string",
"VpcId": "string",
"VpcPeeringConnectionId": "string"
}]
}],
"IpPermissionsEgress": [{
"FromPort": number,
"IpProtocol": "string",
"IpRanges": [{
"CidrIp": "string"
}],
"Ipv6Ranges": [{
"CidrIpv6": "string"
}],
"PrefixListIds": [{
"PrefixListId": "string"
}],
"ToPort": number,
"UserIdGroupPairs": [{
"GroupId": "string",
"GroupName": "string",
"PeeringStatus": "string",
"UserId": "string",
"VpcId": "string",
"VpcPeeringConnectionId": "string"
}]
}],
"OwnerId": "string",
"VpcId": "string"
},
"AwsEc2Subnet": {
"AssignIpv6AddressOnCreation": boolean,
"AvailabilityZone": "string",
"AvailabilityZoneId": "string",
"AvailableIpAddressCount": number,
"CidrBlock": "string",
"DefaultForAz": boolean,
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "string",
"Ipv6CidrBlock": "string",
"CidrBlockState": "string"
}],
"MapPublicIpOnLaunch": boolean,
"OwnerId": "string",
"State": "string",
"SubnetArn": "string",
"SubnetId": "string",
"VpcId": "string"
},
"AwsEc2TransitGateway": {
"AmazonSideAsn": number,
"AssociationDefaultRouteTableId": "string",
"AutoAcceptSharedAttachments": "string",
"DefaultRouteTableAssociation": "string",
"DefaultRouteTablePropagation": "string",
"Description": "string",
"DnsSupport": "string",
"Id": "string",
"MulticastSupport": "string",
"PropagationDefaultRouteTableId": "string",
"TransitGatewayCidrBlocks": ["string"],
"VpnEcmpSupport": "string"
},
"AwsEc2Volume": {
"Attachments": [{
"AttachTime": "string",
"DeleteOnTermination": boolean,
"InstanceId": "string",
"Status": "string"
}],
"CreateTime": "string",
"DeviceName": "string",
"Encrypted": boolean,
"KmsKeyId": "string",
"Size": number,
"SnapshotId": "string",
"Status": "string",
"VolumeId": "string",
"VolumeScanStatus": "string",
"VolumeType": "string"
},
"AwsEc2Vpc": {
"CidrBlockAssociationSet": [{
"AssociationId": "string",
"CidrBlock": "string",
"CidrBlockState": "string"
}],
"DhcpOptionsId": "string",
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "string",
"CidrBlockState": "string",
"Ipv6CidrBlock": "string"
}],
"State": "string"
},
"AwsEc2VpcEndpointService": {
"AcceptanceRequired": boolean,
"AvailabilityZones": ["string"],
"BaseEndpointDnsNames": ["string"],
"ManagesVpcEndpoints": boolean,
"GatewayLoadBalancerArns": ["string"],
"NetworkLoadBalancerArns": ["string"],
"PrivateDnsName": "string",
"ServiceId": "string",
"ServiceName": "string",
"ServiceState": "string",
"ServiceType": [{
"ServiceType": "string"
}]
},
"AwsEc2VpcPeeringConnection": {
"AccepterVpcInfo": {
"CidrBlock": "string",
"CidrBlockSet": [{
"CidrBlock": "string"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "string"
}],
"OwnerId": "string",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": boolean,
"AllowEgressFromLocalClassicLinkToRemoteVpc": boolean,
"AllowEgressFromLocalVpcToRemoteClassicLink": boolean
},
"Region": "string",
"VpcId": "string"
},
"ExpirationTime": "string",
"RequesterVpcInfo": {
"CidrBlock": "string",
"CidrBlockSet": [{
"CidrBlock": "string"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "string"
}],
"OwnerId": "string",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": boolean,
"AllowEgressFromLocalClassicLinkToRemoteVpc": boolean,
"AllowEgressFromLocalVpcToRemoteClassicLink": boolean
},
"Region": "string",
"VpcId": "string"
},
"Status": {
"Code": "string",
"Message": "string"
},
"VpcPeeringConnectionId": "string"
},
"AwsEcrContainerImage": {
"Architecture": "string",
"ImageDigest": "string",
"ImagePublishedAt": "string",
"ImageTags": ["string"],
"RegistryId": "string",
"RepositoryName": "string"
},
"AwsEcrRepository": {
"Arn": "string",
"ImageScanningConfiguration": {
"ScanOnPush": boolean
},
"ImageTagMutability": "string",
"LifecyclePolicy": {
"LifecyclePolicyText": "string",
"RegistryId": "string"
},
"RepositoryName": "string",
"RepositoryPolicyText": "string"
},
"AwsEcsCluster": {
"ActiveServicesCount": number,
"CapacityProviders": ["string"],
"ClusterArn": "string",
"ClusterName": "string",
"ClusterSettings": [{
"Name": "string",
"Value": "string"
}],
"Configuration": {
"ExecuteCommandConfiguration": {
"KmsKeyId": "string",
"LogConfiguration": {
"CloudWatchEncryptionEnabled": boolean,
"CloudWatchLogGroupName": "string",
"S3BucketName": "string",
"S3EncryptionEnabled": boolean,
"S3KeyPrefix": "string"
},
"Logging": "string"
}
},
"DefaultCapacityProviderStrategy": [{
"Base": number,
"CapacityProvider": "string",
"Weight": number
}],
"RegisteredContainerInstancesCount": number,
"RunningTasksCount": number,
"Status": "string"
},
"AwsEcsContainer": {
"Image": "string",
"MountPoints": [{
"ContainerPath": "string",
"SourceVolume": "string"
}],
"Name": "string",
"Privileged": boolean
},
"AwsEcsService": {
"CapacityProviderStrategy": [{
"Base": number,
"CapacityProvider": "string",
"Weight": number
}],
"Cluster": "string",
"DeploymentConfiguration": {
"DeploymentCircuitBreaker": {
"Enable": boolean,
"Rollback": boolean
},
"MaximumPercent": number,
"MinimumHealthyPercent": number
},
"DeploymentController": {
"Type": "string"
},
"DesiredCount": number,
"EnableEcsManagedTags": boolean,
"EnableExecuteCommand": boolean,
"HealthCheckGracePeriodSeconds": number,
"LaunchType": "string",
"LoadBalancers": [{
"ContainerName": "string",
"ContainerPort": number,
"LoadBalancerName": "string",
"TargetGroupArn": "string"
}],
"Name": "string",
"NetworkConfiguration": {
"AwsVpcConfiguration": {
"AssignPublicIp": "string",
"SecurityGroups": ["string"],
"Subnets": ["string"]
}
},
"PlacementConstraints": [{
"Expression": "string",
"Type": "string"
}],
"PlacementStrategies": [{
"Field": "string",
"Type": "string"
}],
"PlatformVersion": "string",
"PropagateTags": "string",
"Role": "string",
"SchedulingStrategy": "string",
"ServiceArn": "string",
"ServiceName": "string",
"ServiceRegistries": [{
"ContainerName": "string",
"ContainerPort": number,
"Port": number,
"RegistryArn": "string"
}],
"TaskDefinition": "string"
},
"AwsEcsTask": {
"CreatedAt": "string",
"ClusterArn": "string",
"Group": "string",
"StartedAt": "string",
"StartedBy": "string",
"TaskDefinitionArn": "string",
"Version": number,
"Volumes": [{
"Name": "string",
"Host": {
"SourcePath": "string"
}
}],
"Containers": [{
"Image": "string",
"MountPoints": [{
"ContainerPath": "string",
"SourceVolume": "string"
}],
"Name": "string",
"Privileged": boolean
}]
},
"AwsEcsTaskDefinition": {
"ContainerDefinitions": [{
"Command": ["string"],
"Cpu": number,
"DependsOn": [{
"Condition": "string",
"ContainerName": "string"
}],
"DisableNetworking": boolean,
"DnsSearchDomains": ["string"],
"DnsServers": ["string"],
"DockerLabels": {
"string": "string"
},
"DockerSecurityOptions": ["string"],
"EntryPoint": ["string"],
"Environment": [{
"Name": "string",
"Value": "string"
}],
"EnvironmentFiles": [{
"Type": "string",
"Value": "string"
}],
"Essential": boolean,
"ExtraHosts": [{
"Hostname": "string",
"IpAddress": "string"
}],
"FirelensConfiguration": {
"Options": {
"string": "string"
},
"Type": "string"
},
"HealthCheck": {
"Command": ["string"],
"Interval": number,
"Retries": number,
"StartPeriod": number,
"Timeout": number
},
"Hostname": "string",
"Image": "string",
"Interactive": boolean,
"Links": ["string"],
"LinuxParameters": {
"Capabilities": {
"Add": ["string"],
"Drop": ["string"]
},
"Devices": [{
"ContainerPath": "string",
"HostPath": "string",
"Permissions": ["string"]
}],
"InitProcessEnabled": boolean,
"MaxSwap": number,
"SharedMemorySize": number,
"Swappiness": number,
"Tmpfs": [{
"ContainerPath": "string",
"MountOptions": ["string"],
"Size": number
}]
},
"LogConfiguration": {
"LogDriver": "string",
"Options": {
"string": "string"
},
"SecretOptions": [{
"Name": "string",
"ValueFrom": "string"
}]
},
"Memory": number,
"MemoryReservation": number,
"MountPoints": [{
"ContainerPath": "string",
"ReadOnly": boolean,
"SourceVolume": "string"
}],
"Name": "string",
"PortMappings": [{
"ContainerPort": number,
"HostPort": number,
"Protocol": "string"
}],
"Privileged": boolean,
"PseudoTerminal": boolean,
"ReadonlyRootFilesystem": boolean,
"RepositoryCredentials": {
"CredentialsParameter": "string"
},
"ResourceRequirements": [{
"Type": "string",
"Value": "string"
}],
"Secrets": [{
"Name": "string",
"ValueFrom": "string"
}],
"StartTimeout": number,
"StopTimeout": number,
"SystemControls": [{
"Namespace": "string",
"Value": "string"
}],
"Ulimits": [{
"HardLimit": number,
"Name": "string",
"SoftLimit": number
}],
"User": "string",
"VolumesFrom": [{
"ReadOnly": boolean,
"SourceContainer": "string"
}],
"WorkingDirectory": "string"
}],
"Cpu": "string",
"ExecutionRoleArn": "string",
"Family": "string",
"InferenceAccelerators": [{
"DeviceName": "string",
"DeviceType": "string"
}],
"IpcMode": "string",
"Memory": "string",
"NetworkMode": "string",
"PidMode": "string",
"PlacementConstraints": [{
"Expression": "string",
"Type": "string"
}],
"ProxyConfiguration": {
"ContainerName": "string",
"ProxyConfigurationProperties": [{
"Name": "string",
"Value": "string"
}],
"Type": "string"
},
"RequiresCompatibilities": ["string"],
"Status": "string",
"TaskRoleArn": "string",
"Volumes": [{
"DockerVolumeConfiguration": {
"Autoprovision": boolean,
"Driver": "string",
"DriverOpts": {
"string": "string"
},
"Labels": {
"string": "string"
},
"Scope": "string"
},
"EfsVolumeConfiguration": {
"AuthorizationConfig": {
"AccessPointId": "string",
"Iam": "string"
},
"FilesystemId": "string",
"RootDirectory": "string",
"TransitEncryption": "string",
"TransitEncryptionPort": number
},
"Host": {
"SourcePath": "string"
},
"Name": "string"
}]
},
"AwsEfsAccessPoint": {
"AccessPointId": "string",
"Arn": "string",
"ClientToken": "string",
"FileSystemId": "string",
"PosixUser": {
"Gid": "string",
"SecondaryGids": ["string"],
"Uid": "string"
},
"RootDirectory": {
"CreationInfo": {
"OwnerGid": "string",
"OwnerUid": "string",
"Permissions": "string"
},
"Path": "string"
}
},
"AwsEksCluster": {
"Arn": "string",
"CertificateAuthorityData": "string",
"ClusterStatus": "string",
"Endpoint": "string",
"Logging": {
"ClusterLogging": [{
"Enabled": boolean,
"Types": ["string"]
}]
},
"Name": "string",
"ResourcesVpcConfig": {
"EndpointPublicAccess": boolean,
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
},
"RoleArn": "string",
"Version": "string"
},
"AwsElasticBeanstalkEnvironment": {
"ApplicationName": "string",
"Cname": "string",
"DateCreated": "string",
"DateUpdated": "string",
"Description": "string",
"EndpointUrl": "string",
"EnvironmentArn": "string",
"EnvironmentId": "string",
"EnvironmentLinks": [{
"EnvironmentName": "string",
"LinkName": "string"
}],
"EnvironmentName": "string",
"OptionSettings": [{
"Namespace": "string",
"OptionName": "string",
"ResourceName": "string",
"Value": "string"
}],
"PlatformArn": "string",
"SolutionStackName": "string",
"Status": "string",
"Tier": {
"Name": "string",
"Type": "string",
"Version": "string"
},
"VersionLabel": "string"
},
"AwsElasticSearchDomain": {
"AccessPolicies": "string",
"DomainStatus": {
"DomainId": "string",
"DomainName": "string",
"Endpoint": "string",
"Endpoints": {
"string": "string"
}
},
"DomainEndpointOptions": {
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"ElasticsearchClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"ElasticsearchVersion": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VPCOptions": {
"AvailabilityZones": [
"string"
],
"SecurityGroupIds": [
"string"
],
"SubnetIds": [
"string"
],
"VPCId": "string"
}
},
"AwsElbLoadBalancer": {
"AvailabilityZones": ["string"],
"BackendServerDescriptions": [{
"InstancePort": number,
"PolicyNames": ["string"]
}],
"CanonicalHostedZoneName": "string",
"CanonicalHostedZoneNameID": "string",
"CreatedTime": "string",
"DnsName": "string",
"HealthCheck": {
"HealthyThreshold": number,
"Interval": number,
"Target": "string",
"Timeout": number,
"UnhealthyThreshold": number
},
"Instances": [{
"InstanceId": "string"
}],
"ListenerDescriptions": [{
"Listener": {
"InstancePort": number,
"InstanceProtocol": "string",
"LoadBalancerPort": number,
"Protocol": "string",
"SslCertificateId": "string"
},
"PolicyNames": ["string"]
}],
"LoadBalancerAttributes": {
"AccessLog": {
"EmitInterval": number,
"Enabled": boolean,
"S3BucketName": "string",
"S3BucketPrefix": "string"
},
"ConnectionDraining": {
"Enabled": boolean,
"Timeout": number
},
"ConnectionSettings": {
"IdleTimeout": number
},
"CrossZoneLoadBalancing": {
"Enabled": boolean
},
"AdditionalAttributes": [{
"Key": "string",
"Value": "string"
}]
},
"LoadBalancerName": "string",
"Policies": {
"AppCookieStickinessPolicies": [{
"CookieName": "string",
"PolicyName": "string"
}],
"LbCookieStickinessPolicies": [{
"CookieExpirationPeriod": number,
"PolicyName": "string"
}],
"OtherPolicies": ["string"]
},
"Scheme": "string",
"SecurityGroups": ["string"],
"SourceSecurityGroup": {
"GroupName": "string",
"OwnerAlias": "string"
},
"Subnets": ["string"],
"VpcId": "string"
},
"AwsElbv2LoadBalancer": {
"AvailabilityZones": {
"SubnetId": "string",
"ZoneName": "string"
},
"CanonicalHostedZoneId": "string",
"CreatedTime": "string",
"DNSName": "string",
"IpAddressType": "string",
"LoadBalancerAttributes": [{
"Key": "string",
"Value": "string"
}],
"Scheme": "string",
"SecurityGroups": ["string"],
"State": {
"Code": "string",
"Reason": "string"
},
"Type": "string",
"VpcId": "string"
},
"AwsEventSchemasRegistry": {
"Description": "string",
"RegistryArn": "string",
"RegistryName": "string"
},
"AwsEventsEndpoint": {
"Arn": "string",
"Description": "string",
"EndpointId": "string",
"EndpointUrl": "string",
"EventBuses": [
{
"EventBusArn": "string"
},
{
"EventBusArn": "string"
}
],
"Name": "string",
"ReplicationConfig": {
"State": "string"
},
"RoleArn": "string",
"RoutingConfig": {
"FailoverConfig": {
"Primary": {
"HealthCheck": "string"
},
"Secondary": {
"Route": "string"
}
}
},
"State": "string"
},
"AwsEventsEventBus": {
"Arn": "string",
"Name": "string",
"Policy": "string"
},
"AwsGuardDutyDetector": {
"FindingPublishingFrequency": "string",
"ServiceRole": "string",
"Status": "string",
"DataSources": {
"CloudTrail": {
"Status": "string"
},
"DnsLogs": {
"Status": "string"
},
"FlowLogs": {
"Status": "string"
},
"S3Logs": {
"Status": "string"
},
"Kubernetes": {
"AuditLogs": {
"Status": "string"
}
},
"MalwareProtection": {
"ScanEc2InstanceWithFindings": {
"EbsVolumes": {
"Status": "string"
}
},
"ServiceRole": "string"
}
}
},
"AwsIamAccessKey": {
"AccessKeyId": "string",
"AccountId": "string",
"CreatedAt": "string",
"PrincipalId": "string",
"PrincipalName": "string",
"PrincipalType": "string",
"SessionContext": {
"Attributes": {
"CreationDate": "string",
"MfaAuthenticated": boolean
},
"SessionIssuer": {
"AccountId": "string",
"Arn": "string",
"PrincipalId": "string",
"Type": "string",
"UserName": "string"
}
},
"Status": "string"
},
"AwsIamGroup": {
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"GroupId": "string",
"GroupName": "string",
"GroupPolicyList": [{
"PolicyName": "string"
}],
"Path": "string"
},
"AwsIamPolicy": {
"AttachmentCount": number,
"CreateDate": "string",
"DefaultVersionId": "string",
"Description": "string",
"IsAttachable": boolean,
"Path": "string",
"PermissionsBoundaryUsageCount": number,
"PolicyId": "string",
"PolicyName": "string",
"PolicyVersionList": [{
"CreateDate": "string",
"IsDefaultVersion": boolean,
"VersionId": "string"
}],
"UpdateDate": "string"
},
"AwsIamRole": {
"AssumeRolePolicyDocument": "string",
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"InstanceProfileList": [{
"Arn": "string",
"CreateDate": "string",
"InstanceProfileId": "string",
"InstanceProfileName": "string",
"Path": "string",
"Roles": [{
"Arn": "string",
"AssumeRolePolicyDocument": "string",
"CreateDate": "string",
"Path": "string",
"RoleId": "string",
"RoleName": "string"
}]
}],
"MaxSessionDuration": number,
"Path": "string",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "string",
"PermissionsBoundaryType": "string"
},
"RoleId": "string",
"RoleName": "string",
"RolePolicyList": [{
"PolicyName": "string"
}]
},
"AwsIamUser": {
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"GroupList": ["string"],
"Path": "string",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "string",
"PermissionsBoundaryType": "string"
},
"UserId": "string",
"UserName": "string",
"UserPolicyList": [{
"PolicyName": "string"
}]
},
"AwsKinesisStream": {
"Arn": "string",
"Name": "string",
"RetentionPeriodHours": number,
"ShardCount": number,
"StreamEncryption": {
"EncryptionType": "string",
"KeyId": "string"
}
},
"AwsKmsKey": {
"AWSAccountId": "string",
"CreationDate": "string",
"Description": "string",
"KeyId": "string",
"KeyManager": "string",
"KeyRotationStatus": boolean,
"KeyState": "string",
"Origin": "string"
},
"AwsLambdaFunction": {
"Architectures": [
"string"
],
"Code": {
"S3Bucket": "string",
"S3Key": "string",
"S3ObjectVersion": "string",
"ZipFile": "string"
},
"CodeSha256": "string",
"DeadLetterConfig": {
"TargetArn": "string"
},
"Environment": {
"Variables": {
"Stage": "string"
},
"Error": {
"ErrorCode": "string",
"Message": "string"
}
},
"FunctionName": "string",
"Handler": "string",
"KmsKeyArn": "string",
"LastModified": "string",
"Layers": {
"Arn": "string",
"CodeSize": number
},
"PackageType": "string",
"RevisionId": "string",
"Role": "string",
"Runtime": "string",
"Timeout": integer,
"TracingConfig": {
"Mode": "string"
},
"Version": "string",
"VpcConfig": {
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
},
"MasterArn": "string",
"MemorySize": number
},
"AwsLambdaLayerVersion": {
"CompatibleRuntimes": [
"string"
],
"CreatedDate": "string",
"Version": number
},
"AwsMskCluster": {
"ClusterInfo": {
"ClientAuthentication": {
"Sasl": {
"Scram": {
"Enabled": boolean
},
"Iam": {
"Enabled": boolean
}
},
"Tls": {
"CertificateAuthorityArnList": [],
"Enabled": boolean
},
"Unauthenticated": {
"Enabled": boolean
}
},
"ClusterName": "string",
"CurrentVersion": "string",
"EncryptionInfo": {
"EncryptionAtRest": {
"DataVolumeKMSKeyId": "string"
},
"EncryptionInTransit": {
"ClientBroker": "string",
"InCluster": boolean
}
},
"EnhancedMonitoring": "string",
"NumberOfBrokerNodes": integer
}
},
"AwsNetworkFirewallFirewall": {
"DeleteProtection": boolean,
"Description": "string",
"FirewallArn": "string",
"FirewallId": "string",
"FirewallName": "string",
"FirewallPolicyArn": "string",
"FirewallPolicyChangeProtection": boolean,
"SubnetChangeProtection": boolean,
"SubnetMappings": [{
"SubnetId": "string"
}],
"VpcId": "string"
},
"AwsNetworkFirewallFirewallPolicy": {
"Description": "string",
"FirewallPolicy": {
"StatefulRuleGroupReferences": [{
"ResourceArn": "string"
}],
"StatelessCustomActions": [{
"ActionDefinition": {
"PublishMetricAction": {
"Dimensions": [{
"Value": "string"
}]
}
},
"ActionName": "string"
}],
"StatelessDefaultActions": ["string"],
"StatelessFragmentDefaultActions": ["string"],
"StatelessRuleGroupReferences": [{
"Priority": number,
"ResourceArn": "string"
}]
},
"FirewallPolicyArn": "string",
"FirewallPolicyId": "string",
"FirewallPolicyName": "string"
},
"AwsNetworkFirewallRuleGroup": {
"Capacity": number,
"Description": "string",
"RuleGroup": {
"RulesSource": {
"RulesSourceList": {
"GeneratedRulesType": "string",
"Targets": ["string"],
"TargetTypes": ["string"]
},
"RulesString": "string",
"StatefulRules": [{
"Action": "string",
"Header": {
"Destination": "string",
"DestinationPort": "string",
"Direction": "string",
"Protocol": "string",
"Source": "string",
"SourcePort": "string"
},
"RuleOptions": [{
"Keyword": "string",
"Settings": ["string"]
}]
}],
"StatelessRulesAndCustomActions": {
"CustomActions": [{
"ActionDefinition": {
"PublishMetricAction": {
"Dimensions": [{
"Value": "string"
}]
}
},
"ActionName": "string"
}],
"StatelessRules": [{
"Priority": number,
"RuleDefinition": {
"Actions": ["string"],
"MatchAttributes": {
"DestinationPorts": [{
"FromPort": number,
"ToPort": number
}],
"Destinations": [{
"AddressDefinition": "string"
}],
"Protocols": [number],
"SourcePorts": [{
"FromPort": number,
"ToPort": number
}],
"Sources": [{
"AddressDefinition": "string"
}],
"TcpFlags": [{
"Flags": ["string"],
"Masks": ["string"]
}]
}
}
}]
}
},
"RuleVariables": {
"IpSets": {
"Definition": ["string"]
},
"PortSets": {
"Definition": ["string"]
}
}
},
"RuleGroupArn": "string",
"RuleGroupId": "string",
"RuleGroupName": "string",
"Type": "string"
},
"AwsOpenSearchServiceDomain": {
"AccessPolicies": "string",
"AdvancedSecurityOptions": {
"Enabled": boolean,
"InternalUserDatabaseEnabled": boolean,
"MasterUserOptions": {
"MasterUserArn": "string",
"MasterUserName": "string",
"MasterUserPassword": "string"
}
},
"Arn": "string",
"ClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"WarmCount": number,
"WarmEnabled": boolean,
"WarmType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"DomainEndpoint": "string",
"DomainEndpointOptions": {
"CustomEndpoint": "string",
"CustomEndpointCertificateArn": "string",
"CustomEndpointEnabled": boolean,
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"DomainEndpoints": {
"string": "string"
},
"DomainName": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"EngineVersion": "string",
"Id": "string",
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"OptionalDeployment": boolean,
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VpcOptions": {
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
}
},
"AwsRdsDbCluster": {
"ActivityStreamStatus": "string",
"AllocatedStorage": number,
"AssociatedRoles": [{
"RoleArn": "string",
"Status": "string"
}],
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZones": ["string"],
"BackupRetentionPeriod": integer,
"ClusterCreateTime": "string",
"CopyTagsToSnapshot": boolean,
"CrossAccountClone": boolean,
"CustomEndpoints": ["string"],
"DatabaseName": "string",
"DbClusterIdentifier": "string",
"DbClusterMembers": [{
"DbClusterParameterGroupStatus": "string",
"DbInstanceIdentifier": "string",
"IsClusterWriter": boolean,
"PromotionTier": integer
}],
"DbClusterOptionGroupMemberships": [{
"DbClusterOptionGroupName": "string",
"Status": "string"
}],
"DbClusterParameterGroup": "string",
"DbClusterResourceId": "string",
"DbSubnetGroup": "string",
"DeletionProtection": boolean,
"DomainMemberships": [{
"Domain": "string",
"Fqdn": "string",
"IamRoleName": "string",
"Status": "string"
}],
"EnabledCloudwatchLogsExports": ["string"],
"Endpoint": "string",
"Engine": "string",
"EngineMode": "string",
"EngineVersion": "string",
"HostedZoneId": "string",
"HttpEndpointEnabled": boolean,
"IamDatabaseAuthenticationEnabled": boolean,
"KmsKeyId": "string",
"MasterUsername": "string",
"MultiAz": boolean,
"Port": integer,
"PreferredBackupWindow": "string",
"PreferredMaintenanceWindow": "string",
"ReaderEndpoint": "string",
"ReadReplicaIdentifiers": ["string"],
"Status": "string",
"StorageEncrypted": boolean,
"VpcSecurityGroups": [{
"Status": "string",
"VpcSecurityGroupId": "string"
}]
},
"AwsRdsDbClusterSnapshot": {
"AllocatedStorage": integer,
"AvailabilityZones": ["string"],
"ClusterCreateTime": "string",
"DbClusterIdentifier": "string",
"DbClusterSnapshotAttributes": [{
"AttributeName": "string",
"AttributeValues": ["string"]
}],
"DbClusterSnapshotIdentifier": "string",
"Engine": "string",
"EngineVersion": "string",
"IamDatabaseAuthenticationEnabled": boolean,
"KmsKeyId": "string",
"LicenseModel": "string",
"MasterUsername": "string",
"PercentProgress": integer,
"Port": integer,
"SnapshotCreateTime": "string",
"SnapshotType": "string",
"Status": "string",
"StorageEncrypted": boolean,
"VpcId": "string"
},
"AwsRdsDbInstance": {
"AllocatedStorage": number,
"AssociatedRoles": [{
"RoleArn": "string",
"FeatureName": "string",
"Status": "string"
}],
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZone": "string",
"BackupRetentionPeriod": number,
"CACertificateIdentifier": "string",
"CharacterSetName": "string",
"CopyTagsToSnapshot": boolean,
"DBClusterIdentifier": "string",
"DBInstanceClass": "string",
"DBInstanceIdentifier": "string",
"DbInstancePort": number,
"DbInstanceStatus": "string",
"DbiResourceId": "string",
"DBName": "string",
"DbParameterGroups": [{
"DbParameterGroupName": "string",
"ParameterApplyStatus": "string"
}],
"DbSecurityGroups": ["string"],
"DbSubnetGroup": {
"DbSubnetGroupArn": "string",
"DbSubnetGroupDescription": "string",
"DbSubnetGroupName": "string",
"SubnetGroupStatus": "string",
"Subnets": [{
"SubnetAvailabilityZone": {
"Name": "string"
},
"SubnetIdentifier": "string",
"SubnetStatus": "string"
}],
"VpcId": "string"
},
"DeletionProtection": boolean,
"Endpoint": {
"Address": "string",
"Port": number,
"HostedZoneId": "string"
},
"DomainMemberships": [{
"Domain": "string",
"Fqdn": "string",
"IamRoleName": "string",
"Status": "string"
}],
"EnabledCloudwatchLogsExports": ["string"],
"Engine": "string",
"EngineVersion": "string",
"EnhancedMonitoringResourceArn": "string",
"IAMDatabaseAuthenticationEnabled": boolean,
"InstanceCreateTime": "string",
"Iops": number,
"KmsKeyId": "string",
"LatestRestorableTime": "string",
"LicenseModel": "string",
"ListenerEndpoint": {
"Address": "string",
"HostedZoneId": "string",
"Port": number
},
"MasterUsername": "admin",
"MaxAllocatedStorage": number,
"MonitoringInterval": number,
"MonitoringRoleArn": "string",
"MultiAz": boolean,
"OptionGroupMemberships": [{
"OptionGroupName": "string",
"Status": "string"
}],
"PendingModifiedValues": {
"AllocatedStorage": number,
"BackupRetentionPeriod": number,
"CaCertificateIdentifier": "string",
"DbInstanceClass": "string",
"DbInstanceIdentifier": "string",
"DbSubnetGroupName": "string",
"EngineVersion": "string",
"Iops": number,
"LicenseModel": "string",
"MasterUserPassword": "string",
"MultiAZ": boolean,
"PendingCloudWatchLogsExports": {
"LogTypesToDisable": ["string"],
"LogTypesToEnable": ["string"]
},
"Port": number,
"ProcessorFeatures": [{
"Name": "string",
"Value": "string"
}],
"StorageType": "string"
},
"PerformanceInsightsEnabled": boolean,
"PerformanceInsightsKmsKeyId": "string",
"PerformanceInsightsRetentionPeriod": number,
"PreferredBackupWindow": "string",
"PreferredMaintenanceWindow": "string",
"ProcessorFeatures": [{
"Name": "string",
"Value": "string"
}],
"PromotionTier": number,
"PubliclyAccessible": boolean,
"ReadReplicaDBClusterIdentifiers": ["string"],
"ReadReplicaDBInstanceIdentifiers": ["string"],
"ReadReplicaSourceDBInstanceIdentifier": "string",
"SecondaryAvailabilityZone": "string",
"StatusInfos": [{
"Message": "string",
"Normal": boolean,
"Status": "string",
"StatusType": "string"
}],
"StorageEncrypted": boolean,
"TdeCredentialArn": "string",
"Timezone": "string",
"VpcSecurityGroups": [{
"VpcSecurityGroupId": "string",
"Status": "string"
}]
},
"AwsRdsDbSecurityGroup": {
"DbSecurityGroupArn": "string",
"DbSecurityGroupDescription": "string",
"DbSecurityGroupName": "string",
"Ec2SecurityGroups": [{
"Ec2SecurityGroupuId": "string",
"Ec2SecurityGroupName": "string",
"Ec2SecurityGroupOwnerId": "string",
"Status": "string"
}],
"IpRanges": [{
"CidrIp": "string",
"Status": "string"
}],
"OwnerId": "string",
"VpcId": "string"
},
"AwsRdsDbSnapshot": {
"AllocatedStorage": integer,
"AvailabilityZone": "string",
"DbInstanceIdentifier": "string",
"DbiResourceId": "string",
"DbSnapshotIdentifier": "string",
"Encrypted": boolean,
"Engine": "string",
"EngineVersion": "string",
"IamDatabaseAuthenticationEnabled": boolean,
"InstanceCreateTime": "string",
"Iops": number,
"KmsKeyId": "string",
"LicenseModel": "string",
"MasterUsername": "string",
"OptionGroupName": "string",
"PercentProgress": integer,
"Port": integer,
"ProcessorFeatures": [],
"SnapshotCreateTime": "string",
"SnapshotType": "string",
"SourceDbSnapshotIdentifier": "string",
"SourceRegion": "string",
"Status": "string",
"StorageType": "string",
"TdeCredentialArn": "string",
"Timezone": "string",
"VpcId": "string"
},
"AwsRdsEventSubscription": {
"CustomerAwsId": "string",
"CustSubscriptionId": "string",
"Enabled": boolean,
"EventCategoriesList": ["string"],
"EventSubscriptionArn": "string",
"SnsTopicArn": "string",
"SourceIdsList": ["string"],
"SourceType": "string",
"Status": "string",
"SubscriptionCreationTime": "string"
},
"AwsRedshiftCluster": {
"AllowVersionUpgrade": boolean,
"AutomatedSnapshotRetentionPeriod": number,
"AvailabilityZone": "string",
"ClusterAvailabilityStatus": "string",
"ClusterCreateTime": "string",
"ClusterIdentifier": "string",
"ClusterNodes": [{
"NodeRole": "string",
"PrivateIPAddress": "string",
"PublicIPAddress": "string"
}],
"ClusterParameterGroups": [{
"ClusterParameterStatusList": [{
"ParameterApplyErrorDescription": "string",
"ParameterApplyStatus": "string",
"ParameterName": "string"
}],
"ParameterApplyStatus": "string",
"ParameterGroupName": "string"
}],
"ClusterPublicKey": "string",
"ClusterRevisionNumber": "string",
"ClusterSecurityGroups": [{
"ClusterSecurityGroupName": "string",
"Status": "string"
}],
"ClusterSnapshotCopyStatus": {
"DestinationRegion": "string",
"ManualSnapshotRetentionPeriod": number,
"RetentionPeriod": number,
"SnapshotCopyGrantName": "string"
},
"ClusterStatus": "string",
"ClusterSubnetGroupName": "string",
"ClusterVersion": "string",
"DBName": "string",
"DeferredMaintenanceWindows": [{
"DeferMaintenanceEndTime": "string",
"DeferMaintenanceIdentifier": "string",
"DeferMaintenanceStartTime": "string"
}],
"ElasticIpStatus": {
"ElasticIp": "string",
"Status": "string"
},
"ElasticResizeNumberOfNodeOptions": "string",
"Encrypted": boolean,
"Endpoint": {
"Address": "string",
"Port": number
},
"EnhancedVpcRouting": boolean,
"ExpectedNextSnapshotScheduleTime": "string",
"ExpectedNextSnapshotScheduleTimeStatus": "string",
"HsmStatus": {
"HsmClientCertificateIdentifier": "string",
"HsmConfigurationIdentifier": "string",
"Status": "string"
},
"IamRoles": [{
"ApplyStatus": "string",
"IamRoleArn": "string"
}],
"KmsKeyId": "string",
"LoggingStatus":{
"BucketName": "string",
"LastFailureMessage": "string",
"LastFailureTime": "string",
"LastSuccessfulDeliveryTime": "string",
"LoggingEnabled": boolean,
"S3KeyPrefix": "string"
},
"MaintenanceTrackName": "string",
"ManualSnapshotRetentionPeriod": number,
"MasterUsername": "string",
"NextMaintenanceWindowStartTime": "string",
"NodeType": "string",
"NumberOfNodes": number,
"PendingActions": ["string"],
"PendingModifiedValues": {
"AutomatedSnapshotRetentionPeriod": number,
"ClusterIdentifier": "string",
"ClusterType": "string",
"ClusterVersion": "string",
"EncryptionType": "string",
"EnhancedVpcRouting": boolean,
"MaintenanceTrackName": "string",
"MasterUserPassword": "string",
"NodeType": "string",
"NumberOfNodes": number,
"PubliclyAccessible": "string"
},
"PreferredMaintenanceWindow": "string",
"PubliclyAccessible": boolean,
"ResizeInfo": {
"AllowCancelResize": boolean,
"ResizeType": "string"
},
"RestoreStatus": {
"CurrentRestoreRateInMegaBytesPerSecond": number,
"ElapsedTimeInSeconds": number,
"EstimatedTimeToCompletionInSeconds": number,
"ProgressInMegaBytes": number,
"SnapshotSizeInMegaBytes": number,
"Status": "string"
},
"SnapshotScheduleIdentifier": "string",
"SnapshotScheduleState": "string",
"VpcId": "string",
"VpcSecurityGroups": [{
"Status": "string",
"VpcSecurityGroupId": "string"
}]
},
"AwsRoute53HostedZone": {
"HostedZone": {
"Id": "string",
"Name": "string",
"Config": {
"Comment": "string"
}
},
"NameServers": ["string"],
"QueryLoggingConfig": {
"CloudWatchLogsLogGroupArn": {
"CloudWatchLogsLogGroupArn": "string",
"Id": "string",
"HostedZoneId": "string"
}
},
"Vpcs": [
{
"Id": "string",
"Region": "string"
}
]
},
"AwsS3AccessPoint": {
"AccessPointArn": "string",
"Alias": "string",
"Bucket": "string",
"BucketAccountId": "string",
"Name": "string",
"NetworkOrigin": "string",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"VpcConfiguration": {
"VpcId": "string"
}
},
"AwsS3AccountPublicAccessBlock": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"AwsS3Bucket": {
"AccessControlList": "string",
"BucketLifecycleConfiguration": {
"Rules": [{
"AbortIncompleteMultipartUpload": {
"DaysAfterInitiation": number
},
"ExpirationDate": "string",
"ExpirationInDays": number,
"ExpiredObjectDeleteMarker": boolean,
"Filter": {
"Predicate": {
"Operands": [{
"Prefix": "string",
"Type": "string"
},
{
"Tag": {
"Key": "string",
"Value": "string"
},
"Type": "string"
}
],
"Type": "string"
}
},
"Id": "string",
"NoncurrentVersionExpirationInDays": number,
"NoncurrentVersionTransitions": [{
"Days": number,
"StorageClass": "string"
}],
"Prefix": "string",
"Status": "string",
"Transitions": [{
"Date": "string",
"Days": number,
"StorageClass": "string"
}]
}]
},
"BucketLoggingConfiguration": {
"DestinationBucketName": "string",
"LogFilePrefix": "string"
},
"BucketName": "string",
"BucketNotificationConfiguration": {
"Configurations": [{
"Destination": "string",
"Events": ["string"],
"Filter": {
"S3KeyFilter": {
"FilterRules": [{
"Name": "string",
"Value": "string"
}]
}
},
"Type": "string"
}]
},
"BucketVersioningConfiguration": {
"IsMfaDeleteEnabled": boolean,
"Status": "string"
},
"BucketWebsiteConfiguration": {
"ErrorDocument": "string",
"IndexDocumentSuffix": "string",
"RedirectAllRequestsTo": {
"HostName": "string",
"Protocol": "string"
},
"RoutingRules": [{
"Condition": {
"HttpErrorCodeReturnedEquals": "string",
"KeyPrefixEquals": "string"
},
"Redirect": {
"HostName": "string",
"HttpRedirectCode": "string",
"Protocol": "string",
"ReplaceKeyPrefixWith": "string",
"ReplaceKeyWith": "string"
}
}]
},
"CreatedAt": "string",
"ObjectLockConfiguration": {
"ObjectLockEnabled": "string",
"Rule": {
"DefaultRetention": {
"Days": integer,
"Mode": "string",
"Years": integer
}
}
},
"OwnerAccountId": "string",
"OwnerId": "string",
"OwnerName": "string",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"ServerSideEncryptionConfiguration": {
"Rules": [{
"ApplyServerSideEncryptionByDefault": {
"KMSMasterKeyID": "string",
"SSEAlgorithm": "string"
}
}]
}
},
"AwsS3Object": {
"ContentType": "string",
"ETag": "string",
"LastModified": "string",
"ServerSideEncryption": "string",
"SSEKMSKeyId": "string",
"VersionId": "string"
},
"AwsSagemakerNotebookInstance": {
"DirectInternetAccess": "string",
"InstanceMetadataServiceConfiguration": {
"MinimumInstanceMetadataServiceVersion": "string"
},
"InstanceType": "string",
"LastModifiedTime": "string",
"NetworkInterfaceId": "string",
"NotebookInstanceArn": "string",
"NotebookInstanceName": "string",
"NotebookInstanceStatus": "string",
"PlatformIdentifier": "string",
"RoleArn": "string",
"RootAccess": "string",
"SecurityGroups": ["string"],
"SubnetId": "string",
"Url": "string",
"VolumeSizeInGB": number
},
"AwsSecretsManagerSecret": {
"Deleted": boolean,
"Description": "string",
"KmsKeyId": "string",
"Name": "string",
"RotationEnabled": boolean,
"RotationLambdaArn": "string",
"RotationOccurredWithinFrequency": boolean,
"RotationRules": {
"AutomaticallyAfterDays": integer
}
},
"AwsSnsTopic": {
"ApplicationSuccessFeedbackRoleArn": "string",
"FirehoseFailureFeedbackRoleArn": "string",
"FirehoseSuccessFeedbackRoleArn": "string",
"HttpFailureFeedbackRoleArn": "string",
"HttpSuccessFeedbackRoleArn": "string",
"KmsMasterKeyId": "string",
"Owner": "string",
"SqsFailureFeedbackRoleArn": "string",
"SqsSuccessFeedbackRoleArn": "string",
"Subscription": {
"Endpoint": "string",
"Protocol": "string"
},
"TopicName": "string"
},
"AwsSqsQueue": {
"DeadLetterTargetArn": "string",
"KmsDataKeyReusePeriodSeconds": number,
"KmsMasterKeyId": "string",
"QueueName": "string"
},
"AwsSsmPatchCompliance": {
"Patch": {
"ComplianceSummary": {
"ComplianceType": "string",
"CompliantCriticalCount": integer,
"CompliantHighCount": integer,
"CompliantInformationalCount": integer,
"CompliantLowCount": integer,
"CompliantMediumCount": integer,
"CompliantUnspecifiedCount": integer,
"ExecutionType": "string",
"NonCompliantCriticalCount": integer,
"NonCompliantHighCount": integer,
"NonCompliantInformationalCount": integer,
"NonCompliantLowCount": integer,
"NonCompliantMediumCount": integer,
"NonCompliantUnspecifiedCount": integer,
"OverallSeverity": "string",
"PatchBaselineId": "string",
"PatchGroup": "string",
"Status": "string"
}
}
},
"AwsStepFunctionStateMachine": {
"StateMachineArn": "string",
"Name": "string",
"Status": "string",
"RoleArn": "string",
"Type": "string",
"LoggingConfiguration": {
"Level": "string",
"IncludeExecutionData": boolean
},
"TracingConfiguration": {
"Enabled": boolean
}
},
"AwsWafRateBasedRule": {
"MatchPredicates": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"MetricName": "string",
"Name": "string",
"RateKey": "string",
"RateLimit": number,
"RuleId": "string"
},
"AwsWafRegionalRateBasedRule": {
"MatchPredicates": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"MetricName": "string",
"Name": "string",
"RateKey": "string",
"RateLimit": number,
"RuleId": "string"
},
"AwsWafRegionalRule": {
"MetricName": "string",
"Name": "string",
"RuleId": "string",
"PredicateList": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}]
},
"AwsWafRegionalRuleGroup": {
"MetricName": "string",
"Name": "string",
"RuleGroupId": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}]
},
"AwsWafRegionalWebAcl": {
"DefaultAction": "string",
"MetricName" : "string",
"Name": "string",
"RulesList" : [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string",
"ExcludedRules": [{
"ExclusionType": "string",
"RuleId": "string"
}],
"OverrideAction": {
"Type": "string"
}
}],
"WebAclId": "string"
},
"AwsWafRule": {
"MetricName": "string",
"Name": "string",
"PredicateList": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"RuleId": "string"
},
"AwsWafRuleGroup": {
"MetricName": "string",
"Name": "string",
"RuleGroupId": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}]
},
"AwsWafv2RuleGroup": {
"Arn": "string",
"Capacity": number,
"Description": "string",
"Id": "string",
"Name": "string",
"Rules": [{
"Action": {
"Allow": {
"CustomRequestHandling": {
"InsertHeaders": [
{
"Name": "string",
"Value": "string"
},
{
"Name": "string",
"Value": "string"
}
]
}
}
},
"Name": "string",
"Priority": number,
"VisibilityConfig": {
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string",
"SampledRequestsEnabled": boolean
}
}],
"VisibilityConfig": {
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string",
"SampledRequestsEnabled": boolean
}
},
"AwsWafWebAcl": {
"DefaultAction": "string",
"Name": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"ExcludedRules": [{
"RuleId": "string"
}],
"OverrideAction": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}],
"WebAclId": "string"
},
"AwsWafv2WebAcl": {
"Arn": "string",
"Capacity": number,
"CaptchaConfig": {
"ImmunityTimeProperty": {
"ImmunityTime": number
}
},
"DefaultAction": {
"Block": {}
},
"Description": "string",
"ManagedbyFirewallManager": boolean,
"Name": "string",
"Rules": [{
"Action": {
"RuleAction": {
"Block": {}
}
},
"Name": "string",
"Priority": number,
"VisibilityConfig": {
"SampledRequestsEnabled": boolean,
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string"
}
}],
"VisibilityConfig": {
"SampledRequestsEnabled": boolean,
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string"
}
},
"AwsXrayEncryptionConfig": {
"KeyId": "string",
"Status": "string",
"Type": "string"
},
"CodeRepository": {
"CodeSecurityIntegrationArn": "string",
"ProjectName": "string",
"ProviderType": "string"
},
"Container": {
"ContainerRuntime": "string",
"ImageId": "string",
"ImageName": "string",
"LaunchedAt": "string",
"Name": "string",
"Privileged": boolean,
"VolumeMounts": [{
"Name": "string",
"MountPath": "string"
}]
},
"Other": {
"string": "string"
},
"Id": "string",
"Partition": "string",
"Region": "string",
"ResourceRole": "string",
"Tags": {
"string": "string"
},
"Type": "string"
}],
"SchemaVersion": "string",
"Severity": {
"Label": "string",
"Normalized": number,
"Original": "string"
},
"Sample": boolean,
"SourceUrl": "string",
"Threats": [{
"FilePaths": [{
"FileName": "string",
"FilePath": "string",
"Hash": "string",
"ResourceId": "string"
}],
"ItemCount": number,
"Name": "string",
"Severity": "string"
}],
"ThreatIntelIndicators": [{
"Category": "string",
"LastObservedAt": "string",
"Source": "string",
"SourceUrl": "string",
"Type": "string",
"Value": "string"
}],
"Title": "string",
"Types": ["string"],
"UpdatedAt": "string",
"UserDefinedFields": {
"string": "string"
},
"VerificationState": "string",
"Vulnerabilities": [{
"CodeVulnerabilities": [{
"Cwes": [
"string",
"string"
],
"FilePath": {
"EndLine": integer,
"FileName": "string",
"FilePath": "string",
"StartLine": integer
},
"SourceArn":"string"
}],
"Cvss": [{
"Adjustments": [{
"Metric": "string",
"Reason": "string"
}],
"BaseScore": number,
"BaseVector": "string",
"Source": "string",
"Version": "string"
}],
"EpssScore": number,
"ExploitAvailable": "string",
"FixAvailable": "string",
"Id": "string",
"LastKnownExploitAt": "string",
"ReferenceUrls": ["string"],
"RelatedVulnerabilities": ["string"],
"Vendor": {
"Name": "string",
"Url": "string",
"VendorCreatedAt": "string",
"VendorSeverity": "string",
"VendorUpdatedAt": "string"
},
"VulnerablePackages": [{
"Architecture": "string",
"Epoch": "string",
"FilePath": "string",
"FixedInVersion": "string",
"Name": "string",
"PackageManager": "string",
"Release": "string",
"Remediation": "string",
"SourceLayerArn": "string",
"SourceLayerHash": "string",
"Version": "string"
}]
}],
"Workflow": {
"Status": "string"
},
"WorkflowState": "string"
}
]
```
# 整合對 ASFF 欄位和值的影響
AWS Security Hub CSPM 為控制項提供兩種類型的整合:
+ **合併控制項檢視** – 使用這種類型的合併,每個控制項在所有標準中都有一個識別符。此外,在 Security Hub CSPM 主控台上,**控制**頁面會顯示所有標準的所有控制項。
+ **合併控制問題清單** – 使用這種類型的整合,Security Hub CSPM 會為控制項產生單一問題清單,即使控制項適用於多個啟用的標準。這可以減少問題清單雜訊。
您無法啟用或停用合併控制項檢視。如果您在 2023 年 2 月 23 日或之後啟用 Security Hub CSPM,則預設會啟用合併控制調查結果。否則,預設為停用。不過,對於組織,只有在管理員帳戶啟用合併控制問題清單時,才能為 Security Hub CSPM 成員帳戶啟用合併控制問題清單。若要進一步了解合併控制問題清單,請參閱 [產生和更新控制問題清單](controls-findings-create-update.md)。
這兩種類型的合併都會影響 中控制項問題清單的欄位和值[AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
**Topics**
+ [合併控制項檢視 – ASFF 變更](#securityhub-findings-format-consolidated-controls-view)
+ [合併控制調查結果 – ASFF 變更](#securityhub-findings-format-consolidated-control-findings)
+ [啟用合併控制調查結果前後IDs](#securityhub-findings-format-changes-generator-ids)
+ [合併如何影響控制 IDs和標題](#securityhub-findings-format-changes-ids-titles)
+ [更新整合的工作流程](#securityhub-findings-format-changes-prepare)
## 合併控制項檢視 – ASFF 變更
合併控制項檢視功能對 ASFF 中控制項調查結果的欄位和值進行了下列變更。如果您的工作流程不依賴這些 ASFF 欄位的值,則不需要採取任何動作。如果您有依賴這些欄位特定值的工作流程,請更新您的工作流程以使用目前的值。
| ASFF 欄位 | 合併控制項檢視之前的範本值 | 合併控制項檢視之後的範例值,以及變更的說明 |
| --- | --- | --- |
| Compliance.SecurityControlId | 不適用 (新欄位) | EC2.2 跨標準引進單一控制項 ID。 `ProductFields.RuleId`仍然為 CIS v1.2.0 控制項提供標準型控制項 ID。 `ProductFields.ControlId`仍然為其他標準中的控制項提供標準型控制項 ID。 |
| Compliance.AssociatedStandards | 不適用 (新欄位) | 【\$1"StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"\$1】 顯示要在哪些標準中啟用控制項。 |
| ProductFields.ArchivalReasons:0/Description | 不適用 (新欄位) | 「調查結果處於封存狀態,因為已開啟或關閉合併控制調查結果。這會導致在產生新問題清單時封存先前狀態的問題清單。」 說明 Security Hub CSPM 封存現有問題清單的原因。 |
| ProductFields.ArchivalReasons:0/ReasonCode | 不適用 (新欄位) | 「CONSOLIDATED\$1CONTROL\$1FINDINGS\$1UPDATE」 提供 Security Hub CSPM 已封存現有問題清單的原因。 |
| ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此欄位不再參考標準。 |
| Remediation.Recommendation.Text | 「如需如何修正此問題的指示,請參閱 AWS Security Hub CSPM PCI DSS 文件。」 | 「如需如何修正此問題的指示,請參閱 AWS Security Hub CSPM 控制文件。」 此欄位不再參考標準。 |
| Remediation.Recommendation.Url | https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此欄位不再參考標準。 |
## 合併控制調查結果 – ASFF 變更
如果您啟用合併控制調查結果,則 ASFF 中控制調查結果的欄位和值可能會受到下列變更的影響。這些變更是合併控制項檢視功能所引進的變更之外的變更。如果您的工作流程不依賴這些 ASFF 欄位的值,則不需要採取任何動作。如果您有依賴這些欄位特定值的工作流程,請更新您的工作流程以使用目前的值。
**提示**
如果您使用 v[2 AWS .0.0 上的自動化安全回應](https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/)解決方案,請注意它支援合併的控制問題清單。這表示如果您啟用合併控制問題清單,您可以維護目前的工作流程。
| ASFF 欄位 | 啟用合併控制問題清單之前的範例值 | 啟用合併控制調查結果後的範例值,以及變更的說明 |
| --- | --- | --- |
| GeneratorId | aws-foundational-security-best-practices/v/1.0.0/Config.1 | security-control/Config.1 此欄位不再參考標準。 |
| Title | AWS Config 應啟用 PCI.Config.1 | AWS Config 應啟用 此欄位不再參考標準特定資訊。 |
| Id | arn:aws:securityhub:eu-central-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.IAM.5/finding/ab6d6a26-a156-48f0-9403-115983e5a956 | arn:aws:securityhub:eu-central-1:123456789012:security-control/iam.9/finding/ab6d6a26-a156-48f0-9403-115983e5a956 此欄位不再參考標準。 |
| ProductFields.ControlId | PCI.EC2.2 | 已移除。請`Compliance.SecurityControlId`改為參閱 。 此欄位會移除,以便使用單一、標準無關的控制 ID。 |
| ProductFields.RuleId | 1.3 | 已移除。請`Compliance.SecurityControlId`改為參閱 。 此欄位會移除,以便使用單一、標準無關的控制 ID。 |
| Description | 此 PCI DSS 控制項 AWS Config 會檢查目前帳戶和區域中是否已啟用 。 | 此 AWS 控制項 AWS Config 會檢查目前帳戶和區域中是否已啟用 。此欄位不再參考標準。 |
| 嚴重性 | 「嚴重性」:\$1 「產品」:90、 "標籤": "CRITICAL", 「標準化」:90、 "Original": "CRITICAL" \$1 | 「嚴重性」:\$1 "標籤": "CRITICAL", 「標準化」:90、 "Original": "CRITICAL" \$1 Security Hub CSPM 不再使用產品欄位來描述調查結果的嚴重性。 |
| 類型 | 【「軟體和組態檢查/產業和法規標準/PCI-DSS」】 | 【「軟體和組態檢查/產業和法規標準」】 此欄位不再參考標準。 |
| Compliance.RelatedRequirements | 【「PCI DSS 10.5.2」, 「PCI DSS 11.5」, 「CIS AWS Foundations 2.5」】 | 【「PCI DSS v3.2.1/10.5.2」, 「PCI DSS v3.2.1/11.5」, 「CIS AWS Foundations Benchmark v1.2.0/2.5」】 此欄位顯示所有啟用標準中的相關需求。 |
| CreatedAt | 2022-05-05T08:18:13.138Z | 2022-09-25T08:18:13.138Z 格式保持不變,但值會在您啟用合併控制問題清單時重設。 |
| FirstObservedAt | 2022-05-07T08:18:13.138Z | 2022-09-28T08:18:13.138Z 格式保持不變,但值會在您啟用合併控制問題清單時重設。 |
| ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation | 已移除。請`Remediation.Recommendation.Url`改為參閱 。 |
| ProductFields.StandardsArn | arn:aws:securityhub::standards/aws-foundational-security-best-practices/v/1.0.0 | 已移除。請`Compliance.AssociatedStandards`改為參閱 。 |
| ProductFields.StandardsControlArn | arn:aws:securityhub:us-east-1:123456789012:control/aws-foundational-security-best-practices/v/1.0.0/Config.1 | 已移除。Security Hub CSPM 會針對跨標準的安全性檢查產生一個問題清單。 |
| ProductFields.StandardsGuideArn | arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0 | 已移除。請`Compliance.AssociatedStandards`改為參閱 。 |
| ProductFields.StandardsGuideSubscriptionArn | arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0 | 已移除。Security Hub CSPM 會針對跨標準的安全性檢查產生一個問題清單。 |
| ProductFields.StandardsSubscriptionArn | arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0 | 已移除。Security Hub CSPM 會針對跨標準的安全性檢查產生一個問題清單。 |
| ProductFields.aws/securityhub/FindingId | arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/Config.1/finding/751c2173-7372-4e12-8656-a5210dfb1d67 | arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:security-control/Config.1/finding/751c2173-7372-4e12-8656-a5210dfb1d67 此欄位不再參考標準。 |
### 開啟合併控制問題清單後,客戶提供 ASFF 欄位的值
如果您啟用合併控制問題清單,Security Hub CSPM 會跨標準產生一個問題清單,並封存原始問題清單 (每個標準都有不同的問題清單)。
您使用 Security Hub CSPM 主控台或 [https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html)操作對原始調查結果所做的更新,將不會保留在新的調查結果中。如有必要,您可以參考封存的問題清單來復原此資料。若要檢閱封存的問題清單,您可以使用 Security Hub CSPM 主控台上的**問題清單**頁面,並將**記錄狀態**篩選條件設定為**封存**。或者,您可以使用 Security Hub CSPM API [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html)的操作。
| 客戶提供的 ASFF 欄位 | 啟用合併控制問題清單之後的變更描述 |
| --- | --- |
| 可信度 | 重設為空白狀態。 |
| 重要性 | 重設為空白狀態。 |
| 注意 | 重設為空白狀態。 |
| RelatedFindings | 重設為空白狀態。 |
| 嚴重性 | 問題清單的預設嚴重性 (符合控制項的嚴重性)。 |
| 類型 | 重設為標準無關值。 |
| UserDefinedFields | 重設為空白狀態。 |
| VerificationState | 重設為空白狀態。 |
| 工作流程 | 新的失敗問題清單預設值為 NEW。新傳遞的問題清單的預設值為 RESOLVED。 |
## 啟用合併控制調查結果前後IDs
當您啟用合併控制調查結果時,下表列出控制項的產生器 ID 值變更。這些變更適用於自 2023 年 2 月 15 日起 Security Hub CSPM 支援的控制項。
| 啟用合併控制問題清單之前的 GeneratorID | 啟用合併控制問題清單後的 GeneratorID |
| --- | --- |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.1 | security-control/CloudWatch.1 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.10 | security-control/IAM.16 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.11 | security-control/IAM.17 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.12 | security-control/IAM.4 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.13 | security-control/IAM.9 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.14 | security-control/IAM.6 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.16 | security-control/IAM.2 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.2 | security-control/IAM.5 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.20 | security-control/IAM.18 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.22 | security-control/IAM.1 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.3 | security-control/IAM.8 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.4 | security-control/IAM.3 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.5 | security-control/IAM.11 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.6 | security-control/IAM.12 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.7 | security-control/IAM.13 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.8 | security-control/IAM.14 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.9 | security-control/IAM.15 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.1 | security-control/CloudTrail.1 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.2 | security-control/CloudTrail.4 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.3 | security-control/CloudTrail.6 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.4 | security-control/CloudTrail.5 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.5 | security-control/Config.1 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.6 | security-control/CloudTrail.7 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.7 | security-control/CloudTrail.2 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.8 | security-control/KMS.4 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.9 | security-control/EC2.6 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.1 | security-control/CloudWatch.2 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.2 | security-control/CloudWatch.3 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.3 | security-control/CloudWatch.1 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.4 | security-control/CloudWatch.4 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.5 | security-control/CloudWatch.5 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.6 | security-control/CloudWatch.6 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.7 | security-control/CloudWatch.7 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.8 | security-control/CloudWatch.8 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.9 | security-control/CloudWatch.9 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.10 | security-control/CloudWatch.10 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.11 | security-control/CloudWatch.11 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.12 | security-control/CloudWatch.12 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.13 | security-control/CloudWatch.13 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.14 | security-control/CloudWatch.14 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.1 | security-control/EC2.13 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.2 | security-control/EC2.14 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.3 | security-control/EC2.2 |
| cis-aws-foundations-benchmark/v/1.4.0/1.10 | security-control/IAM.5 |
| cis-aws-foundations-benchmark/v/1.4.0/1.14 | security-control/IAM.3 |
| cis-aws-foundations-benchmark/v/1.4.0/1.16 | security-control/IAM.1 |
| cis-aws-foundations-benchmark/v/1.4.0/1.17 | security-control/IAM.18 |
| cis-aws-foundations-benchmark/v/1.4.0/1.4 | security-control/IAM.4 |
| cis-aws-foundations-benchmark/v/1.4.0/1.5 | security-control/IAM.9 |
| cis-aws-foundations-benchmark/v/1.4.0/1.6 | security-control/IAM.6 |
| cis-aws-foundations-benchmark/v/1.4.0/1.7 | security-control/CloudWatch.1 |
| cis-aws-foundations-benchmark/v/1.4.0/1.8 | security-control/IAM.15 |
| cis-aws-foundations-benchmark/v/1.4.0/1.9 | security-control/IAM.16 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.2 | security-control/S3.5 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.5.1 | security-control/S3.1 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.5.2 | security-control/S3.8 |
| cis-aws-foundations-benchmark/v/1.4.0/2.2.1 | security-control/EC2.7 |
| cis-aws-foundations-benchmark/v/1.4.0/2.3.1 | security-control/RDS.3 |
| cis-aws-foundations-benchmark/v/1.4.0/3.1 | security-control/CloudTrail.1 |
| cis-aws-foundations-benchmark/v/1.4.0/3.2 | security-control/CloudTrail.4 |
| cis-aws-foundations-benchmark/v/1.4.0/3.4 | security-control/CloudTrail.5 |
| cis-aws-foundations-benchmark/v/1.4.0/3.5 | security-control/Config.1 |
| cis-aws-foundations-benchmark/v/1.4.0/3.6 | security-control/S3.9 |
| cis-aws-foundations-benchmark/v/1.4.0/3.7 | security-control/CloudTrail.2 |
| cis-aws-foundations-benchmark/v/1.4.0/3.8 | security-control/KMS.4 |
| cis-aws-foundations-benchmark/v/1.4.0/3.9 | security-control/EC2.6 |
| cis-aws-foundations-benchmark/v/1.4.0/4.3 | security-control/CloudWatch.1 |
| cis-aws-foundations-benchmark/v/1.4.0/4.4 | security-control/CloudWatch.4 |
| cis-aws-foundations-benchmark/v/1.4.0/4.5 | security-control/CloudWatch.5 |
| cis-aws-foundations-benchmark/v/1.4.0/4.6 | security-control/CloudWatch.6 |
| cis-aws-foundations-benchmark/v/1.4.0/4.7 | security-control/CloudWatch.7 |
| cis-aws-foundations-benchmark/v/1.4.0/4.8 | security-control/CloudWatch.8 |
| cis-aws-foundations-benchmark/v/1.4.0/4.9 | security-control/CloudWatch.9 |
| cis-aws-foundations-benchmark/v/1.4.0/4.10 | security-control/CloudWatch.10 |
| cis-aws-foundations-benchmark/v/1.4.0/4.11 | security-control/CloudWatch.11 |
| cis-aws-foundations-benchmark/v/1.4.0/4.12 | security-control/CloudWatch.12 |
| cis-aws-foundations-benchmark/v/1.4.0/4.13 | security-control/CloudWatch.13 |
| cis-aws-foundations-benchmark/v/1.4.0/4.14 | security-control/CloudWatch.14 |
| cis-aws-foundations-benchmark/v/1.4.0/5.1 | security-control/EC2.21 |
| cis-aws-foundations-benchmark/v/1.4.0/5.3 | security-control/EC2.2 |
| aws-foundational-security-best-practices/v/1.0.0/Account.1 | security-control/Account.1 |
| aws-foundational-security-best-practices/v/1.0.0/ACM.1 | security-control/ACM.1 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.1 | security-control/APIGateway.1 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.2 | security-control/APIGateway.2 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.3 | security-control/APIGateway.3 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.4 | security-control/APIGateway.4 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.5 | security-control/APIGateway.5 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.8 | security-control/APIGateway.8 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.9 | security-control/APIGateway.9 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling.1 | security-control/AutoScaling.1 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling.2 | security-control/AutoScaling.2 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling.3 | security-control/AutoScaling.3 |
| aws-foundational-security-best-practices/v/1.0.0/Autoscaling.5 | security-control/Autoscaling.5 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling.6 | security-control/AutoScaling.6 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling.9 | security-control/AutoScaling.9 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.1 | security-control/CloudFront.1 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.3 | security-control/CloudFront.3 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.4 | security-control/CloudFront.4 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.5 | security-control/CloudFront.5 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.6 | security-control/CloudFront.6 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.7 | security-control/CloudFront.7 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.8 | security-control/CloudFront.8 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.9 | security-control/CloudFront.9 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.10 | security-control/CloudFront.10 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.12 | security-control/CloudFront.12 |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail.1 | security-control/CloudTrail.1 |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2 | security-control/CloudTrail.2 |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail.4 | security-control/CloudTrail.4 |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail.5 | security-control/CloudTrail.5 |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild.1 | security-control/CodeBuild.1 |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild.2 | security-control/CodeBuild.2 |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild.3 | security-control/CodeBuild.3 |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild.4 | security-control/CodeBuild.4 |
| aws-foundational-security-best-practices/v/1.0.0/Config.1 | security-control/Config.1 |
| aws-foundational-security-best-practices/v/1.0.0/DMS.1 | security-control/DMS.1 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB.1 | security-control/DynamoDB.1 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB.2 | security-control/DynamoDB.2 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB.3 | security-control/DynamoDB.3 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.1 | security-control/EC2.1 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.3 | security-control/EC2.3 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.4 | security-control/EC2.4 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.6 | security-control/EC2.6 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.7 | security-control/EC2.7 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.8 | security-control/EC2.8 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.9 | security-control/EC2.9 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.10 | security-control/EC2.10 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.15 | security-control/EC2.15 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.16 | security-control/EC2.16 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.17 | security-control/EC2.17 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.18 | security-control/EC2.18 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.19 | security-control/EC2.19 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.2 | security-control/EC2.2 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.20 | security-control/EC2.20 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.21 | security-control/EC2.21 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.23 | security-control/EC2.23 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.24 | security-control/EC2.24 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.25 | security-control/EC2.25 |
| aws-foundational-security-best-practices/v/1.0.0/ECR.1 | security-control/ECR.1 |
| aws-foundational-security-best-practices/v/1.0.0/ECR.2 | security-control/ECR.2 |
| aws-foundational-security-best-practices/v/1.0.0/ECR.3 | security-control/ECR.3 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.1 | security-control/ECS.1 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.10 | security-control/ECS.10 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.12 | security-control/ECS.12 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.2 | security-control/ECS.2 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.3 | security-control/ECS.3 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.4 | security-control/ECS.4 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.5 | security-control/ECS.5 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.8 | security-control/ECS.8 |
| aws-foundational-security-best-practices/v/1.0.0/EFS.1 | security-control/EFS.1 |
| aws-foundational-security-best-practices/v/1.0.0/EFS.2 | security-control/EFS.2 |
| aws-foundational-security-best-practices/v/1.0.0/EFS.3 | security-control/EFS.3 |
| aws-foundational-security-best-practices/v/1.0.0/EFS.4 | security-control/EFS.4 |
| aws-foundational-security-best-practices/v/1.0.0/EKS.2 | security-control/EKS.2 |
| aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk.1 | security-control/ElasticBeanstalk.1 |
| aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk.2 | security-control/ElasticBeanstalk.2 |
| aws-foundational-security-best-practices/v/1.0.0/ELBv2.1 | security-control/ELB.1 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.2 | security-control/ELB.2 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.3 | security-control/ELB.3 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.4 | security-control/ELB.4 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.5 | security-control/ELB.5 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.6 | security-control/ELB.6 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.7 | security-control/ELB.7 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.8 | security-control/ELB.8 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.9 | security-control/ELB.9 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.10 | security-control/ELB.10 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.11 | security-control/ELB.11 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.12 | security-control/ELB.12 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.13 | security-control/ELB.13 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.14 | security-control/ELB.14 |
| aws-foundational-security-best-practices/v/1.0.0/EMR.1 | security-control/EMR.1 |
| aws-foundational-security-best-practices/v/1.0.0/ES.1 | security-control/ES.1 |
| aws-foundational-security-best-practices/v/1.0.0/ES.2 | security-control/ES.2 |
| aws-foundational-security-best-practices/v/1.0.0/ES.3 | security-control/ES.3 |
| aws-foundational-security-best-practices/v/1.0.0/ES.4 | security-control/ES.4 |
| aws-foundational-security-best-practices/v/1.0.0/ES.5 | security-control/ES.5 |
| aws-foundational-security-best-practices/v/1.0.0/ES.6 | security-control/ES.6 |
| aws-foundational-security-best-practices/v/1.0.0/ES.7 | security-control/ES.7 |
| aws-foundational-security-best-practices/v/1.0.0/ES.8 | security-control/ES.8 |
| aws-foundational-security-best-practices/v/1.0.0/GuardDuty.1 | security-control/GuardDuty.1 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.1 | security-control/IAM.1 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.2 | security-control/IAM.2 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.21 | security-control/IAM.21 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.3 | security-control/IAM.3 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.4 | security-control/IAM.4 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.5 | security-control/IAM.5 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.6 | security-control/IAM.6 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.7 | security-control/IAM.7 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.8 | security-control/IAM.8 |
| aws-foundational-security-best-practices/v/1.0.0/Kinesis.1 | security-control/Kinesis.1 |
| aws-foundational-security-best-practices/v/1.0.0/KMS.1 | security-control/KMS.1 |
| aws-foundational-security-best-practices/v/1.0.0/KMS.2 | security-control/KMS.2 |
| aws-foundational-security-best-practices/v/1.0.0/KMS.3 | security-control/KMS.3 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda.1 | security-control/Lambda.1 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda.2 | security-control/Lambda.2 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda.5 | security-control/Lambda.5 |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.3 | security-control/NetworkFirewall.3 |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.4 | security-control/NetworkFirewall.4 |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.5 | security-control/NetworkFirewall.5 |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.6 | security-control/NetworkFirewall.6 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.1 | security-control/Opensearch.1 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.2 | security-control/Opensearch.2 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.3 | security-control/Opensearch.3 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.4 | security-control/Opensearch.4 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.5 | security-control/Opensearch.5 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.6 | security-control/Opensearch.6 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.7 | security-control/Opensearch.7 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.8 | security-control/Opensearch.8 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.1 | security-control/RDS.1 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.10 | security-control/RDS.10 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.11 | security-control/RDS.11 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.12 | security-control/RDS.12 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.13 | security-control/RDS.13 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.14 | security-control/RDS.14 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.15 | security-control/RDS.15 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.16 | security-control/RDS.16 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.17 | security-control/RDS.17 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.19 | security-control/RDS.19 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.2 | security-control/RDS.2 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.20 | security-control/RDS.20 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.21 | security-control/RDS.21 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.22 | security-control/RDS.22 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.23 | security-control/RDS.23 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.24 | security-control/RDS.24 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.25 | security-control/RDS.25 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.3 | security-control/RDS.3 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.4 | security-control/RDS.4 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.5 | security-control/RDS.5 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.6 | security-control/RDS.6 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.7 | security-control/RDS.7 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.8 | security-control/RDS.8 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.9 | security-control/RDS.9 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.1 | security-control/Redshift.1 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.2 | security-control/Redshift.2 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.3 | security-control/Redshift.3 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.4 | security-control/Redshift.4 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.6 | security-control/Redshift。6 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.7 | security-control/Redshift。7 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.8 | security-control/Redshift。8 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.9 | security-control/Redshift.9 |
| aws-foundational-security-best-practices/v/1.0.0/S3.1 | security-control/S3.1 |
| aws-foundational-security-best-practices/v/1.0.0/S3.12 | security-control/S3.12 |
| aws-foundational-security-best-practices/v/1.0.0/S3.13 | security-control/S3.13 |
| aws-foundational-security-best-practices/v/1.0.0/S3.2 | security-control/S3.2 |
| aws-foundational-security-best-practices/v/1.0.0/S3.3 | security-control/S3.3 |
| aws-foundational-security-best-practices/v/1.0.0/S3.5 | security-control/S3.5 |
| aws-foundational-security-best-practices/v/1.0.0/S3.6 | security-control/S3.6 |
| aws-foundational-security-best-practices/v/1.0.0/S3.8 | security-control/S3.8 |
| aws-foundational-security-best-practices/v/1.0.0/S3.9 | security-control/S3.9 |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker.1 | security-control/SageMaker.1 |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker.2 | security-control/SageMaker.2 |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker.3 | security-control/SageMaker.3 |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager.1 | security-control/SecretsManager.1 |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager.2 | security-control/SecretsManager.2 |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager.3 | security-control/SecretsManager.3 |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager.4 | security-control/SecretsManager.4 |
| aws-foundational-security-best-practices/v/1.0.0/SQS.1 | security-control/SQS.1 |
| aws-foundational-security-best-practices/v/1.0.0/SSM.1 | security-control/SSM.1 |
| aws-foundational-security-best-practices/v/1.0.0/SSM.2 | security-control/SSM.2 |
| aws-foundational-security-best-practices/v/1.0.0/SSM.3 | security-control/SSM.3 |
| aws-foundational-security-best-practices/v/1.0.0/SSM.4 | security-control/SSM.4 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.1 | security-control/WAF.1 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.2 | security-control/WAF.2 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.3 | security-control/WAF.3 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.4 | security-control/WAF.4 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.6 | security-control/WAF.6 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.7 | security-control/WAF.7 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.8 | security-control/WAF.8 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.10 | security-control/WAF.10 |
| pci-dss/v/3.2.1/PCI.AutoScaling.1 | security-control/AutoScaling.1 |
| pci-dss/v/3.2.1/PCI.CloudTrail.1 | security-control/CloudTrail.2 |
| pci-dss/v/3.2.1/PCI.CloudTrail.2 | security-control/CloudTrail.3 |
| pci-dss/v/3.2.1/PCI.CloudTrail.3 | security-control/CloudTrail.4 |
| pci-dss/v/3.2.1/PCI.CloudTrail.4 | security-control/CloudTrail.5 |
| pci-dss/v/3.2.1/PCI.CodeBuild.1 | security-control/CodeBuild.1 |
| pci-dss/v/3.2.1/PCI.CodeBuild.2 | security-control/CodeBuild.2 |
| pci-dss/v/3.2.1/PCI.Config.1 | security-control/Config.1 |
| pci-dss/v/3.2.1/PCI.CW.1 | security-control/CloudWatch.1 |
| pci-dss/v/3.2.1/PCI.DMS.1 | security-control/DMS.1 |
| pci-dss/v/3.2.1/PCI.EC2.1 | security-control/EC2.1 |
| pci-dss/v/3.2.1/PCI.EC2.2 | security-control/EC2.2 |
| pci-dss/v/3.2.1/PCI.EC2.4 | security-control/EC2.12 |
| pci-dss/v/3.2.1/PCI.EC2.5 | security-control/EC2.13 |
| pci-dss/v/3.2.1/PCI.EC2.6 | security-control/EC2.6 |
| pci-dss/v/3.2.1/PCI.ELBv2.1 | security-control/ELB.1 |
| pci-dss/v/3.2.1/PCI.ES.1 | security-control/ES.2 |
| pci-dss/v/3.2.1/PCI.ES.2 | security-control/ES.1 |
| pci-dss/v/3.2.1/PCI.GuardDuty.1 | security-control/GuardDuty.1 |
| pci-dss/v/3.2.1/PCI.IAM.1 | security-control/IAM.4 |
| pci-dss/v/3.2.1/PCI.IAM.2 | security-control/IAM.2 |
| pci-dss/v/3.2.1/PCI.IAM.3 | security-control/IAM.1 |
| pci-dss/v/3.2.1/PCI.IAM.4 | security-control/IAM.6 |
| pci-dss/v/3.2.1/PCI.IAM.5 | security-control/IAM.9 |
| pci-dss/v/3.2.1/PCI.IAM.6 | security-control/IAM.19 |
| pci-dss/v/3.2.1/PCI.IAM.7 | security-control/IAM.8 |
| pci-dss/v/3.2.1/PCI.IAM.8 | security-control/IAM.10 |
| pci-dss/v/3.2.1/PCI.KMS.1 | security-control/KMS.4 |
| pci-dss/v/3.2.1/PCI.Lambda.1 | security-control/Lambda.1 |
| pci-dss/v/3.2.1/PCI.Lambda.2 | security-control/Lambda.3 |
| pci-dss/v/3.2.1/PCI.Opensearch.1 | security-control/Opensearch.2 |
| pci-dss/v/3.2.1/PCI.Opensearch.2 | security-control/Opensearch.1 |
| pci-dss/v/3.2.1/PCI.RDS.1 | security-control/RDS.1 |
| pci-dss/v/3.2.1/PCI.RDS.2 | security-control/RDS.2 |
| pci-dss/v/3.2.1/PCI.Redshift.1 | security-control/Redshift.1 |
| pci-dss/v/3.2.1/PCI.S3.1 | security-control/S3.3 |
| pci-dss/v/3.2.1/PCI.S3.2 | security-control/S3.2 |
| pci-dss/v/3.2.1/PCI.S3.3 | security-control/S3.7 |
| pci-dss/v/3.2.1/PCI.S3.5 | security-control/S3.5 |
| pci-dss/v/3.2.1/PCI.S3.6 | security-control/S3.1 |
| pci-dss/v/3.2.1/PCI.SageMaker.1 | security-control/SageMaker.1 |
| pci-dss/v/3.2.1/PCI.SSM.1 | security-control/SSM.2 |
| pci-dss/v/3.2.1/PCI.SSM.2 | security-control/SSM.3 |
| pci-dss/v/3.2.1/PCI.SSM.3 | security-control/SSM.1 |
| service-managed-aws-control-tower/v/1.0.0/ACM.1 | security-control/ACM.1 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway.1 | security-control/APIGateway.1 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway.2 | security-control/APIGateway.2 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway.3 | security-control/APIGateway.3 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway.4 | security-control/APIGateway.4 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway.5 | security-control/APIGateway.5 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.1 | security-control/AutoScaling.1 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.2 | security-control/AutoScaling.2 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.3 | security-control/AutoScaling.3 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.4 | security-control/AutoScaling.4 |
| service-managed-aws-control-tower/v/1.0.0/Autoscaling.5 | security-control/Autoscaling.5 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.6 | security-control/AutoScaling.6 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.9 | security-control/AutoScaling.9 |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail.1 | security-control/CloudTrail.1 |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail.2 | security-control/CloudTrail.2 |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail.4 | security-control/CloudTrail.4 |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail.5 | security-control/CloudTrail.5 |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild.1 | security-control/CodeBuild.1 |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild.2 | security-control/CodeBuild.2 |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild.4 | security-control/CodeBuild.4 |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild.5 | security-control/CodeBuild.5 |
| service-managed-aws-control-tower/v/1.0.0/DMS.1 | security-control/DMS.1 |
| service-managed-aws-control-tower/v/1.0.0/DynamoDB.1 | security-control/DynamoDB.1 |
| service-managed-aws-control-tower/v/1.0.0/DynamoDB.2 | security-control/DynamoDB.2 |
| service-managed-aws-control-tower/v/1.0.0/EC2.1 | security-control/EC2.1 |
| service-managed-aws-control-tower/v/1.0.0/EC2.2 | security-control/EC2.2 |
| service-managed-aws-control-tower/v/1.0.0/EC2.3 | security-control/EC2.3 |
| service-managed-aws-control-tower/v/1.0.0/EC2.4 | security-control/EC2.4 |
| service-managed-aws-control-tower/v/1.0.0/EC2.6 | security-control/EC2.6 |
| service-managed-aws-control-tower/v/1.0.0/EC2.7 | security-control/EC2.7 |
| service-managed-aws-control-tower/v/1.0.0/EC2.8 | security-control/EC2.8 |
| service-managed-aws-control-tower/v/1.0.0/EC2.9 | security-control/EC2.9 |
| service-managed-aws-control-tower/v/1.0.0/EC2.10 | security-control/EC2.10 |
| service-managed-aws-control-tower/v/1.0.0/EC2.15 | security-control/EC2.15 |
| service-managed-aws-control-tower/v/1.0.0/EC2.16 | security-control/EC2.16 |
| service-managed-aws-control-tower/v/1.0.0/EC2.17 | security-control/EC2.17 |
| service-managed-aws-control-tower/v/1.0.0/EC2.18 | security-control/EC2.18 |
| service-managed-aws-control-tower/v/1.0.0/EC2.19 | security-control/EC2.19 |
| service-managed-aws-control-tower/v/1.0.0/EC2.20 | security-control/EC2.20 |
| service-managed-aws-control-tower/v/1.0.0/EC2.21 | security-control/EC2.21 |
| service-managed-aws-control-tower/v/1.0.0/EC2.22 | security-control/EC2.22 |
| service-managed-aws-control-tower/v/1.0.0/ECR.1 | security-control/ECR.1 |
| service-managed-aws-control-tower/v/1.0.0/ECR.2 | security-control/ECR.2 |
| service-managed-aws-control-tower/v/1.0.0/ECR.3 | security-control/ECR.3 |
| service-managed-aws-control-tower/v/1.0.0/ECS.1 | security-control/ECS.1 |
| service-managed-aws-control-tower/v/1.0.0/ECS.2 | security-control/ECS.2 |
| service-managed-aws-control-tower/v/1.0.0/ECS.3 | security-control/ECS.3 |
| service-managed-aws-control-tower/v/1.0.0/ECS.4 | security-control/ECS.4 |
| service-managed-aws-control-tower/v/1.0.0/ECS.5 | security-control/ECS.5 |
| service-managed-aws-control-tower/v/1.0.0/ECS.8 | security-control/ECS.8 |
| service-managed-aws-control-tower/v/1.0.0/ECS.10 | security-control/ECS.10 |
| service-managed-aws-control-tower/v/1.0.0/ECS.12 | security-control/ECS.12 |
| service-managed-aws-control-tower/v/1.0.0/EFS.1 | security-control/EFS.1 |
| service-managed-aws-control-tower/v/1.0.0/EFS.2 | security-control/EFS.2 |
| service-managed-aws-control-tower/v/1.0.0/EFS.3 | security-control/EFS.3 |
| service-managed-aws-control-tower/v/1.0.0/EFS.4 | security-control/EFS.4 |
| service-managed-aws-control-tower/v/1.0.0/EKS.2 | security-control/EKS.2 |
| service-managed-aws-control-tower/v/1.0.0/ELB.2 | security-control/ELB.2 |
| service-managed-aws-control-tower/v/1.0.0/ELB.3 | security-control/ELB.3 |
| service-managed-aws-control-tower/v/1.0.0/ELB.4 | security-control/ELB.4 |
| service-managed-aws-control-tower/v/1.0.0/ELB.5 | security-control/ELB.5 |
| service-managed-aws-control-tower/v/1.0.0/ELB.6 | security-control/ELB.6 |
| service-managed-aws-control-tower/v/1.0.0/ELB.7 | security-control/ELB.7 |
| service-managed-aws-control-tower/v/1.0.0/ELB.8 | security-control/ELB.8 |
| service-managed-aws-control-tower/v/1.0.0/ELB.9 | security-control/ELB.9 |
| service-managed-aws-control-tower/v/1.0.0/ELB.10 | security-control/ELB.10 |
| service-managed-aws-control-tower/v/1.0.0/ELB.12 | security-control/ELB.12 |
| service-managed-aws-control-tower/v/1.0.0/ELB.13 | security-control/ELB.13 |
| service-managed-aws-control-tower/v/1.0.0/ELB.14 | security-control/ELB.14 |
| service-managed-aws-control-tower/v/1.0.0/ELBv2.1 | security-control/ELBv2.1 |
| service-managed-aws-control-tower/v/1.0.0/EMR.1 | security-control/EMR.1 |
| service-managed-aws-control-tower/v/1.0.0/ES.1 | security-control/ES.1 |
| service-managed-aws-control-tower/v/1.0.0/ES.2 | security-control/ES.2 |
| service-managed-aws-control-tower/v/1.0.0/ES.3 | security-control/ES.3 |
| service-managed-aws-control-tower/v/1.0.0/ES.4 | security-control/ES.4 |
| service-managed-aws-control-tower/v/1.0.0/ES.5 | security-control/ES.5 |
| service-managed-aws-control-tower/v/1.0.0/ES.6 | security-control/ES.6 |
| service-managed-aws-control-tower/v/1.0.0/ES.7 | security-control/ES.7 |
| service-managed-aws-control-tower/v/1.0.0/ES.8 | security-control/ES.8 |
| service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk.1 | security-control/ElasticBeanstalk.1 |
| service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk.2 | security-control/ElasticBeanstalk.2 |
| service-managed-aws-control-tower/v/1.0.0/GuardDuty.1 | security-control/GuardDuty.1 |
| service-managed-aws-control-tower/v/1.0.0/IAM.1 | security-control/IAM.1 |
| service-managed-aws-control-tower/v/1.0.0/IAM.2 | security-control/IAM.2 |
| service-managed-aws-control-tower/v/1.0.0/IAM.3 | security-control/IAM.3 |
| service-managed-aws-control-tower/v/1.0.0/IAM.4 | security-control/IAM.4 |
| service-managed-aws-control-tower/v/1.0.0/IAM.5 | security-control/IAM.5 |
| service-managed-aws-control-tower/v/1.0.0/IAM.6 | security-control/IAM.6 |
| service-managed-aws-control-tower/v/1.0.0/IAM.7 | security-control/IAM.7 |
| service-managed-aws-control-tower/v/1.0.0/IAM.8 | security-control/IAM.8 |
| service-managed-aws-control-tower/v/1.0.0/IAM.21 | security-control/IAM.21 |
| service-managed-aws-control-tower/v/1.0.0/Kinesis.1 | security-control/Kinesis.1 |
| service-managed-aws-control-tower/v/1.0.0/KMS.1 | security-control/KMS.1 |
| service-managed-aws-control-tower/v/1.0.0/KMS.2 | security-control/KMS.2 |
| service-managed-aws-control-tower/v/1.0.0/KMS.3 | security-control/KMS.3 |
| service-managed-aws-control-tower/v/1.0.0/Lambda.1 | security-control/Lambda.1 |
| service-managed-aws-control-tower/v/1.0.0/Lambda.2 | security-control/Lambda.2 |
| service-managed-aws-control-tower/v/1.0.0/Lambda.5 | security-control/Lambda.5 |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.3 | security-control/NetworkFirewall.3 |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.4 | security-control/NetworkFirewall.4 |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.5 | security-control/NetworkFirewall.5 |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.6 | security-control/NetworkFirewall.6 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.1 | security-control/Opensearch.1 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.2 | security-control/Opensearch.2 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.3 | security-control/Opensearch.3 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.4 | security-control/Opensearch.4 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.5 | security-control/Opensearch.5 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.6 | security-control/Opensearch.6 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.7 | security-control/Opensearch.7 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.8 | security-control/Opensearch.8 |
| service-managed-aws-control-tower/v/1.0.0/RDS.1 | security-control/RDS.1 |
| service-managed-aws-control-tower/v/1.0.0/RDS.2 | security-control/RDS.2 |
| service-managed-aws-control-tower/v/1.0.0/RDS.3 | security-control/RDS.3 |
| service-managed-aws-control-tower/v/1.0.0/RDS.4 | security-control/RDS.4 |
| service-managed-aws-control-tower/v/1.0.0/RDS.5 | security-control/RDS.5 |
| service-managed-aws-control-tower/v/1.0.0/RDS.6 | security-control/RDS.6 |
| service-managed-aws-control-tower/v/1.0.0/RDS.8 | security-control/RDS.8 |
| service-managed-aws-control-tower/v/1.0.0/RDS.9 | security-control/RDS.9 |
| service-managed-aws-control-tower/v/1.0.0/RDS.10 | security-control/RDS.10 |
| service-managed-aws-control-tower/v/1.0.0/RDS.11 | security-control/RDS.11 |
| service-managed-aws-control-tower/v/1.0.0/RDS.13 | security-control/RDS.13 |
| service-managed-aws-control-tower/v/1.0.0/RDS.17 | security-control/RDS.17 |
| service-managed-aws-control-tower/v/1.0.0/RDS.18 | security-control/RDS.18 |
| service-managed-aws-control-tower/v/1.0.0/RDS.19 | security-control/RDS.19 |
| service-managed-aws-control-tower/v/1.0.0/RDS.20 | security-control/RDS.20 |
| service-managed-aws-control-tower/v/1.0.0/RDS.21 | security-control/RDS.21 |
| service-managed-aws-control-tower/v/1.0.0/RDS.22 | security-control/RDS.22 |
| service-managed-aws-control-tower/v/1.0.0/RDS.23 | security-control/RDS.23 |
| service-managed-aws-control-tower/v/1.0.0/RDS.25 | security-control/RDS.25 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.1 | security-control/Redshift.1 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.2 | security-control/Redshift.2 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.4 | security-control/Redshift.4 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.6 | security-control/Redshift。6 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.7 | security-control/Redshift。7 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.8 | security-control/Redshift。8 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.9 | security-control/Redshift.9 |
| service-managed-aws-control-tower/v/1.0.0/S3.1 | security-control/S3.1 |
| service-managed-aws-control-tower/v/1.0.0/S3.2 | security-control/S3.2 |
| service-managed-aws-control-tower/v/1.0.0/S3.3 | security-control/S3.3 |
| service-managed-aws-control-tower/v/1.0.0/S3.5 | security-control/S3.5 |
| service-managed-aws-control-tower/v/1.0.0/S3.6 | security-control/S3.6 |
| service-managed-aws-control-tower/v/1.0.0/S3.8 | security-control/S3.8 |
| service-managed-aws-control-tower/v/1.0.0/S3.9 | security-control/S3.9 |
| service-managed-aws-control-tower/v/1.0.0/S3.12 | security-control/S3.12 |
| service-managed-aws-control-tower/v/1.0.0/S3.13 | security-control/S3.13 |
| service-managed-aws-control-tower/v/1.0.0/SageMaker.1 | security-control/SageMaker.1 |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager.1 | security-control/SecretsManager.1 |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager.2 | security-control/SecretsManager.2 |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager.3 | security-control/SecretsManager.3 |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager.4 | security-control/SecretsManager.4 |
| service-managed-aws-control-tower/v/1.0.0/SQS.1 | security-control/SQS.1 |
| service-managed-aws-control-tower/v/1.0.0/SSM.1 | security-control/SSM.1 |
| service-managed-aws-control-tower/v/1.0.0/SSM.2 | security-control/SSM.2 |
| service-managed-aws-control-tower/v/1.0.0/SSM.3 | security-control/SSM.3 |
| service-managed-aws-control-tower/v/1.0.0/SSM.4 | security-control/SSM.4 |
| service-managed-aws-control-tower/v/1.0.0/WAF.2 | security-control/WAF.2 |
| service-managed-aws-control-tower/v/1.0.0/WAF.3 | security-control/WAF.3 |
| service-managed-aws-control-tower/v/1.0.0/WAF.4 | security-control/WAF.4 |
## 合併如何影響控制 IDs和標題
合併控制項檢視和合併的控制項調查結果會將控制 IDs和標題跨標準標準化。*安全控制 ID* 和*安全控制標題*一詞是指這些標準無關的值。
Security Hub CSPM 主控台會顯示標準無關的安全控制 IDs和安全控制標題,無論您的帳戶是否啟用或停用合併控制調查結果。不過,如果您的帳戶停用合併控制調查結果,Security Hub CSPM 調查結果會包含 PCI DSS 和 CIS 1.2.0 版的標準特定控制標題。此外,Security Hub CSPM 調查結果包含標準特定的控制 ID 和安全控制 ID。如需整合如何影響控制調查結果的範例,請參閱 [控制問題清單的範例](sample-control-findings.md)。
對於屬於[AWS Control Tower 服務受管標準的](service-managed-standard-aws-control-tower.md)控制項,在啟用合併控制項問題清單時,`CT.`會從問題清單中的控制項 ID 和標題中移除字首。
若要在 Security Hub CSPM 中停用安全控制,您必須停用對應至安全控制的所有標準控制。下表顯示安全控制 IDs和標題與標準特定控制 IDs和標題的映射。屬於 AWS 基礎安全最佳實務 (FSBP) 標準的控制項 IDs 和標題已經是標準無關的。如需符合網際網路安全中心 (CIS) v3.0.0 要求的控制項映射,請參閱 [將控制項映射至每個版本中的 CIS 需求](cis-aws-foundations-benchmark.md#cis-version-comparison)。若要在此資料表上執行您自己的指令碼,您可以將[其下載為 .csv 檔案](samples/Consolidation_ID_Title_Changes.csv.zip)。
| 標準 | 標準控制項 ID 和標題 | 安全控制 ID 和標題 |
| --- | --- | --- |
| CIS v1.2.0 | 1.1 避免使用根使用者 | [【CloudWatch.1] 應該存在日誌指標篩選條件和警示以使用「根」使用者](cloudwatch-controls.md#cloudwatch-1) |
| CIS v1.2.0 | 1.10 確保 IAM 密碼政策防止密碼重複使用 | [【IAM.16】 確保 IAM 密碼政策防止密碼重複使用](iam-controls.md#iam-16) |
| CIS v1.2.0 | 1.11 確保 IAM 密碼政策在 90 天內過期密碼 | [【IAM.17】 確保 IAM 密碼政策在 90 天內過期密碼](iam-controls.md#iam-17) |
| CIS v1.2.0 | 1.12 確保不存在根使用者存取金鑰 | [【IAM.4】 IAM 根使用者存取金鑰不應存在](iam-controls.md#iam-4) |
| CIS v1.2.0 | 1.13 確定根使用者已啟用 MFA | [【IAM.9】 應為根使用者啟用 MFA](iam-controls.md#iam-9) |
| CIS v1.2.0 | 1.14 確定已啟用根使用者的硬體 MFA | [[IAM.6] 應為根使用者啟用硬體 MFA](iam-controls.md#iam-6) |
| CIS v1.2.0 | 1.16 確保 IAM 政策僅連接到群組或角色 | [【IAM.2】 IAM 使用者不應連接 IAM 政策](iam-controls.md#iam-2) |
| CIS v1.2.0 | 1.2 確保所有具有主控台密碼的 IAM 使用者都已啟用多重驗證 (MFA) | [[IAM.5] 應為所有擁有主控台密碼的 IAM 使用者啟用 MFA](iam-controls.md#iam-5) |
| CIS v1.2.0 | 1.20 確定已建立支援角色來使用 管理事件 支援 | [【IAM.18】 確保已建立支援角色來使用 管理事件 AWS 支援](iam-controls.md#iam-18) |
| CIS v1.2.0 | 1.22 確保未建立允許完整 "\$1:\$1" 管理權限的 IAM 政策 | [【IAM.1】 IAM 政策不應允許完整的「\$1」管理權限](iam-controls.md#iam-1) |
| CIS v1.2.0 | 1.3 確定停用 90 天 (含) 以上未使用的登入資料 | [【IAM.8】 應移除未使用的 IAM 使用者登入資料](iam-controls.md#iam-8) |
| CIS v1.2.0 | 1.4 確保每 90 天或更短期限輪換存取金鑰 | [【IAM.3】 IAM 使用者的存取金鑰應每 90 天或更短時間輪換一次](iam-controls.md#iam-3) |
| CIS v1.2.0 | 1.5 確保 IAM 密碼政策至少需要一個大寫字母 | [【IAM.11】 確保 IAM 密碼政策至少需要一個大寫字母](iam-controls.md#iam-11) |
| CIS v1.2.0 | 1.6 確保 IAM 密碼政策至少需要一個小寫字母 | [【IAM.12】 確保 IAM 密碼政策至少需要一個小寫字母](iam-controls.md#iam-12) |
| CIS v1.2.0 | 1.7 確保 IAM 密碼政策至少需要一個符號 | [【IAM.13】 確保 IAM 密碼政策至少需要一個符號](iam-controls.md#iam-13) |
| CIS v1.2.0 | 1.8 確保 IAM 密碼政策至少需要一個數字 | [【IAM.14】 確保 IAM 密碼政策至少需要一個數字](iam-controls.md#iam-14) |
| CIS v1.2.0 | 1.9 確保 IAM 密碼政策要求密碼長度下限為 14 或更高 | [【IAM.15】 確保 IAM 密碼政策要求密碼長度下限為 14 或更高](iam-controls.md#iam-15) |
| CIS v1.2.0 | 2.1 確保所有區域都已啟用 CloudTrail | [【CloudTrail.1] CloudTrail 應該啟用並設定至少一個包含讀取和寫入管理事件的多區域追蹤](cloudtrail-controls.md#cloudtrail-1) |
| CIS v1.2.0 | 2.2 確保 CloudTrail 日誌檔案驗證已啟用 | [【CloudTrail.4] 應啟用 CloudTrail 日誌檔案驗證](cloudtrail-controls.md#cloudtrail-4) |
| CIS v1.2.0 | 2.3 確保用於存放 CloudTrail 日誌的 S3 儲存貯體不可公開存取 | [【CloudTrail.6] 確保用於存放 CloudTrail 日誌的 S3 儲存貯體不可公開存取](cloudtrail-controls.md#cloudtrail-6) |
| CIS v1.2.0 | 2.4 確保 CloudTrail 追蹤與 CloudWatch Logs 整合 | [【CloudTrail.5] CloudTrail 追蹤應與 Amazon CloudWatch Logs 整合](cloudtrail-controls.md#cloudtrail-5) |
| CIS v1.2.0 | 2.5 確保 AWS Config 已啟用 | [【Config.1】 AWS Config 應啟用並使用服務連結角色進行資源記錄](config-controls.md#config-1) |
| CIS v1.2.0 | 2.6 確保 CloudTrail S3 儲存貯體上已啟用 S3 儲存貯體存取記錄 | [【CloudTrail.7] 確定 CloudTrail S3 儲存貯體上已啟用 S3 儲存貯體存取記錄](cloudtrail-controls.md#cloudtrail-7) |
| CIS v1.2.0 | 2.7 確保使用 KMS CMKs對 CloudTrail 日誌進行靜態加密 | [[CloudTrail.2] CloudTrail 應啟用靜態加密](cloudtrail-controls.md#cloudtrail-2) |
| CIS v1.2.0 | 2.8 確定輪換客戶建立的 CMK | [【KMS.4】 應啟用 AWS KMS 金鑰輪換](kms-controls.md#kms-4) |
| CIS v1.2.0 | 2.9 確定所有 VPC 中皆已啟用 VPC 流程記錄 | [【EC2.6】 應在所有 VPC 中啟用 VPCs 流程記錄](ec2-controls.md#ec2-6) |
| CIS v1.2.0 | 3.1 確定未經授權的 API 呼叫中存在日誌指標篩選條件和警示 | [【CloudWatch.2] 確保未經授權的 API 呼叫存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-2) |
| CIS v1.2.0 | 3.10 確定安全群組變更存在日誌指標篩選條件和警示 | [【CloudWatch.10] 確保安全群組變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-10) |
| CIS v1.2.0 | 3.11 確定網路存取控制清單 (NACL) 變更存在日誌指標篩選條件和警示 | [【CloudWatch.11] 確定網路存取控制清單 (NACL) 的變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-11) |
| CIS v1.2.0 | 3.12 確定網路閘道變更存在日誌指標篩選條件和警示 | [【CloudWatch.12] 確保網路閘道變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-12) |
| CIS v1.2.0 | 3.13 確定路由表變更存在日誌指標篩選條件和警示 | [【CloudWatch.13] 確保路由表變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-13) |
| CIS v1.2.0 | 3.14 確定 VPC 變更存在日誌指標篩選條件和警示 | [【CloudWatch.14] 確保 VPC 變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-14) |
| CIS v1.2.0 | 3.2 確保沒有 MFA 的管理主控台登入存在日誌指標篩選條件和警示 | [【CloudWatch.3] 確保沒有 MFA 的管理主控台登入存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-3) |
| CIS v1.2.0 | 3.3 確保根使用者的用量存在日誌指標篩選條件和警示 | [【CloudWatch.1] 應該存在日誌指標篩選條件和警示以使用「根」使用者](cloudwatch-controls.md#cloudwatch-1) |
| CIS v1.2.0 | 3.4 確保 IAM 政策變更存在日誌指標篩選條件和警示 | [【CloudWatch.4] 確保 IAM 政策變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-4) |
| CIS v1.2.0 | 3.5 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示 | [【CloudWatch.5] 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-5) |
| CIS v1.2.0 | 3.6 確保 AWS 管理主控台 存在驗證失敗的日誌指標篩選條件和警示 | [【CloudWatch.6] 確保 AWS 管理主控台 驗證失敗時存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-6) |
| CIS v1.2.0 | 3.7 確定停用或排定刪除客戶建立的 CMK,存在日誌指標篩選條件和警示 | [【CloudWatch.7] 確保日誌指標篩選條件和警示存在,以停用或排程刪除客戶受管金鑰](cloudwatch-controls.md#cloudwatch-7) |
| CIS v1.2.0 | 3.8 確定 S3 儲存貯體政策變更存在日誌指標篩選條件和警示 | [【CloudWatch.8] 確保 S3 儲存貯體政策變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-8) |
| CIS v1.2.0 | 3.9 確保 AWS Config 組態變更存在日誌指標篩選條件和警示 | [【CloudWatch.9] 確保 AWS Config 組態變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-9) |
| CIS v1.2.0 | 4.1 確保無安全群組允許從 0.0.0.0/0 輸入連接埠 22 | [【EC2.13】 安全群組不應允許從 0.0.0.0/0 或 ::/0 傳入連接埠 22](ec2-controls.md#ec2-13) |
| CIS v1.2.0 | 4.2 確保無安全群組允許從 0.0.0.0/0 輸入連接埠 3389 | [【EC2.14】 安全群組不應允許從 0.0.0.0/0 或 ::/0 傳入連接埠 3389](ec2-controls.md#ec2-14) |
| CIS v1.2.0 | 4.3 確保每個 VPC 的預設安全群組都會限制所有流量 | [【EC2.2】 VPC 預設安全群組不應允許傳入或傳出流量](ec2-controls.md#ec2-2) |
| CIS 1.4.0 版 | 1.10 確保所有具有主控台密碼的 IAM 使用者都已啟用多重驗證 (MFA) | [[IAM.5] 應為所有擁有主控台密碼的 IAM 使用者啟用 MFA](iam-controls.md#iam-5) |
| CIS 1.4.0 版 | 1.14 確保每 90 天或更短時間輪換存取金鑰 | [【IAM.3】 IAM 使用者的存取金鑰應每 90 天或更短時間輪換一次](iam-controls.md#iam-3) |
| CIS 1.4.0 版 | 1.16 確保未連接允許完整 "\$1:\$1" 管理權限的 IAM 政策 | [【IAM.1】 IAM 政策不應允許完整的「\$1」管理權限](iam-controls.md#iam-1) |
| CIS 1.4.0 版 | 1.17 確定已建立支援角色來使用 管理事件 支援 | [【IAM.18】 確保已建立支援角色來使用 管理事件 AWS 支援](iam-controls.md#iam-18) |
| CIS 1.4.0 版 | 1.4 確保根使用者帳戶存取金鑰不存在 | [【IAM.4】 IAM 根使用者存取金鑰不應存在](iam-controls.md#iam-4) |
| CIS 1.4.0 版 | 1.5 確定根使用者帳戶已啟用 MFA | [【IAM.9】 應為根使用者啟用 MFA](iam-controls.md#iam-9) |
| CIS 1.4.0 版 | 1.6 確定已啟用根使用者帳戶的硬體 MFA | [[IAM.6] 應為根使用者啟用硬體 MFA](iam-controls.md#iam-6) |
| CIS 1.4.0 版 | 1.7 避免將根使用者用於管理和日常任務 | [【CloudWatch.1] 應該存在日誌指標篩選條件和警示以使用「根」使用者](cloudwatch-controls.md#cloudwatch-1) |
| CIS 1.4.0 版 | 1.8 確保 IAM 密碼政策的長度下限為 14 或更高 | [【IAM.15】 確保 IAM 密碼政策要求密碼長度下限為 14 或更高](iam-controls.md#iam-15) |
| CIS 1.4.0 版 | 1.9 確保 IAM 密碼政策防止密碼重複使用 | [【IAM.16】 確保 IAM 密碼政策防止密碼重複使用](iam-controls.md#iam-16) |
| CIS 1.4.0 版 | 2.1.2 確保 S3 儲存貯體政策設定為拒絕 HTTP 請求 | [【S3.5】 S3 一般用途儲存貯體應要求請求使用 SSL](s3-controls.md#s3-5) |
| CIS 1.4.0 版 | 應啟用 2.1.5.1 S3 封鎖公開存取設定 | [【S3.1】 S3 一般用途儲存貯體應啟用封鎖公開存取設定](s3-controls.md#s3-1) |
| CIS 1.4.0 版 | 2.1.5.2 S3 封鎖公開存取設定應在儲存貯體層級啟用 | [【S3.8】 S3 一般用途儲存貯體應封鎖公開存取](s3-controls.md#s3-8) |
| CIS 1.4.0 版 | 2.2.1 確保已啟用 EBS 磁碟區加密 | [【EC2.7】 應啟用 EBS 預設加密](ec2-controls.md#ec2-7) |
| CIS 1.4.0 版 | 2.3.1 確定已啟用 RDS 執行個體的加密 | [[RDS.3] RDS 資料庫執行個體應啟用靜態加密](rds-controls.md#rds-3) |
| CIS 1.4.0 版 | 3.1 確保所有區域都已啟用 CloudTrail | [【CloudTrail.1] CloudTrail 應該啟用並設定至少一個包含讀取和寫入管理事件的多區域追蹤](cloudtrail-controls.md#cloudtrail-1) |
| CIS 1.4.0 版 | 3.2 確保已啟用 CloudTrail 日誌檔案驗證 | [【CloudTrail.4] 應啟用 CloudTrail 日誌檔案驗證](cloudtrail-controls.md#cloudtrail-4) |
| CIS 1.4.0 版 | 3.4 確保 CloudTrail 追蹤與 CloudWatch Logs 整合 | [【CloudTrail.5] CloudTrail 追蹤應與 Amazon CloudWatch Logs 整合](cloudtrail-controls.md#cloudtrail-5) |
| CIS 1.4.0 版 | 3.5 確保所有區域 AWS Config 都已啟用 | [【Config.1】 AWS Config 應啟用並使用服務連結角色進行資源記錄](config-controls.md#config-1) |
| CIS 1.4.0 版 | 3.6 確保 CloudTrail S3 儲存貯體上已啟用 S3 儲存貯體存取記錄 | [【CloudTrail.7] 確定 CloudTrail S3 儲存貯體上已啟用 S3 儲存貯體存取記錄](cloudtrail-controls.md#cloudtrail-7) |
| CIS 1.4.0 版 | 3.7 確保使用 KMS CMKs對 CloudTrail 日誌進行靜態加密 | [[CloudTrail.2] CloudTrail 應啟用靜態加密](cloudtrail-controls.md#cloudtrail-2) |
| CIS 1.4.0 版 | 3.8 確保已啟用客戶建立CMKs 輪換 | [【KMS.4】 應啟用 AWS KMS 金鑰輪換](kms-controls.md#kms-4) |
| CIS 1.4.0 版 | 3.9 確保所有 VPC 中都已啟用 VPCs流程記錄 | [【EC2.6】 應在所有 VPC 中啟用 VPCs 流程記錄](ec2-controls.md#ec2-6) |
| CIS 1.4.0 版 | 4.4 確保 IAM 政策變更存在日誌指標篩選條件和警示 | [【CloudWatch.4] 確保 IAM 政策變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-4) |
| CIS 1.4.0 版 | 4.5 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示 | [【CloudWatch.5] 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-5) |
| CIS 1.4.0 版 | 4.6 確保 AWS 管理主控台 驗證失敗時存在日誌指標篩選條件和警示 | [【CloudWatch.6] 確保 AWS 管理主控台 驗證失敗時存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-6) |
| CIS 1.4.0 版 | 4.7 確保日誌指標篩選條件和警示存在,以停用或排程刪除客戶建立的 CMKs | [【CloudWatch.7] 確保日誌指標篩選條件和警示存在,以停用或排程刪除客戶受管金鑰](cloudwatch-controls.md#cloudwatch-7) |
| CIS 1.4.0 版 | 4.8 確保 S3 儲存貯體政策變更存在日誌指標篩選條件和警示 | [【CloudWatch.8] 確保 S3 儲存貯體政策變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-8) |
| CIS 1.4.0 版 | 4.9 確保 AWS Config 組態變更存在日誌指標篩選條件和警示 | [【CloudWatch.9] 確保 AWS Config 組態變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-9) |
| CIS 1.4.0 版 | 4.10 確保安全群組變更存在日誌指標篩選條件和警示 | [【CloudWatch.10] 確保安全群組變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-10) |
| CIS 1.4.0 版 | 4.11 確保網路存取控制清單 (NACL) 的變更存在日誌指標篩選條件和警示 | [【CloudWatch.11] 確定網路存取控制清單 (NACL) 的變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-11) |
| CIS 1.4.0 版 | 4.12 確保網路閘道變更存在日誌指標篩選條件和警示 | [【CloudWatch.12] 確保網路閘道變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-12) |
| CIS 1.4.0 版 | 4.13 確保路由表變更存在日誌指標篩選條件和警示 | [【CloudWatch.13] 確保路由表變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-13) |
| CIS 1.4.0 版 | 4.14 確保 VPC 變更存在日誌指標篩選條件和警示 | [【CloudWatch.14] 確保 VPC 變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-14) |
| CIS 1.4.0 版 | 5.1 確保網路 ACLs 不允許從 0.0.0.0/0 傳入遠端伺服器管理連接埠 | [【EC2.21】 網路 ACLs 不應允許從 0.0.0.0/0 傳入連接埠 22 或連接埠 3389](ec2-controls.md#ec2-21) |
| CIS 1.4.0 版 | 5.3 確保每個 VPC 的預設安全群組限制所有流量 | [【EC2.2】 VPC 預設安全群組不應允許傳入或傳出流量](ec2-controls.md#ec2-2) |
| PCI DSS v3.2.1 | 與負載平衡器相關聯的 PCI.AutoScaling.1 Auto Scaling 群組應使用負載平衡器運作狀態檢查 | [【AutoScaling.1] 與負載平衡器相關聯的 Auto Scaling 群組應使用 ELB 運作狀態檢查](autoscaling-controls.md#autoscaling-1) |
| PCI DSS v3.2.1 | PCI.CloudTrail.1 CloudTrail 日誌應使用 AWS KMS CMKs 進行靜態加密 | [[CloudTrail.2] CloudTrail 應啟用靜態加密](cloudtrail-controls.md#cloudtrail-2) |
| PCI DSS v3.2.1 | 應啟用 PCI.CloudTrail.2 CloudTrail | [【CloudTrail.3] 至少應啟用一個 CloudTrail 追蹤](cloudtrail-controls.md#cloudtrail-3) |
| PCI DSS v3.2.1 | 應啟用 PCI.CloudTrail.3 CloudTrail 日誌檔案驗證 | [【CloudTrail.4] 應啟用 CloudTrail 日誌檔案驗證](cloudtrail-controls.md#cloudtrail-4) |
| PCI DSS v3.2.1 | PCI.CloudTrail.4 CloudTrail 追蹤應與 Amazon CloudWatch Logs 整合 | [【CloudTrail.5] CloudTrail 追蹤應與 Amazon CloudWatch Logs 整合](cloudtrail-controls.md#cloudtrail-5) |
| PCI DSS v3.2.1 | PCI.CodeBuild.1 CodeBuild GitHub 或 Bitbucket 來源儲存庫 URLs應使用 OAuth | [【CodeBuild.1] CodeBuild Bitbucket 來源儲存庫 URLs 不應包含敏感登入資料](codebuild-controls.md#codebuild-1) |
| PCI DSS v3.2.1 | PCI.CodeBuild.2 CodeBuild 專案環境變數不應包含純文字登入資料 | [【CodeBuild.2] CodeBuild 專案環境變數不應包含純文字登入資料](codebuild-controls.md#codebuild-2) |
| PCI DSS v3.2.1 | AWS Config 應啟用 PCI.Config.1 | [【Config.1】 AWS Config 應啟用並使用服務連結角色進行資源記錄](config-controls.md#config-1) |
| PCI DSS v3.2.1 | PCI.CW.1 應使用「根」使用者的日誌指標篩選條件和警示 | [【CloudWatch.1] 應該存在日誌指標篩選條件和警示以使用「根」使用者](cloudwatch-controls.md#cloudwatch-1) |
| PCI DSS v3.2.1 | PCI.DMS.1 Database Migration Service 複寫執行個體不應為公有 | [【DMS.1】 Database Migration Service 複寫執行個體不應為公有](dms-controls.md#dms-1) |
| PCI DSS v3.2.1 | PCI.EC2.1 EBS 快照不應可公開還原 | [【EC2.1】 Amazon EBS 快照不應可公開還原](ec2-controls.md#ec2-1) |
| PCI DSS v3.2.1 | PCI.EC2.2 VPC 預設安全群組應禁止傳入和傳出流量 | [【EC2.2】 VPC 預設安全群組不應允許傳入或傳出流量](ec2-controls.md#ec2-2) |
| PCI DSS v3.2.1 | 應移除 PCI.EC2.4 未使用的 EC2 EIPs | [【EC2.12】 應移除未使用的 Amazon EC2 EIPs](ec2-controls.md#ec2-12) |
| PCI DSS v3.2.1 | PCI.EC2.5 安全群組不應允許從 0.0.0.0/0 傳入連接埠 22 | [【EC2.13】 安全群組不應允許從 0.0.0.0/0 或 ::/0 傳入連接埠 22](ec2-controls.md#ec2-13) |
| PCI DSS v3.2.1 | 應在所有 VPC 中啟用 PCI.EC2.6 VPCs 流程記錄 | [【EC2.6】 應在所有 VPC 中啟用 VPCs 流程記錄](ec2-controls.md#ec2-6) |
| PCI DSS v3.2.1 | PCI.ELBv2.1 Application Load Balancer 應設定為將所有 HTTP 請求重新導向至 HTTPS | [【ELB.1】 Application Load Balancer 應設定為將所有 HTTP 請求重新導向至 HTTPS](elb-controls.md#elb-1) |
| PCI DSS v3.2.1 | PCI.ES.1 Elasticsearch 網域應該位於 VPC 中 | [【ES.2】 不應公開存取 Elasticsearch 網域](es-controls.md#es-2) |
| PCI DSS v3.2.1 | PCI.ES.2 Elasticsearch 網域應該啟用靜態加密 | [【ES.1】 Elasticsearch 網域應該啟用靜態加密](es-controls.md#es-1) |
| PCI DSS v3.2.1 | 應啟用 PCI.GuardDuty.1 GuardDuty | [【GuardDuty.1] 應啟用 GuardDuty](guardduty-controls.md#guardduty-1) |
| PCI DSS v3.2.1 | PCI.IAM.1 IAM 根使用者存取金鑰不應存在 | [【IAM.4】 IAM 根使用者存取金鑰不應存在](iam-controls.md#iam-4) |
| PCI DSS v3.2.1 | PCI.IAM.2 IAM 使用者不應連接 IAM 政策 | [【IAM.2】 IAM 使用者不應連接 IAM 政策](iam-controls.md#iam-2) |
| PCI DSS v3.2.1 | PCI.IAM.3 IAM 政策不應允許完整的「\$1」管理權限 | [【IAM.1】 IAM 政策不應允許完整的「\$1」管理權限](iam-controls.md#iam-1) |
| PCI DSS v3.2.1 | 應為根使用者啟用 PCI.IAM.4 硬體 MFA | [[IAM.6] 應為根使用者啟用硬體 MFA](iam-controls.md#iam-6) |
| PCI DSS v3.2.1 | 應為根使用者啟用 PCI.IAM.5 Virtual MFA | [【IAM.9】 應為根使用者啟用 MFA](iam-controls.md#iam-9) |
| PCI DSS v3.2.1 | 應為所有 IAM 使用者啟用 PCI.IAM.6 MFA | [【IAM.19】 應為所有 IAM 使用者啟用 MFA](iam-controls.md#iam-19) |
| PCI DSS v3.2.1 | 如果未在預先定義的天數內使用 PCI.IAM.7 IAM 使用者登入資料,則應停用 | [【IAM.8】 應移除未使用的 IAM 使用者登入資料](iam-controls.md#iam-8) |
| PCI DSS v3.2.1 | IAM 使用者適用的 PCI.IAM.8 密碼政策應具有強大的組態 | [【IAM.10】 IAM 使用者的密碼政策應具有強大的組態](iam-controls.md#iam-10) |
| PCI DSS v3.2.1 | 應啟用 PCI.KMS.1 客戶主金鑰 (CMK) 輪換 | [【KMS.4】 應啟用 AWS KMS 金鑰輪換](kms-controls.md#kms-4) |
| PCI DSS v3.2.1 | PCI.Lambda.1 Lambda 函數應禁止公開存取 | [【Lambda.1】 Lambda 函數政策應禁止公開存取](lambda-controls.md#lambda-1) |
| PCI DSS v3.2.1 | PCI.Lambda.2 Lambda 函數應該位於 VPC 中 | [【Lambda.3】 Lambda 函數應該位於 VPC 中](lambda-controls.md#lambda-3) |
| PCI DSS v3.2.1 | PCI.Opensearch.1 OpenSearch 網域應該位於 VPC 中 | [【Opensearch.2】 不應公開存取 OpenSearch 網域](opensearch-controls.md#opensearch-2) |
| PCI DSS v3.2.1 | PCI.Opensearch.2 EBS 快照不應可公開還原 | [【Opensearch.1】 OpenSearch 網域應該啟用靜態加密](opensearch-controls.md#opensearch-1) |
| PCI DSS v3.2.1 | PCI.RDS.1 RDS 快照應為私有 | [【RDS.1】 RDS 快照應為私有](rds-controls.md#rds-1) |
| PCI DSS v3.2.1 | PCI.RDS.2 RDS 資料庫執行個體應禁止公開存取 | [【RDS.2】 RDS 資料庫執行個體應禁止公開存取,由 PubliclyAccessible 組態決定](rds-controls.md#rds-2) |
| PCI DSS v3.2.1 | PCI.Redshift.1 Amazon Redshift 叢集應禁止公開存取 | [【Redshift.1】 Amazon Redshift 叢集應禁止公開存取](redshift-controls.md#redshift-1) |
| PCI DSS v3.2.1 | PCI.S3.1 S3 儲存貯體應禁止公有寫入存取 | [【S3.3】 S3 一般用途儲存貯體應封鎖公有寫入存取](s3-controls.md#s3-3) |
| PCI DSS v3.2.1 | PCI.S3.2 S3 儲存貯體應禁止公開讀取存取 | [【S3.2】 S3 一般用途儲存貯體應封鎖公開讀取存取](s3-controls.md#s3-2) |
| PCI DSS v3.2.1 | PCI.S3.3 S3 儲存貯體應啟用跨區域複寫 | [【S3.7】 S3 一般用途儲存貯體應使用跨區域複寫](s3-controls.md#s3-7) |
| PCI DSS v3.2.1 | PCI.S3.5 S3 儲存貯體應要求請求使用 Secure Socket Layer | [【S3.5】 S3 一般用途儲存貯體應要求請求使用 SSL](s3-controls.md#s3-5) |
| PCI DSS v3.2.1 | 應啟用 PCI.S3.6 S3 封鎖公開存取設定 | [【S3.1】 S3 一般用途儲存貯體應啟用封鎖公開存取設定](s3-controls.md#s3-1) |
| PCI DSS v3.2.1 | PCI.SageMaker.1 Amazon SageMaker 筆記本執行個體不應具有直接網際網路存取 | [【SageMaker.1] Amazon SageMaker 筆記本執行個體不應具有直接網際網路存取](sagemaker-controls.md#sagemaker-1) |
| PCI DSS v3.2.1 | Systems Manager 管理的 PCI.SSM.1 EC2 執行個體在修補程式安裝後應具有 COMPLIANT 的修補程式合規狀態 | [【SSM.2】 Systems Manager 管理的 Amazon EC2 執行個體在修補程式安裝後應具有 COMPLIANT 的修補程式合規狀態](ssm-controls.md#ssm-2) |
| PCI DSS v3.2.1 | Systems Manager 管理的 PCI.SSM.2 EC2 執行個體應具有 COMPLIANT 的關聯合規狀態 | [【SSM.3】 Systems Manager 管理的 Amazon EC2 執行個體應具有 COMPLIANT 的關聯合規狀態](ssm-controls.md#ssm-3) |
| PCI DSS v3.2.1 | PCI.SSM.3 EC2 執行個體應該由 管理 AWS Systems Manager | [【SSM.1】 Amazon EC2 執行個體應該由 管理 AWS Systems Manager](ssm-controls.md#ssm-1) |
## 更新整合的工作流程
如果您的工作流程不依賴控制調查結果中任何欄位的特定格式,則不需要採取任何動作。
如果您的工作流程依賴控制調查結果中一或多個欄位的特定格式,如上表所述,您應該更新您的工作流程。例如,如果您建立的 Amazon EventBridge 規則觸發特定控制項 ID 的動作,例如在控制項 ID 等於 CIS 2.7 時叫用 AWS Lambda 函數,請更新規則以使用 CloudTrail.2,這是該控制項 `Compliance.SecurityControlId` 欄位的值。
如果您建立的[自訂洞見](securityhub-custom-insights.md)使用任何已變更的欄位或值,請更新這些洞見以使用新的欄位或值。
# 必要的頂層 ASFF 屬性
安全性 AWS 問題清單格式 (ASFF) 中的下列頂層屬性是 Security Hub CSPM 中所有問題清單的必要項目。如需這些屬性的詳細資訊,請參閱 *AWS Security Hub API 參考*[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html)中的 。
## AwsAccountId
調查結果套用的 AWS 帳戶 ID。
**範例**
```
"AwsAccountId": "111111111111"
```
## CreatedAt
指出問題清單擷取的潛在安全問題或事件建立的時間。
**範例**
```
"CreatedAt": "2017-03-22T13:22:13.933Z"
```
## Description
問題清單的描述。此欄位可以是非特定的範例文字或問題清單執行個體的特定詳細資訊。
對於 Security Hub CSPM 產生的控制項調查結果,此欄位提供控制項的說明。
如果您開啟[合併控制問題清單](controls-findings-create-update.md#consolidated-control-findings),則此欄位不會參考標準。
**範例**
```
"Description": "This AWS control checks whether AWS Config is enabled in the current account and Region."
```
## GeneratorId
產生問題清單的解決方案特定元件 (邏輯分散式單位) 識別符。
對於 Security Hub CSPM 產生的控制調查結果,如果您開啟[合併的控制調查結果](controls-findings-create-update.md#consolidated-control-findings),則此欄位不會參考標準。
**範例**
```
"GeneratorId": "security-control/Config.1"
```
## Id
問題清單的產品特定識別符。對於 Security Hub CSPM 產生的控制調查結果,此欄位會提供調查結果的 Amazon Resource Name (ARN)。
如果您開啟[合併控制問題清單](controls-findings-create-update.md#consolidated-control-findings),則此欄位不會參考標準。
**範例**
```
"Id": "arn:aws:securityhub:eu-central-1:123456789012:security-control/iam.9/finding/ab6d6a26-a156-48f0-9403-115983e5a956"
```
## ProductArn
Security Hub CSPM 產生的 Amazon Resource Name (ARN),可在產品向 Security Hub CSPM 註冊後唯一識別第三方調查結果產品。
此欄位的格式為 `arn:partition:securityhub:region:account-id:product/company-id/product-id`。
+ 對於與 Security Hub CSPM 整合 AWS 服務 的 , `company-id` 必須是 "`aws`",而 `product-id`必須是 AWS 公有服務名稱。由於 AWS 產品和服務未與 帳戶相關聯,因此 ARN 的 `account-id`區段為空白。尚未與 Security Hub CSPM 整合 AWS 服務 的 會被視為第三方產品。
+ 針對公有產品,`company-id` 和 `product-id` 必須是註冊時指定的 ID 值。
+ 針對私有產品,`company-id` 必須是帳戶 ID。`product-id` 必須是預留的 "default" 字詞,或註冊時指定的 ID。
**範例**
```
// Private ARN
"ProductArn": "arn:aws:securityhub:us-east-1:111111111111:product/111111111111/default"
// Public ARN
"ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty"
"ProductArn": "arn:aws:securityhub:us-west-2:222222222222:product/generico/secure-pro"
```
## Resources
物件`Resources`陣列提供一組資源資料類型,描述調查結果所參考 AWS 的資源。如需`Resources`物件可能包含之欄位的詳細資訊,包括需要哪些欄位,請參閱 *AWS Security Hub API 參考*[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Resource.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Resource.html)中的 。如需特定 `Resources` 物件的範例 AWS 服務,請參閱 [Resources ASFF 物件](asff-resources.md)。
**範例**
```
"Resources": [
{
"ApplicationArn": "arn:aws:resource-groups:us-west-2:123456789012:group/SampleApp/1234567890abcdef0",
"ApplicationName": "SampleApp",
"DataClassification": {
"DetailedResultsLocation": "Path_to_Folder_Or_File",
"Result": {
"MimeType": "text/plain",
"SizeClassified": 2966026,
"AdditionalOccurrences": false,
"Status": {
"Code": "COMPLETE",
"Reason": "Unsupportedfield"
},
"SensitiveData": [
{
"Category": "PERSONAL_INFORMATION",
"Detections": [
{
"Count": 34,
"Type": "GE_PERSONAL_ID",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 10,
"StartColumn": 20
}
],
"Pages": [],
"Records": [],
"Cells": []
}
},
{
"Count": 59,
"Type": "EMAIL_ADDRESS",
"Occurrences": {
"Pages": [
{
"PageNumber": 1,
"OffsetRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
},
"LineRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
}
}
]
}
},
{
"Count": 2229,
"Type": "URL",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 13
}
]
}
},
{
"Count": 13826,
"Type": "NameDetection",
"Occurrences": {
"Records": [
{
"RecordIndex": 1,
"JsonPath": "$.ssn.value"
}
]
}
},
{
"Count": 32,
"Type": "AddressDetection"
}
],
"TotalCount": 32
}
],
"CustomDataIdentifiers": {
"Detections": [
{
"Arn": "1712be25e7c7f53c731fe464f1c869b8",
"Name": "1712be25e7c7f53c731fe464f1c869b8",
"Count": 2
}
],
"TotalCount": 2
}
}
},
"Type": "AwsEc2Instance",
"Id": "arn:aws:ec2:us-west-2:123456789012:instance/i-abcdef01234567890",
"Partition": "aws",
"Region": "us-west-2",
"ResourceRole": "Target",
"Tags": {
"billingCode": "Lotus-1-2-3",
"needsPatching": true
},
"Details": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:role/IamInstanceProfileArn",
"ImageId": "ami-79fd7eee",
"IpV4Addresses": ["1.1.1.1"],
"IpV6Addresses": ["2001:db8:1234:1a2b::123"],
"KeyName": "testkey",
"LaunchedAt": "2018-09-29T01:25:54Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled"
}
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "PublicSubnet",
"Type": "i3.xlarge",
"VirtualizationType": "hvm",
"VpcId": "TestVPCIpv6"
}
]
```
## SchemaVersion
要格式化問題清單的結構描述版本。此欄位的值必須是 AWS識別的正式發佈版本之一。在目前版本中, AWS 安全調查結果格式結構描述版本為 `2018-10-08`。
**範例**
```
"SchemaVersion": "2018-10-08"
```
## 嚴重性
定義問題清單的重要性。如需此物件的詳細資訊,請參閱《 *AWS Security Hub API 參考*[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Severity.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Severity.html)》中的 。
`Severity` 是調查結果中最上層的物件,並巢狀在`FindingProviderFields`物件下。
只能使用 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 更新調查結果的最上層`Severity`物件的值。
若要提供嚴重性資訊,問題清單提供者應在提出 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API 請求`FindingProviderFields`時更新 下的`Severity`物件。
如果新調查結果的`BatchImportFindings`請求僅提供 `Label`或僅提供 `Normalized`,Security Hub CSPM 會自動填入另一個欄位的值。
也可以填入 `Product`和 `Original` 欄位。
如果頂層`Finding.Severity`物件存在但`Finding.FindingProviderFields`不存在,Security Hub CSPM 會建立`FindingProviderFields.Severity`物件並將整個物件複製到`Finding.Severity object`其中。這可確保原始供應商提供的詳細資訊會保留在`FindingProviderFields.Severity`結構中,即使覆寫頂層`Severity`物件也是如此。
問題清單嚴重性不會將牽涉之資產或基礎資源的重要性納入考量。重要性的定義是與問題清單相關聯之資源的重要性層級。例如,與關鍵任務應用程式相關聯的資源,其重要性高於與非生產測試相關聯的資源。如果要擷取資源重要性的資訊,請使用 `Criticality` 欄位。
我們建議您在將問題清單的原生嚴重性分數轉譯為 ASFF `Severity.Label`中的 值時,使用下列指引。
+ `INFORMATIONAL` – 此類別可能包括 `PASSED`、 `WARNING`或 `NOT AVAILABLE`檢查的調查結果或敏感資料識別。
+ `LOW` – 可能導致未來入侵的問題清單。例如,此類別可能包含漏洞、組態弱點和公開密碼。
+ `MEDIUM` – 指出主動入侵,但未指出對手完成其目標的調查結果。例如,此類別可能包含惡意軟體活動、駭客活動和異常行為偵測。
+ `HIGH` 或 `CRITICAL` – 指出對手完成其目標的調查結果,例如作用中的資料遺失或入侵,或是拒絕服務。
**範例**
```
"Severity": {
"Label": "CRITICAL",
"Normalized": 90,
"Original": "CRITICAL"
}
```
## Title
問題清單的標題。此欄位可以包含非特定的範例文字或此問題清單執行個體的特定詳細資訊。
對於控制項調查結果,此欄位提供控制項的標題。如果您開啟[合併控制問題清單](controls-findings-create-update.md#consolidated-control-findings),則此欄位不會參考標準。
**範例**
```
"Title": "AWS Config should be enabled"
```
## 類型
一或多個格式為 `namespace/category/classifier` 的問題清單類型,可分類問題清單。如果您開啟[合併控制問題清單](controls-findings-create-update.md#consolidated-control-findings),則此欄位不會參考標準。
`Types` 應僅使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 更新。
尋找想要提供 值的提供者時,`Types`應使用 `Types` 下的 屬性[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_FindingProviderFields.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_FindingProviderFields.html)。
在下列清單中,最上層項目符號是命名空間,第二層項目符號是類別,第三層項目符號是分類器。我們建議調查結果提供者使用定義的命名空間來協助排序和分組調查結果。定義的類別和分類器也可以使用,但不是必要的。只有軟體和組態檢查命名空間有定義的分類器。
您可以定義namespace/category/classifier的部分路徑。例如,下列調查結果類型都是有效的:
+ TTP
+ TTPs/Defense Evasion
+ TTPs/Defense Evasion/CloudTrailStopped
下列清單中的策略、技術和程序 (TTPs) 類別符合 [MITRE ATT&CK MatrixTM](https://attack.mitre.org/matrices/enterprise/)。異常行為命名空間反映一般異常行為,例如一般統計異常,且與特定 TTP 不相符。不過,您可使用異常行為和 TTP 問題清單類型來分類問題清單。
**命名空間、類別和分類器的清單:**
+ 軟體和組態檢查
+ 漏洞
+ CVE
+ AWS 安全最佳實務
+ 網路連線能力
+ 執行時間行為分析
+ 產業和法規標準
+ AWS 基礎安全最佳實務
+ CIS 主機強化基準
+ CIS AWS Foundations 基準
+ PCI-DSS
+ 雲端安全性聯盟控制
+ ISO 90001 控制
+ ISO 27001 控制
+ ISO 27017 控制
+ ISO 27018 控制
+ SOC 1
+ SOC 2
+ HIPAA 控制 (美國)
+ NIST 800-53 控制 (美國)
+ NIST CSF 控制 (美國)
+ IRAP 控制 (澳大利亞)
+ K-ISMS 控制 (韓國)
+ MTCS 控制 (新加坡)
+ FISC 控制 (日本)
+ 個人編號法案控制 (日本)
+ ENS 控制 (西班牙)
+ Cyber Essentials Plus 控制 (英國)
+ G-Cloud 控制 (英國)
+ C5 控制 (德國)
+ IT-Grundschutz 控制 (德國)
+ GDPR 控制 (歐洲)
+ TISAX 控制 (歐洲)
+ 修補管理
+ TTP
+ 初始存取
+ 執行
+ Persistence
+ 權限提升
+ 防禦逃脫
+ 登入資料存取
+ 探索
+ 水平擴散
+ 收集
+ 命令和控制
+ 效果
+ 資料曝光
+ 資料外洩
+ 資料銷毀
+ 拒絕服務
+ 資源耗用
+ 異常行為
+ 應用程式
+ 網路流程
+ IP 位址
+ 使用者
+ VM
+ 容器
+ 無伺服器
+ 流程
+ 資料庫
+ 資料
+ 敏感資料識別
+ PII
+ 密碼
+ 法律聲明
+ 金融
+ 安全
+ 商業
**範例**
```
"Types": [
"Software and Configuration Checks/Vulnerabilities/CVE"
]
```
## UpdatedAt
指出調查結果提供者上次更新調查結果記錄的時間。
此時間戳記反映調查結果記錄上次或最近更新的時間。因此,它可能與`LastObservedAt`時間戳記不同,時間戳記會反映事件或漏洞上次或最近觀察到的時間。
更新問題清單記錄時,您必須將此時間戳記更新為目前的時間戳記。建立問題清單記錄時, `CreatedAt`和 `UpdatedAt`時間戳記必須相同。更新調查結果記錄後,此欄位的值必須比包含的所有先前值更新。
請注意, `UpdatedAt`無法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)操作更新。您只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)操作進行更新。
**範例**
```
"UpdatedAt": "2017-04-22T13:22:13.933Z"
```
# 選用最上層 ASFF 屬性
安全性 AWS 調查結果格式 (ASFF) 中的下列最上層屬性是 Security Hub CSPM 中調查結果的選用屬性。如需這些屬性的詳細資訊,請參閱 *AWS Security Hub API 參考*中的 [AwsSecurityFinding](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html)。
## Action
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html) 物件提供有關影響資源或對資源採取之動作的詳細資訊。
**範例**
```
"Action": {
"ActionType": "PORT_PROBE",
"PortProbeAction": {
"PortProbeDetails": [
{
"LocalPortDetails": {
"Port": 80,
"PortName": "HTTP"
},
"LocalIpDetails": {
"IpAddressV4": "192.0.2.0"
},
"RemoteIpDetails": {
"Country": {
"CountryName": "Example Country"
},
"City": {
"CityName": "Example City"
},
"GeoLocation": {
"Lon": 0,
"Lat": 0
},
"Organization": {
"AsnOrg": "ExampleASO",
"Org": "ExampleOrg",
"Isp": "ExampleISP",
"Asn": 64496
}
}
}
],
"Blocked": false
}
}
```
## AwsAccountName
調查結果套用 AWS 帳戶 到的名稱。
**範例**
```
"AwsAccountName": "jane-doe-testaccount"
```
## CompanyName
產生調查結果之產品的公司名稱。對於以控制項為基礎的調查結果,公司是 AWS。
Security Hub CSPM 會自動為每個調查結果填入此屬性。您無法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)或 進行更新[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。例外狀況是當您使用自訂整合時。請參閱 [將 Security Hub CSPM 與自訂產品整合](securityhub-custom-providers.md)。
當您使用 Security Hub CSPM 主控台依公司名稱篩選問題清單時,請使用此屬性。當您使用 Security Hub CSPM API 依公司名稱篩選問題清單時,您可以使用 下的 `aws/securityhub/CompanyName` 屬性`ProductFields`。Security Hub CSPM 不會同步這兩個屬性。
**範例**
```
"CompanyName": "AWS"
```
## 合規
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Compliance.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Compliance.html) 物件通常會提供有關控制項調查結果的詳細資訊,例如適用的標準和控制項檢查的狀態。
**範例**
```
"Compliance": {
"AssociatedStandards": [
{"StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"},
{"StandardsId": "standards/service-managed-aws-control-tower/v/1.0.0"},
{"StandardsId": "standards/nist-800-53/v/5.0.0"}
],
"RelatedRequirements": [
"NIST.800-53.r5 AC-4",
"NIST.800-53.r5 AC-4(21)",
"NIST.800-53.r5 SC-7",
"NIST.800-53.r5 SC-7(11)",
"NIST.800-53.r5 SC-7(16)",
"NIST.800-53.r5 SC-7(21)",
"NIST.800-53.r5 SC-7(4)",
"NIST.800-53.r5 SC-7(5)"
],
"SecurityControlId": "EC2.18",
"SecurityControlParameters":[
{
"Name": "authorizedTcpPorts",
"Value": ["80", "443"]
},
{
"Name": "authorizedUdpPorts",
"Value": ["427"]
}
],
"Status": "NOT_AVAILABLE",
"StatusReasons": [
{
"ReasonCode": "CONFIG_RETURNS_NOT_APPLICABLE",
"Description": "This finding has a compliance status of NOT AVAILABLE because AWS Config sent Security Hub CSPM a finding with a compliance state of Not Applicable. The potential reasons for a Not Applicable finding from Config are that (1) a resource has been moved out of scope of the Config rule; (2) the Config rule has been deleted; (3) the resource has been deleted; or (4) the logic of the Config rule itself includes scenarios where Not Applicable is returned. The specific reason why Not Applicable is returned is not available in the Config rule evaluation."
}
]
}
```
## 可信度
調查結果準確識別其預期識別的行為或問題的可能性。
`Confidence` 應該只使用 更新[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。
尋找想要提供 值的提供者時,`Confidence`應使用 `Confidence` 下的 屬性`FindingProviderFields`。請參閱 [使用 更新問題清單 FindingProviderFields](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
`Confidence` 是以 0–100 為基準,使用比例比例來評分。0 表示 0% 可信度,100 表示 100% 可信度。例如,根據網路流量統計偏差的資料外洩偵測具有低可信度,因為尚未驗證實際的外洩。
**範例**
```
"Confidence": 42
```
## 重要性
指派給與問題清單相關聯資源的重要性層級。
`Criticality` 應僅透過呼叫 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 操作來更新。請勿使用 更新此物件[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)。
尋找想要提供 值的提供者時,`Criticality`應使用 `Criticality` 下的 屬性`FindingProviderFields`。請參閱 [使用 更新問題清單 FindingProviderFields](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
`Criticality` 以 0–100 為基準,使用僅支援完整整數的比率比例。0 分表示不重要的基礎資源,100 分預留給最重要的資源。
對於每個資源,指派 時請考慮下列事項`Criticality`:
+ 受影響的資源是否包含敏感資料 (例如具有 PII 的 S3 儲存貯體)?
+ 受影響的資源是否可讓對手深化其存取權或擴展其能力,以執行其他惡意活動 (例如,遭入侵的 sysadmin 帳戶)?
+ 此資源是否為企業重要資產 (例如,若遭入侵可能造成重大收益損失的業務系統)?
您可使用下列準則:
+ 支援關鍵任務系統或包含高度敏感資料的資源可以在 75–100 範圍內評分。
+ 支援重要 (但非關鍵系統) 或包含中等重要資料的資源可以在 25–74 範圍內評分。
+ 支援不重要系統或包含非敏感資料的資源應在 0–24 範圍內評分。
**範例**
```
"Criticality": 99
```
## 偵測
`Detection` 物件提供來自 Amazon GuardDuty 延伸威脅偵測之攻擊序列調查結果的詳細資訊。當多個事件符合潛在可疑活動時,GuardDuty 會產生攻擊序列調查結果。若要在 AWS Security Hub CSPM 中接收 GuardDuty 攻擊序列調查結果,您必須在帳戶中啟用 GuardDuty。如需詳細資訊,請參閱[《Amazon GuardDuty 使用者指南》中的 Amazon GuardDuty 延伸威脅偵測](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html)。 *Amazon GuardDuty *
**範例**
```
"Detection": {
"Sequence": {
"Uid": "1111111111111-184ec3b9-cf8d-452d-9aad-f5bdb7afb010",
"Actors": [{
"Id": "USER:AROA987654321EXAMPLE:i-b188560f:1234567891",
"Session": {
"Uid": "1234567891",
"MfAStatus": "DISABLED",
"CreatedTime": "1716916944000",
"Issuer": "arn:aws:s3:::amzn-s3-demo-destination-bucket"
},
"User": {
"CredentialUid": "ASIAIOSFODNN7EXAMPLE",
"Name": "ec2_instance_role_production",
"Type": "AssumedRole",
"Uid": "AROA987654321EXAMPLE:i-b188560f",
"Account": {
"Uid": "AccountId",
"Name": "AccountName"
}
}
}],
"Endpoints": [{
"Id": "EndpointId",
"Ip": "203.0.113.1",
"Domain": "example.com",
"Port": 4040,
"Location": {
"City": "New York",
"Country": "US",
"Lat": 40.7123,
"Lon": -74.0068
},
"AutonomousSystem": {
"Name": "AnyCompany",
"Number": 64496
},
"Connection": {
"Direction": "INBOUND"
}
}],
"Signals": [{
"Id": "arn:aws:guardduty:us-east-1:123456789012:detector/d0bfe135ab8b4dd8c3eaae7df9900073/finding/535a382b1bcc44d6b219517a29058fb7",
"Title": "Someone ran a penetration test tool on your account.",
"ActorIds": ["USER:AROA987654321EXAMPLE:i-b188560f:1234567891"],
"Count": 19,
"FirstSeenAt": 1716916943000,
"SignalIndicators": [
{
"Key": "ATTACK_TACTIC",
"Title": "Attack Tactic",
"Values": [
"Impact"
]
},
{
"Key": "HIGH_RISK_API",
"Title": "High Risk Api",
"Values": [
"s3:DeleteObject"
]
},
{
"Key": "ATTACK_TECHNIQUE",
"Title": "Attack Technique",
"Values": [
"Data Destruction"
]
},
],
"LastSeenAt": 1716916944000,
"Name": "Test:IAMUser/KaliLinux",
"ResourceIds": [
"arn:aws:s3:::amzn-s3-demo-destination-bucket"
],
"Type": "FINDING"
}],
"SequenceIndicators": [
{
"Key": "ATTACK_TACTIC",
"Title": "Attack Tactic",
"Values": [
"Discovery",
"Exfiltration",
"Impact"
]
},
{
"Key": "HIGH_RISK_API",
"Title": "High Risk Api",
"Values": [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBuckets"
"s3:ListObjects"
]
},
{
"Key": "ATTACK_TECHNIQUE",
"Title": "Attack Technique",
"Values": [
"Cloud Service Discovery",
"Data Destruction"
]
}
]
}
}
```
## FindingProviderFields
`FindingProviderFields` 包含下列屬性:
+ `Confidence`
+ `Criticality`
+ `RelatedFindings`
+ `Severity`
+ `Types`
上述欄位會巢狀在 `FindingProviderFields` 物件下,但具有與最上層 ASFF 欄位同名的類比。當問題清單提供者將新問題清單傳送至 Security Hub CSPM 時,如果`FindingProviderFields`物件根據對應的頂層欄位為空白,Security Hub CSPM 會自動填入物件。
尋找提供者可以使用 Security Hub `FindingProviderFields` [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)CSPM API 的操作進行更新。尋找提供者無法使用 更新此物件[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。
如需 Security Hub CSPM 如何處理從 `BatchImportFindings` 到 `FindingProviderFields`和對應頂層屬性的更新的詳細資訊,請參閱 [使用 更新問題清單 FindingProviderFields](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
客戶可以使用 `BatchUpdateFindings`操作更新最上層欄位。客戶無法更新 `FindingProviderFields`。
**範例**
```
"FindingProviderFields": {
"Confidence": 42,
"Criticality": 99,
"RelatedFindings":[
{
"ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "123e4567-e89b-12d3-a456-426655440000"
}
],
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ]
}
```
## FirstObservedAt
指出首次觀察到問題清單所擷取的潛在安全問題或事件。
此時間戳記會指定第一次觀察到事件或漏洞的時間。因此,它可能與`CreatedAt`時間戳記不同,時間戳記會反映此調查結果記錄的建立時間。
對於 Security Hub CSPM 產生和更新的控制調查結果,此時間戳記也可以指出資源最近變更的合規狀態。對於其他類型的問題清單,此時間戳記在問題清單記錄的更新之間應不可變,但如果確定更準確的時間戳記,則可以更新。
**範例**
```
"FirstObservedAt": "2017-03-22T13:22:13.933Z"
```
## LastObservedAt
指出安全性調查結果產品何時最近觀察到問題清單所擷取的潛在安全問題或事件。
此時間戳記指定事件或漏洞上次或最近觀察到的時間。因此,它可能與`UpdatedAt`時間戳記不同,時間戳記會反映此調查結果記錄上次或最近更新的時間。
您可以提供此時間戳記,但在第一次觀察時不需要。如果您在第一次觀察時填入此欄位,時間戳記應與`FirstObservedAt`時間戳記相同。您應該更新此欄位,以在每次觀察到問題清單時,反映上次或最近觀察到的時間戳記。
**範例**
```
"LastObservedAt": "2017-03-23T13:22:13.933Z"
```
## 惡意軟體
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html) 物件提供與問題清單相關的惡意程式清單。
**範例**
```
"Malware": [
{
"Name": "Stringler",
"Type": "COIN_MINER",
"Path": "/usr/sbin/stringler",
"State": "OBSERVED"
}
]
```
## 網路 (已淘汰)
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Network.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Network.html) 物件提供有關問題清單的網路相關資訊。
此物件已淘汰。若要提供此資料,您可以將資料映射至 中的資源`Resources`,或使用 `Action` 物件。
**範例**
```
"Network": {
"Direction": "IN",
"OpenPortRange": {
"Begin": 443,
"End": 443
},
"Protocol": "TCP",
"SourceIpV4": "1.2.3.4",
"SourceIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C",
"SourcePort": "42",
"SourceDomain": "example1.com",
"SourceMac": "00:0d:83:b1:c0:8e",
"DestinationIpV4": "2.3.4.5",
"DestinationIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C",
"DestinationPort": "80",
"DestinationDomain": "example2.com"
}
```
## NetworkPath
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_NetworkPathComponent.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_NetworkPathComponent.html) 物件提供與問題清單相關的網路路徑資訊。中的每個項目都`NetworkPath`代表路徑的元件。
**範例**
```
"NetworkPath" : [
{
"ComponentId": "abc-01a234bc56d8901ee",
"ComponentType": "AWS::EC2::InternetGateway",
"Egress": {
"Destination": {
"Address": [ "192.0.2.0/24" ],
"PortRanges": [
{
"Begin": 443,
"End": 443
}
]
},
"Protocol": "TCP",
"Source": {
"Address": ["203.0.113.0/24"]
}
},
"Ingress": {
"Destination": {
"Address": [ "198.51.100.0/24" ],
"PortRanges": [
{
"Begin": 443,
"End": 443
}
]
},
"Protocol": "TCP",
"Source": {
"Address": [ "203.0.113.0/24" ]
}
}
}
]
```
## 注意
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Note.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Note.html) 物件會指定使用者定義的備註,您可以將其新增至問題清單。
問題清單提供者可以提供問題清單的初始備註,但之後便無法新增備註。您只能使用 更新備註[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。
**範例**
```
"Note": {
"Text": "Don't forget to check under the mat.",
"UpdatedBy": "jsmith",
"UpdatedAt": "2018-08-31T00:15:09Z"
}
```
## PatchSummary
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_PatchSummary.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_PatchSummary.html) 物件會根據選取的合規標準,提供執行個體的修補程式合規狀態摘要。
**範例**
```
"PatchSummary" : {
"FailedCount" : 0,
"Id" : "pb-123456789098",
"InstalledCount" : 100,
"InstalledOtherCount" : 1023,
"InstalledPendingReboot" : 0,
"InstalledRejectedCount" : 0,
"MissingCount" : 100,
"Operation" : "Install",
"OperationEndTime" : "2018-09-27T23:39:31Z",
"OperationStartTime" : "2018-09-27T23:37:31Z",
"RebootOption" : "RebootIfNeeded"
}
```
## 流程
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ProcessDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ProcessDetails.html) 物件提供有關問題清單的程序相關詳細資訊。
範例:
```
"Process": {
"LaunchedAt": "2018-09-27T22:37:31Z",
"Name": "syslogd",
"ParentPid": 56789,
"Path": "/usr/sbin/syslogd",
"Pid": 12345,
"TerminatedAt": "2018-09-27T23:37:31Z"
}
```
## ProcessedAt
指出 Security Hub CSPM 收到問題清單並開始處理的時間。
這與 `CreatedAt`和 不同`UpdatedAt`,這是與調查結果提供者與安全問題和調查結果互動相關的必要時間戳記。`ProcessedAt` 時間戳記指出 Security Hub CSPM 何時開始處理問題清單。處理完成後,問題清單會出現在使用者帳戶中。
```
"ProcessedAt": "2023-03-23T13:22:13.933Z"
```
## ProductFields
一種資料類型,其中安全調查結果產品可以包含不屬於已定義 AWS 安全調查結果格式的其他解決方案特定詳細資訊。
對於 Security Hub CSPM 控制項產生的調查結果, `ProductFields`包含控制項的相關資訊。請參閱 [產生和更新控制問題清單](controls-findings-create-update.md)。
此欄位不應包含備援資料,且不得包含與 AWS Security Finding Format 欄位衝突的資料。
「`aws/`」字首僅代表 AWS 產品和服務的預留命名空間,不得與第三方整合的問題清單一起提交。
雖然非必要,但產品應該將欄位名稱格式化為 `company-id/product-id/field-name`,其中 `company-id` 和 `product-id` 符合問題清單 `ProductArn` 所提供的內容。
當 Security Hub CSPM 封存現有的問題清單時,`Archival`會使用參考欄位。例如,Security Hub CSPM 會在您停用控制項或標準以及開啟或關閉[合併控制項問題清單時封存現有的問題清單](controls-findings-create-update.md#consolidated-control-findings)。
此欄位也可能包含標準的相關資訊,其中包含產生調查結果的控制項。
**範例**
```
"ProductFields": {
"API", "DeleteTrail",
"ArchivalReasons:0/Description": "The finding is in an ARCHIVED state because consolidated control findings has been turned on or off. This causes findings in the previous state to be archived when new findings are being generated.",
"ArchivalReasons:0/ReasonCode": "CONSOLIDATED_CONTROL_FINDINGS_UPDATE",
"aws/inspector/AssessmentTargetName": "My prod env",
"aws/inspector/AssessmentTemplateName": "My daily CVE assessment",
"aws/inspector/RulesPackageName": "Common Vulnerabilities and Exposures",
"generico/secure-pro/Action.Type", "AWS_API_CALL",
"generico/secure-pro/Count": "6",
"Service_Name": "cloudtrail.amazonaws.com"
}
```
## ProductName
提供產生調查結果的產品名稱。對於以控制項為基礎的調查結果,產品名稱為 Security Hub CSPM。
Security Hub CSPM 會自動為每個調查結果填入此屬性。您無法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)或 進行更新[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。例外狀況是當您使用自訂整合時。請參閱 [將 Security Hub CSPM 與自訂產品整合](securityhub-custom-providers.md)。
當您使用 Security Hub CSPM 主控台依產品名稱篩選問題清單時,請使用此屬性。
當您使用 Security Hub CSPM API 依產品名稱篩選問題清單時,您可以使用 下的 `aws/securityhub/ProductName` 屬性`ProductFields`。
Security Hub CSPM 不會同步這兩個屬性。
## RecordState
提供問題清單的記錄狀態。
根據預設,會將服務一開始產生的問題清單視為 `ACTIVE`。
`ARCHIVED` 狀態表示問題清單應被隱藏看不到。封存的問題清單不會立即刪除。您可以搜尋、檢閱和報告這些項目。如果刪除關聯的資源、資源不存在或停用控制項,Security Hub CSPM 會自動封存以控制項為基礎的調查結果。
`RecordState` 旨在尋找提供者,並且只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)操作更新。您無法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)操作進行更新。
若要追蹤調查問題清單的狀態,請使用 [`Workflow`](#asff-workflow)而非 `RecordState`。
如果記錄狀態從 變更為 `ARCHIVED` `ACTIVE`,且調查結果的工作流程狀態為 `NOTIFIED`或 `RESOLVED`,Security Hub CSPM 會自動將工作流程狀態變更為 `NEW`。
**範例**
```
"RecordState": "ACTIVE"
```
## 區域
指定 AWS 區域 從中產生調查結果的 。
Security Hub CSPM 會自動為每個調查結果填入此屬性。您無法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)或 進行更新[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。
**範例**
```
"Region": "us-west-2"
```
## RelatedFindings
提供與目前問題清單相關的問題清單。
`RelatedFindings` 應該只使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 操作更新。您不應該使用 更新此物件[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)。
對於[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)請求,問題清單提供者應使用 下的 `RelatedFindings` 物件[`FindingProviderFields`](#asff-findingproviderfields)。
若要檢視`RelatedFindings`屬性的描述,請參閱 *AWS Security Hub API 參考*[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_RelatedFinding.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_RelatedFinding.html)中的 。
**範例**
```
"RelatedFindings": [
{ "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "123e4567-e89b-12d3-a456-426655440000" },
{ "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "AcmeNerfHerder-111111111111-x189dx7824" }
]
```
## RiskAssessment
**範例**
```
"RiskAssessment": {
"Posture": {
"FindingTotal": 4,
"Indicators": [
{
"Type": "Reachability",
"Findings": [
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/1234567890abcdef0",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
},
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/abcdef01234567890",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
}
]
},
{
"Type": "Vulnerability",
"Findings": [
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/021345abcdef6789",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
},
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/021345ghijkl6789",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
}
]
}
]
}
}
```
## 修補
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Remediation.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Remediation.html) 物件可提供處理問題清單的建議修補步驟資訊。
**範例**
```
"Remediation": {
"Recommendation": {
"Text": "For instructions on how to fix this issue, see the AWS Security Hub CSPM documentation for EC2.2.",
"Url": "https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation"
}
}
```
## 樣本
指定問題清單是否為範例問題清單。
```
"Sample": true
```
## SourceUrl
`SourceUrl` 物件提供 URL,可連結至有關問題清單產品中目前問題清單的頁面。
```
"SourceUrl": "http://sourceurl.com"
```
## ThreatIntelIndicators
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ThreatIntelIndicator.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ThreatIntelIndicator.html) 物件會提供與問題清單相關的威脅情報詳細資訊。
**範例**
```
"ThreatIntelIndicators": [
{
"Category": "BACKDOOR",
"LastObservedAt": "2018-09-27T23:37:31Z",
"Source": "Threat Intel Weekly",
"SourceUrl": "http://threatintelweekly.org/backdoors/8888",
"Type": "IPV4_ADDRESS",
"Value": "8.8.8.8",
}
]
```
## 威脅
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Threat.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Threat.html) 物件提供調查結果偵測到之威脅的詳細資訊。
**範例**
```
"Threats": [{
"FilePaths": [{
"FileName": "b.txt",
"FilePath": "/tmp/b.txt",
"Hash": "sha256",
"ResourceId": "arn:aws:ec2:us-west-2:123456789012:volume/vol-032f3bdd89aee112f"
}],
"ItemCount": 3,
"Name": "Iot.linux.mirai.vwisi",
"Severity": "HIGH"
}]
```
## UserDefinedFields
提供與調查結果相關聯的名稱值字串對清單。這些是新增到問題清單的自訂使用者定義欄位。這些欄位可以透過您的特定組態自動產生。
尋找提供者不應將此欄位用於產品產生的資料。反之,問題清單提供者可以將 `ProductFields` 欄位用於未對應至任何標準 AWS 安全性問題清單格式欄位的資料。
這些欄位只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 更新。
**範例**
```
"UserDefinedFields": {
"reviewedByCio": "true",
"comeBackToLater": "Check this again on Monday"
}
```
## VerificationState
提供調查結果的真實性。問題清單產品可為`UNKNOWN`此欄位提供 的值。如果問題清單產品的系統中有有意義的類比,問題清單產品應該提供此欄位的值。調查問題清單後,使用者判斷或動作通常會填入此欄位。
問題清單提供者可以提供此屬性的初始值,但之後便無法更新該值。您只能使用 更新此屬性[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。
```
"VerificationState": "Confirmed"
```
## 漏洞
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html) 物件提供與調查結果相關聯的漏洞清單。
**範例**
```
"Vulnerabilities" : [
{
"CodeVulnerabilities": [{
"Cwes": [
"CWE-798",
"CWE-799"
],
"FilePath": {
"EndLine": 421,
"FileName": "package-lock.json",
"FilePath": "package-lock.json",
"StartLine": 420
},
"SourceArn":"arn:aws:lambda:us-east-1:123456789012:layer:AWS-AppConfig-Extension:114"
}],
"Cvss": [
{
"BaseScore": 4.7,
"BaseVector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"Version": "V3"
},
{
"BaseScore": 4.7,
"BaseVector": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"Version": "V2"
}
],
"EpssScore": 0.015,
"ExploitAvailable": "YES",
"FixAvailable": "YES",
"Id": "CVE-2020-12345",
"LastKnownExploitAt": "2020-01-16T00:01:35Z",
"ReferenceUrls":[
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418",
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563"
],
"RelatedVulnerabilities": ["CVE-2020-12345"],
"Vendor": {
"Name": "Alas",
"Url":"https://alas.aws.amazon.com/ALAS-2020-1337.html",
"VendorCreatedAt":"2020-01-16T00:01:43Z",
"VendorSeverity":"Medium",
"VendorUpdatedAt":"2020-01-16T00:01:43Z"
},
"VulnerablePackages": [
{
"Architecture": "x86_64",
"Epoch": "1",
"FilePath": "/tmp",
"FixedInVersion": "0.14.0",
"Name": "openssl",
"PackageManager": "OS",
"Release": "16.amzn2.0.3",
"Remediation": "Update aws-crt to 0.14.0",
"SourceLayerArn": "arn:aws:lambda:us-west-2:123456789012:layer:id",
"SourceLayerHash": "sha256:c1962c35b63a6ff6ce7df6e042ee82371a605ca9515569edec46ff14f926f001",
"Version": "1.0.2k"
}
]
}
]
```
## 工作流程
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Workflow.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Workflow.html) 物件會提供關於問題清單調查狀態的相關資訊。
此欄位旨在供客戶搭配修復、協同運作和票證工具使用。這不適用於問題清單提供者。
您只能使用 更新 `Workflow` 欄位[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。客戶也只能從主控台進行更新。請參閱 [在 Security Hub CSPM 中設定問題清單的工作流程狀態](findings-workflow-status.md)。
**範例**
```
"Workflow": {
"Status": "NEW"
}
```
## WorkflowState (已淘汰)
此物件已淘汰,並已由`Workflow`物件的 `Status` 欄位取代。
此欄位提供調查結果的工作流程狀態。問題清單產品可針對此欄位提供 `NEW` 值。如果問題清單產品系統中有意義的類比,問題清單產品可針對此欄位提供值。
**範例**
```
"WorkflowState": "NEW"
```
# Resources ASFF 物件
在 AWS 安全調查結果格式 (ASFF) 中, `Resources` 物件會提供調查結果所涉及資源的相關資訊。它包含最多 32 個資源物件的陣列。若要判斷資源名稱的格式,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。如需每個資源物件的範例,請從下列清單中選取資源。
**Topics**
+ [ASFF 中的資源屬性](asff-resources-attributes.md)
+ [AwsAmazonMQ ASFF 中的 資源](asff-resourcedetails-awsamazonmq.md)
+ [AwsApiGateway ASFF 中的 資源](asff-resourcedetails-awsapigateway.md)
+ [AwsAppSync ASFF 中的 資源](asff-resourcedetails-awsappsync.md)
+ [AwsAthena ASFF 中的 資源](asff-resourcedetails-awsathena.md)
+ [AwsAutoScaling ASFF 中的 資源](asff-resourcedetails-awsautoscaling.md)
+ [AwsBackup ASFF 中的 資源](asff-resourcedetails-awsbackup.md)
+ [AwsCertificateManager ASFF 中的 資源](asff-resourcedetails-awscertificatemanager.md)
+ [AwsCloudFormation ASFF 中的 資源](asff-resourcedetails-awscloudformation.md)
+ [AwsCloudFront ASFF 中的 資源](asff-resourcedetails-awscloudfront.md)
+ [AwsCloudTrail ASFF 中的 資源](asff-resourcedetails-awscloudtrail.md)
+ [AwsCloudWatch ASFF 中的 資源](asff-resourcedetails-awscloudwatch.md)
+ [AwsCodeBuild ASFF 中的 資源](asff-resourcedetails-awscodebuild.md)
+ [AwsDms ASFF 中的 資源](asff-resourcedetails-awsdms.md)
+ [AwsDynamoDB ASFF 中的 資源](asff-resourcedetails-awsdynamodb.md)
+ [AwsEc2 ASFF 中的 資源](asff-resourcedetails-awsec2.md)
+ [AwsEcr ASFF 中的 資源](asff-resourcedetails-awsecr.md)
+ [AwsEcs ASFF 中的 資源](asff-resourcedetails-awsecs.md)
+ [AwsEfs ASFF 中的 資源](asff-resourcedetails-awsefs.md)
+ [AwsEks ASFF 中的 資源](asff-resourcedetails-awseks.md)
+ [AwsElasticBeanstalk ASFF 中的 資源](asff-resourcedetails-awselasticbeanstalk.md)
+ [AwsElasticSearch ASFF 中的 資源](asff-resourcedetails-awselasticsearch.md)
+ [AwsElb ASFF 中的 資源](asff-resourcedetails-awselb.md)
+ [AwsEventBridge ASFF 中的 資源](asff-resourcedetails-awsevent.md)
+ [AwsGuardDuty ASFF 中的 資源](asff-resourcedetails-awsguardduty.md)
+ [AwsIam ASFF 中的 資源](asff-resourcedetails-awsiam.md)
+ [AwsKinesis ASFF 中的 資源](asff-resourcedetails-awskinesis.md)
+ [AwsKms ASFF 中的 資源](asff-resourcedetails-awskms.md)
+ [AwsLambda](asff-resourcedetails-awslambda.md)
+ [AwsMsk ASFF 中的 資源](asff-resourcedetails-awsmsk.md)
+ [AwsNetworkFirewall ASFF 中的 資源](asff-resourcedetails-awsnetworkfirewall.md)
+ [AwsOpenSearchService ASFF 中的 資源](asff-resourcedetails-awsopensearchservice.md)
+ [AwsRds ASFF 中的 資源](asff-resourcedetails-awsrds.md)
+ [AwsRedshift ASFF 中的 資源](asff-resourcedetails-awsredshift.md)
+ [AwsRoute53 ASFF 中的 資源](asff-resourcedetails-awsroute53.md)
+ [AwsS3 ASFF 中的 資源](asff-resourcedetails-awss3.md)
+ [AwsSageMaker ASFF 中的 資源](asff-resourcedetails-awssagemaker.md)
+ [AwsSecretsManager ASFF 中的 資源](asff-resourcedetails-awssecretsmanager.md)
+ [AwsSns ASFF 中的 資源](asff-resourcedetails-awssns.md)
+ [AwsSqs ASFF 中的 資源](asff-resourcedetails-awssqs.md)
+ [AwsSsm ASFF 中的 資源](asff-resourcedetails-awsssm.md)
+ [AwsStepFunctions ASFF 中的 資源](asff-resourcedetails-awsstepfunctions.md)
+ [AwsWaf ASFF 中的 資源](asff-resourcedetails-awswaf.md)
+ [AwsXray ASFF 中的 資源](asff-resourcedetails-awsxray.md)
+ [CodeRepository ASFF 中的 物件](asff-resourcedetails-coderepository.md)
+ [Container ASFF 中的 物件](asff-resourcedetails-container.md)
+ [Other ASFF 中的 物件](asff-resourcedetails-other.md)
# ASFF 中的資源屬性
以下是 AWS 安全性調查結果格式 (ASFF) 中`Resources`物件的描述和範例。如需有關這些欄位的詳細資訊,請參閱 [Resources](asff-required-attributes.md#Resources)。
## ApplicationArn
識別問題清單所涉及應用程式的 Amazon Resource Name (ARN)。
**範例**
```
"ApplicationArn": "arn:aws:resource-groups:us-west-2:123456789012:group/SampleApp/1234567890abcdef0"
```
## ApplicationName
識別問題清單所涉及的應用程式名稱。
**範例**
```
"ApplicationName": "SampleApp"
```
## DataClassification
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DataClassificationDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DataClassificationDetails.html) 欄位提供有關在資源上偵測到的敏感資料的資訊。
**範例**
```
"DataClassification": {
"DetailedResultsLocation": "Path_to_Folder_Or_File",
"Result": {
"MimeType": "text/plain",
"SizeClassified": 2966026,
"AdditionalOccurrences": false,
"Status": {
"Code": "COMPLETE",
"Reason": "Unsupportedfield"
},
"SensitiveData": [
{
"Category": "PERSONAL_INFORMATION",
"Detections": [
{
"Count": 34,
"Type": "GE_PERSONAL_ID",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 10,
"StartColumn": 20
}
],
"Pages": [],
"Records": [],
"Cells": []
}
},
{
"Count": 59,
"Type": "EMAIL_ADDRESS",
"Occurrences": {
"Pages": [
{
"PageNumber": 1,
"OffsetRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
},
"LineRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
}
}
]
}
},
{
"Count": 2229,
"Type": "URL",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 13
}
]
}
},
{
"Count": 13826,
"Type": "NameDetection",
"Occurrences": {
"Records": [
{
"RecordIndex": 1,
"JsonPath": "$.ssn.value"
}
]
}
},
{
"Count": 32,
"Type": "AddressDetection"
}
],
"TotalCount": 32
}
],
"CustomDataIdentifiers": {
"Detections": [
{
"Arn": "1712be25e7c7f53c731fe464f1c869b8",
"Name": "1712be25e7c7f53c731fe464f1c869b8",
"Count": 2,
}
],
"TotalCount": 2
}
}
}
```
## 詳細資訊
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html) 欄位提供使用適當物件之單一資源的其他資訊。每個資源都必須在物件中的個別資源`Resources`物件中提供。
請注意,如果調查結果大小超過 240 KB 的上限,則會從調查結果中移除`Details`物件。對於使用 AWS Config 規則的控制項調查結果,您可以在 AWS Config 主控台上檢視資源詳細資訊。
Security Hub CSPM 為其支援的資源類型提供一組可用的資源詳細資訊。這些詳細資訊對應至 `Type` 物件的值。盡可能使用提供的類型。
例如,如果資源是 S3 儲存貯體,請將資源設定為 `Type``AwsS3Bucket`,並在 [`AwsS3Bucket`](asff-resourcedetails-awss3.md#asff-resourcedetails-awss3bucket) 物件中提供資源詳細資訊。
[`Other`](asff-resourcedetails-other.md) 物件可讓您提供自訂欄位和值。在下列情況下,您可以使用 `Other` 物件:
+ 資源類型 (資源 的值`Type`) 沒有對應的詳細資訊物件。若要提供資源的詳細資訊,您可以使用 [`Other`](asff-resourcedetails-other.md) 物件。
+ 資源類型的 物件不包含您要填入的所有欄位。在此情況下,請使用資源類型的詳細資訊物件來填入可用的欄位。使用 `Other` 物件來填入不在類型特定物件中的欄位。
+ 資源類型不是提供的類型之一。在此情況下,將 `Resource.Type`設定為 `Other`,並使用 `Other` 物件填入詳細資訊。
**範例**
```
"Details": {
"AwsEc2Instance": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:role/IamInstanceProfileArn",
"ImageId": "ami-79fd7eee",
"IpV4Addresses": ["1.1.1.1"],
"IpV6Addresses": ["2001:db8:1234:1a2b::123"],
"KeyName": "testkey",
"LaunchedAt": "2018-09-29T01:25:54Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled"
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "PublicSubnet",
"Type": "i3.xlarge",
"VirtualizationType": "hvm",
"VpcId": "TestVPCIpv6"
},
"AwsS3Bucket": {
"OwnerId": "da4d66eac431652a4d44d490a00500bded52c97d235b7b4752f9f688566fe6de",
"OwnerName": "acmes3bucketowner"
},
"Other": { "LightPen": "blinky", "SerialNo": "1234abcd"}
}
```
## Id
指定資源類型的識別符。
對於 Amazon Resource Name (ARNs) 識別 AWS 的資源,這是 ARN。
對於缺少 ARNs AWS 的資源,這是建立資源之 AWS 服務定義的識別符。
對於非AWS 資源,這是與資源相關聯的唯一識別符。
**範例**
```
"Id": "arn:aws:s3:::amzn-s3-demo-bucket"
```
## 分割區
資源所在的分割區。分割區是 的群組 AWS 區域。每個 的範圍 AWS 帳戶 都是一個分割區。
支援下列分割區:
+ `aws` – AWS 區域
+ `aws-cn` - 中國區域
+ `aws-us-gov` – AWS GovCloud (US) Region
**範例**
```
"Partition": "aws"
```
## 區域
AWS 區域 此資源所在的 程式碼。如需區域代碼清單,請參閱[區域端點](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints)。
**範例**
```
"Region": "us-west-2"
```
## ResourceRole
識別調查結果中資源的角色。資源是調查結果活動的目標或執行活動的動作者。
**範例**
```
"ResourceRole": "target"
```
## Tags (標籤)
此欄位提供問題清單所涉及資源的標籤索引鍵和值資訊。您可以標記 AWS Resource Groups 標記 API `GetResources`操作[支援的資源](https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/supported-services.html)。Security Hub CSPM 透過[服務連結角色](using-service-linked-roles.md)呼叫此操作,並在 AWS Security Finding Format (ASFF) `Resource.Id` 欄位填入資源 ARN 時擷取 AWS 資源標籤。系統會忽略無效的資源 IDs。
您可以將資源標籤新增至 Security Hub CSPM 擷取的問題清單,包括整合 AWS 服務 和第三方產品的問題清單。
新增標籤會告訴您在處理問題清單時與資源相關聯的標籤。您只能針對具有關聯標籤的資源包含 `Tags` 屬性。如果資源沒有相關聯的標籤,請不要在問題清單中包含 `Tags` 屬性。
在問題清單中包含資源標籤,不需要建置資料擴充管道或手動擴充安全問題清單的中繼資料。您也可以使用標籤來搜尋或篩選問題清單和洞見,並建立[自動化規則](automation-rules.md)。
如需適用於標籤的限制資訊,請參閱[標籤命名限制和要求](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html#tag-conventions)。
您只能提供存在於此欄位中 AWS 資源上的標籤。若要提供未在 AWS 安全調查結果格式中定義的資料,請使用`Other`詳細資訊子欄位。
**範例**
```
"Tags": {
"billingCode": "Lotus-1-2-3",
"needsPatching": "true"
}
```
## Type
您要提供詳細資訊的資源類型。
盡可能使用提供的資源類型之一,例如 `AwsEc2Instance` 或 `AwsS3Bucket`。
如果資源類型不符合任何提供的資源類型,請將資源設定為 `Type` `Other`,並使用`Other`詳細資訊子欄位填入詳細資訊。
支援的值會列在[資源](asff-resources.md)下。
**範例**
```
"Type": "AwsS3Bucket"
```
# AwsAmazonMQ ASFF 中的 資源
以下是 `AwsAmazonMQ` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAmazonMQBroker
`AwsAmazonMQBroker` 提供 Amazon MQ 代理程式的相關資訊,這是在 Amazon MQ 上執行的訊息代理程式環境。
下列範例顯示`AwsAmazonMQBroker`物件的 ASFF。若要檢視`AwsAmazonMQBroker`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsAmazonMQBroker](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAmazonMQBrokerDetails.html)。
**範例**
```
"AwsAmazonMQBroker": {
"AutoMinorVersionUpgrade": true,
"BrokerArn": "arn:aws:mq:us-east-1:123456789012:broker:TestBroker:b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"BrokerId": "b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"BrokerName": "TestBroker",
"Configuration": {
"Id": "c-a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
"Revision": 1
},
"DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ",
"EncryptionOptions": {
"UseAwsOwnedKey": true
},
"EngineType": "ActiveMQ",
"EngineVersion": "5.17.2",
"HostInstanceType": "mq.t2.micro",
"Logs": {
"Audit": false,
"AuditLogGroup": "/aws/amazonmq/broker/b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111/audit",
"General": false,
"GeneralLogGroup": "/aws/amazonmq/broker/b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111/general"
},
"MaintenanceWindowStartTime": {
"DayOfWeek": "MONDAY",
"TimeOfDay": "22:00",
"TimeZone": "UTC"
},
"PubliclyAccessible": true,
"SecurityGroups": [
"sg-021345abcdef6789"
],
"StorageType": "efs",
"SubnetIds": [
"subnet-1234567890abcdef0",
"subnet-abcdef01234567890"
],
"Users": [
{
"Username": "admin"
}
]
}
```
# AwsApiGateway ASFF 中的 資源
以下是 `AwsApiGateway` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsApiGatewayRestApi
`AwsApiGatewayRestApi` 物件包含 Amazon API Gateway 第 1 版中 REST API 的相關資訊。
以下是安全`AwsApiGatewayRestApi`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayRestApi`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayRestApiDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayRestApiDetails.html)。
**範例**
```
AwsApiGatewayRestApi: {
"Id": "exampleapi",
"Name": "Security Hub",
"Description": "AWS Security Hub",
"CreatedDate": "2018-11-18T10:20:05-08:00",
"Version": "2018-10-26",
"BinaryMediaTypes" : ["-'*~1*'"],
"MinimumCompressionSize": 1024,
"ApiKeySource": "AWS_ACCOUNT_ID",
"EndpointConfiguration": {
"Types": [
"REGIONAL"
]
}
}
```
## AwsApiGatewayStage
`AwsApiGatewayStage` 物件提供第 1 版 Amazon API Gateway 階段的相關資訊。
以下是安全`AwsApiGatewayStage`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayStage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayStageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayStageDetails.html)。
**範例**
```
"AwsApiGatewayStage": {
"DeploymentId": "n7hlmf",
"ClientCertificateId": "a1b2c3",
"StageName": "Prod",
"Description" : "Stage Description",
"CacheClusterEnabled": false,
"CacheClusterSize" : "1.6",
"CacheClusterStatus": "NOT_AVAILABLE",
"MethodSettings": [
{
"MetricsEnabled": true,
"LoggingLevel": "INFO",
"DataTraceEnabled": false,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 5.0,
"CachingEnabled": false,
"CacheTtlInSeconds": 300,
"CacheDataEncrypted": false,
"RequireAuthorizationForCacheControl": true,
"UnauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER",
"HttpMethod": "POST",
"ResourcePath": "/echo"
}
],
"Variables": {"test": "value"},
"DocumentationVersion": "2.0",
"AccessLogSettings": {
"Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }",
"DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod"
},
"CanarySettings": {
"PercentTraffic": 0.0,
"DeploymentId": "ul73s8",
"StageVariableOverrides" : [
"String" : "String"
],
"UseStageCache": false
},
"TracingEnabled": false,
"CreatedDate": "2018-07-11T10:55:18-07:00",
"LastUpdatedDate": "2020-08-26T11:51:04-07:00",
"WebAclArn" : "arn:aws:waf-regional:us-west-2:111122223333:webacl/cb606bd8-5b0b-4f0b-830a-dd304e48a822"
}
```
## AwsApiGatewayV2Api
`AwsApiGatewayV2Api` 物件包含 Amazon API Gateway 中第 2 版 API 的相關資訊。
以下是安全`AwsApiGatewayV2Api`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Api`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayV2ApiDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayV2ApiDetails.html)。
**範例**
```
"AwsApiGatewayV2Api": {
"ApiEndpoint": "https://example.us-west-2.amazonaws.com",
"ApiId": "a1b2c3d4",
"ApiKeySelectionExpression": "$request.header.x-api-key",
"CreatedDate": "2020-03-28T00:32:37Z",
"Description": "ApiGatewayV2 Api",
"Version": "string",
"Name": "my-api",
"ProtocolType": "HTTP",
"RouteSelectionExpression": "$request.method $request.path",
"CorsConfiguration": {
"AllowOrigins": [ "*" ],
"AllowCredentials": true,
"ExposeHeaders": [ "string" ],
"MaxAge": 3000,
"AllowMethods": [
"GET",
"PUT",
"POST",
"DELETE",
"HEAD"
],
"AllowHeaders": [ "*" ]
}
}
```
## AwsApiGatewayV2Stage
`AwsApiGatewayV2Stage` 包含 Amazon API Gateway 第 2 版階段的相關資訊。
以下是安全`AwsApiGatewayV2Stage`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayV2StageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayV2StageDetails.html)。
**範例**
```
"AwsApiGatewayV2Stage": {
"CreatedDate": "2020-04-08T00:36:05Z",
"Description" : "ApiGatewayV2",
"DefaultRouteSettings": {
"DetailedMetricsEnabled": false,
"LoggingLevel": "INFO",
"DataTraceEnabled": true,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 50
},
"DeploymentId": "x1zwyv",
"LastUpdatedDate": "2020-04-08T00:36:13Z",
"RouteSettings": {
"DetailedMetricsEnabled": false,
"LoggingLevel": "INFO",
"DataTraceEnabled": true,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 50
},
"StageName": "prod",
"StageVariables": [
"function": "my-prod-function"
],
"AccessLogSettings": {
"Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }",
"DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod"
},
"AutoDeploy": false,
"LastDeploymentStatusMessage": "Message",
"ApiGatewayManaged": true,
}
```
# AwsAppSync ASFF 中的 資源
以下是 `AwsAppSync` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAppSyncGraphQLApi
`AwsAppSyncGraphQLApi` 提供 AWS AppSync GraphQL API 的相關資訊,這是應用程式的頂層建構。
下列範例顯示`AwsAppSyncGraphQLApi`物件的 ASFF。若要檢視`AwsAppSyncGraphQLApi`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsAppSyncGraphQLApi](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAppSyncGraphQLApiDetails.html)。
**範例**
```
"AwsAppSyncGraphQLApi": {
"AdditionalAuthenticationProviders": [
{
"AuthenticationType": "AWS_LAMBDA",
"LambdaAuthorizerConfig": {
"AuthorizerResultTtlInSeconds": 300,
"AuthorizerUri": "arn:aws:lambda:us-east-1:123456789012:function:mylambdafunc"
}
},
{
"AuthenticationType": "AWS_IAM"
}
],
"ApiId": "021345abcdef6789",
"Arn": "arn:aws:appsync:eu-central-1:123456789012:apis/021345abcdef6789",
"AuthenticationType": "API_KEY",
"Id": "021345abcdef6789",
"LogConfig": {
"CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/appsync-graphqlapi-logs-eu-central-1",
"ExcludeVerboseContent": true,
"FieldLogLevel": "ALL"
},
"Name": "My AppSync App",
"XrayEnabled": true,
}
```
# AwsAthena ASFF 中的 資源
以下是 `AwsAthena` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAthenaWorkGroup
`AwsAthenaWorkGroup` 提供 Amazon Athena 工作群組的相關資訊。工作群組可協助您區隔使用者、團隊、應用程式或工作負載。它還可協助您設定資料處理和追蹤成本的限制。
下列範例顯示`AwsAthenaWorkGroup`物件的 ASFF。若要檢視`AwsAthenaWorkGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsAthenaWorkGroup](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAthenaWorkGroupDetails.html)。
**範例**
```
"AwsAthenaWorkGroup": {
"Description": "My workgroup for prod workloads",
"Name": "MyWorkgroup",
"WorkgroupConfiguration" {
"ResultConfiguration": {
"EncryptionConfiguration": {
"EncryptionOption": "SSE_KMS",
"KmsKey": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
}
}
},
"State": "ENABLED"
}
```
# AwsAutoScaling ASFF 中的 資源
以下是 `AwsAutoScaling` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAutoScalingAutoScalingGroup
`AwsAutoScalingAutoScalingGroup` 物件提供自動擴展群組的詳細資訊。
以下是 AWS 安全`AwsAutoScalingAutoScalingGroup`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsAutoScalingAutoScalingGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsAutoScalingAutoScalingGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAutoScalingAutoScalingGroupDetails.html)。
**範例**
```
"AwsAutoScalingAutoScalingGroup": {
"CreatedTime": "2017-10-17T14:47:11Z",
"HealthCheckGracePeriod": 300,
"HealthCheckType": "EC2",
"LaunchConfigurationName": "mylaunchconf",
"LoadBalancerNames": [],
"LaunchTemplate": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"MixedInstancesPolicy": {
"InstancesDistribution": {
"OnDemandAllocationStrategy": "prioritized",
"OnDemandBaseCapacity": number,
"OnDemandPercentageAboveBaseCapacity": number,
"SpotAllocationStrategy": "lowest-price",
"SpotInstancePools": number,
"SpotMaxPrice": "string"
},
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"CapacityRebalance": true,
"Overrides": [
{
"InstanceType": "string",
"WeightedCapacity": "string"
}
]
}
}
}
}
```
## AwsAutoScalingLaunchConfiguration
`AwsAutoScalingLaunchConfiguration` 物件提供啟動組態的詳細資訊。
以下是 AWS 安全`AwsAutoScalingLaunchConfiguration`調查結果格式 (ASFF) 中的範例調查結果。
若要檢視`AwsAutoScalingLaunchConfiguration`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsAutoScalingLaunchConfigurationDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAutoScalingLaunchConfigurationDetails.html)。
**範例**
```
AwsAutoScalingLaunchConfiguration: {
"LaunchConfigurationName": "newtest",
"ImageId": "ami-058a3739b02263842",
"KeyName": "55hundredinstance",
"SecurityGroups": [ "sg-01fce87ad6e019725" ],
"ClassicLinkVpcSecurityGroups": [],
"UserData": "...Base64-Encoded user data..."
"InstanceType": "a1.metal",
"KernelId": "",
"RamdiskId": "ari-a51cf9cc",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sdh",
"Ebs": {
"VolumeSize": 30,
"VolumeType": "gp2",
"DeleteOnTermination": false,
"Encrypted": true,
"SnapshotId": "snap-ffaa1e69",
"VirtualName": "ephemeral1"
}
},
{
"DeviceName": "/dev/sdb",
"NoDevice": true
},
{
"DeviceName": "/dev/sda1",
"Ebs": {
"SnapshotId": "snap-02420cd3d2dea1bc0",
"VolumeSize": 8,
"VolumeType": "gp2",
"DeleteOnTermination": true,
"Encrypted": false
}
},
{
"DeviceName": "/dev/sdi",
"Ebs": {
"VolumeSize": 20,
"VolumeType": "gp2",
"DeleteOnTermination": false,
"Encrypted": true
}
},
{
"DeviceName": "/dev/sdc",
"NoDevice": true
}
],
"InstanceMonitoring": {
"Enabled": false
},
"CreatedTime": 1620842933453,
"EbsOptimized": false,
"AssociatePublicIpAddress": true,
"SpotPrice": "0.045"
}
```
# AwsBackup ASFF 中的 資源
以下是 `AwsBackup` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsBackupBackupPlan
`AwsBackupBackupPlan` 物件提供備份計畫的相關資訊 AWS Backup 。 AWS Backup 備份計畫是一種政策表達式,可定義您要備份 AWS 資源的時間和方式。
下列範例顯示 `AwsBackupBackupPlan` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsBackupBackupPlan`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsBackupBackupPlan](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupBackupPlanDetails.html)。
**範例**
```
"AwsBackupBackupPlan": {
"BackupPlan": {
"AdvancedBackupSettings": [{
"BackupOptions": {
"WindowsVSS":"enabled"
},
"ResourceType":"EC2"
}],
"BackupPlanName": "test",
"BackupPlanRule": [{
"CompletionWindowMinutes": 10080,
"CopyActions": [{
"DestinationBackupVaultArn": "arn:aws:backup:us-east-1:858726136373:backup-vault:aws/efs/automatic-backup-vault",
"Lifecycle": {
"DeleteAfterDays": 365,
"MoveToColdStorageAfterDays": 30
}
}],
"Lifecycle": {
"DeleteAfterDays": 35
},
"RuleName": "DailyBackups",
"ScheduleExpression": "cron(0 5 ? * * *)",
"StartWindowMinutes": 480,
"TargetBackupVault": "Default"
},
{
"CompletionWindowMinutes": 10080,
"CopyActions": [{
"DestinationBackupVaultArn": "arn:aws:backup:us-east-1:858726136373:backup-vault:aws/efs/automatic-backup-vault",
"Lifecycle": {
"DeleteAfterDays": 365,
"MoveToColdStorageAfterDays": 30
}
}],
"Lifecycle": {
"DeleteAfterDays": 35
},
"RuleName": "Monthly",
"ScheduleExpression": "cron(0 5 1 * ? *)",
"StartWindowMinutes": 480,
"TargetBackupVault": "Default"
}]
},
"BackupPlanArn": "arn:aws:backup:us-east-1:858726136373:backup-plan:b6d6b896-590d-4ee1-bf29-c5ccae63f4e7",
"BackupPlanId": "b6d6b896-590d-4ee1-bf29-c5ccae63f4e7",
"VersionId": "ZDVjNDIzMjItYTZiNS00NzczLTg4YzctNmExMWM2NjZhY2E1"
}
```
## AwsBackupBackupVault
`AwsBackupBackupVault` 物件提供備份保存庫的相關資訊 AWS Backup 。 AWS Backup 備份文件庫是存放和組織備份的容器。
下列範例顯示 `AwsBackupBackupVault` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsBackupBackupVault`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsBackupBackupVault](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupBackupVaultDetails.html)。
**範例**
```
"AwsBackupBackupVault": {
"AccessPolicy": {
"Statement": [{
"Action": [
"backup:DeleteBackupVault",
"backup:DeleteBackupVaultAccessPolicy",
"backup:DeleteRecoveryPoint",
"backup:StartCopyJob",
"backup:StartRestoreJob",
"backup:UpdateRecoveryPointLifecycle"
],
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": "*"
}],
"Version": "2012-10-17"
},
"BackupVaultArn": "arn:aws:backup:us-east-1:123456789012:backup-vault:aws/efs/automatic-backup-vault",
"BackupVaultName": "aws/efs/automatic-backup-vault",
"EncrytionKeyArn": "arn:aws:kms:us-east-1:444455556666:key/72ba68d4-5e43-40b0-ba38-838bf8d06ca0",
"Notifications": {
"BackupVaultEvents": ["BACKUP_JOB_STARTED", "BACKUP_JOB_COMPLETED", "COPY_JOB_STARTED"],
"SNSTopicArn": "arn:aws:sns:us-west-2:111122223333:MyVaultTopic"
}
}
```
## AwsBackupRecoveryPoint
`AwsBackupRecoveryPoint` 物件提供備份的相關資訊 AWS Backup ,也稱為復原點。 AWS Backup 復原點代表資源在指定時間的內容。
下列範例顯示 `AwsBackupRecoveryPoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsBackupBackupVault`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsBackupRecoveryPoint](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupRecoveryPointDetails.html)。
**範例**
```
"AwsBackupRecoveryPoint": {
"BackupSizeInBytes": 0,
"BackupVaultName": "aws/efs/automatic-backup-vault",
"BackupVaultArn": "arn:aws:backup:us-east-1:111122223333:backup-vault:aws/efs/automatic-backup-vault",
"CalculatedLifecycle": {
"DeleteAt": "2021-08-30T06:51:58.271Z",
"MoveToColdStorageAt": "2020-08-10T06:51:58.271Z"
},
"CompletionDate": "2021-07-26T07:21:40.361Z",
"CreatedBy": {
"BackupPlanArn": "arn:aws:backup:us-east-1:111122223333:backup-plan:aws/efs/73d922fb-9312-3a70-99c3-e69367f9fdad",
"BackupPlanId": "aws/efs/73d922fb-9312-3a70-99c3-e69367f9fdad",
"BackupPlanVersion": "ZGM4YzY5YjktMWYxNC00ZTBmLWE5MjYtZmU5OWNiZmM5ZjIz",
"BackupRuleId": "2a600c2-42ad-4196-808e-084923ebfd25"
},
"CreationDate": "2021-07-26T06:51:58.271Z",
"EncryptionKeyArn": "arn:aws:kms:us-east-1:111122223333:key/72ba68d4-5e43-40b0-ba38-838bf8d06ca0",
"IamRoleArn": "arn:aws:iam::111122223333:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup",
"IsEncrypted": true,
"LastRestoreTime": "2021-07-26T06:51:58.271Z",
"Lifecycle": {
"DeleteAfterDays": 35,
"MoveToColdStorageAfterDays": 15
},
"RecoveryPointArn": "arn:aws:backup:us-east-1:111122223333:recovery-point:151a59e4-f1d5-4587-a7fd-0774c6e91268",
"ResourceArn": "arn:aws:elasticfilesystem:us-east-1:858726136373:file-system/fs-15bd31a1",
"ResourceType": "EFS",
"SourceBackupVaultArn": "arn:aws:backup:us-east-1:111122223333:backup-vault:aws/efs/automatic-backup-vault",
"Status": "COMPLETED",
"StatusMessage": "Failure message",
"StorageClass": "WARM"
}
```
# AwsCertificateManager ASFF 中的 資源
以下是 `AwsCertificateManager` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCertificateManagerCertificate
`AwsCertificateManagerCertificate` 物件提供 AWS Certificate Manager (ACM) 憑證的詳細資訊。
以下是 AWS 安全`AwsCertificateManagerCertificate`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsCertificateManagerCertificate`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCertificateManagerCertificateDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCertificateManagerCertificateDetails.html)。
**範例**
```
"AwsCertificateManagerCertificate": {
"CertificateAuthorityArn": "arn:aws:acm:us-west-2:444455556666:certificate-authority/example",
"CreatedAt": "2019-05-24T18:12:02.000Z",
"DomainName": "example.amazondomains.com",
"DomainValidationOptions": [
{
"DomainName": "example.amazondomains.com",
"ResourceRecord": {
"Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com",
"Type": "CNAME",
"Value": "_example.acm-validations.aws."
},
"ValidationDomain": "example.amazondomains.com",
"ValidationEmails": [sample_email@sample.com],
"ValidationMethod": "DNS",
"ValidationStatus": "SUCCESS"
}
],
"ExtendedKeyUsages": [
{
"Name": "TLS_WEB_SERVER_AUTHENTICATION",
"OId": "1.3.6.1.5.5.7.3.1"
},
{
"Name": "TLS_WEB_CLIENT_AUTHENTICATION",
"OId": "1.3.6.1.5.5.7.3.2"
}
],
"FailureReason": "",
"ImportedAt": "2018-08-17T00:13:00.000Z",
"InUseBy": ["arn:aws:amazondomains:us-west-2:444455556666:loadbalancer/example"],
"IssuedAt": "2020-04-26T00:41:17.000Z",
"Issuer": "Amazon",
"KeyAlgorithm": "RSA-1024",
"KeyUsages": [
{
"Name": "DIGITAL_SIGNATURE",
},
{
"Name": "KEY_ENCIPHERMENT",
}
],
"NotAfter": "2021-05-26T12:00:00.000Z",
"NotBefore": "2020-04-26T00:00:00.000Z",
"Options": {
"CertificateTransparencyLoggingPreference": "ENABLED",
}
"RenewalEligibility": "ELIGIBLE",
"RenewalSummary": {
"DomainValidationOptions": [
{
"DomainName": "example.amazondomains.com",
"ResourceRecord": {
"Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com",
"Type": "CNAME",
"Value": "_example.acm-validations.aws.com",
},
"ValidationDomain": "example.amazondomains.com",
"ValidationEmails": ["sample_email@sample.com"],
"ValidationMethod": "DNS",
"ValidationStatus": "SUCCESS"
}
],
"RenewalStatus": "SUCCESS",
"RenewalStatusReason": "",
"UpdatedAt": "2020-04-26T00:41:35.000Z",
},
"Serial": "02:ac:86:b6:07:2f:0a:61:0e:3a:ac:fd:d9:ab:17:1a",
"SignatureAlgorithm": "SHA256WITHRSA",
"Status": "ISSUED",
"Subject": "CN=example.amazondomains.com",
"SubjectAlternativeNames": ["example.amazondomains.com"],
"Type": "AMAZON_ISSUED"
}
```
# AwsCloudFormation ASFF 中的 資源
以下是 `AwsCloudFormation` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudFormationStack
`AwsCloudFormationStack` 物件提供有關巢狀為最上層範本中資源之堆疊的詳細資訊 AWS CloudFormation 。
下列範例顯示 `AwsCloudFormationStack` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsCloudFormationStack`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCloudFormationStackDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudFormationStackDetails.html)。
**範例**
```
"AwsCloudFormationStack": {
"Capabilities": [
"CAPABILITY_IAM",
"CAPABILITY_NAMED_IAM"
],
"CreationTime": "2022-02-18T15:31:53.161Z",
"Description": "AWS CloudFormation Sample",
"DisableRollback": true,
"DriftInformation": {
"StackDriftStatus": "DRIFTED"
},
"EnableTerminationProtection": false,
"LastUpdatedTime": "2022-02-18T15:31:53.161Z",
"NotificationArns": [
"arn:aws:sns:us-east-1:978084797471:sample-sns-cfn"
],
"Outputs": [{
"Description": "URL for newly created LAMP stack",
"OutputKey": "WebsiteUrl",
"OutputValue": "http://ec2-44-193-18-241.compute-1.amazonaws.com"
}],
"RoleArn": "arn:aws:iam::012345678910:role/exampleRole",
"StackId": "arn:aws:cloudformation:us-east-1:978084797471:stack/sample-stack/e5d9f7e0-90cf-11ec-88c6-12ac1f91724b",
"StackName": "sample-stack",
"StackStatus": "CREATE_COMPLETE",
"StackStatusReason": "Success",
"TimeoutInMinutes": 1
}
```
# AwsCloudFront ASFF 中的 資源
以下是 `AwsCloudFront` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudFrontDistribution
`AwsCloudFrontDistribution` 物件提供 Amazon CloudFront 分佈組態的詳細資訊。
以下是 AWS 安全`AwsCloudFrontDistribution`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsCloudFrontDistribution`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCloudFrontDistributionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudFrontDistributionDetails.html)。
**範例**
```
"AwsCloudFrontDistribution": {
"CacheBehaviors": {
"Items": [
{
"ViewerProtocolPolicy": "https-only"
}
]
},
"DefaultCacheBehavior": {
"ViewerProtocolPolicy": "https-only"
},
"DefaultRootObject": "index.html",
"DomainName": "d2wkuj2w9l34gt.cloudfront.net",
"Etag": "E37HOT42DHPVYH",
"LastModifiedTime": "2015-08-31T21:11:29.093Z",
"Logging": {
"Bucket": "myawslogbucket.s3.amazonaws.com",
"Enabled": false,
"IncludeCookies": false,
"Prefix": "myawslog/"
},
"OriginGroups": {
"Items": [
{
"FailoverCriteria": {
"StatusCodes": {
"Items": [
200,
301,
404
]
"Quantity": 3
}
}
}
]
},
"Origins": {
"Items": [
{
"CustomOriginConfig": {
"HttpPort": 80,
"HttpsPort": 443,
"OriginKeepaliveTimeout": 60,
"OriginProtocolPolicy": "match-viewer",
"OriginReadTimeout": 30,
"OriginSslProtocols": {
"Items": ["SSLv3", "TLSv1"],
"Quantity": 2
}
}
},
]
},
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"Id": "my-origin",
"OriginPath": "/production",
"S3OriginConfig": {
"OriginAccessIdentity": "origin-access-identity/cloudfront/E2YFS67H6VB6E4"
}
]
},
"Status": "Deployed",
"ViewerCertificate": {
"AcmCertificateArn": "arn:aws:acm::123456789012:AcmCertificateArn",
"Certificate": "ASCAJRRE5XYF52TKRY5M4",
"CertificateSource": "iam",
"CloudFrontDefaultCertificate": true,
"IamCertificateId": "ASCAJRRE5XYF52TKRY5M4",
"MinimumProtocolVersion": "TLSv1.2_2021",
"SslSupportMethod": "sni-only"
},
"WebAclId": "waf-1234567890"
}
```
# AwsCloudTrail ASFF 中的 資源
以下是 `AwsCloudTrail` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudTrailTrail
`AwsCloudTrailTrail` 物件提供線索的詳細資訊 AWS CloudTrail 。
以下是安全`AwsCloudTrailTrail`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsCloudTrailTrail`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCloudTrailTrailDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudTrailTrailDetails.html)。
**範例**
```
"AwsCloudTrailTrail": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:CloudTrail/regression:*",
"CloudWatchLogsRoleArn": "arn:aws:iam::866482105055:role/CloudTrail_CloudWatchLogs",
"HasCustomEventSelectors": true,
"HomeRegion": "us-west-2",
"IncludeGlobalServiceEvents": true,
"IsMultiRegionTrail": true,
"IsOrganizationTrail": false,
"KmsKeyId": "kmsKeyId",
"LogFileValidationEnabled": true,
"Name": "regression-trail",
"S3BucketName": "cloudtrail-bucket",
"S3KeyPrefix": "s3KeyPrefix",
"SnsTopicArn": "arn:aws:sns:us-east-2:123456789012:MyTopic",
"SnsTopicName": "snsTopicName",
"TrailArn": "arn:aws:cloudtrail:us-west-2:123456789012:trail"
}
```
# AwsCloudWatch ASFF 中的 資源
以下是 `AwsCloudWatch` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudWatchAlarm
`AwsCloudWatchAlarm` 物件提供 Amazon CloudWatch 警示的詳細資訊,可在警示變更狀態時監看指標或執行動作。
下列範例顯示 `AwsCloudWatchAlarm` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsCloudWatchAlarm`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCloudWatchAlarmDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudWatchAlarmDetails.html)。
**範例**
```
"AwsCloudWatchAlarm": {
"ActionsEnabled": true,
"AlarmActions": [
"arn:aws:automate:region:ec2:stop",
"arn:aws:automate:region:ec2:terminate"
],
"AlarmArn": "arn:aws:cloudwatch:us-west-2:012345678910:alarm:sampleAlarm",
"AlarmConfigurationUpdatedTimestamp": "2022-02-18T15:31:53.161Z",
"AlarmDescription": "Alarm Example",
"AlarmName": "Example",
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"DatapointsToAlarm": 1,
"Dimensions": [{
"Name": "InstanceId",
"Value": "i-1234567890abcdef0"
}],
"EvaluateLowSampleCountPercentile": "evaluate",
"EvaluationPeriods": 1,
"ExtendedStatistic": "p99.9",
"InsufficientDataActions": [
"arn:aws:automate:region:ec2:stop"
],
"MetricName": "Sample Metric",
"Namespace": "YourNamespace",
"OkActions": [
"arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0"
],
"Period": 1,
"Statistic": "SampleCount",
"Threshold": 12.3,
"ThresholdMetricId": "t1",
"TreatMissingData": "notBreaching",
"Unit": "Kilobytes/Second"
}
```
# AwsCodeBuild ASFF 中的 資源
以下是 `AwsCodeBuild` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCodeBuildProject
`AwsCodeBuildProject` 物件提供了 AWS CodeBuild 專案的資訊。
以下是安全`AwsCodeBuildProject`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsCodeBuildProject`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCodeBuildProjectDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCodeBuildProjectDetails.html)。
**範例**
```
"AwsCodeBuildProject": {
"Artifacts": [
{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}
],
"SecondaryArtifacts": [
{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}
],
"EncryptionKey": "string",
"Certificate": "string",
"Environment": {
"Certificate": "string",
"EnvironmentVariables": [
{
"Name": "string",
"Type": "string",
"Value": "string"
}
],
"ImagePullCredentialsType": "string",
"PrivilegedMode": boolean,
"RegistryCredential": {
"Credential": "string",
"CredentialProvider": "string"
},
"Type": "string"
},
"LogsConfig": {
"CloudWatchLogs": {
"GroupName": "string",
"Status": "string",
"StreamName": "string"
},
"S3Logs": {
"EncryptionDisabled": boolean,
"Location": "string",
"Status": "string"
}
},
"Name": "string",
"ServiceRole": "string",
"Source": {
"Type": "string",
"Location": "string",
"GitCloneDepth": integer
},
"VpcConfig": {
"VpcId": "string",
"Subnets": ["string"],
"SecurityGroupIds": ["string"]
}
}
```
# AwsDms ASFF 中的 資源
以下是 `AwsDms` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsDmsEndpoint
`AwsDmsEndpoint` 物件提供有關 AWS Database Migration Service (AWS DMS) 端點的資訊。端點提供資料存放區的連線、資料存放區類型和位置資訊。
下列範例顯示 `AwsDmsEndpoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsDmsEndpoint`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsDmsEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsEndpointDeatils.html)。
**範例**
```
"AwsDmsEndpoint": {
"CertificateArn": "arn:aws:dms:us-east-1:123456789012:cert:EXAMPLEIGDURVZGVJQZDPWJ5A7F2YDJVSMTBWFI",
"DatabaseName": "Test",
"EndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:EXAMPLEQB3CZY33F7XV253NAJVBNPK6MJQVFVQA",
"EndpointIdentifier": "target-db",
"EndpointType": "TARGET",
"EngineName": "mariadb",
"KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Port": 3306,
"ServerName": "target-db.exampletafyu.us-east-1.rds.amazonaws.com",
"SslMode": "verify-ca",
"Username": "admin"
}
```
## AwsDmsReplicationInstance
`AwsDmsReplicationInstance` 物件提供有關 AWS Database Migration Service (AWS DMS) 複寫執行個體的資訊。DMS 使用複寫執行個體來連線至來源資料存放區、讀取來源資料,以及格式化資料以供目標資料存放區使用。
下列範例顯示 `AwsDmsReplicationInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsDmsReplicationInstance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsDmsReplicationInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsReplicationInstanceDetails.html)。
**範例**
```
"AwsDmsReplicationInstance": {
"AllocatedStorage": 50,
"AutoMinorVersionUpgrade": true,
"AvailabilityZone": "us-east-1b",
"EngineVersion": "3.5.1",
"KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"MultiAZ": false,
"PreferredMaintenanceWindow": "wed:08:08-wed:08:38",
"PubliclyAccessible": true,
"ReplicationInstanceClass": "dms.c5.xlarge",
"ReplicationInstanceIdentifier": "second-replication-instance",
"ReplicationSubnetGroup": {
"ReplicationSubnetGroupIdentifier": "default-vpc-2344f44f"
},
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-003a34e205138138b"
}
]
}
```
## AwsDmsReplicationTask
`AwsDmsReplicationTask` 物件提供有關 AWS Database Migration Service (AWS DMS) 複寫任務的資訊。複寫任務會將一組資料從來源端點移至目標端點。
下列範例顯示 `AwsDmsReplicationInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsDmsReplicationInstance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsDmsReplicationInstance](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsReplicationTaskDetails.html)。
**範例**
```
"AwsDmsReplicationTask": {
"CdcStartPosition": "2023-08-28T14:26:22",
"Id": "arn:aws:dms:us-east-1:123456789012:task:YDYUOHZIXWKQSUCBMUCQCNY44SJW74VJNB5DFWQ",
"MigrationType": "cdc",
"ReplicationInstanceArn": "arn:aws:dms:us-east-1:123456789012:rep:T7V6RFDP23PYQWUL26N3PF5REKML4YOUGIMYJUI",
"ReplicationTaskIdentifier": "test-task",
"ReplicationTaskSettings": "{\"Logging\":{\"EnableLogging\":false,\"EnableLogContext\":false,\"LogComponents\":[{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TRANSFORMATION\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SOURCE_UNLOAD\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"IO\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TARGET_LOAD\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"PERFORMANCE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SOURCE_CAPTURE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SORTER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"REST_SERVER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"VALIDATOR_EXT\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TARGET_APPLY\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TASK_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TABLES_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"METADATA_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"FILE_FACTORY\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"COMMON\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"ADDONS\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"DATA_STRUCTURE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"COMMUNICATION\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"FILE_TRANSFER\"}],\"CloudWatchLogGroup\":null,\"CloudWatchLogStream\":null},\"StreamBufferSettings\":{\"StreamBufferCount\":3,\"CtrlStreamBufferSizeInMB\":5,\"StreamBufferSizeInMB\":8},\"ErrorBehavior\":{\"FailOnNoTablesCaptured\":true,\"ApplyErrorUpdatePolicy\":\"LOG_ERROR\",\"FailOnTransactionConsistencyBreached\":false,\"RecoverableErrorThrottlingMax\":1800,\"DataErrorEscalationPolicy\":\"SUSPEND_TABLE\",\"ApplyErrorEscalationCount\":0,\"RecoverableErrorStopRetryAfterThrottlingMax\":true,\"RecoverableErrorThrottling\":true,\"ApplyErrorFailOnTruncationDdl\":false,\"DataTruncationErrorPolicy\":\"LOG_ERROR\",\"ApplyErrorInsertPolicy\":\"LOG_ERROR\",\"EventErrorPolicy\":\"IGNORE\",\"ApplyErrorEscalationPolicy\":\"LOG_ERROR\",\"RecoverableErrorCount\":-1,\"DataErrorEscalationCount\":0,\"TableErrorEscalationPolicy\":\"STOP_TASK\",\"RecoverableErrorInterval\":5,\"ApplyErrorDeletePolicy\":\"IGNORE_RECORD\",\"TableErrorEscalationCount\":0,\"FullLoadIgnoreConflicts\":true,\"DataErrorPolicy\":\"LOG_ERROR\",\"TableErrorPolicy\":\"SUSPEND_TABLE\"},\"TTSettings\":{\"TTS3Settings\":null,\"TTRecordSettings\":null,\"EnableTT\":false},\"FullLoadSettings\":{\"CommitRate\":10000,\"StopTaskCachedChangesApplied\":false,\"StopTaskCachedChangesNotApplied\":false,\"MaxFullLoadSubTasks\":8,\"TransactionConsistencyTimeout\":600,\"CreatePkAfterFullLoad\":false,\"TargetTablePrepMode\":\"DO_NOTHING\"},\"TargetMetadata\":{\"ParallelApplyBufferSize\":0,\"ParallelApplyQueuesPerThread\":0,\"ParallelApplyThreads\":0,\"TargetSchema\":\"\",\"InlineLobMaxSize\":0,\"ParallelLoadQueuesPerThread\":0,\"SupportLobs\":true,\"LobChunkSize\":64,\"TaskRecoveryTableEnabled\":false,\"ParallelLoadThreads\":0,\"LobMaxSize\":0,\"BatchApplyEnabled\":false,\"FullLobMode\":true,\"LimitedSizeLobMode\":false,\"LoadMaxFileSize\":0,\"ParallelLoadBufferSize\":0},\"BeforeImageSettings\":null,\"ControlTablesSettings\":{\"historyTimeslotInMinutes\":5,\"HistoryTimeslotInMinutes\":5,\"StatusTableEnabled\":false,\"SuspendedTablesTableEnabled\":false,\"HistoryTableEnabled\":false,\"ControlSchema\":\"\",\"FullLoadExceptionTableEnabled\":false},\"LoopbackPreventionSettings\":null,\"CharacterSetSettings\":null,\"FailTaskWhenCleanTaskResourceFailed\":false,\"ChangeProcessingTuning\":{\"StatementCacheSize\":50,\"CommitTimeout\":1,\"BatchApplyPreserveTransaction\":true,\"BatchApplyTimeoutMin\":1,\"BatchSplitSize\":0,\"BatchApplyTimeoutMax\":30,\"MinTransactionSize\":1000,\"MemoryKeepTime\":60,\"BatchApplyMemoryLimit\":500,\"MemoryLimitTotal\":1024},\"ChangeProcessingDdlHandlingPolicy\":{\"HandleSourceTableDropped\":true,\"HandleSourceTableTruncated\":true,\"HandleSourceTableAltered\":true},\"PostProcessingRules\":null}",
"SourceEndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:TZPWV2VCXEGHYOKVKRNHAKJ4Q3RUXACNGFGYWRI",
"TableMappings": "{\"rules\":[{\"rule-type\":\"selection\",\"rule-id\":\"969761702\",\"rule-name\":\"969761702\",\"object-locator\":{\"schema-name\":\"%table\",\"table-name\":\"%example\"},\"rule-action\":\"exclude\",\"filters\":[]}]}",
"TargetEndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:ABR8LBOQB3CZY33F7XV253NAJVBNPK6MJQVFVQA"
}
```
# AwsDynamoDB ASFF 中的 資源
以下是 `AwsDynamoDB` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsDynamoDbTable
`AwsDynamoDbTable` 物件提供 Amazon DynamoDB 資料表的詳細資訊。
以下是安全`AwsDynamoDbTable`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsDynamoDbTable`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsDynamoDbTableDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDynamoDbTableDetails.html)。
**範例**
```
"AwsDynamoDbTable": {
"AttributeDefinitions": [
{
"AttributeName": "attribute1",
"AttributeType": "value 1"
},
{
"AttributeName": "attribute2",
"AttributeType": "value 2"
},
{
"AttributeName": "attribute3",
"AttributeType": "value 3"
}
],
"BillingModeSummary": {
"BillingMode": "PAY_PER_REQUEST",
"LastUpdateToPayPerRequestDateTime": "2019-12-03T15:23:10.323Z"
},
"CreationDateTime": "2019-12-03T15:23:10.248Z",
"DeletionProtectionEnabled": true,
"GlobalSecondaryIndexes": [
{
"Backfilling": false,
"IndexArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/index/exampleIndex",
"IndexName": "standardsControlArnIndex",
"IndexSizeBytes": 1862513,
"IndexStatus": "ACTIVE",
"ItemCount": 20,
"KeySchema": [
{
"AttributeName": "City",
"KeyType": "HASH"
},
{
"AttributeName": "Date",
"KeyType": "RANGE"
}
],
"Projection": {
"NonKeyAttributes": ["predictorName"],
"ProjectionType": "ALL"
},
"ProvisionedThroughput": {
"LastIncreaseDateTime": "2019-03-14T13:21:00.399Z",
"LastDecreaseDateTime": "2019-03-14T12:47:35.193Z",
"NumberOfDecreasesToday": 0,
"ReadCapacityUnits": 100,
"WriteCapacityUnits": 50
},
}
],
"GlobalTableVersion": "V1",
"ItemCount": 2705,
"KeySchema": [
{
"AttributeName": "zipcode",
"KeyType": "HASH"
}
],
"LatestStreamArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/stream/2019-12-03T23:23:10.248",
"LatestStreamLabel": "2019-12-03T23:23:10.248",
"LocalSecondaryIndexes": [
{
"IndexArn": "arn:aws:dynamodb:us-east-1:111122223333:table/exampleGroup/index/exampleId",
"IndexName": "CITY_DATE_INDEX_NAME",
"KeySchema": [
{
"AttributeName": "zipcode",
"KeyType": "HASH"
}
],
"Projection": {
"NonKeyAttributes": ["predictorName"],
"ProjectionType": "ALL"
},
}
],
"ProvisionedThroughput": {
"LastIncreaseDateTime": "2019-03-14T13:21:00.399Z",
"LastDecreaseDateTime": "2019-03-14T12:47:35.193Z",
"NumberOfDecreasesToday": 0,
"ReadCapacityUnits": 100,
"WriteCapacityUnits": 50
},
"Replicas": [
{
"GlobalSecondaryIndexes":[
{
"IndexName": "CITY_DATE_INDEX_NAME",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": 10
}
}
],
"KmsMasterKeyId" : "KmsKeyId"
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": 10
},
"RegionName": "regionName",
"ReplicaStatus": "CREATING",
"ReplicaStatusDescription": "replicaStatusDescription"
}
],
"RestoreSummary" : {
"SourceBackupArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/backup/backup1",
"SourceTableArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable",
"RestoreDateTime": "2020-06-22T17:40:12.322Z",
"RestoreInProgress": true
},
"SseDescription": {
"InaccessibleEncryptionDateTime": "2018-01-26T23:50:05.000Z",
"Status": "ENABLED",
"SseType": "KMS",
"KmsMasterKeyArn": "arn:aws:kms:us-east-1:111122223333:key/key1"
},
"StreamSpecification" : {
"StreamEnabled": true,
"StreamViewType": "NEW_IMAGE"
},
"TableId": "example-table-id-1",
"TableName": "example-table",
"TableSizeBytes": 1862513,
"TableStatus": "ACTIVE"
}
```
# AwsEc2 ASFF 中的 資源
以下是 `AwsEc2` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEc2ClientVpnEndpoint
`AwsEc2ClientVpnEndpoint` 物件提供 AWS Client VPN 端點的相關資訊。Client VPN 端點是您建立和設定以啟用和管理用戶端 VPN 工作階段的資源。它是所有用户端 VPN 工作階段的終止點。
下列範例顯示 `AwsEc2ClientVpnEndpoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2ClientVpnEndpoint`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2ClientVpnEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2ClientVpnEndpointDetails.html)。
**範例**
```
"AwsEc2ClientVpnEndpoint": {
"AuthenticationOptions": [
{
"MutualAuthentication": {
"ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Type": "certificate-authentication"
}
],
"ClientCidrBlock": "10.0.0.0/22",
"ClientConnectOptions": {
"Enabled": false
},
"ClientLoginBannerOptions": {
"Enabled": false
},
"ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5",
"ConnectionLogOptions": {
"Enabled": false
},
"Description": "test",
"DnsServer": ["10.0.0.0"],
"ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"SecurityGroupIdSet": [
"sg-0f7a177b82b443691"
],
"SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5",
"SessionTimeoutHours": 24,
"SplitTunnel": false,
"TransportProtocol": "udp",
"VpcId": "vpc-1a2b3c4d5e6f1a2b3",
"VpnPort": 443
}
```
## AwsEc2Eip
`AwsEc2Eip` 物件提供彈性 IP 地址的相關資訊。
下列範例顯示 `AwsEc2Eip` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Eip`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2EipDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2EipDetails.html)。
**範例**
```
"AwsEc2Eip": {
"InstanceId": "instance1",
"PublicIp": "192.0.2.04",
"AllocationId": "eipalloc-example-id-1",
"AssociationId": "eipassoc-example-id-1",
"Domain": "vpc",
"PublicIpv4Pool": "anycompany",
"NetworkBorderGroup": "eu-central-1",
"NetworkInterfaceId": "eni-example-id-1",
"NetworkInterfaceOwnerId": "777788889999",
"PrivateIpAddress": "192.0.2.03"
}
```
## AwsEc2Instance
`AwsEc2Instance` 物件提供 Amazon EC2 執行個體的詳細資訊。
下列範例顯示 `AwsEc2Instance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Instance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2InstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2InstanceDetails.html)。
**範例**
```
"AwsEc2Instance": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole",
"ImageId": "ami-1234",
"IpV4Addresses": [ "1.1.1.1" ],
"IpV6Addresses": [ "2001:db8:1234:1a2b::123" ],
"KeyName": "my_keypair",
"LaunchedAt": "2018-05-08T16:46:19.000Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled",
},
"Monitoring": {
"State": "disabled"
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "subnet-123",
"Type": "i3.xlarge",
"VpcId": "vpc-123"
}
```
## AwsEc2LaunchTemplate
`AwsEc2LaunchTemplate` 物件包含指定執行個體組態資訊的 Amazon Elastic Compute Cloud 啟動範本詳細資訊。
下列範例顯示 `AwsEc2LaunchTemplate` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2LaunchTemplate`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2LaunchTemplateDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2LaunchTemplateDetals.html)。
**範例**
```
"AwsEc2LaunchTemplate": {
"DefaultVersionNumber": "1",
"ElasticGpuSpecifications": ["string"],
"ElasticInferenceAccelerators": ["string"],
"Id": "lt-0a16e9802800bdd85",
"ImageId": "ami-0d5eff06f840b45e9",
"LatestVersionNumber": "1",
"LaunchTemplateData": {
"BlockDeviceMappings": [{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteonTermination": true,
"Encrypted": true,
"SnapshotId": "snap-01047646ec075f543",
"VolumeSize": 8,
"VolumeType:" "gp2"
}
}],
"MetadataOptions": {
"HttpTokens": "enabled",
"HttpPutResponseHopLimit" : 1
},
"Monitoring": {
"Enabled": true,
"NetworkInterfaces": [{
"AssociatePublicIpAddress" : true,
}],
"LaunchTemplateName": "string",
"LicenseSpecifications": ["string"],
"SecurityGroupIds": ["sg-01fce87ad6e019725"],
"SecurityGroups": ["string"],
"TagSpecifications": ["string"]
}
```
## AwsEc2NetworkAcl
`AwsEc2NetworkAcl` 物件包含 Amazon EC2 網路存取控制清單 (ACL) 的詳細資訊。
下列範例顯示 `AwsEc2NetworkAcl` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2NetworkAcl`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2NetworkAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2NetworkAclDetails.html)。
**範例**
```
"AwsEc2NetworkAcl": {
"IsDefault": false,
"NetworkAclId": "acl-1234567890abcdef0",
"OwnerId": "123456789012",
"VpcId": "vpc-1234abcd",
"Associations": [{
"NetworkAclAssociationId": "aclassoc-abcd1234",
"NetworkAclId": "acl-021345abcdef6789",
"SubnetId": "subnet-abcd1234"
}],
"Entries": [{
"CidrBlock": "10.24.34.0/23",
"Egress": true,
"IcmpTypeCode": {
"Code": 10,
"Type": 30
},
"Ipv6CidrBlock": "2001:DB8::/32",
"PortRange": {
"From": 20,
"To": 40
},
"Protocol": "tcp",
"RuleAction": "allow",
"RuleNumber": 100
}]
}
```
## AwsEc2NetworkInterface
`AwsEc2NetworkInterface` 物件提供有關 Amazon EC2 網路介面的資訊。
下列範例顯示 `AwsEc2NetworkInterface` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2NetworkInterface`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2NetworkInterfaceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2NetworkInterfaceDetails.html)。
**範例**
```
"AwsEc2NetworkInterface": {
"Attachment": {
"AttachTime": "2019-01-01T03:03:21Z",
"AttachmentId": "eni-attach-43348162",
"DeleteOnTermination": true,
"DeviceIndex": 123,
"InstanceId": "i-1234567890abcdef0",
"InstanceOwnerId": "123456789012",
"Status": 'ATTACHED'
},
"SecurityGroups": [
{
"GroupName": "my-security-group",
"GroupId": "sg-903004f8"
},
],
"NetworkInterfaceId": 'eni-686ea200',
"SourceDestCheck": false
}
```
## AwsEc2RouteTable
`AwsEc2RouteTable` 物件提供有關 Amazon EC2 路由表的資訊。
下列範例顯示 `AwsEc2RouteTable` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2RouteTable`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2RouteTableDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2RouteTableDetails.html)。
**範例**
```
"AwsEc2RouteTable": {
"AssociationSet": [{
"AssociationSet": {
"State": "associated"
},
"Main": true,
"RouteTableAssociationId": "rtbassoc-08e706c45de9f7512",
"RouteTableId": "rtb-0a59bde9cf2548e34",
}],
"PropogatingVgwSet": [],
"RouteTableId": "rtb-0a59bde9cf2548e34",
"RouteSet": [
{
"DestinationCidrBlock": "10.24.34.0/23",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "10.24.34.0/24",
"GatewayId": "igw-0242c2d7d513fc5d3",
"Origin": "CreateRoute",
"State": "active"
}
],
"VpcId": "vpc-0c250a5c33f51d456"
}
```
## AwsEc2SecurityGroup
`AwsEc2SecurityGroup` 物件描述 Amazon EC2 安全群組。
下列範例顯示 `AwsEc2SecurityGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2SecurityGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2SecurityGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2SecurityGroupDetails.html)。
**範例**
```
"AwsEc2SecurityGroup": {
"GroupName": "MySecurityGroup",
"GroupId": "sg-903004f8",
"OwnerId": "123456789012",
"VpcId": "vpc-1a2b3c4d",
"IpPermissions": [
{
"IpProtocol": "-1",
"IpRanges": [],
"UserIdGroupPairs": [
{
"UserId": "123456789012",
"GroupId": "sg-903004f8"
}
],
"PrefixListIds": [
{"PrefixListId": "pl-63a5400a"}
]
},
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "203.0.113.0/24"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": []
}
]
}
```
## AwsEc2Subnet
`AwsEc2Subnet` 物件提供 Amazon EC2 中子網路的相關資訊。
下列範例顯示 `AwsEc2Subnet` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Subnet`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2SubnetDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2SubnetDetails.html)。
**範例**
```
AwsEc2Subnet: {
"AssignIpv6AddressOnCreation": false,
"AvailabilityZone": "us-west-2c",
"AvailabilityZoneId": "usw2-az3",
"AvailableIpAddressCount": 8185,
"CidrBlock": "10.0.0.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"OwnerId": "123456789012",
"State": "available",
"SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93",
"SubnetId": "subnet-d5436c93",
"VpcId": "vpc-153ade70",
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "subnet-cidr-assoc-EXAMPLE",
"Ipv6CidrBlock": "2001:DB8::/32",
"CidrBlockState": "associated"
}]
}
```
## AwsEc2TransitGateway
`AwsEc2TransitGateway` 物件提供 Amazon EC2 傳輸閘道的詳細資訊,可互連您的虛擬私有雲端 (VPCs) 和內部部署網路。
以下是 AWS 安全`AwsEc2TransitGateway`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsEc2TransitGateway`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2TransitGatewayDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2TransitGatewayDetails.html)。
**範例**
```
"AwsEc2TransitGateway": {
"AmazonSideAsn": 65000,
"AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
"AutoAcceptSharedAttachments": "disable",
"DefaultRouteTableAssociation": "enable",
"DefaultRouteTablePropagation": "enable",
"Description": "sample transit gateway",
"DnsSupport": "enable",
"Id": "tgw-042ae6bf7a5c126c3",
"MulticastSupport": "disable",
"PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
"TransitGatewayCidrBlocks": ["10.0.0.0/16"],
"VpnEcmpSupport": "enable"
}
```
## AwsEc2Volume
`AwsEc2Volume` 物件提供 Amazon EC2 磁碟區的詳細資訊。
下列範例顯示 `AwsEc2Volume` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Volume`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VolumeDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VolumeDetails.html)。
**範例**
```
"AwsEc2Volume": {
"Attachments": [
{
"AttachTime": "2017-10-17T14:47:11Z",
"DeleteOnTermination": true,
"InstanceId": "i-123abc456def789g",
"Status": "attached"
}
],
"CreateTime": "2020-02-24T15:54:30Z",
"Encrypted": true,
"KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"Size": 80,
"SnapshotId": "",
"Status": "available"
}
```
## AwsEc2Vpc
`AwsEc2Vpc` 物件提供 Amazon EC2 VPC 的詳細資訊。
下列範例顯示 `AwsEc2Vpc` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Vpc`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VpcDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcDetails.html)。
**範例**
```
"AwsEc2Vpc": {
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
"CidrBlock": "192.0.2.0/24",
"CidrBlockState": "associated"
}
],
"DhcpOptionsId": "dopt-4e42ce28",
"Ipv6CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
"CidrBlockState": "associated",
"Ipv6CidrBlock": "192.0.2.0/24"
}
],
"State": "available"
}
```
## AwsEc2VpcEndpointService
`AwsEc2VpcEndpointService` 物件包含 VPC 端點服務的服務組態詳細資訊。
下列範例顯示 `AwsEc2VpcEndpointService` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2VpcEndpointService`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VpcEndpointServiceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcEndpointServiceDetails.html)。
**範例**
```
"AwsEc2VpcEndpointService": {
"ServiceType": [
{
"ServiceType": "Interface"
}
],
"ServiceId": "vpce-svc-example1",
"ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1",
"ServiceState": "Available",
"AvailabilityZones": [
"us-east-1"
],
"AcceptanceRequired": true,
"ManagesVpcEndpoints": false,
"NetworkLoadBalancerArns": [
"arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1"
],
"GatewayLoadBalancerArns": [],
"BaseEndpointDnsNames": [
"vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com"
],
"PrivateDnsName": "my-private-dns"
}
```
## AwsEc2VpcPeeringConnection
`AwsEc2VpcPeeringConnection` 物件提供兩個 VPCs之間網路連線的詳細資訊。
下列範例顯示 `AwsEc2VpcPeeringConnection` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2VpcPeeringConnection`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VpcPeeringConnectionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcPeeringConnectionDetails.html)。
**範例**
```
"AwsEc2VpcPeeringConnection": {
"AccepterVpcInfo": {
"CidrBlock": "10.0.0.0/28",
"CidrBlockSet": [{
"CidrBlock": "10.0.0.0/28"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
}],
"OwnerId": "012345678910",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": true,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": true
},
"Region": "us-west-2",
"VpcId": "vpc-i123456"
},
"ExpirationTime": "2022-02-18T15:31:53.161Z",
"RequesterVpcInfo": {
"CidrBlock": "192.168.0.0/28",
"CidrBlockSet": [{
"CidrBlock": "192.168.0.0/28"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
}],
"OwnerId": "012345678910",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": true,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": true
},
"Region": "us-west-2",
"VpcId": "vpc-i123456"
},
"Status": {
"Code": "initiating-request",
"Message": "Active"
},
"VpcPeeringConnectionId": "pcx-1a2b3c4d"
}
```
# AwsEcr ASFF 中的 資源
以下是 `AwsEcr` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEcrContainerImage
`AwsEcrContainerImage` 物件提供 Amazon ECR 映像的相關資訊。
下列範例顯示 `AwsEcrContainerImage` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcrContainerImage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcrContainerImageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcrContainerImageDetails.html)。
**範例**
```
"AwsEcrContainerImage": {
"RegistryId": "123456789012",
"RepositoryName": "repository-name",
"Architecture": "amd64"
"ImageDigest": "sha256:a568e5c7a953fbeaa2904ac83401f93e4a076972dc1bae527832f5349cd2fb10",
"ImageTags": ["00000000-0000-0000-0000-000000000000"],
"ImagePublishedAt": "2019-10-01T20:06:12Z"
}
```
## AwsEcrRepository
`AwsEcrRepository` 物件提供有關 Amazon Elastic Container Registry 儲存庫的資訊。
下列範例顯示 `AwsEcrRepository` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcrRepository`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcrRepositoryDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcrRepositoryDetails.html)。
**範例**
```
"AwsEcrRepository": {
"LifecyclePolicy": {
"RegistryId": "123456789012",
},
"RepositoryName": "sample-repo",
"Arn": "arn:aws:ecr:us-west-2:111122223333:repository/sample-repo",
"ImageScanningConfiguration": {
"ScanOnPush": true
},
"ImageTagMutability": "IMMUTABLE"
}
```
# AwsEcs ASFF 中的 資源
以下是 `AwsEcs` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEcsCluster
`AwsEcsCluster` 物件提供有關 Amazon Elastic Container Service 叢集的詳細資訊。
下列範例顯示 `AwsEcsCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsCluster`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcsClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsClusterDetails.html)。
**範例**
```
"AwsEcsCluster": {
"CapacityProviders": [],
"ClusterSettings": [
{
"Name": "containerInsights",
"Value": "enabled"
}
],
"Configuration": {
"ExecuteCommandConfiguration": {
"KmsKeyId": "kmsKeyId",
"LogConfiguration": {
"CloudWatchEncryptionEnabled": true,
"CloudWatchLogGroupName": "cloudWatchLogGroupName",
"S3BucketName": "s3BucketName",
"S3EncryptionEnabled": true,
"S3KeyPrefix": "s3KeyPrefix"
},
"Logging": "DEFAULT"
}
}
"DefaultCapacityProviderStrategy": [
{
"Base": 0,
"CapacityProvider": "capacityProvider",
"Weight": 1
}
]
}
```
## AwsEcsContainer
`AwsEcsContainer` 物件包含 Amazon ECS 容器的詳細資訊。
下列範例顯示 `AwsEcsContainer` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsContainer`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcsContainerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsContainerDetails.html)。
**範例**
```
"AwsEcsContainer": {
"Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3",
"MountPoints": [{
"ContainerPath": "/mnt/etc",
"SourceVolume": "vol-03909e9"
}],
"Name": "knote",
"Privileged": true
}
```
## AwsEcsService
`AwsEcsService` 物件提供 Amazon ECS 叢集內服務的詳細資訊。
下列範例顯示 `AwsEcsService` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsService`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcsServiceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsServiceDetails.html)。
**範例**
```
"AwsEcsService": {
"CapacityProviderStrategy": [
{
"Base": 12,
"CapacityProvider": "",
"Weight": ""
}
],
"Cluster": "arn:aws:ecs:us-east-1:111122223333:cluster/example-ecs-cluster",
"DeploymentConfiguration": {
"DeploymentCircuitBreaker": {
"Enable": false,
"Rollback": false
},
"MaximumPercent": 200,
"MinimumHealthyPercent": 100
},
"DeploymentController": "",
"DesiredCount": 1,
"EnableEcsManagedTags": false,
"EnableExecuteCommand": false,
"HealthCheckGracePeriodSeconds": 1,
"LaunchType": "FARGATE",
"LoadBalancers": [
{
"ContainerName": "",
"ContainerPort": 23,
"LoadBalancerName": "",
"TargetGroupArn": ""
}
],
"Name": "sample-app-service",
"NetworkConfiguration": {
"AwsVpcConfiguration": {
"Subnets": [
"Subnet-example1",
"Subnet-example2"
],
"SecurityGroups": [
"Sg-0ce48e9a6e5b457f5"
],
"AssignPublicIp": "ENABLED"
}
},
"PlacementConstraints": [
{
"Expression": "",
"Type": ""
}
],
"PlacementStrategies": [
{
"Field": "",
"Type": ""
}
],
"PlatformVersion": "LATEST",
"PropagateTags": "",
"Role": "arn:aws:iam::111122223333:role/aws-servicerole/ecs.amazonaws.com/ServiceRoleForECS",
"SchedulingStrategy": "REPLICA",
"ServiceName": "sample-app-service",
"ServiceArn": "arn:aws:ecs:us-east-1:111122223333:service/example-ecs-cluster/sample-app-service",
"ServiceRegistries": [
{
"ContainerName": "",
"ContainerPort": 1212,
"Port": 1221,
"RegistryArn": ""
}
],
"TaskDefinition": "arn:aws:ecs:us-east-1:111122223333:task-definition/example-taskdef:1"
}
```
## AwsEcsTask
`AwsEcsTask` 物件提供 Amazon ECS 任務的詳細資訊。
下列範例顯示 `AwsEcsTask` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsTask`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcsTask](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsTaskDetails.html)。
**範例**
```
"AwsEcsTask": {
"ClusterArn": "arn:aws:ecs:us-west-2:123456789012:task/MyCluster/1234567890123456789",
"CreatedAt": "1557134011644",
"Group": "service:fargate-service",
"StartedAt": "1557134011644",
"StartedBy": "ecs-svc/1234567890123456789",
"TaskDefinitionArn": "arn:aws:ecs:us-west-2:123456789012:task-definition/sample-fargate:2",
"Version": 3,
"Volumes": [{
"Name": "string",
"Host": {
"SourcePath": "string"
}
}],
"Containers": {
"Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3",
"MountPoints": [{
"ContainerPath": "/mnt/etc",
"SourceVolume": "vol-03909e9"
}],
"Name": "knote",
"Privileged": true
}
}
```
## AwsEcsTaskDefinition
`AwsEcsTaskDefinition` 物件包含任務定義的詳細資訊。任務定義說明 Amazon Elastic Container Service 任務的容器和磁碟區定義。
下列範例顯示 `AwsEcsTaskDefinition` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsTaskDefinition`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcsTaskDefinitionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsTaskDefinitionDetails.html)。
**範例**
```
"AwsEcsTaskDefinition": {
"ContainerDefinitions": [
{
"Command": ['ruby', 'hi.rb'],
"Cpu":128,
"Essential": true,
"HealthCheck": {
"Command": ["CMD-SHELL", "curl -f http://localhost/ || exit 1"],
"Interval": 10,
"Retries": 3,
"StartPeriod": 5,
"Timeout": 20
},
"Image": "tongueroo/sinatra:latest",
"Interactive": true,
"Links": [],
"LogConfiguration": {
"LogDriver": "awslogs",
"Options": {
"awslogs-group": "/ecs/sinatra-hi",
"awslogs-region": "ap-southeast-1",
"awslogs-stream-prefix": "ecs"
},
"SecretOptions": []
},
"MemoryReservation": 128,
"Name": "web",
"PortMappings": [
{
"ContainerPort": 4567,
"HostPort":4567,
"Protocol": "tcp"
}
],
"Privileged": true,
"StartTimeout": 10,
"StopTimeout": 100,
}
],
"Family": "sinatra-hi",
"NetworkMode": "host",
"RequiresCompatibilities": ["EC2"],
"Status": "ACTIVE",
"TaskRoleArn": "arn:aws:iam::111122223333:role/ecsTaskExecutionRole",
}
```
# AwsEfs ASFF 中的 資源
以下是 `AwsEfs` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEfsAccessPoint
`AwsEfsAccessPoint` 物件提供存放在 Amazon Elastic File System 中的檔案詳細資訊。
下列範例顯示 `AwsEfsAccessPoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEfsAccessPoint`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEfsAccessPointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEfsAccessPointDetails.html)。
**範例**
```
"AwsEfsAccessPoint": {
"AccessPointId": "fsap-05c4c0e79ba0b118a",
"Arn": "arn:aws:elasticfilesystem:us-east-1:863155670886:access-point/fsap-05c4c0e79ba0b118a",
"ClientToken": "AccessPointCompliant-ASk06ZZSXsEp",
"FileSystemId": "fs-0f8137f731cb32146",
"PosixUser": {
"Gid": "1000",
"SecondaryGids": ["0", "4294967295"],
"Uid": "1234"
},
"RootDirectory": {
"CreationInfo": {
"OwnerGid": "1000",
"OwnerUid": "1234",
"Permissions": "777"
},
"Path": "/tmp/example"
}
}
```
# AwsEks ASFF 中的 資源
以下是 `AwsEks` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEksCluster
`AwsEksCluster` 物件提供 Amazon EKS 叢集的詳細資訊。
下列範例顯示 `AwsEksCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEksCluster`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEksClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEksClusterDetails.html)。
**範例**
```
{
"AwsEksCluster": {
"Name": "example",
"Arn": "arn:aws:eks:us-west-2:222222222222:cluster/example",
"CreatedAt": 1565804921.901,
"Version": "1.12",
"RoleArn": "arn:aws:iam::222222222222:role/example-cluster-ServiceRole-1XWBQWYSFRE2Q",
"ResourcesVpcConfig": {
"EndpointPublicAccess": false,
"SubnetIds": [
"subnet-021345abcdef6789",
"subnet-abcdef01234567890",
"subnet-1234567890abcdef0"
],
"SecurityGroupIds": [
"sg-abcdef01234567890"
]
},
"Logging": {
"ClusterLogging": [
{
"Types": [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
],
"Enabled": true
}
]
},
"Status": "CREATING",
"CertificateAuthorityData": {},
}
}
```
# AwsElasticBeanstalk ASFF 中的 資源
以下是 `AwsElasticBeanstalk` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElasticBeanstalkEnvironment
`AwsElasticBeanstalkEnvironment` 物件包含 AWS Elastic Beanstalk 環境的詳細資訊。
下列範例顯示 `AwsElasticBeanstalkEnvironment` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElasticBeanstalkEnvironment`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsElasticBeanstalkEnvironmentDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElasticBeanstalkEnvironmentDetails.html)。
**範例**
```
"AwsElasticBeanstalkEnvironment": {
"ApplicationName": "MyApplication",
"Cname": "myexampleapp-env.devo-2.elasticbeanstalk-internal.com",
"DateCreated": "2021-04-30T01:38:01.090Z",
"DateUpdated": "2021-04-30T01:38:01.090Z",
"Description": "Example description of my awesome application",
"EndpointUrl": "eb-dv-e-p-AWSEBLoa-abcdef01234567890-021345abcdef6789.us-east-1.elb.amazonaws.com",
"EnvironmentArn": "arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/MyApplication/myapplication-env",
"EnvironmentId": "e-abcd1234",
"EnvironmentLinks": [
{
"EnvironmentName": "myexampleapp-env",
"LinkName": "myapplicationLink"
}
],
"EnvironmentName": "myapplication-env",
"OptionSettings": [
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "BatchSize",
"Value": "100"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "Timeout",
"Value": "600"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "BatchSizeType",
"Value": "Percentage"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "IgnoreHealthCheck",
"Value": "false"
},
{
"Namespace": "aws:elasticbeanstalk:application",
"OptionName": "Application Healthcheck URL",
"Value": "TCP:80"
}
],
"PlatformArn": "arn:aws:elasticbeanstalk:us-east-1::platform/Tomcat 8 with Java 8 running on 64bit Amazon Linux/2.7.7",
"SolutionStackName": "64bit Amazon Linux 2017.09 v2.7.7 running Tomcat 8 Java 8",
"Status": "Ready",
"Tier": {
"Name": "WebServer"
"Type": "Standard"
"Version": "1.0"
},
"VersionLabel": "Sample Application"
}
```
# AwsElasticSearch ASFF 中的 資源
以下是 `AwsElasticSearch` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElasticSearchDomain
`AwsElasticSearchDomain` 物件提供 Amazon OpenSearch Service 網域的詳細資訊。
下列範例顯示 `AwsElasticSearchDomain` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElasticSearchDomain`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsElasticSearchDomainDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElasticsearchDomainDetails.html)。
**範例**
```
"AwsElasticSearchDomain": {
"AccessPolicies": "string",
"DomainStatus": {
"DomainId": "string",
"DomainName": "string",
"Endpoint": "string",
"Endpoints": {
"string": "string"
}
},
"DomainEndpointOptions": {
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"ElasticsearchClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"ElasticsearchVersion": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VPCOptions": {
"AvailabilityZones": [
"string"
],
"SecurityGroupIds": [
"string"
],
"SubnetIds": [
"string"
],
"VPCId": "string"
}
}
```
# AwsElb ASFF 中的 資源
以下是 `AwsElb` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElbLoadBalancer
`AwsElbLoadBalancer` 物件包含 Classic Load Balancer 的詳細資訊。
下列範例顯示 `AwsElbLoadBalancer` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElbLoadBalancer`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsElbLoadBalancerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElbLoadBalancerDetails.html)。
**範例**
```
"AwsElbLoadBalancer": {
"AvailabilityZones": ["us-west-2a"],
"BackendServerDescriptions": [
{
"InstancePort": 80,
"PolicyNames": ["doc-example-policy"]
}
],
"CanonicalHostedZoneName": "Z3DZXE0EXAMPLE",
"CanonicalHostedZoneNameID": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com",
"CreatedTime": "2020-08-03T19:22:44.637Z",
"DnsName": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com",
"HealthCheck": {
"HealthyThreshold": 2,
"Interval": 30,
"Target": "HTTP:80/png",
"Timeout": 3,
"UnhealthyThreshold": 2
},
"Instances": [
{
"InstanceId": "i-example"
}
],
"ListenerDescriptions": [
{
"Listener": {
"InstancePort": 443,
"InstanceProtocol": "HTTPS",
"LoadBalancerPort": 443,
"Protocol": "HTTPS",
"SslCertificateId": "arn:aws:iam::444455556666:server-certificate/my-server-cert"
},
"PolicyNames": ["ELBSecurityPolicy-TLS-1-2-2017-01"]
}
],
"LoadBalancerAttributes": {
"AccessLog": {
"EmitInterval": 60,
"Enabled": true,
"S3BucketName": "amzn-s3-demo-bucket",
"S3BucketPrefix": "doc-example-prefix"
},
"ConnectionDraining": {
"Enabled": false,
"Timeout": 300
},
"ConnectionSettings": {
"IdleTimeout": 30
},
"CrossZoneLoadBalancing": {
"Enabled": true
},
"AdditionalAttributes": [{
"Key": "elb.http.desyncmitigationmode",
"Value": "strictest"
}]
},
"LoadBalancerName": "example-load-balancer",
"Policies": {
"AppCookieStickinessPolicies": [
{
"CookieName": "",
"PolicyName": ""
}
],
"LbCookieStickinessPolicies": [
{
"CookieExpirationPeriod": 60,
"PolicyName": "my-example-cookie-policy"
}
],
"OtherPolicies": [
"my-PublicKey-policy",
"my-authentication-policy",
"my-SSLNegotiation-policy",
"my-ProxyProtocol-policy",
"ELBSecurityPolicy-2015-03"
]
},
"Scheme": "internet-facing",
"SecurityGroups": ["sg-example"],
"SourceSecurityGroup": {
"GroupName": "my-elb-example-group",
"OwnerAlias": "444455556666"
},
"Subnets": ["subnet-example"],
"VpcId": "vpc-a01106c2"
}
```
## AwsElbv2LoadBalancer
`AwsElbv2LoadBalancer` 物件提供了負載平衡器的資訊。
下列範例顯示 `AwsElbv2LoadBalancer` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElbv2LoadBalancer`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsElbv2LoadBalancerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElbv2LoadBalancerDetails.html)。
**範例**
```
"AwsElbv2LoadBalancer": {
"AvailabilityZones": {
"SubnetId": "string",
"ZoneName": "string"
},
"CanonicalHostedZoneId": "string",
"CreatedTime": "string",
"DNSName": "string",
"IpAddressType": "string",
"LoadBalancerAttributes": [
{
"Key": "string",
"Value": "string"
}
],
"Scheme": "string",
"SecurityGroups": [ "string" ],
"State": {
"Code": "string",
"Reason": "string"
},
"Type": "string",
"VpcId": "string"
}
```
# AwsEventBridge ASFF 中的 資源
以下是 `AwsEventBridge` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEventSchemasRegistry
`AwsEventSchemasRegistry` 物件提供有關 Amazon EventBridge 結構描述登錄檔的資訊。結構描述會定義傳送至 EventBridge 的事件結構。結構描述登錄檔是收集結構描述並將其邏輯分組的容器。
下列範例顯示 `AwsEventSchemasRegistry` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEventSchemasRegistry`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEventSchemasRegistry](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventSchemasRegistryDetails.html)。
**範例**
```
"AwsEventSchemasRegistry": {
"Description": "This is an example event schema registry.",
"RegistryArn": "arn:aws:schemas:us-east-1:123456789012:registry/schema-registry",
"RegistryName": "schema-registry"
}
```
## AwsEventsEndpoint
`AwsEventsEndpoint` 物件提供有關 Amazon EventBridge 全域端點的資訊。端點可以透過提高區域容錯能力來改善應用程式的可用性。
下列範例顯示 `AwsEventsEndpoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEventsEndpoint`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEventsEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventsEndpointDetails.html)。
**範例**
```
"AwsEventsEndpoint": {
"Arn": "arn:aws:events:us-east-1:123456789012:endpoint/my-endpoint",
"Description": "This is a sample endpoint.",
"EndpointId": "04k1exajoy.veo",
"EndpointUrl": "https://04k1exajoy.veo.endpoint.events.amazonaws.com",
"EventBuses": [
{
"EventBusArn": "arn:aws:events:us-east-1:123456789012:event-bus/default"
},
{
"EventBusArn": "arn:aws:events:us-east-2:123456789012:event-bus/default"
}
],
"Name": "my-endpoint",
"ReplicationConfig": {
"State": "ENABLED"
},
"RoleArn": "arn:aws:iam::123456789012:role/service-role/Amazon_EventBridge_Invoke_Event_Bus_1258925394",
"RoutingConfig": {
"FailoverConfig": {
"Primary": {
"HealthCheck": "arn:aws:route53:::healthcheck/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Secondary": {
"Route": "us-east-2"
}
}
},
"State": "ACTIVE"
}
```
## AwsEventsEventbus
`AwsEventsEventbus` 物件提供有關 Amazon EventBridge 全域端點的資訊。端點可以透過提高區域容錯能力來改善應用程式的可用性。
下列範例顯示 `AwsEventsEventbus` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEventsEventbus`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEventsEventbusDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventsEventbusDetails.html)。
**範例**
```
"AwsEventsEventbus":
"Arn": "arn:aws:events:us-east-1:123456789012:event-bus/my-event-bus",
"Name": "my-event-bus",
"Policy": "{\"Version\":\"2012-10-17\", \"Statement\":[{\"Sid\":\"AllowAllAccountsFromOrganizationToPutEvents\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"events:PutEvents\",\"Resource\":\"arn:aws:events:us-east-1:123456789012:event-bus/my-event-bus\",\"Condition\":{\"StringEquals\":{\"aws:PrincipalOrgID\":\"o-ki7yjtkjv5\"}}},{\"Sid\":\"AllowAccountToManageRulesTheyCreated\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:root\"},\"Action\":[\"events:PutRule\",\"events:PutTargets\",\"events:DeleteRule\",\"events:RemoveTargets\",\"events:DisableRule\",\"events:EnableRule\",\"events:TagResource\",\"events:UntagResource\",\"events:DescribeRule\",\"events:ListTargetsByRule\",\"events:ListTagsForResource\"],\"Resource\":\"arn:aws:events:us-east-1:123456789012:rule/my-event-bus\",\"Condition\":{\"StringEqualsIfExists\":{\"events:creatorAccount\":\"123456789012\"}}}]}"
```
# AwsGuardDuty ASFF 中的 資源
以下是 `AwsGuardDuty` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsGuardDutyDetector
`AwsGuardDutyDetector` 物件提供 Amazon GuardDuty 偵測器的相關資訊。偵測器是一種用來代表 GuardDuty 服務的物件。GuardDuty 需要偵測器才能運作。
下列範例顯示 `AwsGuardDutyDetector` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsGuardDutyDetector`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsGuardDutyDetector](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsGuardDutyDetectorDetails.html)。
**範例**
```
"AwsGuardDutyDetector": {
"FindingPublishingFrequency": "SIX_HOURS",
"ServiceRole": "arn:aws:iam::123456789012:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty",
"Status": "ENABLED",
"DataSources": {
"CloudTrail": {
"Status": "ENABLED"
},
"DnsLogs": {
"Status": "ENABLED"
},
"FlowLogs": {
"Status": "ENABLED"
},
"S3Logs": {
"Status": "ENABLED"
},
"Kubernetes": {
"AuditLogs": {
"Status": "ENABLED"
}
},
"MalwareProtection": {
"ScanEc2InstanceWithFindings": {
"EbsVolumes": {
"Status": "ENABLED"
}
},
"ServiceRole": "arn:aws:iam::123456789012:role/aws-service-role/malware-protection.guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDutyMalwareProtection"
}
}
}
```
# AwsIam ASFF 中的 資源
以下是 `AwsIam` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsIamAccessKey
`AwsIamAccessKey` 物件包含與問題清單相關的 IAM 存取金鑰詳細資訊。
下列範例顯示 `AwsIamAccessKey` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamAccessKey`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsIamAccessKeyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamAccessKeyDetails.html)。
**範例**
```
"AwsIamAccessKey": {
"AccessKeyId": "string",
"AccountId": "string",
"CreatedAt": "string",
"PrincipalId": "string",
"PrincipalName": "string",
"PrincipalType": "string",
"SessionContext": {
"Attributes": {
"CreationDate": "string",
"MfaAuthenticated": boolean
},
"SessionIssuer": {
"AccountId": "string",
"Arn": "string",
"PrincipalId": "string",
"Type": "string",
"UserName": "string"
}
},
"Status": "string"
}
```
## AwsIamGroup
`AwsIamGroup` 物件包含 IAM 群組的詳細資訊。
下列範例顯示 `AwsIamGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsIamGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamGroupDetails.html)。
**範例**
```
"AwsIamGroup": {
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/ExampleManagedAccess",
"PolicyName": "ExampleManagedAccess",
}
],
"CreateDate": "2020-04-28T14:08:37.000Z",
"GroupId": "AGPA4TPS3VLP7QEXAMPLE",
"GroupName": "Example_User_Group",
"GroupPolicyList": [
{
"PolicyName": "ExampleGroupPolicy"
}
],
"Path": "/"
}
```
## AwsIamPolicy
`AwsIamPolicy` 物件代表 IAM 許可政策。
下列範例顯示 `AwsIamPolicy` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamPolicy`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsIamPolicyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamPolicyDetails.html)。
**範例**
```
"AwsIamPolicy": {
"AttachmentCount": 1,
"CreateDate": "2017-09-14T08:17:29.000Z",
"DefaultVersionId": "v1",
"Description": "Example IAM policy",
"IsAttachable": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 5,
"PolicyId": "ANPAJ2UCCR6DPCEXAMPLE",
"PolicyName": "EXAMPLE-MANAGED-POLICY",
"PolicyVersionList": [
{
"VersionId": "v1",
"IsDefaultVersion": true,
"CreateDate": "2017-09-14T08:17:29.000Z"
}
],
"UpdateDate": "2017-09-14T08:17:29.000Z"
}
```
## AwsIamRole
`AwsIamRole` 物件包含 IAM 角色的相關資訊,包括角色的所有政策。
下列範例顯示 `AwsIamRole` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamRole`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsIamRoleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamRoleDetails.html)。
**範例**
```
"AwsIamRole": {
"AssumeRolePolicyDocument": "{'Version': '2012-10-17', 'Statement': [{'Effect': 'Allow','Action': 'sts:AssumeRole'}]}",
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/ExamplePolicy1",
"PolicyName": "Example policy 1"
},
{
"PolicyArn": "arn:aws:iam::444455556666:policy/ExamplePolicy2",
"PolicyName": "Example policy 2"
}
],
"CreateDate": "2020-03-14T07:19:14.000Z",
"InstanceProfileList": [
{
"Arn": "arn:aws:iam::333333333333:ExampleProfile",
"CreateDate": "2020-03-11T00:02:27Z",
"InstanceProfileId": "AIPAIXEU4NUHUPEXAMPLE",
"InstanceProfileName": "ExampleInstanceProfile",
"Path": "/",
"Roles": [
{
"Arn": "arn:aws:iam::444455556666:role/example-role",
"AssumeRolePolicyDocument": "",
"CreateDate": "2020-03-11T00:02:27Z",
"Path": "/",
"RoleId": "AROAJ52OTH4H7LEXAMPLE",
"RoleName": "example-role",
}
]
}
],
"MaxSessionDuration": 3600,
"Path": "/",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "arn:aws:iam::aws:policy/AdministratorAccess",
"PermissionsBoundaryType": "PermissionsBoundaryPolicy"
},
"RoleId": "AROA4TPS3VLEXAMPLE",
"RoleName": "BONESBootstrapHydra-OverbridgeOpsFunctionsLambda",
"RolePolicyList": [
{
"PolicyName": "Example role policy"
}
]
}
```
## AwsIamUser
`AwsIamUser` 物件提供使用者的相關資訊。
下列範例顯示 `AwsIamUser` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamUser`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsIamUserDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamUserDetails.html)。
**範例**
```
"AwsIamUser": {
"AttachedManagedPolicies": [
{
"PolicyName": "ExamplePolicy",
"PolicyArn": "arn:aws:iam::aws:policy/ExampleAccess"
}
],
"CreateDate": "2018-01-26T23:50:05.000Z",
"GroupList": [],
"Path": "/",
"PermissionsBoundary" : {
"PermissionsBoundaryArn" : "arn:aws:iam::aws:policy/AdministratorAccess",
"PermissionsBoundaryType" : "PermissionsBoundaryPolicy"
},
"UserId": "AIDACKCEVSQ6C2EXAMPLE",
"UserName": "ExampleUser",
"UserPolicyList": [
{
"PolicyName": "InstancePolicy"
}
]
}
```
# AwsKinesis ASFF 中的 資源
以下是 `AwsKinesis` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsKinesisStream
`AwsKinesisStream` 物件提供有關 Amazon Kinesis Data Streams 的詳細資訊。
下列範例顯示 `AwsKinesisStream` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsKinesisStream`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsKinesisStreamDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsKinesisStreamDetails.html)。
**範例**
```
"AwsKinesisStream": {
"Name": "test-vir-kinesis-stream",
"Arn": "arn:aws:kinesis:us-east-1:293279581038:stream/test-vir-kinesis-stream",
"RetentionPeriodHours": 24,
"ShardCount": 2,
"StreamEncryption": {
"EncryptionType": "KMS",
"KeyId": "arn:aws:kms:us-east-1:293279581038:key/849cf029-4143-4c59-91f8-ea76007247eb"
}
}
```
# AwsKms ASFF 中的 資源
以下是 `AwsKms` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsKmsKey
`AwsKmsKey` 物件提供有關 的詳細資訊 AWS KMS key。
下列範例顯示 `AwsKmsKey` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsKmsKey`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsKmsKeyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsKmsKeyDetails.html)。
**範例**
```
"AwsKmsKey": {
"AWSAccountId": "string",
"CreationDate": "string",
"Description": "string",
"KeyId": "string",
"KeyManager": "string",
"KeyRotationStatus": boolean,
"KeyState": "string",
"Origin": "string"
}
```
# AwsLambda
以下是 `AwsLambda` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsLambdaFunction
`AwsLambdaFunction` 物件提供 Lambda 函數組態的詳細資訊。
下列範例顯示 `AwsLambdaFunction` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsLambdaFunction`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsLambdaFunctionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsLambdaFunctionDetails.html)。
**範例**
```
"AwsLambdaFunction": {
"Architectures": [
"x86_64"
],
"Code": {
"S3Bucket": "amzn-s3-demo-bucket",
"S3Key": "samplekey",
"S3ObjectVersion": "2",
"ZipFile": "myzip.zip"
},
"CodeSha256": "1111111111111abcdef",
"DeadLetterConfig": {
"TargetArn": "arn:aws:lambda:us-east-2:123456789012:queue:myqueue:2"
},
"Environment": {
"Variables": {
"Stage": "foobar"
},
"Error": {
"ErrorCode": "Sample-error-code",
"Message": "Caller principal is a manager."
}
},
"FunctionName": "CheckOut",
"Handler": "main.py:lambda_handler",
"KmsKeyArn": "arn:aws:kms:us-west-2:123456789012:key/mykey",
"LastModified": "2001-09-11T09:00:00Z",
"Layers": {
"Arn": "arn:aws:lambda:us-east-2:123456789012:layer:my-layer:3",
"CodeSize": 169
},
"PackageType": "Zip",
"RevisionId": "23",
"Role": "arn:aws:iam::123456789012:role/Accounting-Role",
"Runtime": "go1.7",
"Timeout": 15,
"TracingConfig": {
"Mode": "Active"
},
"Version": "$LATEST$",
"VpcConfig": {
"SecurityGroupIds": ["sg-085912345678492fb", "sg-08591234567bdgdc"],
"SubnetIds": ["subnet-071f712345678e7c8", "subnet-07fd123456788a036"]
},
"MasterArn": "arn:aws:lambda:us-east-2:123456789012:\$LATEST",
"MemorySize": 2048
}
```
## AwsLambdaLayerVersion
`AwsLambdaLayerVersion` 物件提供 Lambda layer 版本的詳細資訊。
下列範例顯示 `AwsLambdaLayerVersion` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsLambdaLayerVersion`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsLambdaLayerVersionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsLambdaLayerVersionDetails.html)。
**範例**
```
"AwsLambdaLayerVersion": {
"Version": 2,
"CompatibleRuntimes": [
"java8"
],
"CreatedDate": "2019-10-09T22:02:00.274+0000"
}
```
# AwsMsk ASFF 中的 資源
以下是 `AwsMsk` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsMskCluster
`AwsMskCluster` 物件提供有關 Amazon Managed Streaming for Apache Kafka (Amazon MSK) 叢集的資訊。
下列範例顯示 `AwsMskCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsMskCluster`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsMskClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsMskClusterDetails.html)。
**範例**
```
"AwsMskCluster": {
"ClusterInfo": {
"ClientAuthentication": {
"Sasl": {
"Scram": {
"Enabled": true
},
"Iam": {
"Enabled": true
}
},
"Tls": {
"CertificateAuthorityArnList": [],
"Enabled": false
},
"Unauthenticated": {
"Enabled": false
}
},
"ClusterName": "my-cluster",
"CurrentVersion": "K2PWKAKR8XB7XF",
"EncryptionInfo": {
"EncryptionAtRest": {
"DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"EncryptionInTransit": {
"ClientBroker": "TLS",
"InCluster": true
}
},
"EnhancedMonitoring": "PER_TOPIC_PER_BROKER",
"NumberOfBrokerNodes": 3
}
}
```
# AwsNetworkFirewall ASFF 中的 資源
以下是 `AwsNetworkFirewall` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsNetworkFirewallFirewall
`AwsNetworkFirewallFirewall` 物件包含 AWS Network Firewall 防火牆的詳細資訊。
下列範例顯示 `AwsNetworkFirewallFirewall` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsNetworkFirewallFirewall`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsNetworkFirewallFirewallDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallFirewallDetails.html)。
**範例**
```
"AwsNetworkFirewallFirewall": {
"DeleteProtection": false,
"FirewallArn": "arn:aws:network-firewall:us-east-1:024665936331:firewall/testfirewall",
"FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall",
"FirewallId": "dea7d8e9-ae38-4a8a-b022-672a830a99fa",
"FirewallName": "testfirewall",
"FirewallPolicyChangeProtection": false,
"SubnetChangeProtection": false,
"SubnetMappings": [
{
"SubnetId": "subnet-0183481095e588cdc"
},
{
"SubnetId": "subnet-01f518fad1b1c90b0"
}
],
"VpcId": "vpc-40e83c38"
}
```
## AwsNetworkFirewallFirewallPolicy
`AwsNetworkFirewallFirewallPolicy` 物件提供防火牆政策的詳細資訊。防火牆政策會定義網路防火牆的行為。
下列範例顯示 `AwsNetworkFirewallFirewallPolicy` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsNetworkFirewallFirewallPolicy`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsNetworkFirewallFirewallPolicyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallFirewallPolicyDetails.html)。
**範例**
```
"AwsNetworkFirewallFirewallPolicy": {
"FirewallPolicy": {
"StatefulRuleGroupReferences": [
{
"ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/PatchesOnly"
}
],
"StatelessDefaultActions": [ "aws:forward_to_sfe" ],
"StatelessFragmentDefaultActions": [ "aws:forward_to_sfe" ],
"StatelessRuleGroupReferences": [
{
"Priority": 1,
"ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1"
}
]
},
"FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall",
"FirewallPolicyId": "9ceeda22-6050-4048-a0ca-50ce47f0cc65",
"FirewallPolicyName": "InitialFirewall",
"Description": "Initial firewall"
}
```
## AwsNetworkFirewallRuleGroup
`AwsNetworkFirewallRuleGroup` 物件提供 AWS Network Firewall 規則群組的詳細資訊。規則群組用於檢查和控制網路流量。無狀態規則群組適用於個別封包。狀態規則群組會套用到流量流程中的封包。
防火牆政策中會參考規則群組。
下列範例顯示 `AwsNetworkFirewallRuleGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsNetworkFirewallRuleGroup`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsNetworkFirewallRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallRuleGroupDetails.html)。
**範例 – 無狀態規則群組**
```
"AwsNetworkFirewallRuleGroup": {
"Capacity": 600,
"RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1",
"RuleGroupId": "fb13c4df-b6da-4c1e-91ec-84b7a5487493",
"RuleGroupName": "Stateless-1"
"Description": "Example of a stateless rule group",
"Type": "STATELESS",
"RuleGroup": {
"RulesSource": {
"StatelessRulesAndCustomActions": {
"CustomActions": [],
"StatelessRules": [
{
"Priority": 1,
"RuleDefinition": {
"Actions": [
"aws:pass"
],
"MatchAttributes": {
"DestinationPorts": [
{
"FromPort": 443,
"ToPort": 443
}
],
"Destinations": [
{
"AddressDefinition": "192.0.2.0/24"
}
],
"Protocols": [
6
],
"SourcePorts": [
{
"FromPort": 0,
"ToPort": 65535
}
],
"Sources": [
{
"AddressDefinition": "198.51.100.0/24"
}
]
}
}
}
]
}
}
}
}
```
**範例 – 狀態規則群組**
```
"AwsNetworkFirewallRuleGroup": {
"Capacity": 100,
"RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/tupletest",
"RuleGroupId": "38b71c12-da80-4643-a6c5-03337f8933e0",
"RuleGroupName": "ExampleRuleGroup",
"Description": "Example of a stateful rule group",
"Type": "STATEFUL",
"RuleGroup": {
"RuleSource": {
"StatefulRules": [
{
"Action": "PASS",
"Header": {
"Destination": "Any",
"DestinationPort": "443",
"Direction": "ANY",
"Protocol": "TCP",
"Source": "Any",
"SourcePort": "Any"
},
"RuleOptions": [
{
"Keyword": "sid:1"
}
]
}
]
}
}
}
```
以下是`AwsNetworkFirewallRuleGroup`屬性的有效值範例清單:
+ `Action`
有效值:`PASS` \$1 `DROP` \$1 `ALERT`
+ `Protocol`
有效值: `IP` \$1 `TCP` \$1 `UDP` \$1 `ICMP` \$1 `HTTP` `FTP` \$1 \$1 `TLS` \$1 `SMB` \$1 `DNS` \$1 `DCERPC` \$1 `SSH` \$1 `SMTP` `IMAP` \$1 `MSN` \$1 `KRB5` \$1 `IKEV2` \$1 `TFTP` \$1 \$1 `NTP` \$1 \$1 \$1 `DHCP`
+ `Flags`
有效值:`FIN` \$1 `SYN` \$1 `RST` \$1 `PSH` \$1 `ACK` \$1 `URG` \$1 `ECE` \$1 `CWR`
+ `Masks`
有效值:`FIN` \$1 `SYN` \$1 `RST` \$1 `PSH` \$1 `ACK` \$1 `URG` \$1 `ECE` \$1 `CWR`
# AwsOpenSearchService ASFF 中的 資源
以下是 `AwsOpenSearchService` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsOpenSearchServiceDomain
`AwsOpenSearchServiceDomain` 物件包含 Amazon OpenSearch Service 網域的相關資訊。
下列範例顯示 `AwsOpenSearchServiceDomain` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsOpenSearchServiceDomain`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsOpenSearchServiceDomainDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsOpenSearchServiceDomainDetails.html)。
**範例**
```
"AwsOpenSearchServiceDomain": {
"AccessPolicies": "IAM_Id",
"AdvancedSecurityOptions": {
"Enabled": true,
"InternalUserDatabaseEnabled": true,
"MasterUserOptions": {
"MasterUserArn": "arn:aws:iam::123456789012:user/third-master-use",
"MasterUserName": "third-master-use",
"MasterUserPassword": "some-password"
}
},
"Arn": "arn:aws:Opensearch:us-east-1:111122223333:somedomain",
"ClusterConfig": {
"InstanceType": "c5.large.search",
"InstanceCount": 1,
"DedicatedMasterEnabled": true,
"ZoneAwarenessEnabled": false,
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": 2
},
"DedicatedMasterType": "c5.large.search",
"DedicatedMasterCount": 3,
"WarmEnabled": true,
"WarmCount": 3,
"WarmType": "ultrawarm1.large.search"
},
"DomainEndpoint": "https://es-2021-06-23t17-04-qowmgghud5vofgb5e4wmi.eu-central-1.es.amazonaws.com",
"DomainEndpointOptions": {
"EnforceHTTPS": false,
"TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
"CustomEndpointCertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/bda1bff1-79c0-49d0-abe6-50a15a7477d4",
"CustomEndpointEnabled": true,
"CustomEndpoint": "example.com"
},
"DomainEndpoints": {
"vpc": "vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com"
},
"DomainName": "my-domain",
"EncryptionAtRestOptions": {
"Enabled": false,
"KmsKeyId": "1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a"
},
"EngineVersion": "7.1",
"Id": "123456789012",
"LogPublishingOptions": {
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-index-slow-logs",
"Enabled": true
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-slow-logs",
"Enabled": true
},
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-slow-logs",
"Enabled": true
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": true
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "2022-04-28T14:08:37.000Z",
"Cancellable": false,
"CurrentVersion": "R20210331",
"Description": "There is no software update available for this domain.",
"NewVersion": "OpenSearch_1.0",
"UpdateAvailable": false,
"UpdateStatus": "COMPLETED",
"OptionalDeployment": false
},
"VpcOptions": {
"SecurityGroupIds": [
"sg-2a3a4a5a"
],
"SubnetIds": [
"subnet-1a2a3a4a"
],
}
}
```
# AwsRds ASFF 中的 資源
以下是 `AwsRds` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRdsDbCluster
`AwsRdsDbCluster` 物件提供 Amazon RDS 資料庫叢集的詳細資訊。
下列範例顯示 `AwsRdsDbCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbCluster`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbClusterDetails.html)。
**範例**
```
"AwsRdsDbCluster": {
"ActivityStreamStatus": "stopped",
"AllocatedStorage": 1,
"AssociatedRoles": [
{
"RoleArn": "arn:aws:iam::777788889999:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
"Status": "PENDING"
}
],
"AutoMinorVersionUpgrade": true,
"AvailabilityZones": [
"us-east-1a",
"us-east-1c",
"us-east-1e"
],
"BackupRetentionPeriod": 1,
"ClusterCreateTime": "2020-06-22T17:40:12.322Z",
"CopyTagsToSnapshot": true,
"CrossAccountClone": false,
"CustomEndpoints": [],
"DatabaseName": "Sample name",
"DbClusterIdentifier": "database-3",
"DbClusterMembers": [
{
"DbClusterParameterGroupStatus": "in-sync",
"DbInstanceIdentifier": "database-3-instance-1",
"IsClusterWriter": true,
"PromotionTier": 1,
}
],
"DbClusterOptionGroupMemberships": [],
"DbClusterParameterGroup": "cluster-parameter-group",
"DbClusterResourceId": "cluster-example",
"DbSubnetGroup": "subnet-group",
"DeletionProtection": false,
"DomainMemberships": [],
"Status": "modifying",
"EnabledCloudwatchLogsExports": [
"audit",
"error",
"general",
"slowquery"
],
"Endpoint": "database-3.cluster-example.us-east-1.rds.amazonaws.com",
"Engine": "aurora-mysql",
"EngineMode": "provisioned",
"EngineVersion": "5.7.mysql_aurora.2.03.4",
"HostedZoneId": "ZONE1",
"HttpEndpointEnabled": false,
"IamDatabaseAuthenticationEnabled": false,
"KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
"MasterUsername": "admin",
"MultiAz": false,
"Port": 3306,
"PreferredBackupWindow": "04:52-05:22",
"PreferredMaintenanceWindow": "sun:09:32-sun:10:02",
"ReaderEndpoint": "database-3.cluster-ro-example.us-east-1.rds.amazonaws.com",
"ReadReplicaIdentifiers": [],
"Status": "Modifying",
"StorageEncrypted": true,
"VpcSecurityGroups": [
{
"Status": "active",
"VpcSecurityGroupId": "sg-example-1"
}
],
}
```
## AwsRdsDbClusterSnapshot
`AwsRdsDbClusterSnapshot` 物件包含 Amazon RDS 資料庫叢集快照的相關資訊。
下列範例顯示 `AwsRdsDbClusterSnapshot` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbClusterSnapshot`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbClusterSnapshotDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbClusterSnapshotDetails.html)。
**範例**
```
"AwsRdsDbClusterSnapshot": {
"AllocatedStorage": 0,
"AvailabilityZones": [
"us-east-1a",
"us-east-1d",
"us-east-1e"
],
"ClusterCreateTime": "2020-06-12T13:23:15.577Z",
"DbClusterIdentifier": "database-2",
"DbClusterSnapshotAttributes": [{
"AttributeName": "restore",
"AttributeValues": ["123456789012"]
}],
"DbClusterSnapshotIdentifier": "rds:database-2-2020-06-23-03-52",
"Engine": "aurora",
"EngineVersion": "5.6.10a",
"IamDatabaseAuthenticationEnabled": false,
"KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
"LicenseModel": "aurora",
"MasterUsername": "admin",
"PercentProgress": 100,
"Port": 0,
"SnapshotCreateTime": "2020-06-22T17:40:12.322Z",
"SnapshotType": "automated",
"Status": "available",
"StorageEncrypted": true,
"VpcId": "vpc-faf7e380"
}
```
## AwsRdsDbInstance
`AwsRdsDbInstance` 物件提供 Amazon RDS 資料庫執行個體的詳細資訊。
下列範例顯示 `AwsRdsDbInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbInstance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbInstanceDetails.html)。
**範例**
```
"AwsRdsDbInstance": {
"AllocatedStorage": 20,
"AssociatedRoles": [],
"AutoMinorVersionUpgrade": true,
"AvailabilityZone": "us-east-1d",
"BackupRetentionPeriod": 7,
"CaCertificateIdentifier": "certificate1",
"CharacterSetName": "",
"CopyTagsToSnapshot": true,
"DbClusterIdentifier": "",
"DbInstanceArn": "arn:aws:rds:us-east-1:111122223333:db:database-1",
"DbInstanceClass": "db.t2.micro",
"DbInstanceIdentifier": "database-1",
"DbInstancePort": 0,
"DbInstanceStatus": "available",
"DbiResourceId": "db-EXAMPLE123",
"DbName": "",
"DbParameterGroups": [
{
"DbParameterGroupName": "default.mysql5.7",
"ParameterApplyStatus": "in-sync"
}
],
"DbSecurityGroups": [],
"DbSubnetGroup": {
"DbSubnetGroupName": "my-group-123abc",
"DbSubnetGroupDescription": "My subnet group",
"VpcId": "vpc-example1",
"SubnetGroupStatus": "Complete",
"Subnets": [
{
"SubnetIdentifier": "subnet-123abc",
"SubnetAvailabilityZone": {
"Name": "us-east-1d"
},
"SubnetStatus": "Active"
},
{
"SubnetIdentifier": "subnet-456def",
"SubnetAvailabilityZone": {
"Name": "us-east-1c"
},
"SubnetStatus": "Active"
}
],
"DbSubnetGroupArn": ""
},
"DeletionProtection": false,
"DomainMemberships": [],
"EnabledCloudWatchLogsExports": [],
"Endpoint": {
"address": "database-1.example.us-east-1.rds.amazonaws.com",
"port": 3306,
"hostedZoneId": "ZONEID1"
},
"Engine": "mysql",
"EngineVersion": "5.7.22",
"EnhancedMonitoringResourceArn": "arn:aws:logs:us-east-1:111122223333:log-group:Example:log-stream:db-EXAMPLE1",
"IamDatabaseAuthenticationEnabled": false,
"InstanceCreateTime": "2020-06-22T17:40:12.322Z",
"Iops": "",
"KmsKeyId": "",
"LatestRestorableTime": "2020-06-24T05:50:00.000Z",
"LicenseModel": "general-public-license",
"ListenerEndpoint": "",
"MasterUsername": "admin",
"MaxAllocatedStorage": 1000,
"MonitoringInterval": 60,
"MonitoringRoleArn": "arn:aws:iam::111122223333:role/rds-monitoring-role",
"MultiAz": false,
"OptionGroupMemberships": [
{
"OptionGroupName": "default:mysql-5-7",
"Status": "in-sync"
}
],
"PreferredBackupWindow": "03:57-04:27",
"PreferredMaintenanceWindow": "thu:10:13-thu:10:43",
"PendingModifiedValues": {
"DbInstanceClass": "",
"AllocatedStorage": "",
"MasterUserPassword": "",
"Port": "",
"BackupRetentionPeriod": "",
"MultiAZ": "",
"EngineVersion": "",
"LicenseModel": "",
"Iops": "",
"DbInstanceIdentifier": "",
"StorageType": "",
"CaCertificateIdentifier": "",
"DbSubnetGroupName": "",
"PendingCloudWatchLogsExports": "",
"ProcessorFeatures": []
},
"PerformanceInsightsEnabled": false,
"PerformanceInsightsKmsKeyId": "",
"PerformanceInsightsRetentionPeriod": "",
"ProcessorFeatures": [],
"PromotionTier": "",
"PubliclyAccessible": false,
"ReadReplicaDBClusterIdentifiers": [],
"ReadReplicaDBInstanceIdentifiers": [],
"ReadReplicaSourceDBInstanceIdentifier": "",
"SecondaryAvailabilityZone": "",
"StatusInfos": [],
"StorageEncrypted": false,
"StorageType": "gp2",
"TdeCredentialArn": "",
"Timezone": "",
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-example1",
"Status": "active"
}
]
}
```
## AwsRdsDbSecurityGroup
`AwsRdsDbSecurityGroup` 物件包含 Amazon Relational Database Service 的相關資訊
下列範例顯示 `AwsRdsDbSecurityGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbSecurityGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbSecurityGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbSecurityGroupDetails.html)。
**範例**
```
"AwsRdsDbSecurityGroup": {
"DbSecurityGroupArn": "arn:aws:rds:us-west-1:111122223333:secgrp:default",
"DbSecurityGroupDescription": "default",
"DbSecurityGroupName": "mysecgroup",
"Ec2SecurityGroups": [
{
"Ec2SecurityGroupuId": "myec2group",
"Ec2SecurityGroupName": "default",
"Ec2SecurityGroupOwnerId": "987654321021",
"Status": "authorizing"
}
],
"IpRanges": [
{
"Cidrip": "0.0.0.0/0",
"Status": "authorizing"
}
],
"OwnerId": "123456789012",
"VpcId": "vpc-1234567f"
}
```
## AwsRdsDbSnapshot
`AwsRdsDbSnapshot` 物件包含 Amazon RDS 資料庫叢集快照的詳細資訊。
下列範例顯示 `AwsRdsDbSnapshot` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbSnapshot`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbSnapshotDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbSnapshotDetails.html)。
**範例**
```
"AwsRdsDbSnapshot": {
"DbSnapshotIdentifier": "rds:database-1-2020-06-22-17-41",
"DbInstanceIdentifier": "database-1",
"SnapshotCreateTime": "2020-06-22T17:41:29.967Z",
"Engine": "mysql",
"AllocatedStorage": 20,
"Status": "available",
"Port": 3306,
"AvailabilityZone": "us-east-1d",
"VpcId": "vpc-example1",
"InstanceCreateTime": "2020-06-22T17:40:12.322Z",
"MasterUsername": "admin",
"EngineVersion": "5.7.22",
"LicenseModel": "general-public-license",
"SnapshotType": "automated",
"Iops": null,
"OptionGroupName": "default:mysql-5-7",
"PercentProgress": 100,
"SourceRegion": null,
"SourceDbSnapshotIdentifier": "",
"StorageType": "gp2",
"TdeCredentialArn": "",
"Encrypted": false,
"KmsKeyId": "",
"Timezone": "",
"IamDatabaseAuthenticationEnabled": false,
"ProcessorFeatures": [],
"DbiResourceId": "db-resourceexample1"
}
```
## AwsRdsEventSubscription
`AwsRdsEventSubscription` 包含 RDS 事件通知訂閱的詳細資訊。訂閱可讓 RDS 將事件發佈至 SNS 主題。
下列範例顯示 `AwsRdsEventSubscription` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsEventSubscription`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsEventSubscriptionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsEventSubscriptionDetails.html)。
**範例**
```
"AwsRdsEventSubscription": {
"CustSubscriptionId": "myawsuser-secgrp",
"CustomerAwsId": "111111111111",
"Enabled": true,
"EventCategoriesList": [
"configuration change",
"failure"
],
"EventSubscriptionArn": "arn:aws:rds:us-east-1:111111111111:es:my-instance-events",
"SnsTopicArn": "arn:aws:sns:us-east-1:111111111111:myawsuser-RDS",
"SourceIdsList": [
"si-sample",
"mysqldb-rr"
],
"SourceType": "db-security-group",
"Status": "creating",
"SubscriptionCreationTime": "2021-06-27T01:38:01.090Z"
}
```
# AwsRedshift ASFF 中的 資源
以下是 `AwsRedshift` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRedshiftCluster
`AwsRedshiftCluster` 物件包含 Amazon Redshift 叢集的詳細資訊。
下列範例顯示 `AwsRedshiftCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRedshiftCluster`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRedshiftClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRedshiftClusterDetails.html)。
**範例**
```
"AwsRedshiftCluster": {
"AllowVersionUpgrade": true,
"AutomatedSnapshotRetentionPeriod": 1,
"AvailabilityZone": "us-west-2d",
"ClusterAvailabilityStatus": "Unavailable",
"ClusterCreateTime": "2020-08-03T19:22:44.637Z",
"ClusterIdentifier": "redshift-cluster-1",
"ClusterNodes": [
{
"NodeRole": "LEADER",
"PrivateIPAddress": "192.0.2.108",
"PublicIPAddress": "198.51.100.29"
},
{
"NodeRole": "COMPUTE-0",
"PrivateIPAddress": "192.0.2.22",
"PublicIPAddress": "198.51.100.63"
},
{
"NodeRole": "COMPUTE-1",
"PrivateIPAddress": "192.0.2.224",
"PublicIPAddress": "198.51.100.226"
}
],
"ClusterParameterGroups": [
{
"ClusterParameterStatusList": [
{
"ParameterName": "max_concurrency_scaling_clusters",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "enable_user_activity_logging",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "auto_analyze",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "query_group",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "datestyle",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "extra_float_digits",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "search_path",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "statement_timeout",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "wlm_json_configuration",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "require_ssl",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "use_fips_ssl",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
}
],
"ParameterApplyStatus": "in-sync",
"ParameterGroupName": "temp"
}
],
"ClusterPublicKey": "JalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Amazon-Redshift",
"ClusterRevisionNumber": 17498,
"ClusterSecurityGroups": [
{
"ClusterSecurityGroupName": "default",
"Status": "active"
}
],
"ClusterSnapshotCopyStatus": {
"DestinationRegion": "us-west-2",
"ManualSnapshotRetentionPeriod": -1,
"RetentionPeriod": 1,
"SnapshotCopyGrantName": "snapshotCopyGrantName"
},
"ClusterStatus": "available",
"ClusterSubnetGroupName": "default",
"ClusterVersion": "1.0",
"DBName": "dev",
"DeferredMaintenanceWindows": [
{
"DeferMaintenanceEndTime": "2020-10-07T20:34:01.000Z",
"DeferMaintenanceIdentifier": "deferMaintenanceIdentifier",
"DeferMaintenanceStartTime": "2020-09-07T20:34:01.000Z"
}
],
"ElasticIpStatus": {
"ElasticIp": "203.0.113.29",
"Status": "active"
},
"ElasticResizeNumberOfNodeOptions": "4",
"Encrypted": false,
"Endpoint": {
"Address": "redshift-cluster-1.example.us-west-2.redshift.amazonaws.com",
"Port": 5439
},
"EnhancedVpcRouting": false,
"ExpectedNextSnapshotScheduleTime": "2020-10-13T20:34:01.000Z",
"ExpectedNextSnapshotScheduleTimeStatus": "OnTrack",
"HsmStatus": {
"HsmClientCertificateIdentifier": "hsmClientCertificateIdentifier",
"HsmConfigurationIdentifier": "hsmConfigurationIdentifier",
"Status": "applying"
},
"IamRoles": [
{
"ApplyStatus": "in-sync",
"IamRoleArn": "arn:aws:iam::111122223333:role/RedshiftCopyUnload"
}
],
"KmsKeyId": "kmsKeyId",
"LoggingStatus": {
"BucketName": "amzn-s3-demo-bucket",
"LastFailureMessage": "test message",
"LastFailureTime": "2020-08-09T13:00:00.000Z",
"LastSuccessfulDeliveryTime": "2020-08-08T13:00:00.000Z",
"LoggingEnabled": true,
"S3KeyPrefix": "/"
},
"MaintenanceTrackName": "current",
"ManualSnapshotRetentionPeriod": -1,
"MasterUsername": "awsuser",
"NextMaintenanceWindowStartTime": "2020-08-09T13:00:00.000Z",
"NodeType": "dc2.large",
"NumberOfNodes": 2,
"PendingActions": [],
"PendingModifiedValues": {
"AutomatedSnapshotRetentionPeriod": 0,
"ClusterIdentifier": "clusterIdentifier",
"ClusterType": "clusterType",
"ClusterVersion": "clusterVersion",
"EncryptionType": "None",
"EnhancedVpcRouting": false,
"MaintenanceTrackName": "maintenanceTrackName",
"MasterUserPassword": "masterUserPassword",
"NodeType": "dc2.large",
"NumberOfNodes": 1,
"PubliclyAccessible": true
},
"PreferredMaintenanceWindow": "sun:13:00-sun:13:30",
"PubliclyAccessible": true,
"ResizeInfo": {
"AllowCancelResize": true,
"ResizeType": "ClassicResize"
},
"RestoreStatus": {
"CurrentRestoreRateInMegaBytesPerSecond": 15,
"ElapsedTimeInSeconds": 120,
"EstimatedTimeToCompletionInSeconds": 100,
"ProgressInMegaBytes": 10,
"SnapshotSizeInMegaBytes": 1500,
"Status": "restoring"
},
"SnapshotScheduleIdentifier": "snapshotScheduleIdentifier",
"SnapshotScheduleState": "ACTIVE",
"VpcId": "vpc-example",
"VpcSecurityGroups": [
{
"Status": "active",
"VpcSecurityGroupId": "sg-example"
}
]
}
```
# AwsRoute53 ASFF 中的 資源
以下是 `AwsRoute53` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRoute53HostedZone
`AwsRoute53HostedZone` 物件提供有關 Amazon Route 53 託管區域的資訊,包括指派給託管區域的四個名稱伺服器。託管區域代表可一起管理的記錄集合,屬於單一父系網域名稱。
下列範例顯示 `AwsRoute53HostedZone` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRoute53HostedZone`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRoute53HostedZoneDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRoute53HostedZoneDetails.html)。
**範例**
```
"AwsRoute53HostedZone": {
"HostedZone": {
"Id": "Z06419652JEMGO9TA2XKL",
"Name": "asff.testing",
"Config": {
"Comment": "This is an example comment."
}
},
"NameServers": [
"ns-470.awsdns-32.net",
"ns-1220.awsdns-12.org",
"ns-205.awsdns-13.com",
"ns-1960.awsdns-51.co.uk"
],
"QueryLoggingConfig": {
"CloudWatchLogsLogGroupArn": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:asfftesting:*",
"Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"HostedZoneId": "Z00932193AF5H180PPNZD"
}
},
"Vpcs": [
{
"Id": "vpc-05d7c6e36bc03ea76",
"Region": "us-east-1"
}
]
}
```
# AwsS3 ASFF 中的 資源
以下是 `AwsS3` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsS3AccessPoint
`AwsS3AccessPoint` 提供 Amazon S3 存取點的相關資訊。S3 存取點是連接至 S3 儲存貯體的具名網路端點,可用來執行 S3 物件操作。
下列範例顯示 `AwsS3AccessPoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3AccessPoint`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsS3AccessPointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3AccessPointDetails.html)。
**範例**
```
"AwsS3AccessPoint": {
"AccessPointArn": "arn:aws:s3:us-east-1:123456789012:accesspoint/asff-access-point",
"Alias": "asff-access-point-hrzrlukc5m36ft7okagglf3gmwluquse1b-s3alias",
"Bucket": "amzn-s3-demo-bucket",
"BucketAccountId": "123456789012",
"Name": "asff-access-point",
"NetworkOrigin": "VPC",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"VpcConfiguration": {
"VpcId": "vpc-1a2b3c4d5e6f1a2b3"
}
}
```
## AwsS3AccountPublicAccessBlock
`AwsS3AccountPublicAccessBlock` 提供帳戶 Amazon S3 公有存取區塊組態的相關資訊。
下列範例顯示 `AwsS3AccountPublicAccessBlock` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3AccountPublicAccessBlock`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsS3AccountPublicAccessBlockDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3AccountPublicAccessBlockDetails.html)。
**範例**
```
"AwsS3AccountPublicAccessBlock": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": false,
"RestrictPublicBuckets": true
}
```
## AwsS3Bucket
`AwsS3Bucket` 物件提供 Amazon S3 儲存貯體的詳細資訊。
下列範例顯示 `AwsS3Bucket` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3Bucket`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsS3BucketDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3BucketDetails.html)。
**範例**
```
"AwsS3Bucket": {
"AccessControlList": "{\"grantSet\":null,\"grantList\":[{\"grantee\":{\"id\":\"4df55416215956920d9d056aa8b99803a294ea221222bb668b55a8c6bca81094\",\"displayName\":null},\"permission\":\"FullControl\"},{\"grantee\":\"AllUsers\",\"permission\":\"ReadAcp\"},{\"grantee\":\"AuthenticatedUsers\",\"permission\":\"ReadAcp\"}",,
"BucketLifecycleConfiguration": {
"Rules": [
{
"AbortIncompleteMultipartUpload": {
"DaysAfterInitiation": 5
},
"ExpirationDate": "2021-11-10T00:00:00.000Z",
"ExpirationInDays": 365,
"ExpiredObjectDeleteMarker": false,
"Filter": {
"Predicate": {
"Operands": [
{
"Prefix": "tmp/",
"Type": "LifecyclePrefixPredicate"
},
{
"Tag": {
"Key": "ArchiveAge",
"Value": "9m"
},
"Type": "LifecycleTagPredicate"
}
],
"Type": "LifecycleAndOperator"
}
},
"ID": "Move rotated logs to Glacier",
"NoncurrentVersionExpirationInDays": -1,
"NoncurrentVersionTransitions": [
{
"Days": 2,
"StorageClass": "GLACIER"
}
],
"Prefix": "rotated/",
"Status": "Enabled",
"Transitions": [
{
"Date": "2020-11-10T00:00:00.000Z",
"Days": 100,
"StorageClass": "GLACIER"
}
]
}
]
},
"BucketLoggingConfiguration": {
"DestinationBucketName": "s3serversideloggingbucket-123456789012",
"LogFilePrefix": "buckettestreadwrite23435/"
},
"BucketName": "amzn-s3-demo-bucket",
"BucketNotificationConfiguration": {
"Configurations": [{
"Destination": "arn:aws:lambda:us-east-1:123456789012:function:s3_public_write",
"Events": [
"s3:ObjectCreated:Put"
],
"Filter": {
"S3KeyFilter": {
"FilterRules": [
{
"Name": "AffS3BucketNotificationConfigurationS3KeyFilterRuleName.PREFIX",
"Value": "pre"
},
{
"Name": "AffS3BucketNotificationConfigurationS3KeyFilterRuleName.SUFFIX",
"Value": "suf"
},
]
}
},
"Type": "LambdaConfiguration"
}]
},
"BucketVersioningConfiguration": {
"IsMfaDeleteEnabled": true,
"Status": "Off"
},
"BucketWebsiteConfiguration": {
"ErrorDocument": "error.html",
"IndexDocumentSuffix": "index.html",
"RedirectAllRequestsTo": {
"HostName": "example.com",
"Protocol": "http"
},
"RoutingRules": [{
"Condition": {
"HttpErrorCodeReturnedEquals": "Redirected",
"KeyPrefixEquals": "index"
},
"Redirect": {
"HostName": "example.com",
"HttpRedirectCode": "401",
"Protocol": "HTTP",
"ReplaceKeyPrefixWith": "string",
"ReplaceKeyWith": "string"
}
}]
},
"CreatedAt": "2007-11-30T01:46:56.000Z",
"ObjectLockConfiguration": {
"ObjectLockEnabled": "Enabled",
"Rule": {
"DefaultRetention": {
"Days": null,
"Mode": "GOVERNANCE",
"Years": 12
},
},
},
"OwnerId": "AIDACKCEVSQ6C2EXAMPLE",
"OwnerName": "s3bucketowner",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true,
},
"ServerSideEncryptionConfiguration": {
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256",
"KMSMasterKeyID": "12345678-abcd-abcd-abcd-123456789012"
}
}
]
}
}
```
## AwsS3Object
`AwsS3Object` 物件提供 Amazon S3 物件的相關資訊。
下列範例顯示 `AwsS3Object` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3Object`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsS3ObjectDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3ObjectDetails.html)。
**範例**
```
"AwsS3Object": {
"ContentType": "text/html",
"ETag": "\"30a6ec7e1a9ad79c203d05a589c8b400\"",
"LastModified": "2012-04-23T18:25:43.511Z",
"ServerSideEncryption": "aws:kms",
"SSEKMSKeyId": "arn:aws:kms:us-west-2:123456789012:key/4dff8393-e225-4793-a9a0-608ec069e5a7",
"VersionId": "ws31OurgOOjH_HHllIxPE35P.MELYaYh"
}
```
# AwsSageMaker ASFF 中的 資源
以下是 `AwsSageMaker` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSageMakerNotebookInstance
`AwsSageMakerNotebookInstance` 物件提供有關 Amazon SageMaker AI 筆記本執行個體的資訊,這是執行 Jupyter 筆記本應用程式的機器學習運算執行個體。
下列範例顯示 `AwsSageMakerNotebookInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSageMakerNotebookInstance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsSageMakerNotebookInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSageMakerNotebookInstanceDetails.html)。
**範例**
```
"AwsSageMakerNotebookInstance": {
"DirectInternetAccess": "Disabled",
"InstanceMetadataServiceConfiguration": {
"MinimumInstanceMetadataServiceVersion": "1",
},
"InstanceType": "ml.t2.medium",
"LastModifiedTime": "2022-09-09 22:48:32.012000+00:00",
"NetworkInterfaceId": "eni-06c09ac2541a1bed3",
"NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:001098605940:notebook-instance/sagemakernotebookinstancerootaccessdisabledcomplia-8myjcyofzixm",
"NotebookInstanceName": "SagemakerNotebookInstanceRootAccessDisabledComplia-8MYjcyofZiXm",
"NotebookInstanceStatus": "InService",
"PlatformIdentifier": "notebook-al1-v1",
"RoleArn": "arn:aws:iam::001098605940:role/sechub-SageMaker-1-scenar-SageMakerCustomExecution-1R0X32HGC38IW",
"RootAccess": "Disabled",
"SecurityGroups": [
"sg-06b347359ab068745"
],
"SubnetId": "subnet-02c0deea5fa64578e",
"Url": "sagemakernotebookinstancerootaccessdisabledcomplia-8myjcyofzixm.notebook.us-east-1.sagemaker.aws",
"VolumeSizeInGB": 5
}
```
# AwsSecretsManager ASFF 中的 資源
以下是 `AwsSecretsManager` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSecretsManagerSecret
`AwsSecretsManagerSecret` 物件提供 Secrets Manager 秘密的詳細資訊。
下列範例顯示 `AwsSecretsManagerSecret` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSecretsManagerSecret`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsSecretsManagerSecretDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecretsManagerSecretDetails.html)。
**範例**
```
"AwsSecretsManagerSecret": {
"RotationRules": {
"AutomaticallyAfterDays": 30
},
"RotationOccurredWithinFrequency": true,
"KmsKeyId": "kmsKeyId",
"RotationEnabled": true,
"RotationLambdaArn": "arn:aws:lambda:us-west-2:777788889999:function:MyTestRotationLambda",
"Deleted": false,
"Name": "MyTestDatabaseSecret",
"Description": "My test database secret"
}
```
# AwsSns ASFF 中的 資源
以下是 `AwsSns` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSnsTopic
`AwsSnsTopic` 物件包含 Amazon Simple Notification Service 主題的詳細資訊。
下列範例顯示 `AwsSnsTopic` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSnsTopic`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsSnsTopicDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSnsTopicDetails.html)。
**範例**
```
"AwsSnsTopic": {
"ApplicationSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/ApplicationSuccessFeedbackRoleArn",
"FirehoseFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/FirehoseFailureFeedbackRoleArn",
"FirehoseSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/FirehoseSuccessFeedbackRoleArn",
"HttpFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/HttpFailureFeedbackRoleArn",
"HttpSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/HttpSuccessFeedbackRoleArn",
"KmsMasterKeyId": "alias/ExampleAlias",
"Owner": "123456789012",
"SqsFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/SqsFailureFeedbackRoleArn",
"SqsSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/SqsSuccessFeedbackRoleArn",
"Subscription": {
"Endpoint": "http://sampleendpoint.com",
"Protocol": "http"
},
"TopicName": "SampleTopic"
}
```
# AwsSqs ASFF 中的 資源
以下是 `AwsSqs` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSqsQueue
`AwsSqsQueue` 物件包含 Amazon Simple Queue Service 佇列的相關資訊。
下列範例顯示 `AwsSqsQueue` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSqsQueue`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsSqsQueueDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSqsQueueDetails.html)。
**範例**
```
"AwsSqsQueue": {
"DeadLetterTargetArn": "arn:aws:sqs:us-west-2:123456789012:queue/target",
"KmsDataKeyReusePeriodSeconds": 60,,
"KmsMasterKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
"QueueName": "sample-queue"
}
```
# AwsSsm ASFF 中的 資源
以下是 `AwsSsm` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSsmPatchCompliance
`AwsSsmPatchCompliance` 物件會根據用來修補執行個體的修補程式基準,提供執行個體上修補程式狀態的相關資訊。
下列範例顯示 `AwsSsmPatchCompliance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSsmPatchCompliance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsSsmPatchComplianceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSsmPatchComplianceDetails.html)。
**範例**
```
"AwsSsmPatchCompliance": {
"Patch": {
"ComplianceSummary": {
"ComplianceType": "Patch",
"CompliantCriticalCount": 0,
"CompliantHighCount": 0,
"CompliantInformationalCount": 0,
"CompliantLowCount": 0,
"CompliantMediumCount": 0,
"CompliantUnspecifiedCount": 461,
"ExecutionType": "Command",
"NonCompliantCriticalCount": 0,
"NonCompliantHighCount": 0,
"NonCompliantInformationalCount": 0,
"NonCompliantLowCount": 0,
"NonCompliantMediumCount": 0,
"NonCompliantUnspecifiedCount": 0,
"OverallSeverity": "UNSPECIFIED",
"PatchBaselineId": "pb-0c5b2769ef7cbe587",
"PatchGroup": "ExamplePatchGroup",
"Status": "COMPLIANT"
}
}
}
```
# AwsStepFunctions ASFF 中的 資源
以下是 `AwsStepFunctions` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsStepFunctionStateMachine
`AwsStepFunctionStateMachine` 物件提供有關 AWS Step Functions 狀態機器的資訊,這是由一系列事件驅動步驟組成的工作流程。
下列範例顯示 `AwsStepFunctionStateMachine` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsStepFunctionStateMachine`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsStepFunctionStateMachine](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsStepFunctionStateMachineDetails.html)。
**範例**
```
"AwsStepFunctionStateMachine": {
"StateMachineArn": "arn:aws:states:us-east-1:123456789012:stateMachine:StepFunctionsLogDisableNonCompliantResource-fQLujTeXvwsb",
"Name": "StepFunctionsLogDisableNonCompliantResource-fQLujTeXvwsb",
"Status": "ACTIVE",
"RoleArn": "arn:aws:iam::123456789012:role/teststepfunc-StatesExecutionRole-1PNM71RVO1UKT",
"Type": "STANDARD",
"LoggingConfiguration": {
"Level": "OFF",
"IncludeExecutionData": false
},
"TracingConfiguration": {
"Enabled": false
}
}
```
# AwsWaf ASFF 中的 資源
以下是 `AwsWaf` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsWafRateBasedRule
`AwsWafRateBasedRule` 物件包含全域 AWS WAF 資源的速率型規則詳細資訊。以 AWS WAF 速率為基礎的規則提供設定,指出何時允許、封鎖或計數請求。以速率為基礎的規則包括在指定期間內到達的請求數量。
下列範例顯示 `AwsWafRateBasedRule` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRateBasedRule`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRateBasedRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRateBasedRuleDetails.html)。
**範例**
```
"AwsWafRateBasedRule":{
"MatchPredicates" : [{
"DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0",
"Negated" : "True",
"Type" : "IPMatch" ,
}],
"MetricName" : "MetricName",
"Name" : "Test",
"RateKey" : "IP",
"RateLimit" : 235000,
"RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f"
}
```
## AwsWafRegionalRateBasedRule
`AwsWafRegionalRateBasedRule` 物件包含區域資源的速率型規則詳細資訊。以速率為基礎的規則提供設定,指出何時允許、封鎖或計數請求。以速率為基礎的規則包括在指定期間內到達的請求數量。
下列範例顯示 `AwsWafRegionalRateBasedRule` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRegionalRateBasedRule`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalRateBasedRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRateBasedRuleDetails.html)。
**範例**
```
"AwsWafRegionalRateBasedRule":{
"MatchPredicates" : [{
"DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0",
"Negated" : "True",
"Type" : "IPMatch" ,
}],
"MetricName" : "MetricName",
"Name" : "Test",
"RateKey" : "IP",
"RateLimit" : 235000,
"RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f"
}
```
## AwsWafRegionalRule
`AwsWafRegionalRule` 物件提供有關 AWS WAF 區域性規則 的詳細資訊。此規則會識別您要允許、封鎖或計數的 Web 請求。
下列範例顯示 `AwsWafRegionalRule` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRegionalRule`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRuleDetails.html)。
**範例**
```
"AwsWafRegionalRule": {
"MetricName": "SampleWAF_Rule__Metric_1",
"Name": "bb-waf-regional-rule-not-empty-conditions-compliant",
"RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de95fe",
"PredicateList": [{
"DataId": "127d9346-e607-4e93-9286-c1296fb5445a",
"Negated": false,
"Type": "GeoMatch"
}]
}
```
## AwsWafRegionalRuleGroup
`AwsWafRegionalRuleGroup` 物件提供區域性規則群組的詳細資訊 AWS WAF 。規則群組是您新增至 Web 存取控制清單 (Web ACL) 的預先定義規則集合。
下列範例顯示 `AwsWafRegionalRuleGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRegionalRuleGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRuleGroupDetails.html)。
**範例**
```
"AwsWafRegionalRuleGroup": {
"MetricName": "SampleWAF_Metric_1",
"Name": "bb-WAFClassicRuleGroupWithRuleCompliant",
"RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb",
"Rules": [{
"Action": {
"Type": "ALLOW"
}
}],
"Priority": 1,
"RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c",
"Type": "REGULAR"
}
```
## AwsWafRegionalWebAcl
`AwsWafRegionalWebAcl` 提供有關 AWS WAF 區域 Web 存取控制清單 (Web ACL) 的詳細資訊。Web ACL 包含規則,可識別您要允許、封鎖或計數的請求。
以下是安全`AwsWafRegionalWebAcl`調查結果格式 (ASFF) 中 AWS 的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalWebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalWebAclDetails.html)。
**範例**
```
"AwsWafRegionalWebAcl": {
"DefaultAction": "ALLOW",
"MetricName" : "web-regional-webacl-metric-1",
"Name": "WebACL_123",
"RulesList": [
{
"Action": {
"Type": "Block"
},
"Priority": 3,
"RuleId": "24445857-852b-4d47-bd9c-61f05e4d223c",
"Type": "REGULAR",
"ExcludedRules": [
{
"ExclusionType": "Exclusion",
"RuleId": "Rule_id_1"
}
],
"OverrideAction": {
"Type": "OVERRIDE"
}
}
],
"WebAclId": "443c76f4-2e72-4c89-a2ee-389d501c1f67"
}
```
## AwsWafRule
`AwsWafRule` 提供 AWS WAF 規則的相關資訊。 AWS WAF 規則會識別您要允許、封鎖或計數的 Web 請求。
以下是 AWS 安全`AwsWafRule`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRuleDetails.html)。
**範例**
```
"AwsWafRule": {
"MetricName": "AwsWafRule_Metric_1",
"Name": "AwsWafRule_Name_1",
"PredicateList": [{
"DataId": "cdd225da-32cf-4773-1dc2-3bca3ed9c19c",
"Negated": false,
"Type": "GeoMatch"
}],
"RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de953e"
}
```
## AwsWafRuleGroup
`AwsWafRuleGroup` 提供 AWS WAF 規則群組的相關資訊。規則群組是您新增至 Web AWS WAF 存取控制清單 (Web ACL) 的預先定義規則集合。
以下是 AWS 安全`AwsWafRuleGroup`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRuleGroupDetails.html)。
**範例**
```
"AwsWafRuleGroup": {
"MetricName": "SampleWAF_Metric_1",
"Name": "bb-WAFRuleGroupWithRuleCompliant",
"RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb",
"Rules": [{
"Action": {
"Type": "ALLOW",
},
"Priority": 1,
"RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c",
"Type": "REGULAR"
}]
}
```
## AwsWafv2RuleGroup
`AwsWafv2RuleGroup` 物件提供有關 an AWS WAF V2 規則群組的詳細資訊。
下列範例顯示 `AwsWafv2RuleGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafv2RuleGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafv2RuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafv2RuleGroupDetails.html)。
**範例**
```
"AwsWafv2RuleGroup": {
"Arn": "arn:aws:wafv2:us-east-1:123456789012:global/rulegroup/wafv2rulegroupasff/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Capacity": 1000,
"Description": "Resource for ASFF",
"Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Name": "wafv2rulegroupasff",
"Rules": [{
"Action": {
"Allow": {
"CustomRequestHandling": {
"InsertHeaders": [
{
"Name": "AllowActionHeader1Name",
"Value": "AllowActionHeader1Value"
},
{
"Name": "AllowActionHeader2Name",
"Value": "AllowActionHeader2Value"
}
]
}
},
"Name": "RuleOne",
"Priority": 1,
"VisibilityConfig": {
"CloudWatchMetricsEnabled": true,
"MetricName": "rulegroupasff",
"SampledRequestsEnabled": false
}
}],
"VisibilityConfig": {
"CloudWatchMetricsEnabled": true,
"MetricName": "rulegroupasff",
"SampledRequestsEnabled": false
}
}
```
## AwsWafWebAcl
`AwsWafWebAcl` 物件提供 AWS WAF Web ACL 的詳細資訊。
下列範例顯示 `AwsWafWebAcl` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafWebAcl`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafWebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafWebAclDetails.html)。
**範例**
```
"AwsWafWebAcl": {
"DefaultAction": "ALLOW",
"Name": "MyWafAcl",
"Rules": [
{
"Action": {
"Type": "ALLOW"
},
"ExcludedRules": [
{
"RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98"
}
],
"OverrideAction": {
"Type": "NONE"
},
"Priority": 1,
"RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98",
"Type": "REGULAR"
}
],
"WebAclId": "waf-1234567890"
}
```
## AwsWafv2WebAcl
`AwsWafv2WebAcl` 物件提供有關 an AWS WAF V2 Web ACL 的詳細資訊。
下列範例顯示 `AwsWafv2WebAcl` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafv2WebAcl`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafv2WebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafv2WebAclDetails.html)。
**範例**
```
"AwsWafv2WebAcl": {
"Arn": "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/WebACL-RoaD4QexqSxG/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Capacity": 1326,
"CaptchaConfig": {
"ImmunityTimeProperty": {
"ImmunityTime": 500
}
},
"DefaultAction": {
"Block": {}
},
"Description": "Web ACL for JsonBody testing",
"ManagedbyFirewallManager": false,
"Name": "WebACL-RoaD4QexqSxG",
"Rules": [{
"Action": {
"RuleAction": {
"Block": {}
}
},
"Name": "TestJsonBodyRule",
"Priority": 1,
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "JsonBodyMatchMetric"
}
}],
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "TestingJsonBodyMetric"
}
}
```
# AwsXray ASFF 中的 資源
以下是 `AwsXray` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsXrayEncryptionConfig
`AwsXrayEncryptionConfig` 物件包含 加密組態的相關資訊 AWS X-Ray。
下列範例顯示 `AwsXrayEncryptionConfig` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsXrayEncryptionConfig`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsXrayEncryptionConfigDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsXrayEncryptionConfigDetails.html)。
**範例**
```
"AwsXRayEncryptionConfig":{
"KeyId": "arn:aws:kms:us-east-2:222222222222:key/example-key",
"Status": "UPDATING",
"Type":"KMS"
}
```
# CodeRepository ASFF 中的 物件
`CodeRepository` 物件提供連線至 AWS 資源的外部程式碼儲存庫相關資訊,並設定 Amazon Inspector 掃描漏洞。
下列範例顯示 `CodeRepository` 物件 AWS 的安全調查結果格式 (ASFF) 語法。若要檢視`CodeRepository`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [CodeRepositoryDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CodeRepositoryDetails.html)。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
**範例**
```
"CodeRepository": {
"ProviderType": "GITLAB_SELF_MANAGED",
"ProjectName": "projectName",
"CodeSecurityIntegrationArn": "arn:aws:inspector2:us-east-1:123456789012:codesecurity-integration/00000000-0000-0000-0000-000000000000"
}
```
# Container ASFF 中的 物件
下列範例顯示 `Container` 物件 AWS 的安全調查結果格式 (ASFF) 語法。若要檢視`Container`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [ContainerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ContainerDetails.html)。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
**範例**
```
"Container": {
"ContainerRuntime": "docker",
"ImageId": "image12",
"ImageName": "1111111/knotejs@sha256:372131c9fef111111111111115f4ed3ea5f9dce4dc3bd34ce21846588a3",
"LaunchedAt": "2018-09-29T01:25:54Z",
"Name": "knote",
"Privileged": true,
"VolumeMounts": [{
"Name": "vol-03909e9",
"MountPath": "/mnt/etc"
}]
}
```
# Other ASFF 中的 物件
在 AWS 安全調查結果格式 (ASFF) 中, `Other` 物件會指定自訂欄位和值。如需 ASFF 的詳細資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
透過使用 `Other` 物件,您可以指定資源的自訂欄位和值。您可以針對下列案例使用 `Other` 物件:
+ 資源類型沒有對應的`Details`物件。若要指定資源的詳細資訊,請使用 `Other` 物件。
+ 資源類型的 `Details` 物件不包含您要指定的所有屬性。在此情況下,請使用 資源類型的 `Details` 物件來指定可用的屬性。使用 `Other` 物件來指定不在類型特定`Details`物件中的屬性。
+ 資源類型不是提供的類型之一。在此情況下,將 `Resource.Type` 設定為 `Other`並使用 `Other` 物件來指定詳細資訊。
**類型:**最多 50 個鍵值對的映射
每個鍵/值對必須符合下列需求。
+ 金鑰必須包含少於 128 個字元。
+ 此值必須包含少於 1,024 個字元。