本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 在 Security Hub CSPM 中建立和更新問題清單
在 AWS Security Hub CSPM 中,*問題清單*是安全檢查或安全相關偵測的可觀察記錄。問題清單可能來自下列其中一個來源:
+ Security Hub CSPM 中控制項的安全檢查。
+ 與另一個 的整合 AWS 服務。
+ 與第三方產品的整合。
+ 自訂整合。
Security Hub CSPM 會將所有來源的問題清單標準化為稱為*AWS 安全問題清單格式 (ASFF)* 的標準語法和格式。如需此格式的詳細資訊,包括個別 ASFF 欄位的說明,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。如果您啟用跨區域彙總,Security Hub CSPM 也會自動將新的和更新的調查結果從所有連結的區域彙總到您指定的彙總區域。如需詳細資訊,請參閱[了解 Security Hub CSPM 中的跨區域彙總](finding-aggregation.md)。
建立問題清單之後,可以更新,如下所示:
+ 問題清單提供者可以使用 Security Hub CSPM API [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)的操作來更新問題清單的一般資訊。問題清單提供者只能更新其建立的問題清單。
+ 客戶可以使用 Security Hub CSPM 主控台或 Security Hub CSPM API [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)的操作來更新調查結果調查的狀態。SIEM、票證、事件管理、SOAR 或其他類型的工具也可以代表客戶使用`BatchUpdateFindings`此操作。
為了減少問題清單雜訊並簡化個別問題清單的追蹤和分析,Security Hub CSPM 會自動刪除最近尚未更新的問題清單。Security Hub CSPM 執行此作業的時間取決於問題清單是作用中還是封存:
+ *作用中問題*清單是記錄狀態 (`RecordState`) 為 的問題清單`ACTIVE`。Security Hub CSPM 會儲存作用中的問題清單 90 天。如果作用中的問題清單已有 90 天未更新,則會過期,且 Security Hub CSPM 會將其永久刪除。
+ *封存的問題清單*是記錄狀態 (`RecordState`) 為 的問題清單`ARCHIVED`。Security Hub CSPM 會將封存的問題清單存放 30 天。如果封存的問題清單已有 30 天未更新,則會過期,且 Security Hub CSPM 會將其永久刪除。
對於控制項問題清單,這是 Security Hub CSPM 從控制項安全檢查產生的問題清單,Security Hub CSPM 會根據問題清單`UpdatedAt`欄位的值來判斷問題清單是否已過期。如果作用中問題清單的這個值超過 90 天,Security Hub CSPM 會永久刪除問題清單。如果封存的問題清單超過 30 天,Security Hub CSPM 會永久刪除問題清單。
對於所有其他類型的問題清單,Security Hub CSPM 會根據問題清單的 `ProcessedAt`和 `UpdatedAt` 欄位的值來判斷問題清單是否已過期。Security Hub CSPM 會比較這些欄位的值,並判斷哪個欄位較新。如果作用中問題清單的最近值超過 90 天,Security Hub CSPM 會永久刪除問題清單。如果封存問題清單的最近值超過 30 天,Security Hub CSPM 會永久刪除問題清單。問題清單提供者可以使用 Security Hub CSPM API [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html)的操作來變更一或多個問題清單`UpdatedAt`欄位的值。
如需長期保留問題清單,您可以將問題清單匯出至 S3 儲存貯體。您可以搭配 Amazon EventBridge 規則使用自訂動作來執行此操作。如需詳細資訊,請參閱[使用 EventBridge 進行自動回應和修復](securityhub-cloudwatch-events.md)。
**Topics**
+ [用於尋找供應商的 BatchImportFindings](finding-update-batchimportfindings.md)
+ [客戶的 BatchUpdateFindings](finding-update-batchupdatefindings.md)
+ [在 Security Hub CSPM 中檢閱問題清單詳細資訊和歷史記錄](securityhub-findings-viewing.md)
+ [在 Security Hub CSPM 中篩選問題清單](securityhub-findings-manage.md)
+ [在 Security Hub CSPM 中分組問題清單](finding-list-grouping.md)
+ [在 Security Hub CSPM 中設定問題清單的工作流程狀態](findings-workflow-status.md)
+ [將問題清單傳送至自訂 Security Hub CSPM 動作](findings-custom-action.md)
+ [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)
# 用於尋找供應商的 BatchImportFindings
尋找提供者可以使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)操作在 AWS Security Hub CSPM 中建立新的問題清單。他們也可以使用此操作來更新他們建立的問題清單。尋找供應商無法更新他們未建立的問題清單。
客戶、SIEMs、票證、SOAR 和其他類型的工具必須使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)操作,進行與調查結果提供者調查相關的更新。如需詳細資訊,請參閱[客戶的 BatchUpdateFindings](finding-update-batchupdatefindings.md)。
當 Security Hub CSPM 收到建立或更新問題清單的`BatchImportFindings`請求時,它會自動在 Amazon EventBridge 中產生**Security Hub Findings - Imported**事件。您可以對該事件採取自動動作。如需詳細資訊,請參閱[使用 EventBridge 進行自動回應和修復](securityhub-cloudwatch-events.md)。
## 使用 `BatchImportFindings` 的先決條件
`BatchImportFindings` 必須由下列其中一項呼叫:
+ 與調查結果相關聯的帳戶。關聯帳戶的識別符必須符合調查結果的 `AwsAccountId` 屬性值。
+ 允許列為官方 Security Hub CSPM 合作夥伴整合的帳戶。
Security Hub CSPM 只能接受已啟用 Security Hub CSPM 的帳戶的問題清單更新。同時也必須啟用問題清單提供者。如果 Security Hub CSPM 已停用,或未啟用調查結果提供者整合,則會在`FailedFindings`清單中傳回調查結果,並顯示`InvalidAccess`錯誤。
## 決定是要建立或更新問題清單
若要判斷是否要建立或更新問題清單,Security Hub CSPM 會檢查 `ID` 欄位。如果 的值`ID`不符合現有的調查結果,Security Hub CSPM 會建立新的調查結果。
如果 `ID`符合現有的調查結果,Security Hub CSPM 會檢查 `UpdatedAt` 欄位是否有更新,然後繼續執行如下操作:
+ 如果在更新`UpdatedAt`時符合或發生在現有調查結果`UpdatedAt`的 之前,Security Hub CSPM 會忽略更新請求。
+ 如果更新`UpdatedAt`發生在現有調查結果`UpdatedAt`的 之後,Security Hub CSPM 會更新現有調查結果。
## 使用 尋找更新的限制 `BatchImportFindings`
問題清單提供者無法使用 `BatchImportFindings`更新現有問題清單的下列屬性:
+ `Note`
+ `UserDefinedFields`
+ `VerificationState`
+ `Workflow`
Security Hub CSPM 會忽略這些屬性`BatchImportFindings`請求中提供的任何內容。客戶或代表他們的實體 (例如票證工具) 可以使用 `BatchUpdateFindings` 更新這些屬性。
## 使用 更新問題清單 FindingProviderFields
調查結果提供者也不應該使用 `BatchImportFindings` 來更新 AWS 安全性調查結果格式 (ASFF) 中的下列頂層屬性:
+ `Confidence`
+ `Criticality`
+ `RelatedFindings`
+ `Severity`
+ `Types`
反之,問題清單提供者應該使用 [`FindingProviderFields`](asff-top-level-attributes.md#asff-findingproviderfields) 物件來提供這些屬性的值。
**範例**
```
"FindingProviderFields": {
"Confidence": 42,
"Criticality": 99,
"RelatedFindings":[
{
"ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "123e4567-e89b-12d3-a456-426655440000"
}
],
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ]
}
```
對於`BatchImportFindings`請求,Security Hub CSPM 會處理最上層屬性和 中的值[`FindingProviderFields`](asff-top-level-attributes.md#asff-findingproviderfields),如下所示。
**(偏好) `BatchImportFindings`提供 中屬性的值[`FindingProviderFields`](asff-top-level-attributes.md#asff-findingproviderfields),但不提供對應頂層屬性的值。**
例如, `BatchImportFindings`提供 `FindingProviderFields.Confidence`,但不提供 `Confidence`。這是 `BatchImportFindings`請求的偏好選項。
Security Hub CSPM 會更新 中屬性的值`FindingProviderFields`。
只有在 屬性尚未由 更新時,才會將值複寫至頂層屬性`BatchUpdateFindings`。
**`BatchImportFindings` 提供最上層屬性的值,但不提供 中對應屬性的值`FindingProviderFields`。**
例如, `BatchImportFindings`提供 `Confidence`,但不提供 `FindingProviderFields.Confidence`。
Security Hub CSPM 使用 值來更新 中的屬性`FindingProviderFields`。它會覆寫任何現有的值。
只有在 屬性尚未由 更新時,Security Hub CSPM 才會更新最上層屬性`BatchUpdateFindings`。
**`BatchImportFindings` 在 中提供最上層屬性和對應屬性的值`FindingProviderFields`。**
例如, 同時`BatchImportFindings`提供 `Confidence`和 `FindingProviderFields.Confidence`。
對於新調查結果,Security Hub CSPM 會使用 中的值`FindingProviderFields`來填入 中最上層屬性和對應的屬性`FindingProviderFields`。它不使用提供的頂層屬性值。
對於現有的調查結果,Security Hub CSPM 會使用這兩個值。不過,只有在 屬性尚未由 更新時,才會更新頂層屬性值`BatchUpdateFindings`。
# 客戶的 BatchUpdateFindings
AWS Security Hub CSPM 客戶和代其行事的實體可以使用 [BatchUpdateFindings](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 操作,更新從調查結果提供者處理 Security Hub CSPM 調查結果的相關資訊。身為客戶,您可以直接使用此操作。SIEM、票證、事件管理和 SOAR 工具也可以代表客戶使用此操作。
您無法使用 `BatchUpdateFindings`操作建立新的問題清單。不過,您可以使用它一次更新最多 100 個現有問題清單。在`BatchUpdateFindings`請求中,您可以指定要更新的調查結果、要更新調查結果 AWS 的安全調查結果格式 (ASFF) 欄位,以及欄位的新值。然後,Security Hub CSPM 會更新請求中指定的問題清單。此程序需要幾分鐘的時間。如果您使用 `BatchUpdateFindings`操作更新問題清單,您的更新不會影響問題清單`UpdatedAt`欄位的現有值。
當 Security Hub CSPM 收到更新問題清單的`BatchUpdateFindings`請求時,它會自動在 Amazon EventBridge 中產生**Security Hub Findings – Imported**事件。您可以選擇性地使用此事件,對指定的調查結果採取自動動作。如需詳細資訊,請參閱[使用 EventBridge 進行自動回應和修復](securityhub-cloudwatch-events.md)。
## 的可用欄位 BatchUpdateFindings
如果您登入 Security Hub CSPM 管理員帳戶,您可以使用 `BatchUpdateFindings` 更新管理員帳戶或成員帳戶所產生的問題清單。成員帳戶只能`BatchUpdateFindings`用來更新其帳戶的調查結果。
客戶可以使用 `BatchUpdateFindings`更新下列欄位和物件:
+ `Confidence`
+ `Criticality`
+ `Note`
+ `RelatedFindings`
+ `Severity`
+ `Types`
+ `UserDefinedFields`
+ `VerificationState`
+ `Workflow`
## 設定 的存取權 BatchUpdateFindings
您可以設定 AWS Identity and Access Management (IAM) 政策來限制對 的存取`BatchUpdateFindings`,使用 來更新問題清單欄位和欄位值。
在 陳述式中,`BatchUpdateFindings`使用下列值來限制對 的存取:
+ `Action` 是 `securityhub:BatchUpdateFindings`
+ `Effect` 是 `Deny`
+ 對於 `Condition`,您可以根據下列項目拒絕`BatchUpdateFindings`請求:
+ 問題清單包含特定欄位。
+ 調查結果包含特定的欄位值。
### 條件索引鍵
這些是限制存取 的條件金鑰`BatchUpdateFindings`。
**ASFF 欄位**
ASFF 欄位的條件索引鍵如下所示:
```
securityhub:ASFFSyntaxPath/
```
`` 將 取代為 ASFF 欄位。設定對 的存取時`BatchUpdateFindings`,請在 IAM 政策中包含一或多個特定 ASFF 欄位,而非父層級欄位。例如,若要限制對 `Workflow.Status` 欄位的存取,您必須在政策` securityhub:ASFFSyntaxPath/Workflow.Status`中包含 ,而不是`Workflow`父層級欄位。
### 不允許對欄位進行所有更新
若要防止使用者對特定欄位進行任何更新,請使用下列條件:
```
"Condition": {
"Null": {
"securityhub:ASFFSyntaxPath/": "false"
}
}
```
例如,下列陳述式指出 `BatchUpdateFindings` 無法用來更新問題清單`Workflow.Status`的欄位。
```
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "securityhub:BatchUpdateFindings",
"Resource": "*",
"Condition": {
"Null": {
"securityhub:ASFFSyntaxPath/Workflow.Status": "false"
}
}
}
```
### 不允許特定欄位值
若要防止使用者將欄位設定為特定值,請使用如下所示的條件:
```
"Condition": {
"StringEquals": {
"securityhub:ASFFSyntaxPath/": ""
}
}
```
例如,下列陳述式表示 `BatchUpdateFindings` 無法用於將 `Workflow.Status`設定為 `SUPPRESSED`。
```
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "securityhub:BatchUpdateFindings",
"Resource": "*",
"Condition": {
"StringEquals": {
"securityhub:ASFFSyntaxPath/Workflow.Status": "SUPPRESSED"
}
}
```
您也可以提供不允許的值清單。
```
"Condition": {
"StringEquals": {
"securityhub:ASFFSyntaxPath/": [ "", "", "" ]
}
}
```
例如,下列陳述式表示 `BatchUpdateFindings` 無法用於將 `Workflow.Status`設定為 `RESOLVED`或 `SUPPRESSED`。
```
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "securityhub:BatchUpdateFindings",
"Resource": "*",
"Condition": {
"StringEquals": {
"securityhub:ASFFSyntaxPath/Workflow.Status": [
"RESOLVED",
"NOTIFIED"
]
}
}
```
# 在 Security Hub CSPM 中檢閱問題清單詳細資訊和歷史記錄
在 AWS Security Hub CSPM 中,*問題清單*是安全檢查或安全相關偵測的可觀察記錄。Security Hub CSPM 會在完成控制項的安全性檢查,以及從整合 AWS 服務 或第三方產品擷取問題清單時產生問題清單。每個調查結果都包含變更和其他詳細資訊的歷史記錄,例如嚴重性評分和受影響資源的相關資訊。
您可以在 Security Hub CSPM 主控台或使用 Security Hub CSPM API 或 以程式設計方式檢閱個別問題清單的歷史記錄和其他詳細資訊 AWS CLI。
為了協助您簡化分析,當您選擇特定問題清單時,Security Hub CSPM 主控台會顯示問題清單面板。面板包含不同的功能表和索引標籤,用於檢閱問題清單的特定詳細資訊。
**動作功能表**
在此功能表中,您可以檢閱問題清單的完整 JSON 或新增備註。問題清單一次只能連接一個備註。此功能表也提供[設定問題清單工作流程狀態](findings-workflow-status.md)的選項[,或將問題清單傳送至 Amazon EventBridge 中的自訂動作](findings-custom-action.md)。 EventBridge
**調查功能表**
在此功能表中,您可以在 Amazon Detective 中調查問題清單。Detective 從調查結果中擷取實體,例如 IP 地址和 AWS 使用者,並視覺化其活動。您可以使用實體活動做為起點,以調查調查結果的原因和影響。
**概觀標籤**
此標籤提供調查結果的摘要。例如,您可以判斷問題清單的建立和上次更新時間、其存在的帳戶,以及問題清單的來源。對於控制項調查結果,此索引標籤也會在 Security Hub CSPM 文件中顯示相關 AWS Config 規則的名稱,以及修補指引的連結。
在**概觀**索引標籤的資源****快照中,您可以取得調查結果所涉及資源的簡短概觀。對於某些資源,這包含**開啟資源**選項,可直接連結到相關 AWS 服務 主控台上受影響的資源。**歷史記錄**快照最多可顯示追蹤歷史記錄最近日期對調查結果所做的兩項變更。例如,如果您昨天進行了一項變更,今天進行了另一項變更,快照會顯示今天的變更。若要檢閱先前的項目,請切換到**歷史記錄**索引標籤。
**合規**資料列會展開以顯示更多詳細資訊。例如,如果控制項包含參數,您可以檢閱 Security Hub CSPM 在執行控制項安全檢查時目前使用的參數值。
**資源索引標籤**
此標籤提供有關問題清單所涉及資源的詳細資訊。如果您已登入擁有資源的帳戶,您可以在適用的 AWS 服務 主控台中檢閱資源。如果您不是資源的擁有者,此標籤會顯示擁有者的 AWS 帳戶 ID。
**詳細資訊**列會顯示調查結果中的資源特定詳細資訊。它以 JSON 格式顯示調查結果的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html)區段。
**標籤**列會顯示指派給問題清單所涉及資源的標籤索引鍵和值。 AWS Resource Groups 標記 API [GetResources操作支援](https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/supported-services.html)的資源可以加上標籤。Security Hub CSPM 會在處理新的或更新的問題清單時使用[服務連結角色](using-service-linked-roles.md)來呼叫此操作,並在 AWS Security Finding Format (ASFF) `Resource.Id` 欄位填入資源的 ARN 時擷取資源標籤。Security Hub CSPM 會忽略無效的資源 IDs。如需在調查結果中包含資源標籤的詳細資訊,請參閱 [Tags (標籤)](asff-resources-attributes.md#asff-resources-tags)。
**歷史記錄索引標籤**
此標籤會追蹤問題清單的歷史記錄。問題清單歷史記錄可用於作用中和封存的問題清單。它提供隨時間對調查結果所做的變更的不可變線索,包括 ASFF 欄位的變更、變更發生的時間以及使用者。標籤上的每個頁面最多可顯示 20 個變更。首先顯示更多最近的變更。
對於作用中的問題清單,問題清單歷史記錄最多可使用 90 天。對於封存的問題清單,問題清單歷史記錄最多可使用 30 天。調查結果歷史記錄包含由 [Security Hub CSPM 自動化規則](automation-rules.md)手動或自動所做的變更。它不包含對頂層時間戳記欄位的變更,例如 `CreatedAt`和 `UpdatedAt` 欄位。
如果您已登入 Security Hub CSPM 管理員帳戶,問題清單歷史記錄適用於管理員帳戶和所有成員帳戶。
**威脅索引標籤**
此索引標籤包含來自 ASFF 的 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html)、 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html)和 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Process.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Process.html) 物件的資料,包括威脅類型,以及資源是目標還是演員。這些詳細資訊通常適用於源自 Amazon GuardDuty 的調查結果。
**漏洞索引標籤**
此標籤會顯示 ASFF [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html) 物件中的資料,包括是否存在與調查結果相關聯的入侵或可用修正。這些詳細資訊通常適用於源自 Amazon Inspector 的調查結果。
每個索引標籤上的資料列都包含複製或篩選選項。例如,如果您為工作流程狀態為 **Notified** 的調查結果開啟面板,您可以選擇**工作流程狀態**列旁的篩選條件選項。如果您選擇**顯示具有此值的所有調查結果**,Security Hub CSPM 會篩選調查結果表,並僅顯示工作流程狀態相同的調查結果。
## 檢閱問題清單詳細資訊和歷史記錄
選擇您偏好的方法,並依照步驟檢閱 Security Hub CSPM 中的調查結果詳細資訊。
如果您啟用跨區域彙總並登入彙總區域,調查結果資料會包含來自彙總區域和連結區域的資料。在其他區域中,問題清單資料僅適用於該區域。如需跨區域彙總的詳細資訊,請參閱 [了解 Security Hub CSPM 中的跨區域彙總](finding-aggregation.md)。
------
#### [ Security Hub CSPM console ]
**檢閱問題清單詳細資訊和歷史記錄**
1. 在 https://[https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/) 開啟 AWS Security Hub CSPM 主控台。
1. 若要顯示問題清單,請執行下列其中一項操作:
+ 在導覽窗格中,選擇**調查結果**。視需要新增搜尋篩選條件,以縮小問題清單範圍。
+ 在導覽窗格中,選擇 ** Insights**。選擇洞見。然後,在結果清單中,選擇洞見結果。
+ 在導覽窗格中選擇**整合**。選擇 **查看整合**的問題清單。
+ 在導覽窗格中,選擇**控制項**。
1. 選擇問題清單。問題清單面板會顯示問題清單的詳細資訊。
1. 在問題清單面板中,執行下列任一動作:
+ 若要檢閱問題清單的特定詳細資訊,請選擇索引標籤。
+ 若要對問題清單採取動作,請從**動作**功能表中選擇一個選項。
+ 若要在 Amazon Detective 中調查調查結果,請選擇**調查**選項。
**注意**
如果您與 整合, AWS Organizations 且已登入成員帳戶,則調查結果面板會包含帳戶名稱。對於手動邀請的成員帳戶,而不是透過 Organizations,問題清單面板只會包含帳戶 ID。
------
#### [ Security Hub CSPM API ]
使用 Security Hub CSPM API [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html)的操作,或者如果您使用的是 AWS CLI,請執行 [https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-findings.html](https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-findings.html)命令。您可以為 `Filters` 參數提供一或多個值,以縮小要擷取的問題清單範圍。
如果結果量太大,您可以使用 `MaxResults` 參數將問題清單限制為指定的數字,並使用 `NextToken` 參數將問題清單分頁。使用 `SortCriteria` 參數依特定欄位排序問題清單。
例如,下列 AWS CLI 命令會擷取符合指定篩選條件的問題清單,並依 `LastObservedAt` 欄位以遞減順序排序結果。此範例已針對 Linux、macOS 或 Unix 格式化,並使用反斜線 (\$1) 行接續字元來改善可讀性。
```
$ aws securityhub get-findings \
--filters '{"GeneratorId":[{"Value": "aws-foundational","Comparison":"PREFIX"}],"WorkflowStatus": [{"Value": "NEW","Comparison":"EQUALS"}],"Confidence": [{"Gte": 85}]}' --sort-criteria '{"Field": "LastObservedAt","SortOrder": "desc"}' --page-size 5 --max-items 100
```
若要檢閱問題清單歷史記錄,請使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_GetFindingHistory.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_GetFindingHistory.html)操作。如果您使用的是 AWS CLI,請執行 [https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-finding-history.html](https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-finding-history.html)命令。使用 `ProductArn`和 `Id` 欄位識別您要取得 歷史記錄的問題清單。如需這些欄位的相關資訊,請參閱「[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingIdentifier.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFindingIdentifier.html)」。每個請求只能擷取一個調查結果的歷史記錄。
例如,下列 AWS CLI 命令會擷取指定調查結果的歷史記錄。此範例已針對 Linux、macOS 或 Unix 格式化,並使用反斜線 (\$1) 行接續字元來改善可讀性。
```
$ aws securityhub get-finding-history \
--region us-west-2 \
--finding-identifier Id="a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",ProductArn="arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default" \
--max-results 2 \
--start-time "2021-09-30T15:53:35.573Z" \
--end-time "2021-09-31T15:53:35.573Z"
```
------
#### [ PowerShell ]
使用 `Get-SHUBFinding` cmdlet。選擇性地填入 `Filter` 參數,以縮小要擷取的問題清單範圍。
例如,下列 cmdlet 會擷取符合指定篩選條件的問題清單。
```
Get-SHUBFinding -Filter @{AwsAccountId = [Amazon.SecurityHub.Model.StringFilter]@{Comparison = "EQUALS"; Value = "XXX"};ComplianceStatus = [Amazon.SecurityHub.Model.StringFilter]@{Comparison = "EQUALS"; Value = 'FAILED'}}
```
------
**注意**
如果您依 `CompanyName`或 篩選問題清單`ProductName`,Security Hub CSPM 會使用 `ProductFields` ASFF 物件一部分的值。Security Hub CSPM 不使用最上層`CompanyName`和`ProductName`欄位。
# 在 Security Hub CSPM 中篩選問題清單
AWS Security Hub CSPM 會從安全檢查產生自己的調查結果,並從整合產品接收調查結果。您可以在 Security Hub CSPM 主控台的**調查結果**、**整合**和**洞見**頁面上顯示調查結果清單。您可以新增篩選條件來縮小調查結果清單,讓清單與您的組織或使用案例相關。
如需篩選特定安全控制項問題清單的資訊,請參閱 [篩選和排序控制項問題清單](control-finding-list.md)。本頁面上的資訊適用於**問題清單**、**洞見**和**整合**頁面。
## 問題清單上的預設篩選條件
根據預設,Security Hub CSPM 主控台上的調查結果清單會根據 AWS 安全性調查結果格式 (ASFF) 的 `RecordState`和 `Workflow.Status` 欄位進行篩選。這是除了特定洞見或整合的篩選條件之外。
記錄狀態指出問題清單是作用中還是封存。根據預設,問題清單只會顯示作用中的問題清單。如果問題清單提供者不再處於作用中或重要狀態,則可以封存問題清單。如果刪除相關聯的資源,Security Hub CSPM 也會自動封存控制項調查結果。
工作流程狀態指出調查結果調查的狀態。根據預設,問題清單只會顯示工作流程狀態為 `NEW` 或 `NOTIFIED` 的問題清單。您可以更新問題清單的工作流程狀態。
## 新增篩選條件的說明
您可以依最多十個屬性篩選問題清單。對於每個屬性,您最多可以提供 20 個篩選值。
篩選問題清單時,Security Hub CSPM `AND` 會將邏輯套用至一組篩選條件。只有當問題清單符合所有提供的篩選條件時,問題清單才會相符。例如,如果您新增 GuardDuty 做為**產品名稱**的篩選條件,以及`AwsS3Bucket`做為**資源類型的**篩選條件,Security Hub CSPM 會顯示符合這兩個條件的問題清單。
Security Hub CSPM `OR` 會將邏輯套用至使用相同屬性但不同值的篩選條件。例如,如果您將 GuardDuty 和 Amazon Inspector 新增為**產品名稱**的篩選條件值,Security Hub CSPM 會顯示 GuardDuty 或 Amazon Inspector 所產生的問題清單。
**將篩選條件新增至問題清單 (主控台)**
1. 開啟位於 https://[https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/) 的 AWS Security Hub CSPM 主控台。
1. 若要顯示問題清單,請從導覽窗格執行下列其中一個動作:
+ 選擇**問題清單**。
+ 選擇 **Insights**。選擇洞見。然後,在結果清單中,選擇洞見結果。
+ 選擇 **Integrations** (整合)。選擇**查看整合**的問題清單。
1. 在**新增篩選條件**方塊中,選取要篩選的一或多個檔案。
當您依**公司名稱**或**產品名稱**篩選時,主控台會使用 AWS 安全調查結果格式 (ASFF) 的最上層`CompanyName`和`ProductName`欄位。API 會使用巢狀於 下的值`ProductFields`。
1. 選擇篩選條件比對類型。
對於字串篩選條件,您可以從下列選項中選擇:
+ **is** – 尋找完全符合篩選條件值的值。
+ **開頭為** - 尋找開頭為篩選條件值的值。
+ **不是** – 尋找不符合篩選條件值的值。
+ **開頭不是** - 尋找開頭不是篩選條件值的值。
對於**資源標籤**欄位,您可以根據特定索引鍵或值進行篩選。
對於數值篩選條件,您可以選擇提供單一數字 (**簡單**) 或數字範圍 (**範圍**)。
對於日期或時間篩選條件,您可以選擇提供目前日期和時間 (**滾動視窗**) 或特定日期範圍 (**固定範圍) **的長度。
新增多個篩選條件有下列互動:
+ **為** ,**並以 OR 聯結篩選條件開頭**。如果包含任何篩選條件值,則值會相符。例如,如果您指定**嚴重性標籤為 CRITICAL**,**嚴重性標籤為 HIGH**,則結果會同時包含關鍵和高嚴重性的問題清單。
+ **不是** 且**開頭不是**篩選條件是由 AND 聯結。值只有在不包含任何這些篩選條件值時才相符。例如,如果您指定**嚴重性標籤不是 LOW**,**嚴重性標籤不是 MEDIUM**,則結果不包含低或中嚴重性問題清單。
如果您在 欄位上有 ****篩選條件,則不能有 **不是** ,或 **不是以相同欄位上的篩選條件開頭**。
1. 指定篩選條件值。對於字串篩選條件,篩選條件值區分大小寫。
1. 選擇**套用**。
對於現有的篩選條件,您可以變更篩選條件比對類型或值。在篩選的問題清單上,選擇篩選條件。在**編輯篩選條件**方塊中,選擇新的比對類型或值,然後選擇**套用**。
若要移除篩選條件,請選擇 **x** 圖示。清單會自動更新以反映變更。
# 在 Security Hub CSPM 中分組問題清單
您可以根據所選屬性的值,將 AWS Security Hub CSPM 中的調查結果分組。
當您將調查結果分組時,調查結果清單會取代為相符調查結果中所選屬性的值清單。對於每個值,清單會顯示相符問題清單的數量。
例如,如果您依 AWS 帳戶 ID 將問題清單分組,您會看到帳戶識別符清單,其中包含每個帳戶的相符問題清單數量。
Security Hub CSPM 最多可顯示所選屬性的 100 個值。如果超過 100 個值,您只會看到前 100 個。
當您選擇屬性值時,Security Hub CSPM 會顯示該值的相符問題清單。
**將問題清單清單中的問題清單分組 (主控台)**
1. 在 https://[https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/) 開啟 AWS Security Hub CSPM 主控台。
1. 若要顯示問題清單,請從導覽窗格執行下列其中一個動作:
+ 選擇**問題清單**。
+ 選擇 **Insights**。選擇洞見。然後,在結果清單中,選擇洞見結果。
+ 選擇 **Integrations** (整合)。選擇 **查看整合**的問題清單。
1. 在**分組依據**下拉式清單中,選擇要用於分組的屬性。
若要移除分組屬性,請選擇 **x** 圖示。當您移除分組屬性時,清單會從屬性值清單變更為調查結果清單。
# 在 Security Hub CSPM 中設定問題清單的工作流程狀態
工作流程狀態會追蹤調查問題清單的進度。工作流程狀態專屬於個別問題清單,不會影響新問題清單的產生。例如,如果您將問題清單的工作流程狀態變更為 `SUPPRESSED`或 `RESOLVED`,您的變更不會阻止 Security Hub CSPM 為相同問題產生新的問題清單。
問題清單的工作流程狀態可以是下列其中一個值。
**新**
檢閱問題清單之前的初始狀態。
從整合擷取的問題清單 AWS 服務,例如 AWS Config,其初始狀態`NEW`為 。
`NEW` 在下列情況下,Security Hub CSPM 也會將工作流程狀態從 `NOTIFIED`或 重設`RESOLVED`為 :
+ `RecordState` 從 `ARCHIVED`變更為 `ACTIVE`。
+ `Compliance.Status` 從 `PASSED`變更為 `FAILED`、 `WARNING`或 `NOT_AVAILABLE`。
這些變更表示需要額外調查。
**已通知**
指出您已向資源擁有者告知嚴重性問題。當您不是資源擁有者,且需要資源擁有者介入以解決安全問題時,可以使用此狀態。
如果發生下列其中一種情況,工作流程狀態會自動從 變更為 `NOTIFIED` `NEW`:
+ `RecordState` 從 `ARCHIVED`變更為 `ACTIVE`。
+ `Compliance.Status` 從 `PASSED`變更為 `FAILED`、 `WARNING`或 `NOT_AVAILABLE`。
**已升級**
表示您已檢閱調查結果,但不認為需要任何動作。
如果`SUPPRESSED`問題清單的工作流程狀態從 變更為 `ARCHIVED` ,則不會`RecordState`變更`ACTIVE`。
**已解決**
問題清單已檢閱並進行修補,目前視為已解決。
除非發生下列其中一種情況,`RESOLVED`否則問題清單仍會保留:
+ `RecordState` 從 `ARCHIVED`變更為 `ACTIVE`。
+ `Compliance.Status` 從 `PASSED`變更為 `FAILED`、 `WARNING`或 `NOT_AVAILABLE`。
在這些情況下,工作流程狀態會自動重設為 `NEW`。
對於控制項的問題清單,如果 `Compliance.Status`是 `PASSED`,Security Hub CSPM 會自動將工作流程狀態設定為 `RESOLVED`。
## 設定問題清單的工作流程狀態
若要變更一或多個問題清單的工作流程狀態,您可以使用 Security Hub CSPM 主控台或 Security Hub CSPM API。如果您變更調查結果的工作流程狀態,請注意,Security Hub CSPM 可能需要幾分鐘的時間來處理請求並更新調查結果。
**提示**
您也可以使用自動化規則自動變更問題清單的工作流程狀態。使用自動化規則,您可以設定 Security Hub CSPM,根據您指定的條件自動更新調查結果的工作流程狀態。如需詳細資訊,請參閱[了解 Security Hub CSPM 中的自動化規則](automation-rules.md)。
若要變更一或多個問題清單的工作流程狀態,請選擇您偏好的方法,然後依照步驟進行。
------
#### [ Security Hub CSPM console ]
**變更問題清單的工作流程狀態**
1. 開啟位於 https://[https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/) 的 AWS Security Hub CSPM 主控台。
1. 在導覽窗格中,執行下列其中一項操作,以顯示問題清單的資料表:
+ 選擇**問題清單**。
+ 選擇 **Insights**。然後選擇洞見。在洞見結果中,選擇結果。
+ 選擇 **Integrations** (整合)。然後,在整合的 區段中,選擇**查看問題清單**。
+ 選擇**安全標準**。然後,在標準 的 區段中,選擇**檢視結果**。在控制項表格中,選擇控制項以顯示控制項的問題清單。
1. 在問題清單表格中,選取您要變更工作流程狀態的每個問題清單的核取方塊。
1. 在頁面頂端,選擇**工作流程狀態**,然後為選取的調查結果選擇新的工作流程狀態。
1. 在**設定工作流程狀態**對話方塊中,選擇性地輸入備註,詳細說明變更工作流程狀態的原因。然後選擇**設定狀態**。
------
#### [ Security Hub CSPM API ]
使用 [BatchUpdateFindings](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 操作。同時提供產生調查結果之產品的調查結果 ID 和 ARN。您可以使用 [GetFindings](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_GetFindings.html) 操作來取得這些詳細資訊。
------
#### [ AWS CLI ]
執行 [batch-update-findings](https://docs.aws.amazon.com/cli/latest/reference/securityhub/batch-update-findings.html) 命令。同時提供產生調查結果之產品的調查結果 ID 和 ARN。您可以執行 [get-findings](https://docs.aws.amazon.com/cli/latest/reference/securityhub/get-findings.html) 命令來取得這些詳細資訊。
```
batch-update-findings --finding-identifiers Id="",ProductArn="" --workflow Status=""
```
**範例**
```
aws securityhub batch-update-findings --finding-identifiers Id="arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",ProductArn="arn:aws:securityhub:us-west-1::product/aws/securityhub" --workflow Status="RESOLVED"
```
------
# 將問題清單傳送至自訂 Security Hub CSPM 動作
您可以建立 AWS Security Hub CSPM 自訂動作,以使用 Amazon EventBridge 自動化 Security Hub CSPM。針對自訂動作,事件類型為 **Security Hub Findings - Custom Action**。設定自訂動作之後,您可以將問題清單傳送至該動作。如需建立自訂動作的詳細資訊和詳細步驟,請參閱 [使用 EventBridge 進行自動回應和修復](securityhub-cloudwatch-events.md)。
**將問題清單傳送至自訂動作 (主控台)**
1. 開啟位於 https://[https://console.aws.amazon.com/securityhub/](https://console.aws.amazon.com/securityhub/) 的 AWS Security Hub CSPM 主控台。
1. 若要顯示問題清單,請執行下列其中一項操作:
+ 在 Security Hub CSPM 導覽窗格中,選擇**調查結果**。
+ 在 Security Hub CSPM 導覽窗格中,選擇 **Insights**。選擇洞見。然後在結果清單中,選擇洞見結果。
+ 在 Security Hub CSPM 導覽窗格中,選擇**整合**。選擇**查看整合**的問題清單。
+ 在 Security Hub CSPM 導覽窗格中,選擇**安全標準**。選擇**檢視結果**以顯示控制項清單。然後選擇控制項名稱。
1. 在調查結果清單中,選取要傳送至自訂動作的每個調查結果的核取方塊。
您一次最多可以傳送 20 個問題清單。
1. 針對**動作**,選擇自訂動作。
# AWS 安全調查結果格式 (ASFF)
AWS Security Hub CSPM 會取用和彙總整合 AWS 服務 和第三方產品的問題清單。Security Hub CSPM 使用稱為 *AWS Security Finding Format (ASFF)* 的標準調查結果格式來處理這些調查結果,無需耗費時間進行資料轉換。
此頁面提供 AWS 安全性調查結果格式 (ASFF) 中調查結果的 JSON 完整大綱。格式衍生自 [JSON 結構描述](https://json-schema.org/)。選擇連結物件的名稱,以檢閱該物件的問題清單範例。將您的 Security Hub CSPM 問題清單與此處顯示的資源和範例進行比較,可協助您解譯問題清單。
如需個別 ASFF 屬性的說明,請參閱 [必要的頂層 ASFF 屬性](asff-required-attributes.md)和 [選用最上層 ASFF 屬性](asff-top-level-attributes.md)。
```
"Findings": [
{
"Action": {
"ActionType": "string",
"AwsApiCallAction": {
"AffectedResources": {
"string": "string"
},
"Api": "string",
"CallerType": "string",
"DomainDetails": {
"Domain": "string"
},
"FirstSeen": "string",
"LastSeen": "string",
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"IpAddressV4": "string",
"Geolocation": {
"Lat": number,
"Lon": number
},
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
},
"ServiceName": "string"
},
"DnsRequestAction": {
"Blocked": boolean,
"Domain": "string",
"Protocol": "string"
},
"NetworkConnectionAction": {
"Blocked": boolean,
"ConnectionDirection": "string",
"LocalPortDetails": {
"Port": number,
"PortName": "string"
},
"Protocol": "string",
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"IpAddressV4": "string",
"Geolocation": {
"Lat": number,
"Lon": number
},
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
},
"RemotePortDetails": {
"Port": number,
"PortName": "string"
}
},
"PortProbeAction": {
"Blocked": boolean,
"PortProbeDetails": [{
"LocalIpDetails": {
"IpAddressV4": "string"
},
"LocalPortDetails": {
"Port": number,
"PortName": "string"
},
"RemoteIpDetails": {
"City": {
"CityName": "string"
},
"Country": {
"CountryCode": "string",
"CountryName": "string"
},
"GeoLocation": {
"Lat": number,
"Lon": number
},
"IpAddressV4": "string",
"Organization": {
"Asn": number,
"AsnOrg": "string",
"Isp": "string",
"Org": "string"
}
}
}]
}
},
"AwsAccountId": "string",
"AwsAccountName": "string",
"CompanyName": "string",
"Compliance": {
"AssociatedStandards": [{
"StandardsId": "string"
}],
"RelatedRequirements": ["string"],
"SecurityControlId": "string",
"SecurityControlParameters": [
{
"Name": "string",
"Value": ["string"]
}
],
"Status": "string",
"StatusReasons": [
{
"Description": "string",
"ReasonCode": "string"
}
]
},
"Confidence": number,
"CreatedAt": "string",
"Criticality": number,
"Description": "string",
"Detection": {
"Sequence": {
"Uid": "string",
"Actors": [{
"Id": "string",
"Session": {
"Uid": "string",
"MfAStatus": "string",
"CreatedTime": "string",
"Issuer": "string"
},
"User": {
"CredentialUid": "string",
"Name": "string",
"Type": "string",
"Uid": "string",
"Account": {
"Uid": "string",
"Name": "string"
}
}
}],
"Endpoints": [{
"Id": "string",
"Ip": "string",
"Domain": "string",
"Port": number,
"Location": {
"City": "string",
"Country": "string",
"Lat": number,
"Lon": number
},
"AutonomousSystem": {
"Name": "string",
"Number": number
},
"Connection": {
"Direction": "string"
}
}],
"Signals": [{
"Id": "string",
"Title": "string",
"ActorIds": ["string"],
"Count": number,
"FirstSeenAt": number,
"SignalIndicators": [
{
"Key": "string",
"Title": "string",
"Values": ["string"]
},
{
"Key": "string",
"Title": "string",
"Values": ["string"]
}
],
"LastSeenAt": number,
"Name": "string",
"ResourceIds": ["string"],
"Type": "string"
}],
"SequenceIndicators": [
{
"Key": "string",
"Title": "string",
"Values": ["string"]
},
{
"Key": "string",
"Title": "string",
"Values": ["string"]
}
]
}
},
"FindingProviderFields": {
"Confidence": number,
"Criticality": number,
"RelatedFindings": [{
"ProductArn": "string",
"Id": "string"
}],
"Severity": {
"Label": "string",
"Normalized": number,
"Original": "string"
},
"Types": ["string"]
},
"FirstObservedAt": "string",
"GeneratorId": "string",
"Id": "string",
"LastObservedAt": "string",
"Malware": [{
"Name": "string",
"Path": "string",
"State": "string",
"Type": "string"
}],
"Network": {
"DestinationDomain": "string",
"DestinationIpV4": "string",
"DestinationIpV6": "string",
"DestinationPort": number,
"Direction": "string",
"OpenPortRange": {
"Begin": integer,
"End": integer
},
"Protocol": "string",
"SourceDomain": "string",
"SourceIpV4": "string",
"SourceIpV6": "string",
"SourceMac": "string",
"SourcePort": number
},
"NetworkPath": [{
"ComponentId": "string",
"ComponentType": "string",
"Egress": {
"Destination": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
},
"Protocol": "string",
"Source": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
}
},
"Ingress": {
"Destination": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
},
"Protocol": "string",
"Source": {
"Address": ["string"],
"PortRanges": [{
"Begin": integer,
"End": integer
}]
}
}
}],
"Note": {
"Text": "string",
"UpdatedAt": "string",
"UpdatedBy": "string"
},
"PatchSummary": {
"FailedCount": number,
"Id": "string",
"InstalledCount": number,
"InstalledOtherCount": number,
"InstalledPendingReboot": number,
"InstalledRejectedCount": number,
"MissingCount": number,
"Operation": "string",
"OperationEndTime": "string",
"OperationStartTime": "string",
"RebootOption": "string"
},
"Process": {
"LaunchedAt": "string",
"Name": "string",
"ParentPid": number,
"Path": "string",
"Pid": number,
"TerminatedAt": "string"
},
"ProductArn": "string",
"ProductFields": {
"string": "string"
},
"ProductName": "string",
"RecordState": "string",
"Region": "string",
"RelatedFindings": [{
"Id": "string",
"ProductArn": "string"
}],
"Remediation": {
"Recommendation": {
"Text": "string",
"Url": "string"
}
},
"Resources": [{
"ApplicationArn": "string",
"ApplicationName": "string",
"DataClassification": {
"DetailedResultsLocation": "string",
"Result": {
"AdditionalOccurrences": boolean,
"CustomDataIdentifiers": {
"Detections": [{
"Arn": "string",
"Count": integer,
"Name": "string",
"Occurrences": {
"Cells": [{
"CellReference": "string",
"Column": integer,
"ColumnName": "string",
"Row": integer
}],
"LineRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"OffsetRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"Pages": [{
"LineRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"OffsetRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"PageNumber": integer
}],
"Records": [{
"JsonPath": "string",
"RecordIndex": integer
}]
}
}],
"TotalCount": integer
},
"MimeType": "string",
"SensitiveData": [{
"Category": "string",
"Detections": [{
"Count": integer,
"Occurrences": {
"Cells": [{
"CellReference": "string",
"Column": integer,
"ColumnName": "string",
"Row": integer
}],
"LineRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"OffsetRanges": [{
"End": integer,
"Start": integer,
"StartColumn": integer
}],
"Pages": [{
"LineRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"OffsetRange": {
"End": integer,
"Start": integer,
"StartColumn": integer
},
"PageNumber": integer
}],
"Records": [{
"JsonPath": "string",
"RecordIndex": integer
}]
},
"Type": "string"
}],
"TotalCount": integer
}],
"SizeClassified": integer,
"Status": {
"Code": "string",
"Reason": "string"
}
}
},
"Details": {
"AwsAmazonMQBroker": {
"AutoMinorVersionUpgrade": boolean,
"BrokerArn": "string",
"BrokerId": "string",
"BrokerName": "string",
"Configuration": {
"Id": "string",
"Revision": integer
},
"DeploymentMode": "string",
"EncryptionOptions": {
"UseAwsOwnedKey": boolean
},
"EngineType": "string",
"EngineVersion": "string",
"HostInstanceType": "string",
"Logs": {
"Audit": boolean,
"AuditLogGroup": "string",
"General": boolean,
"GeneralLogGroup": "string"
},
"MaintenanceWindowStartTime": {
"DayOfWeek": "string",
"TimeOfDay": "string",
"TimeZone": "string"
},
"PubliclyAccessible": boolean,
"SecurityGroups": [
"string"
],
"StorageType": "string",
"SubnetIds": [
"string",
"string"
],
"Users": [{
"Username": "string"
}]
},
"AwsApiGatewayRestApi": {
"ApiKeySource": "string",
"BinaryMediaTypes": [" string"],
"CreatedDate": "string",
"Description": "string",
"EndpointConfiguration": {
"Types": ["string"]
},
"Id": "string",
"MinimumCompressionSize": number,
"Name": "string",
"Version": "string"
},
"AwsApiGatewayStage": {
"AccessLogSettings": {
"DestinationArn": "string",
"Format": "string"
},
"CacheClusterEnabled": boolean,
"CacheClusterSize": "string",
"CacheClusterStatus": "string",
"CanarySettings": {
"DeploymentId": "string",
"PercentTraffic": number,
"StageVariableOverrides": [{
"string": "string"
}],
"UseStageCache": boolean
},
"ClientCertificateId": "string",
"CreatedDate": "string",
"DeploymentId": "string",
"Description": "string",
"DocumentationVersion": "string",
"LastUpdatedDate": "string",
"MethodSettings": [{
"CacheDataEncrypted": boolean,
"CachingEnabled": boolean,
"CacheTtlInSeconds": number,
"DataTraceEnabled": boolean,
"HttpMethod": "string",
"LoggingLevel": "string",
"MetricsEnabled": boolean,
"RequireAuthorizationForCacheControl": boolean,
"ResourcePath": "string",
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number,
"UnauthorizedCacheControlHeaderStrategy": "string"
}],
"StageName": "string",
"TracingEnabled": boolean,
"Variables": {
"string": "string"
},
"WebAclArn": "string"
},
"AwsApiGatewayV2Api": {
"ApiEndpoint": "string",
"ApiId": "string",
"ApiKeySelectionExpression": "string",
"CorsConfiguration": {
"AllowCredentials": boolean,
"AllowHeaders": ["string"],
"AllowMethods": ["string"],
"AllowOrigins": ["string"],
"ExposeHeaders": ["string"],
"MaxAge": number
},
"CreatedDate": "string",
"Description": "string",
"Name": "string",
"ProtocolType": "string",
"RouteSelectionExpression": "string",
"Version": "string"
},
"AwsApiGatewayV2Stage": {
"AccessLogSettings": {
"DestinationArn": "string",
"Format": "string"
},
"ApiGatewayManaged": boolean,
"AutoDeploy": boolean,
"ClientCertificateId": "string",
"CreatedDate": "string",
"DefaultRouteSettings": {
"DataTraceEnabled": boolean,
"DetailedMetricsEnabled": boolean,
"LoggingLevel": "string",
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number
},
"DeploymentId": "string",
"Description": "string",
"LastDeploymentStatusMessage": "string",
"LastUpdatedDate": "string",
"RouteSettings": {
"DetailedMetricsEnabled": boolean,
"LoggingLevel": "string",
"DataTraceEnabled": boolean,
"ThrottlingBurstLimit": number,
"ThrottlingRateLimit": number
},
"StageName": "string",
"StageVariables": [{
"string": "string"
}]
},
"AwsAppSyncGraphQLApi": {
"AwsAppSyncGraphQlApi": {
"AdditionalAuthenticationProviders": [
{
"AuthenticationType": "string",
"LambdaAuthorizerConfig": {
"AuthorizerResultTtlInSeconds": integer,
"AuthorizerUri": "string"
}
},
{
"AuthenticationType": "string"
}
],
"ApiId": "string",
"Arn": "string",
"AuthenticationType": "string",
"Id": "string",
"LogConfig": {
"CloudWatchLogsRoleArn": "string",
"ExcludeVerboseContent": boolean,
"FieldLogLevel": "string"
},
"Name": "string",
"XrayEnabled": boolean
}
},
"AwsAthenaWorkGroup": {
"Description": "string",
"Name": "string",
"WorkgroupConfiguration": {
"ResultConfiguration": {
"EncryptionConfiguration": {
"EncryptionOption": "string",
"KmsKey": "string"
}
}
},
"State": "string"
},
"AwsAutoScalingAutoScalingGroup": {
"AvailabilityZones": [{
"Value": "string"
}],
"CreatedTime": "string",
"HealthCheckGracePeriod": integer,
"HealthCheckType": "string",
"LaunchConfigurationName": "string",
"LoadBalancerNames": ["string"],
"LaunchTemplate": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"MixedInstancesPolicy": {
"InstancesDistribution": {
"OnDemandAllocationStrategy": "string",
"OnDemandBaseCapacity": number,
"OnDemandPercentageAboveBaseCapacity": number,
"SpotAllocationStrategy": "string",
"SpotInstancePools": number,
"SpotMaxPrice": "string"
},
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"CapacityRebalance": boolean,
"Overrides": [{
"InstanceType": "string",
"WeightedCapacity": "string"
}]
}
}
},
"AwsAutoScalingLaunchConfiguration": {
"AssociatePublicIpAddress": boolean,
"BlockDeviceMappings": [{
"DeviceName": "string",
"Ebs": {
"DeleteOnTermination": boolean,
"Encrypted": boolean,
"Iops": number,
"SnapshotId": "string",
"VolumeSize": number,
"VolumeType": "string"
},
"NoDevice": boolean,
"VirtualName": "string"
}],
"ClassicLinkVpcId": "string",
"ClassicLinkVpcSecurityGroups": ["string"],
"CreatedTime": "string",
"EbsOptimized": boolean,
"IamInstanceProfile": "string"
},
"ImageId": "string",
"InstanceMonitoring": {
"Enabled": boolean
},
"InstanceType": "string",
"KernelId": "string",
"KeyName": "string",
"LaunchConfigurationName": "string",
"MetadataOptions": {
"HttpEndPoint": "string",
"HttpPutReponseHopLimit": number,
"HttpTokens": "string"
},
"PlacementTenancy": "string",
"RamdiskId": "string",
"SecurityGroups": ["string"],
"SpotPrice": "string",
"UserData": "string"
},
"AwsBackupBackupPlan": {
"BackupPlan": {
"AdvancedBackupSettings": [{
"BackupOptions": {
"WindowsVSS":"string"
},
"ResourceType":"string"
}],
"BackupPlanName": "string",
"BackupPlanRule": [{
"CompletionWindowMinutes": integer,
"CopyActions": [{
"DestinationBackupVaultArn": "string",
"Lifecycle": {
"DeleteAfterDays": integer,
"MoveToColdStorageAfterDays": integer
}
}],
"Lifecycle": {
"DeleteAfterDays": integer
},
"RuleName": "string",
"ScheduleExpression": "string",
"StartWindowMinutes": integer,
"TargetBackupVault": "string"
}]
},
"BackupPlanArn": "string",
"BackupPlanId": "string",
"VersionId": "string"
},
"AwsBackupBackupVault": {
"AccessPolicy": {
"Statement": [{
"Action": ["string"],
"Effect": "string",
"Principal": {
"AWS": "string"
},
"Resource": "string"
}],
"Version": "string"
},
"BackupVaultArn": "string",
"BackupVaultName": "string",
"EncryptionKeyArn": "string",
"Notifications": {
"BackupVaultEvents": ["string"],
"SNSTopicArn": "string"
}
},
"AwsBackupRecoveryPoint": {
"BackupSizeInBytes": integer,
"BackupVaultName": "string",
"BackupVaultArn": "string",
"CalculatedLifecycle": {
"DeleteAt": "string",
"MoveToColdStorageAt": "string"
},
"CompletionDate": "string",
"CreatedBy": {
"BackupPlanArn": "string",
"BackupPlanId": "string",
"BackupPlanVersion": "string",
"BackupRuleId": "string"
},
"CreationDate": "string",
"EncryptionKeyArn": "string",
"IamRoleArn": "string",
"IsEncrypted": boolean,
"LastRestoreTime": "string",
"Lifecycle": {
"DeleteAfterDays": integer,
"MoveToColdStorageAfterDays": integer
},
"RecoveryPointArn": "string",
"ResourceArn": "string",
"ResourceType": "string",
"SourceBackupVaultArn": "string",
"Status": "string",
"StatusMessage": "string",
"StorageClass": "string"
},
"AwsCertificateManagerCertificate": {
"CertificateAuthorityArn": "string",
"CreatedAt": "string",
"DomainName": "string",
"DomainValidationOptions": [{
"DomainName": "string",
"ResourceRecord": {
"Name": "string",
"Type": "string",
"Value": "string"
},
"ValidationDomain": "string",
"ValidationEmails": ["string"],
"ValidationMethod": "string",
"ValidationStatus": "string"
}],
"ExtendedKeyUsages": [{
"Name": "string",
"OId": "string"
}],
"FailureReason": "string",
"ImportedAt": "string",
"InUseBy": ["string"],
"IssuedAt": "string",
"Issuer": "string",
"KeyAlgorithm": "string",
"KeyUsages": [{
"Name": "string"
}],
"NotAfter": "string",
"NotBefore": "string",
"Options": {
"CertificateTransparencyLoggingPreference": "string"
},
"RenewalEligibility": "string",
"RenewalSummary": {
"DomainValidationOptions": [{
"DomainName": "string",
"ResourceRecord": {
"Name": "string",
"Type": "string",
"Value": "string"
},
"ValidationDomain": "string",
"ValidationEmails": ["string"],
"ValidationMethod": "string",
"ValidationStatus": "string"
}],
"RenewalStatus": "string",
"RenewalStatusReason": "string",
"UpdatedAt": "string"
},
"Serial": "string",
"SignatureAlgorithm": "string",
"Status": "string",
"Subject": "string",
"SubjectAlternativeNames": ["string"],
"Type": "string"
},
"AwsCloudFormationStack": {
"Capabilities": ["string"],
"CreationTime": "string",
"Description": "string",
"DisableRollback": boolean,
"DriftInformation": {
"StackDriftStatus": "string"
},
"EnableTerminationProtection": boolean,
"LastUpdatedTime": "string",
"NotificationArns": ["string"],
"Outputs": [{
"Description": "string",
"OutputKey": "string",
"OutputValue": "string"
}],
"RoleArn": "string",
"StackId": "string",
"StackName": "string",
"StackStatus": "string",
"StackStatusReason": "string",
"TimeoutInMinutes": number
},
"AwsCloudFrontDistribution": {
"CacheBehaviors": {
"Items": [{
"ViewerProtocolPolicy": "string"
}]
},
"DefaultCacheBehavior": {
"ViewerProtocolPolicy": "string"
},
"DefaultRootObject": "string",
"DomainName": "string",
"Etag": "string",
"LastModifiedTime": "string",
"Logging": {
"Bucket": "string",
"Enabled": boolean,
"IncludeCookies": boolean,
"Prefix": "string"
},
"OriginGroups": {
"Items": [{
"FailoverCriteria": {
"StatusCodes": {
"Items": [number],
"Quantity": number
}
}
}]
},
"Origins": {
"Items": [{
"CustomOriginConfig": {
"HttpPort": number,
"HttpsPort": number,
"OriginKeepaliveTimeout": number,
"OriginProtocolPolicy": "string",
"OriginReadTimeout": number,
"OriginSslProtocols": {
"Items": ["string"],
"Quantity": number
}
},
"DomainName": "string",
"Id": "string",
"OriginPath": "string",
"S3OriginConfig": {
"OriginAccessIdentity": "string"
}
}]
},
"Status": "string",
"ViewerCertificate": {
"AcmCertificateArn": "string",
"Certificate": "string",
"CertificateSource": "string",
"CloudFrontDefaultCertificate": boolean,
"IamCertificateId": "string",
"MinimumProtocolVersion": "string",
"SslSupportMethod": "string"
},
"WebAclId": "string"
},
"AwsCloudTrailTrail": {
"CloudWatchLogsLogGroupArn": "string",
"CloudWatchLogsRoleArn": "string",
"HasCustomEventSelectors": boolean,
"HomeRegion": "string",
"IncludeGlobalServiceEvents": boolean,
"IsMultiRegionTrail": boolean,
"IsOrganizationTrail": boolean,
"KmsKeyId": "string",
"LogFileValidationEnabled": boolean,
"Name": "string",
"S3BucketName": "string",
"S3KeyPrefix": "string",
"SnsTopicArn": "string",
"SnsTopicName": "string",
"TrailArn": "string"
},
"AwsCloudWatchAlarm": {
"ActionsEnabled": boolean,
"AlarmActions": ["string"],
"AlarmArn": "string",
"AlarmConfigurationUpdatedTimestamp": "string",
"AlarmDescription": "string",
"AlarmName": "string",
"ComparisonOperator": "string",
"DatapointsToAlarm": number,
"Dimensions": [{
"Name": "string",
"Value": "string"
}],
"EvaluateLowSampleCountPercentile": "string",
"EvaluationPeriods": number,
"ExtendedStatistic": "string",
"InsufficientDataActions": ["string"],
"MetricName": "string",
"Namespace": "string",
"OkActions": ["string"],
"Period": number,
"Statistic": "string",
"Threshold": number,
"ThresholdMetricId": "string",
"TreatMissingData": "string",
"Unit": "string"
},
"AwsCodeBuildProject": {
"Artifacts": [{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}],
"SecondaryArtifacts": [{
"ArtifactIdentifier": "string",
"Type": "string",
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"Packaging": "string",
"Path": "string",
"EncryptionDisabled": boolean,
"OverrideArtifactName": boolean
}],
"EncryptionKey": "string",
"Certificate": "string",
"Environment": {
"Certificate": "string",
"EnvironmentVariables": [{
"Name": "string",
"Type": "string",
"Value": "string"
}],
"ImagePullCredentialsType": "string",
"PrivilegedMode": boolean,
"RegistryCredential": {
"Credential": "string",
"CredentialProvider": "string"
},
"Type": "string"
},
"LogsConfig": {
"CloudWatchLogs": {
"GroupName": "string",
"Status": "string",
"StreamName": "string"
},
"S3Logs": {
"EncryptionDisabled": boolean,
"Location": "string",
"Status": "string"
}
},
"Name": "string",
"ServiceRole": "string",
"Source": {
"Type": "string",
"Location": "string",
"GitCloneDepth": integer
},
"VpcConfig": {
"VpcId": "string",
"Subnets": ["string"],
"SecurityGroupIds": ["string"]
}
},
"AwsDmsEndpoint": {
"CertificateArn": "string",
"DatabaseName": "string",
"EndpointArn": "string",
"EndpointIdentifier": "string",
"EndpointType": "string",
"EngineName": "string",
"KmsKeyId": "string",
"Port": integer,
"ServerName": "string",
"SslMode": "string",
"Username": "string"
},
"AwsDmsReplicationInstance": {
"AllocatedStorage": integer,
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZone": "string",
"EngineVersion": "string",
"KmsKeyId": "string",
"MultiAZ": boolean,
"PreferredMaintenanceWindow": "string",
"PubliclyAccessible": boolean,
"ReplicationInstanceClass": "string",
"ReplicationInstanceIdentifier": "string",
"ReplicationSubnetGroup": {
"ReplicationSubnetGroupIdentifier": "string"
},
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "string"
}
]
},
"AwsDmsReplicationTask": {
"CdcStartPosition": "string",
"Id": "string",
"MigrationType": "string",
"ReplicationInstanceArn": "string",
"ReplicationTaskIdentifier": "string",
"ReplicationTaskSettings": {
"string": "string"
},
"SourceEndpointArn": "string",
"TableMappings": {
"string": "string"
},
"TargetEndpointArn": "string"
},
"AwsDynamoDbTable": {
"AttributeDefinitions": [{
"AttributeName": "string",
"AttributeType": "string"
}],
"BillingModeSummary": {
"BillingMode": "string",
"LastUpdateToPayPerRequestDateTime": "string"
},
"CreationDateTime": "string",
"DeletionProtectionEnabled": boolean,
"GlobalSecondaryIndexes": [{
"Backfilling": boolean,
"IndexArn": "string",
"IndexName": "string",
"IndexSizeBytes": number,
"IndexStatus": "string",
"ItemCount": number,
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"Projection": {
"NonKeyAttributes": ["string"],
"ProjectionType": "string"
},
"ProvisionedThroughput": {
"LastDecreaseDateTime": "string",
"LastIncreaseDateTime": "string",
"NumberOfDecreasesToday": number,
"ReadCapacityUnits": number,
"WriteCapacityUnits": number
}
}],
"GlobalTableVersion": "string",
"ItemCount": number,
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"LatestStreamArn": "string",
"LatestStreamLabel": "string",
"LocalSecondaryIndexes": [{
"IndexArn": "string",
"IndexName": "string",
"KeySchema": [{
"AttributeName": "string",
"KeyType": "string"
}],
"Projection": {
"NonKeyAttributes": ["string"],
"ProjectionType": "string"
}
}],
"ProvisionedThroughput": {
"LastDecreaseDateTime": "string",
"LastIncreaseDateTime": "string",
"NumberOfDecreasesToday": number,
"ReadCapacityUnits": number,
"WriteCapacityUnits": number
},
"Replicas": [{
"GlobalSecondaryIndexes": [{
"IndexName": "string",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": number
}
}],
"KmsMasterKeyId": "string",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": number
},
"RegionName": "string",
"ReplicaStatus": "string",
"ReplicaStatusDescription": "string"
}],
"RestoreSummary": {
"RestoreDateTime": "string",
"RestoreInProgress": boolean,
"SourceBackupArn": "string",
"SourceTableArn": "string"
},
"SseDescription": {
"InaccessibleEncryptionDateTime": "string",
"KmsMasterKeyArn": "string",
"SseType": "string",
"Status": "string"
},
"StreamSpecification": {
"StreamEnabled": boolean,
"StreamViewType": "string"
},
"TableId": "string",
"TableName": "string",
"TableSizeBytes": number,
"TableStatus": "string"
},
"AwsEc2ClientVpnEndpoint": {
"AuthenticationOptions": [
{
"MutualAuthentication": {
"ClientRootCertificateChainArn": "string"
},
"Type": "string"
}
],
"ClientCidrBlock": "string",
"ClientConnectOptions": {
"Enabled": boolean
},
"ClientLoginBannerOptions": {
"Enabled": boolean
},
"ClientVpnEndpointId": "string",
"ConnectionLogOptions": {
"Enabled": boolean
},
"Description": "string",
"DnsServer": ["string"],
"ServerCertificateArn": "string",
"SecurityGroupIdSet": [
"string"
],
"SelfServicePortalUrl": "string",
"SessionTimeoutHours": "integer",
"SplitTunnel": boolean,
"TransportProtocol": "string",
"VpcId": "string",
"VpnPort": integer
},
"AwsEc2Eip": {
"AllocationId": "string",
"AssociationId": "string",
"Domain": "string",
"InstanceId": "string",
"NetworkBorderGroup": "string",
"NetworkInterfaceId": "string",
"NetworkInterfaceOwnerId": "string",
"PrivateIpAddress": "string",
"PublicIp": "string",
"PublicIpv4Pool": "string"
},
"AwsEc2Instance": {
"IamInstanceProfileArn": "string",
"ImageId": "string",
"IpV4Addresses": ["string"],
"IpV6Addresses": ["string"],
"KeyName": "string",
"LaunchedAt": "string",
"MetadataOptions": {
"HttpEndpoint": "string",
"HttpProtocolIpv6": "string",
"HttpPutResponseHopLimit": number,
"HttpTokens": "string",
"InstanceMetadataTags": "string"
},
"Monitoring": {
"State": "string"
},
"NetworkInterfaces": [{
"NetworkInterfaceId": "string"
}],
"SubnetId": "string",
"Type": "string",
"VirtualizationType": "string",
"VpcId": "string"
},
"AwsEc2LaunchTemplate": {
"DefaultVersionNumber": "string",
"ElasticGpuSpecifications": ["string"],
"ElasticInferenceAccelerators": ["string"],
"Id": "string",
"ImageId": "string",
"LatestVersionNumber": "string",
"LaunchTemplateData": {
"BlockDeviceMappings": [{
"DeviceName": "string",
"Ebs": {
"DeleteonTermination": boolean,
"Encrypted": boolean,
"SnapshotId": "string",
"VolumeSize": number,
"VolumeType": "string"
}
}],
"MetadataOptions": {
"HttpTokens": "string",
"HttpPutResponseHopLimit" : number
},
"Monitoring": {
"Enabled": boolean
},
"NetworkInterfaces": [{
"AssociatePublicIpAddress" : boolean
}]
},
"LaunchTemplateName": "string",
"LicenseSpecifications": ["string"],
"SecurityGroupIds": ["string"],
"SecurityGroups": ["string"],
"TagSpecifications": ["string"]
},
"AwsEc2NetworkAcl": {
"Associations": [{
"NetworkAclAssociationId": "string",
"NetworkAclId": "string",
"SubnetId": "string"
}],
"Entries": [{
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string",
"RuleNumber": number
}],
"IsDefault": boolean,
"NetworkAclId": "string",
"OwnerId": "string",
"VpcId": "string"
},
"AwsEc2NetworkInterface": {
"Attachment": {
"AttachmentId": "string",
"AttachTime": "string",
"DeleteOnTermination": boolean,
"DeviceIndex": number,
"InstanceId": "string",
"InstanceOwnerId": "string",
"Status": "string"
},
"Ipv6Addresses": [{
"Ipv6Address": "string"
}],
"NetworkInterfaceId": "string",
"PrivateIpAddresses": [{
"PrivateDnsName": "string",
"PrivateIpAddress": "string"
}],
"PublicDnsName": "string",
"PublicIp": "string",
"SecurityGroups": [{
"GroupId": "string",
"GroupName": "string"
}],
"SourceDestCheck": boolean
},
"AwsEc2RouteTable": {
"AssociationSet": [{
"AssociationState": {
"State": "string"
},
"Main": boolean,
"RouteTableAssociationId": "string",
"RouteTableId": "string"
}],
"PropogatingVgwSet": [],
"RouteTableId": "string",
"RouteSet": [
{
"DestinationCidrBlock": "string",
"GatewayId": "string",
"Origin": "string",
"State": "string"
},
{
"DestinationCidrBlock": "string",
"GatewayId": "string",
"Origin": "string",
"State": "string"
}
],
"VpcId": "string"
},
"AwsEc2SecurityGroup": {
"GroupId": "string",
"GroupName": "string",
"IpPermissions": [{
"FromPort": number,
"IpProtocol": "string",
"IpRanges": [{
"CidrIp": "string"
}],
"Ipv6Ranges": [{
"CidrIpv6": "string"
}],
"PrefixListIds": [{
"PrefixListId": "string"
}],
"ToPort": number,
"UserIdGroupPairs": [{
"GroupId": "string",
"GroupName": "string",
"PeeringStatus": "string",
"UserId": "string",
"VpcId": "string",
"VpcPeeringConnectionId": "string"
}]
}],
"IpPermissionsEgress": [{
"FromPort": number,
"IpProtocol": "string",
"IpRanges": [{
"CidrIp": "string"
}],
"Ipv6Ranges": [{
"CidrIpv6": "string"
}],
"PrefixListIds": [{
"PrefixListId": "string"
}],
"ToPort": number,
"UserIdGroupPairs": [{
"GroupId": "string",
"GroupName": "string",
"PeeringStatus": "string",
"UserId": "string",
"VpcId": "string",
"VpcPeeringConnectionId": "string"
}]
}],
"OwnerId": "string",
"VpcId": "string"
},
"AwsEc2Subnet": {
"AssignIpv6AddressOnCreation": boolean,
"AvailabilityZone": "string",
"AvailabilityZoneId": "string",
"AvailableIpAddressCount": number,
"CidrBlock": "string",
"DefaultForAz": boolean,
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "string",
"Ipv6CidrBlock": "string",
"CidrBlockState": "string"
}],
"MapPublicIpOnLaunch": boolean,
"OwnerId": "string",
"State": "string",
"SubnetArn": "string",
"SubnetId": "string",
"VpcId": "string"
},
"AwsEc2TransitGateway": {
"AmazonSideAsn": number,
"AssociationDefaultRouteTableId": "string",
"AutoAcceptSharedAttachments": "string",
"DefaultRouteTableAssociation": "string",
"DefaultRouteTablePropagation": "string",
"Description": "string",
"DnsSupport": "string",
"Id": "string",
"MulticastSupport": "string",
"PropagationDefaultRouteTableId": "string",
"TransitGatewayCidrBlocks": ["string"],
"VpnEcmpSupport": "string"
},
"AwsEc2Volume": {
"Attachments": [{
"AttachTime": "string",
"DeleteOnTermination": boolean,
"InstanceId": "string",
"Status": "string"
}],
"CreateTime": "string",
"DeviceName": "string",
"Encrypted": boolean,
"KmsKeyId": "string",
"Size": number,
"SnapshotId": "string",
"Status": "string",
"VolumeId": "string",
"VolumeScanStatus": "string",
"VolumeType": "string"
},
"AwsEc2Vpc": {
"CidrBlockAssociationSet": [{
"AssociationId": "string",
"CidrBlock": "string",
"CidrBlockState": "string"
}],
"DhcpOptionsId": "string",
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "string",
"CidrBlockState": "string",
"Ipv6CidrBlock": "string"
}],
"State": "string"
},
"AwsEc2VpcEndpointService": {
"AcceptanceRequired": boolean,
"AvailabilityZones": ["string"],
"BaseEndpointDnsNames": ["string"],
"ManagesVpcEndpoints": boolean,
"GatewayLoadBalancerArns": ["string"],
"NetworkLoadBalancerArns": ["string"],
"PrivateDnsName": "string",
"ServiceId": "string",
"ServiceName": "string",
"ServiceState": "string",
"ServiceType": [{
"ServiceType": "string"
}]
},
"AwsEc2VpcPeeringConnection": {
"AccepterVpcInfo": {
"CidrBlock": "string",
"CidrBlockSet": [{
"CidrBlock": "string"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "string"
}],
"OwnerId": "string",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": boolean,
"AllowEgressFromLocalClassicLinkToRemoteVpc": boolean,
"AllowEgressFromLocalVpcToRemoteClassicLink": boolean
},
"Region": "string",
"VpcId": "string"
},
"ExpirationTime": "string",
"RequesterVpcInfo": {
"CidrBlock": "string",
"CidrBlockSet": [{
"CidrBlock": "string"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "string"
}],
"OwnerId": "string",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": boolean,
"AllowEgressFromLocalClassicLinkToRemoteVpc": boolean,
"AllowEgressFromLocalVpcToRemoteClassicLink": boolean
},
"Region": "string",
"VpcId": "string"
},
"Status": {
"Code": "string",
"Message": "string"
},
"VpcPeeringConnectionId": "string"
},
"AwsEcrContainerImage": {
"Architecture": "string",
"ImageDigest": "string",
"ImagePublishedAt": "string",
"ImageTags": ["string"],
"RegistryId": "string",
"RepositoryName": "string"
},
"AwsEcrRepository": {
"Arn": "string",
"ImageScanningConfiguration": {
"ScanOnPush": boolean
},
"ImageTagMutability": "string",
"LifecyclePolicy": {
"LifecyclePolicyText": "string",
"RegistryId": "string"
},
"RepositoryName": "string",
"RepositoryPolicyText": "string"
},
"AwsEcsCluster": {
"ActiveServicesCount": number,
"CapacityProviders": ["string"],
"ClusterArn": "string",
"ClusterName": "string",
"ClusterSettings": [{
"Name": "string",
"Value": "string"
}],
"Configuration": {
"ExecuteCommandConfiguration": {
"KmsKeyId": "string",
"LogConfiguration": {
"CloudWatchEncryptionEnabled": boolean,
"CloudWatchLogGroupName": "string",
"S3BucketName": "string",
"S3EncryptionEnabled": boolean,
"S3KeyPrefix": "string"
},
"Logging": "string"
}
},
"DefaultCapacityProviderStrategy": [{
"Base": number,
"CapacityProvider": "string",
"Weight": number
}],
"RegisteredContainerInstancesCount": number,
"RunningTasksCount": number,
"Status": "string"
},
"AwsEcsContainer": {
"Image": "string",
"MountPoints": [{
"ContainerPath": "string",
"SourceVolume": "string"
}],
"Name": "string",
"Privileged": boolean
},
"AwsEcsService": {
"CapacityProviderStrategy": [{
"Base": number,
"CapacityProvider": "string",
"Weight": number
}],
"Cluster": "string",
"DeploymentConfiguration": {
"DeploymentCircuitBreaker": {
"Enable": boolean,
"Rollback": boolean
},
"MaximumPercent": number,
"MinimumHealthyPercent": number
},
"DeploymentController": {
"Type": "string"
},
"DesiredCount": number,
"EnableEcsManagedTags": boolean,
"EnableExecuteCommand": boolean,
"HealthCheckGracePeriodSeconds": number,
"LaunchType": "string",
"LoadBalancers": [{
"ContainerName": "string",
"ContainerPort": number,
"LoadBalancerName": "string",
"TargetGroupArn": "string"
}],
"Name": "string",
"NetworkConfiguration": {
"AwsVpcConfiguration": {
"AssignPublicIp": "string",
"SecurityGroups": ["string"],
"Subnets": ["string"]
}
},
"PlacementConstraints": [{
"Expression": "string",
"Type": "string"
}],
"PlacementStrategies": [{
"Field": "string",
"Type": "string"
}],
"PlatformVersion": "string",
"PropagateTags": "string",
"Role": "string",
"SchedulingStrategy": "string",
"ServiceArn": "string",
"ServiceName": "string",
"ServiceRegistries": [{
"ContainerName": "string",
"ContainerPort": number,
"Port": number,
"RegistryArn": "string"
}],
"TaskDefinition": "string"
},
"AwsEcsTask": {
"CreatedAt": "string",
"ClusterArn": "string",
"Group": "string",
"StartedAt": "string",
"StartedBy": "string",
"TaskDefinitionArn": "string",
"Version": number,
"Volumes": [{
"Name": "string",
"Host": {
"SourcePath": "string"
}
}],
"Containers": [{
"Image": "string",
"MountPoints": [{
"ContainerPath": "string",
"SourceVolume": "string"
}],
"Name": "string",
"Privileged": boolean
}]
},
"AwsEcsTaskDefinition": {
"ContainerDefinitions": [{
"Command": ["string"],
"Cpu": number,
"DependsOn": [{
"Condition": "string",
"ContainerName": "string"
}],
"DisableNetworking": boolean,
"DnsSearchDomains": ["string"],
"DnsServers": ["string"],
"DockerLabels": {
"string": "string"
},
"DockerSecurityOptions": ["string"],
"EntryPoint": ["string"],
"Environment": [{
"Name": "string",
"Value": "string"
}],
"EnvironmentFiles": [{
"Type": "string",
"Value": "string"
}],
"Essential": boolean,
"ExtraHosts": [{
"Hostname": "string",
"IpAddress": "string"
}],
"FirelensConfiguration": {
"Options": {
"string": "string"
},
"Type": "string"
},
"HealthCheck": {
"Command": ["string"],
"Interval": number,
"Retries": number,
"StartPeriod": number,
"Timeout": number
},
"Hostname": "string",
"Image": "string",
"Interactive": boolean,
"Links": ["string"],
"LinuxParameters": {
"Capabilities": {
"Add": ["string"],
"Drop": ["string"]
},
"Devices": [{
"ContainerPath": "string",
"HostPath": "string",
"Permissions": ["string"]
}],
"InitProcessEnabled": boolean,
"MaxSwap": number,
"SharedMemorySize": number,
"Swappiness": number,
"Tmpfs": [{
"ContainerPath": "string",
"MountOptions": ["string"],
"Size": number
}]
},
"LogConfiguration": {
"LogDriver": "string",
"Options": {
"string": "string"
},
"SecretOptions": [{
"Name": "string",
"ValueFrom": "string"
}]
},
"Memory": number,
"MemoryReservation": number,
"MountPoints": [{
"ContainerPath": "string",
"ReadOnly": boolean,
"SourceVolume": "string"
}],
"Name": "string",
"PortMappings": [{
"ContainerPort": number,
"HostPort": number,
"Protocol": "string"
}],
"Privileged": boolean,
"PseudoTerminal": boolean,
"ReadonlyRootFilesystem": boolean,
"RepositoryCredentials": {
"CredentialsParameter": "string"
},
"ResourceRequirements": [{
"Type": "string",
"Value": "string"
}],
"Secrets": [{
"Name": "string",
"ValueFrom": "string"
}],
"StartTimeout": number,
"StopTimeout": number,
"SystemControls": [{
"Namespace": "string",
"Value": "string"
}],
"Ulimits": [{
"HardLimit": number,
"Name": "string",
"SoftLimit": number
}],
"User": "string",
"VolumesFrom": [{
"ReadOnly": boolean,
"SourceContainer": "string"
}],
"WorkingDirectory": "string"
}],
"Cpu": "string",
"ExecutionRoleArn": "string",
"Family": "string",
"InferenceAccelerators": [{
"DeviceName": "string",
"DeviceType": "string"
}],
"IpcMode": "string",
"Memory": "string",
"NetworkMode": "string",
"PidMode": "string",
"PlacementConstraints": [{
"Expression": "string",
"Type": "string"
}],
"ProxyConfiguration": {
"ContainerName": "string",
"ProxyConfigurationProperties": [{
"Name": "string",
"Value": "string"
}],
"Type": "string"
},
"RequiresCompatibilities": ["string"],
"Status": "string",
"TaskRoleArn": "string",
"Volumes": [{
"DockerVolumeConfiguration": {
"Autoprovision": boolean,
"Driver": "string",
"DriverOpts": {
"string": "string"
},
"Labels": {
"string": "string"
},
"Scope": "string"
},
"EfsVolumeConfiguration": {
"AuthorizationConfig": {
"AccessPointId": "string",
"Iam": "string"
},
"FilesystemId": "string",
"RootDirectory": "string",
"TransitEncryption": "string",
"TransitEncryptionPort": number
},
"Host": {
"SourcePath": "string"
},
"Name": "string"
}]
},
"AwsEfsAccessPoint": {
"AccessPointId": "string",
"Arn": "string",
"ClientToken": "string",
"FileSystemId": "string",
"PosixUser": {
"Gid": "string",
"SecondaryGids": ["string"],
"Uid": "string"
},
"RootDirectory": {
"CreationInfo": {
"OwnerGid": "string",
"OwnerUid": "string",
"Permissions": "string"
},
"Path": "string"
}
},
"AwsEksCluster": {
"Arn": "string",
"CertificateAuthorityData": "string",
"ClusterStatus": "string",
"Endpoint": "string",
"Logging": {
"ClusterLogging": [{
"Enabled": boolean,
"Types": ["string"]
}]
},
"Name": "string",
"ResourcesVpcConfig": {
"EndpointPublicAccess": boolean,
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
},
"RoleArn": "string",
"Version": "string"
},
"AwsElasticBeanstalkEnvironment": {
"ApplicationName": "string",
"Cname": "string",
"DateCreated": "string",
"DateUpdated": "string",
"Description": "string",
"EndpointUrl": "string",
"EnvironmentArn": "string",
"EnvironmentId": "string",
"EnvironmentLinks": [{
"EnvironmentName": "string",
"LinkName": "string"
}],
"EnvironmentName": "string",
"OptionSettings": [{
"Namespace": "string",
"OptionName": "string",
"ResourceName": "string",
"Value": "string"
}],
"PlatformArn": "string",
"SolutionStackName": "string",
"Status": "string",
"Tier": {
"Name": "string",
"Type": "string",
"Version": "string"
},
"VersionLabel": "string"
},
"AwsElasticSearchDomain": {
"AccessPolicies": "string",
"DomainStatus": {
"DomainId": "string",
"DomainName": "string",
"Endpoint": "string",
"Endpoints": {
"string": "string"
}
},
"DomainEndpointOptions": {
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"ElasticsearchClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"ElasticsearchVersion": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VPCOptions": {
"AvailabilityZones": [
"string"
],
"SecurityGroupIds": [
"string"
],
"SubnetIds": [
"string"
],
"VPCId": "string"
}
},
"AwsElbLoadBalancer": {
"AvailabilityZones": ["string"],
"BackendServerDescriptions": [{
"InstancePort": number,
"PolicyNames": ["string"]
}],
"CanonicalHostedZoneName": "string",
"CanonicalHostedZoneNameID": "string",
"CreatedTime": "string",
"DnsName": "string",
"HealthCheck": {
"HealthyThreshold": number,
"Interval": number,
"Target": "string",
"Timeout": number,
"UnhealthyThreshold": number
},
"Instances": [{
"InstanceId": "string"
}],
"ListenerDescriptions": [{
"Listener": {
"InstancePort": number,
"InstanceProtocol": "string",
"LoadBalancerPort": number,
"Protocol": "string",
"SslCertificateId": "string"
},
"PolicyNames": ["string"]
}],
"LoadBalancerAttributes": {
"AccessLog": {
"EmitInterval": number,
"Enabled": boolean,
"S3BucketName": "string",
"S3BucketPrefix": "string"
},
"ConnectionDraining": {
"Enabled": boolean,
"Timeout": number
},
"ConnectionSettings": {
"IdleTimeout": number
},
"CrossZoneLoadBalancing": {
"Enabled": boolean
},
"AdditionalAttributes": [{
"Key": "string",
"Value": "string"
}]
},
"LoadBalancerName": "string",
"Policies": {
"AppCookieStickinessPolicies": [{
"CookieName": "string",
"PolicyName": "string"
}],
"LbCookieStickinessPolicies": [{
"CookieExpirationPeriod": number,
"PolicyName": "string"
}],
"OtherPolicies": ["string"]
},
"Scheme": "string",
"SecurityGroups": ["string"],
"SourceSecurityGroup": {
"GroupName": "string",
"OwnerAlias": "string"
},
"Subnets": ["string"],
"VpcId": "string"
},
"AwsElbv2LoadBalancer": {
"AvailabilityZones": {
"SubnetId": "string",
"ZoneName": "string"
},
"CanonicalHostedZoneId": "string",
"CreatedTime": "string",
"DNSName": "string",
"IpAddressType": "string",
"LoadBalancerAttributes": [{
"Key": "string",
"Value": "string"
}],
"Scheme": "string",
"SecurityGroups": ["string"],
"State": {
"Code": "string",
"Reason": "string"
},
"Type": "string",
"VpcId": "string"
},
"AwsEventSchemasRegistry": {
"Description": "string",
"RegistryArn": "string",
"RegistryName": "string"
},
"AwsEventsEndpoint": {
"Arn": "string",
"Description": "string",
"EndpointId": "string",
"EndpointUrl": "string",
"EventBuses": [
{
"EventBusArn": "string"
},
{
"EventBusArn": "string"
}
],
"Name": "string",
"ReplicationConfig": {
"State": "string"
},
"RoleArn": "string",
"RoutingConfig": {
"FailoverConfig": {
"Primary": {
"HealthCheck": "string"
},
"Secondary": {
"Route": "string"
}
}
},
"State": "string"
},
"AwsEventsEventBus": {
"Arn": "string",
"Name": "string",
"Policy": "string"
},
"AwsGuardDutyDetector": {
"FindingPublishingFrequency": "string",
"ServiceRole": "string",
"Status": "string",
"DataSources": {
"CloudTrail": {
"Status": "string"
},
"DnsLogs": {
"Status": "string"
},
"FlowLogs": {
"Status": "string"
},
"S3Logs": {
"Status": "string"
},
"Kubernetes": {
"AuditLogs": {
"Status": "string"
}
},
"MalwareProtection": {
"ScanEc2InstanceWithFindings": {
"EbsVolumes": {
"Status": "string"
}
},
"ServiceRole": "string"
}
}
},
"AwsIamAccessKey": {
"AccessKeyId": "string",
"AccountId": "string",
"CreatedAt": "string",
"PrincipalId": "string",
"PrincipalName": "string",
"PrincipalType": "string",
"SessionContext": {
"Attributes": {
"CreationDate": "string",
"MfaAuthenticated": boolean
},
"SessionIssuer": {
"AccountId": "string",
"Arn": "string",
"PrincipalId": "string",
"Type": "string",
"UserName": "string"
}
},
"Status": "string"
},
"AwsIamGroup": {
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"GroupId": "string",
"GroupName": "string",
"GroupPolicyList": [{
"PolicyName": "string"
}],
"Path": "string"
},
"AwsIamPolicy": {
"AttachmentCount": number,
"CreateDate": "string",
"DefaultVersionId": "string",
"Description": "string",
"IsAttachable": boolean,
"Path": "string",
"PermissionsBoundaryUsageCount": number,
"PolicyId": "string",
"PolicyName": "string",
"PolicyVersionList": [{
"CreateDate": "string",
"IsDefaultVersion": boolean,
"VersionId": "string"
}],
"UpdateDate": "string"
},
"AwsIamRole": {
"AssumeRolePolicyDocument": "string",
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"InstanceProfileList": [{
"Arn": "string",
"CreateDate": "string",
"InstanceProfileId": "string",
"InstanceProfileName": "string",
"Path": "string",
"Roles": [{
"Arn": "string",
"AssumeRolePolicyDocument": "string",
"CreateDate": "string",
"Path": "string",
"RoleId": "string",
"RoleName": "string"
}]
}],
"MaxSessionDuration": number,
"Path": "string",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "string",
"PermissionsBoundaryType": "string"
},
"RoleId": "string",
"RoleName": "string",
"RolePolicyList": [{
"PolicyName": "string"
}]
},
"AwsIamUser": {
"AttachedManagedPolicies": [{
"PolicyArn": "string",
"PolicyName": "string"
}],
"CreateDate": "string",
"GroupList": ["string"],
"Path": "string",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "string",
"PermissionsBoundaryType": "string"
},
"UserId": "string",
"UserName": "string",
"UserPolicyList": [{
"PolicyName": "string"
}]
},
"AwsKinesisStream": {
"Arn": "string",
"Name": "string",
"RetentionPeriodHours": number,
"ShardCount": number,
"StreamEncryption": {
"EncryptionType": "string",
"KeyId": "string"
}
},
"AwsKmsKey": {
"AWSAccountId": "string",
"CreationDate": "string",
"Description": "string",
"KeyId": "string",
"KeyManager": "string",
"KeyRotationStatus": boolean,
"KeyState": "string",
"Origin": "string"
},
"AwsLambdaFunction": {
"Architectures": [
"string"
],
"Code": {
"S3Bucket": "string",
"S3Key": "string",
"S3ObjectVersion": "string",
"ZipFile": "string"
},
"CodeSha256": "string",
"DeadLetterConfig": {
"TargetArn": "string"
},
"Environment": {
"Variables": {
"Stage": "string"
},
"Error": {
"ErrorCode": "string",
"Message": "string"
}
},
"FunctionName": "string",
"Handler": "string",
"KmsKeyArn": "string",
"LastModified": "string",
"Layers": {
"Arn": "string",
"CodeSize": number
},
"PackageType": "string",
"RevisionId": "string",
"Role": "string",
"Runtime": "string",
"Timeout": integer,
"TracingConfig": {
"Mode": "string"
},
"Version": "string",
"VpcConfig": {
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
},
"MasterArn": "string",
"MemorySize": number
},
"AwsLambdaLayerVersion": {
"CompatibleRuntimes": [
"string"
],
"CreatedDate": "string",
"Version": number
},
"AwsMskCluster": {
"ClusterInfo": {
"ClientAuthentication": {
"Sasl": {
"Scram": {
"Enabled": boolean
},
"Iam": {
"Enabled": boolean
}
},
"Tls": {
"CertificateAuthorityArnList": [],
"Enabled": boolean
},
"Unauthenticated": {
"Enabled": boolean
}
},
"ClusterName": "string",
"CurrentVersion": "string",
"EncryptionInfo": {
"EncryptionAtRest": {
"DataVolumeKMSKeyId": "string"
},
"EncryptionInTransit": {
"ClientBroker": "string",
"InCluster": boolean
}
},
"EnhancedMonitoring": "string",
"NumberOfBrokerNodes": integer
}
},
"AwsNetworkFirewallFirewall": {
"DeleteProtection": boolean,
"Description": "string",
"FirewallArn": "string",
"FirewallId": "string",
"FirewallName": "string",
"FirewallPolicyArn": "string",
"FirewallPolicyChangeProtection": boolean,
"SubnetChangeProtection": boolean,
"SubnetMappings": [{
"SubnetId": "string"
}],
"VpcId": "string"
},
"AwsNetworkFirewallFirewallPolicy": {
"Description": "string",
"FirewallPolicy": {
"StatefulRuleGroupReferences": [{
"ResourceArn": "string"
}],
"StatelessCustomActions": [{
"ActionDefinition": {
"PublishMetricAction": {
"Dimensions": [{
"Value": "string"
}]
}
},
"ActionName": "string"
}],
"StatelessDefaultActions": ["string"],
"StatelessFragmentDefaultActions": ["string"],
"StatelessRuleGroupReferences": [{
"Priority": number,
"ResourceArn": "string"
}]
},
"FirewallPolicyArn": "string",
"FirewallPolicyId": "string",
"FirewallPolicyName": "string"
},
"AwsNetworkFirewallRuleGroup": {
"Capacity": number,
"Description": "string",
"RuleGroup": {
"RulesSource": {
"RulesSourceList": {
"GeneratedRulesType": "string",
"Targets": ["string"],
"TargetTypes": ["string"]
},
"RulesString": "string",
"StatefulRules": [{
"Action": "string",
"Header": {
"Destination": "string",
"DestinationPort": "string",
"Direction": "string",
"Protocol": "string",
"Source": "string",
"SourcePort": "string"
},
"RuleOptions": [{
"Keyword": "string",
"Settings": ["string"]
}]
}],
"StatelessRulesAndCustomActions": {
"CustomActions": [{
"ActionDefinition": {
"PublishMetricAction": {
"Dimensions": [{
"Value": "string"
}]
}
},
"ActionName": "string"
}],
"StatelessRules": [{
"Priority": number,
"RuleDefinition": {
"Actions": ["string"],
"MatchAttributes": {
"DestinationPorts": [{
"FromPort": number,
"ToPort": number
}],
"Destinations": [{
"AddressDefinition": "string"
}],
"Protocols": [number],
"SourcePorts": [{
"FromPort": number,
"ToPort": number
}],
"Sources": [{
"AddressDefinition": "string"
}],
"TcpFlags": [{
"Flags": ["string"],
"Masks": ["string"]
}]
}
}
}]
}
},
"RuleVariables": {
"IpSets": {
"Definition": ["string"]
},
"PortSets": {
"Definition": ["string"]
}
}
},
"RuleGroupArn": "string",
"RuleGroupId": "string",
"RuleGroupName": "string",
"Type": "string"
},
"AwsOpenSearchServiceDomain": {
"AccessPolicies": "string",
"AdvancedSecurityOptions": {
"Enabled": boolean,
"InternalUserDatabaseEnabled": boolean,
"MasterUserOptions": {
"MasterUserArn": "string",
"MasterUserName": "string",
"MasterUserPassword": "string"
}
},
"Arn": "string",
"ClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"WarmCount": number,
"WarmEnabled": boolean,
"WarmType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"DomainEndpoint": "string",
"DomainEndpointOptions": {
"CustomEndpoint": "string",
"CustomEndpointCertificateArn": "string",
"CustomEndpointEnabled": boolean,
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"DomainEndpoints": {
"string": "string"
},
"DomainName": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"EngineVersion": "string",
"Id": "string",
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"OptionalDeployment": boolean,
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VpcOptions": {
"SecurityGroupIds": ["string"],
"SubnetIds": ["string"]
}
},
"AwsRdsDbCluster": {
"ActivityStreamStatus": "string",
"AllocatedStorage": number,
"AssociatedRoles": [{
"RoleArn": "string",
"Status": "string"
}],
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZones": ["string"],
"BackupRetentionPeriod": integer,
"ClusterCreateTime": "string",
"CopyTagsToSnapshot": boolean,
"CrossAccountClone": boolean,
"CustomEndpoints": ["string"],
"DatabaseName": "string",
"DbClusterIdentifier": "string",
"DbClusterMembers": [{
"DbClusterParameterGroupStatus": "string",
"DbInstanceIdentifier": "string",
"IsClusterWriter": boolean,
"PromotionTier": integer
}],
"DbClusterOptionGroupMemberships": [{
"DbClusterOptionGroupName": "string",
"Status": "string"
}],
"DbClusterParameterGroup": "string",
"DbClusterResourceId": "string",
"DbSubnetGroup": "string",
"DeletionProtection": boolean,
"DomainMemberships": [{
"Domain": "string",
"Fqdn": "string",
"IamRoleName": "string",
"Status": "string"
}],
"EnabledCloudwatchLogsExports": ["string"],
"Endpoint": "string",
"Engine": "string",
"EngineMode": "string",
"EngineVersion": "string",
"HostedZoneId": "string",
"HttpEndpointEnabled": boolean,
"IamDatabaseAuthenticationEnabled": boolean,
"KmsKeyId": "string",
"MasterUsername": "string",
"MultiAz": boolean,
"Port": integer,
"PreferredBackupWindow": "string",
"PreferredMaintenanceWindow": "string",
"ReaderEndpoint": "string",
"ReadReplicaIdentifiers": ["string"],
"Status": "string",
"StorageEncrypted": boolean,
"VpcSecurityGroups": [{
"Status": "string",
"VpcSecurityGroupId": "string"
}]
},
"AwsRdsDbClusterSnapshot": {
"AllocatedStorage": integer,
"AvailabilityZones": ["string"],
"ClusterCreateTime": "string",
"DbClusterIdentifier": "string",
"DbClusterSnapshotAttributes": [{
"AttributeName": "string",
"AttributeValues": ["string"]
}],
"DbClusterSnapshotIdentifier": "string",
"Engine": "string",
"EngineVersion": "string",
"IamDatabaseAuthenticationEnabled": boolean,
"KmsKeyId": "string",
"LicenseModel": "string",
"MasterUsername": "string",
"PercentProgress": integer,
"Port": integer,
"SnapshotCreateTime": "string",
"SnapshotType": "string",
"Status": "string",
"StorageEncrypted": boolean,
"VpcId": "string"
},
"AwsRdsDbInstance": {
"AllocatedStorage": number,
"AssociatedRoles": [{
"RoleArn": "string",
"FeatureName": "string",
"Status": "string"
}],
"AutoMinorVersionUpgrade": boolean,
"AvailabilityZone": "string",
"BackupRetentionPeriod": number,
"CACertificateIdentifier": "string",
"CharacterSetName": "string",
"CopyTagsToSnapshot": boolean,
"DBClusterIdentifier": "string",
"DBInstanceClass": "string",
"DBInstanceIdentifier": "string",
"DbInstancePort": number,
"DbInstanceStatus": "string",
"DbiResourceId": "string",
"DBName": "string",
"DbParameterGroups": [{
"DbParameterGroupName": "string",
"ParameterApplyStatus": "string"
}],
"DbSecurityGroups": ["string"],
"DbSubnetGroup": {
"DbSubnetGroupArn": "string",
"DbSubnetGroupDescription": "string",
"DbSubnetGroupName": "string",
"SubnetGroupStatus": "string",
"Subnets": [{
"SubnetAvailabilityZone": {
"Name": "string"
},
"SubnetIdentifier": "string",
"SubnetStatus": "string"
}],
"VpcId": "string"
},
"DeletionProtection": boolean,
"Endpoint": {
"Address": "string",
"Port": number,
"HostedZoneId": "string"
},
"DomainMemberships": [{
"Domain": "string",
"Fqdn": "string",
"IamRoleName": "string",
"Status": "string"
}],
"EnabledCloudwatchLogsExports": ["string"],
"Engine": "string",
"EngineVersion": "string",
"EnhancedMonitoringResourceArn": "string",
"IAMDatabaseAuthenticationEnabled": boolean,
"InstanceCreateTime": "string",
"Iops": number,
"KmsKeyId": "string",
"LatestRestorableTime": "string",
"LicenseModel": "string",
"ListenerEndpoint": {
"Address": "string",
"HostedZoneId": "string",
"Port": number
},
"MasterUsername": "admin",
"MaxAllocatedStorage": number,
"MonitoringInterval": number,
"MonitoringRoleArn": "string",
"MultiAz": boolean,
"OptionGroupMemberships": [{
"OptionGroupName": "string",
"Status": "string"
}],
"PendingModifiedValues": {
"AllocatedStorage": number,
"BackupRetentionPeriod": number,
"CaCertificateIdentifier": "string",
"DbInstanceClass": "string",
"DbInstanceIdentifier": "string",
"DbSubnetGroupName": "string",
"EngineVersion": "string",
"Iops": number,
"LicenseModel": "string",
"MasterUserPassword": "string",
"MultiAZ": boolean,
"PendingCloudWatchLogsExports": {
"LogTypesToDisable": ["string"],
"LogTypesToEnable": ["string"]
},
"Port": number,
"ProcessorFeatures": [{
"Name": "string",
"Value": "string"
}],
"StorageType": "string"
},
"PerformanceInsightsEnabled": boolean,
"PerformanceInsightsKmsKeyId": "string",
"PerformanceInsightsRetentionPeriod": number,
"PreferredBackupWindow": "string",
"PreferredMaintenanceWindow": "string",
"ProcessorFeatures": [{
"Name": "string",
"Value": "string"
}],
"PromotionTier": number,
"PubliclyAccessible": boolean,
"ReadReplicaDBClusterIdentifiers": ["string"],
"ReadReplicaDBInstanceIdentifiers": ["string"],
"ReadReplicaSourceDBInstanceIdentifier": "string",
"SecondaryAvailabilityZone": "string",
"StatusInfos": [{
"Message": "string",
"Normal": boolean,
"Status": "string",
"StatusType": "string"
}],
"StorageEncrypted": boolean,
"TdeCredentialArn": "string",
"Timezone": "string",
"VpcSecurityGroups": [{
"VpcSecurityGroupId": "string",
"Status": "string"
}]
},
"AwsRdsDbSecurityGroup": {
"DbSecurityGroupArn": "string",
"DbSecurityGroupDescription": "string",
"DbSecurityGroupName": "string",
"Ec2SecurityGroups": [{
"Ec2SecurityGroupuId": "string",
"Ec2SecurityGroupName": "string",
"Ec2SecurityGroupOwnerId": "string",
"Status": "string"
}],
"IpRanges": [{
"CidrIp": "string",
"Status": "string"
}],
"OwnerId": "string",
"VpcId": "string"
},
"AwsRdsDbSnapshot": {
"AllocatedStorage": integer,
"AvailabilityZone": "string",
"DbInstanceIdentifier": "string",
"DbiResourceId": "string",
"DbSnapshotIdentifier": "string",
"Encrypted": boolean,
"Engine": "string",
"EngineVersion": "string",
"IamDatabaseAuthenticationEnabled": boolean,
"InstanceCreateTime": "string",
"Iops": number,
"KmsKeyId": "string",
"LicenseModel": "string",
"MasterUsername": "string",
"OptionGroupName": "string",
"PercentProgress": integer,
"Port": integer,
"ProcessorFeatures": [],
"SnapshotCreateTime": "string",
"SnapshotType": "string",
"SourceDbSnapshotIdentifier": "string",
"SourceRegion": "string",
"Status": "string",
"StorageType": "string",
"TdeCredentialArn": "string",
"Timezone": "string",
"VpcId": "string"
},
"AwsRdsEventSubscription": {
"CustomerAwsId": "string",
"CustSubscriptionId": "string",
"Enabled": boolean,
"EventCategoriesList": ["string"],
"EventSubscriptionArn": "string",
"SnsTopicArn": "string",
"SourceIdsList": ["string"],
"SourceType": "string",
"Status": "string",
"SubscriptionCreationTime": "string"
},
"AwsRedshiftCluster": {
"AllowVersionUpgrade": boolean,
"AutomatedSnapshotRetentionPeriod": number,
"AvailabilityZone": "string",
"ClusterAvailabilityStatus": "string",
"ClusterCreateTime": "string",
"ClusterIdentifier": "string",
"ClusterNodes": [{
"NodeRole": "string",
"PrivateIPAddress": "string",
"PublicIPAddress": "string"
}],
"ClusterParameterGroups": [{
"ClusterParameterStatusList": [{
"ParameterApplyErrorDescription": "string",
"ParameterApplyStatus": "string",
"ParameterName": "string"
}],
"ParameterApplyStatus": "string",
"ParameterGroupName": "string"
}],
"ClusterPublicKey": "string",
"ClusterRevisionNumber": "string",
"ClusterSecurityGroups": [{
"ClusterSecurityGroupName": "string",
"Status": "string"
}],
"ClusterSnapshotCopyStatus": {
"DestinationRegion": "string",
"ManualSnapshotRetentionPeriod": number,
"RetentionPeriod": number,
"SnapshotCopyGrantName": "string"
},
"ClusterStatus": "string",
"ClusterSubnetGroupName": "string",
"ClusterVersion": "string",
"DBName": "string",
"DeferredMaintenanceWindows": [{
"DeferMaintenanceEndTime": "string",
"DeferMaintenanceIdentifier": "string",
"DeferMaintenanceStartTime": "string"
}],
"ElasticIpStatus": {
"ElasticIp": "string",
"Status": "string"
},
"ElasticResizeNumberOfNodeOptions": "string",
"Encrypted": boolean,
"Endpoint": {
"Address": "string",
"Port": number
},
"EnhancedVpcRouting": boolean,
"ExpectedNextSnapshotScheduleTime": "string",
"ExpectedNextSnapshotScheduleTimeStatus": "string",
"HsmStatus": {
"HsmClientCertificateIdentifier": "string",
"HsmConfigurationIdentifier": "string",
"Status": "string"
},
"IamRoles": [{
"ApplyStatus": "string",
"IamRoleArn": "string"
}],
"KmsKeyId": "string",
"LoggingStatus":{
"BucketName": "string",
"LastFailureMessage": "string",
"LastFailureTime": "string",
"LastSuccessfulDeliveryTime": "string",
"LoggingEnabled": boolean,
"S3KeyPrefix": "string"
},
"MaintenanceTrackName": "string",
"ManualSnapshotRetentionPeriod": number,
"MasterUsername": "string",
"NextMaintenanceWindowStartTime": "string",
"NodeType": "string",
"NumberOfNodes": number,
"PendingActions": ["string"],
"PendingModifiedValues": {
"AutomatedSnapshotRetentionPeriod": number,
"ClusterIdentifier": "string",
"ClusterType": "string",
"ClusterVersion": "string",
"EncryptionType": "string",
"EnhancedVpcRouting": boolean,
"MaintenanceTrackName": "string",
"MasterUserPassword": "string",
"NodeType": "string",
"NumberOfNodes": number,
"PubliclyAccessible": "string"
},
"PreferredMaintenanceWindow": "string",
"PubliclyAccessible": boolean,
"ResizeInfo": {
"AllowCancelResize": boolean,
"ResizeType": "string"
},
"RestoreStatus": {
"CurrentRestoreRateInMegaBytesPerSecond": number,
"ElapsedTimeInSeconds": number,
"EstimatedTimeToCompletionInSeconds": number,
"ProgressInMegaBytes": number,
"SnapshotSizeInMegaBytes": number,
"Status": "string"
},
"SnapshotScheduleIdentifier": "string",
"SnapshotScheduleState": "string",
"VpcId": "string",
"VpcSecurityGroups": [{
"Status": "string",
"VpcSecurityGroupId": "string"
}]
},
"AwsRoute53HostedZone": {
"HostedZone": {
"Id": "string",
"Name": "string",
"Config": {
"Comment": "string"
}
},
"NameServers": ["string"],
"QueryLoggingConfig": {
"CloudWatchLogsLogGroupArn": {
"CloudWatchLogsLogGroupArn": "string",
"Id": "string",
"HostedZoneId": "string"
}
},
"Vpcs": [
{
"Id": "string",
"Region": "string"
}
]
},
"AwsS3AccessPoint": {
"AccessPointArn": "string",
"Alias": "string",
"Bucket": "string",
"BucketAccountId": "string",
"Name": "string",
"NetworkOrigin": "string",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"VpcConfiguration": {
"VpcId": "string"
}
},
"AwsS3AccountPublicAccessBlock": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"AwsS3Bucket": {
"AccessControlList": "string",
"BucketLifecycleConfiguration": {
"Rules": [{
"AbortIncompleteMultipartUpload": {
"DaysAfterInitiation": number
},
"ExpirationDate": "string",
"ExpirationInDays": number,
"ExpiredObjectDeleteMarker": boolean,
"Filter": {
"Predicate": {
"Operands": [{
"Prefix": "string",
"Type": "string"
},
{
"Tag": {
"Key": "string",
"Value": "string"
},
"Type": "string"
}
],
"Type": "string"
}
},
"Id": "string",
"NoncurrentVersionExpirationInDays": number,
"NoncurrentVersionTransitions": [{
"Days": number,
"StorageClass": "string"
}],
"Prefix": "string",
"Status": "string",
"Transitions": [{
"Date": "string",
"Days": number,
"StorageClass": "string"
}]
}]
},
"BucketLoggingConfiguration": {
"DestinationBucketName": "string",
"LogFilePrefix": "string"
},
"BucketName": "string",
"BucketNotificationConfiguration": {
"Configurations": [{
"Destination": "string",
"Events": ["string"],
"Filter": {
"S3KeyFilter": {
"FilterRules": [{
"Name": "string",
"Value": "string"
}]
}
},
"Type": "string"
}]
},
"BucketVersioningConfiguration": {
"IsMfaDeleteEnabled": boolean,
"Status": "string"
},
"BucketWebsiteConfiguration": {
"ErrorDocument": "string",
"IndexDocumentSuffix": "string",
"RedirectAllRequestsTo": {
"HostName": "string",
"Protocol": "string"
},
"RoutingRules": [{
"Condition": {
"HttpErrorCodeReturnedEquals": "string",
"KeyPrefixEquals": "string"
},
"Redirect": {
"HostName": "string",
"HttpRedirectCode": "string",
"Protocol": "string",
"ReplaceKeyPrefixWith": "string",
"ReplaceKeyWith": "string"
}
}]
},
"CreatedAt": "string",
"ObjectLockConfiguration": {
"ObjectLockEnabled": "string",
"Rule": {
"DefaultRetention": {
"Days": integer,
"Mode": "string",
"Years": integer
}
}
},
"OwnerAccountId": "string",
"OwnerId": "string",
"OwnerName": "string",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": boolean,
"BlockPublicPolicy": boolean,
"IgnorePublicAcls": boolean,
"RestrictPublicBuckets": boolean
},
"ServerSideEncryptionConfiguration": {
"Rules": [{
"ApplyServerSideEncryptionByDefault": {
"KMSMasterKeyID": "string",
"SSEAlgorithm": "string"
}
}]
}
},
"AwsS3Object": {
"ContentType": "string",
"ETag": "string",
"LastModified": "string",
"ServerSideEncryption": "string",
"SSEKMSKeyId": "string",
"VersionId": "string"
},
"AwsSagemakerNotebookInstance": {
"DirectInternetAccess": "string",
"InstanceMetadataServiceConfiguration": {
"MinimumInstanceMetadataServiceVersion": "string"
},
"InstanceType": "string",
"LastModifiedTime": "string",
"NetworkInterfaceId": "string",
"NotebookInstanceArn": "string",
"NotebookInstanceName": "string",
"NotebookInstanceStatus": "string",
"PlatformIdentifier": "string",
"RoleArn": "string",
"RootAccess": "string",
"SecurityGroups": ["string"],
"SubnetId": "string",
"Url": "string",
"VolumeSizeInGB": number
},
"AwsSecretsManagerSecret": {
"Deleted": boolean,
"Description": "string",
"KmsKeyId": "string",
"Name": "string",
"RotationEnabled": boolean,
"RotationLambdaArn": "string",
"RotationOccurredWithinFrequency": boolean,
"RotationRules": {
"AutomaticallyAfterDays": integer
}
},
"AwsSnsTopic": {
"ApplicationSuccessFeedbackRoleArn": "string",
"FirehoseFailureFeedbackRoleArn": "string",
"FirehoseSuccessFeedbackRoleArn": "string",
"HttpFailureFeedbackRoleArn": "string",
"HttpSuccessFeedbackRoleArn": "string",
"KmsMasterKeyId": "string",
"Owner": "string",
"SqsFailureFeedbackRoleArn": "string",
"SqsSuccessFeedbackRoleArn": "string",
"Subscription": {
"Endpoint": "string",
"Protocol": "string"
},
"TopicName": "string"
},
"AwsSqsQueue": {
"DeadLetterTargetArn": "string",
"KmsDataKeyReusePeriodSeconds": number,
"KmsMasterKeyId": "string",
"QueueName": "string"
},
"AwsSsmPatchCompliance": {
"Patch": {
"ComplianceSummary": {
"ComplianceType": "string",
"CompliantCriticalCount": integer,
"CompliantHighCount": integer,
"CompliantInformationalCount": integer,
"CompliantLowCount": integer,
"CompliantMediumCount": integer,
"CompliantUnspecifiedCount": integer,
"ExecutionType": "string",
"NonCompliantCriticalCount": integer,
"NonCompliantHighCount": integer,
"NonCompliantInformationalCount": integer,
"NonCompliantLowCount": integer,
"NonCompliantMediumCount": integer,
"NonCompliantUnspecifiedCount": integer,
"OverallSeverity": "string",
"PatchBaselineId": "string",
"PatchGroup": "string",
"Status": "string"
}
}
},
"AwsStepFunctionStateMachine": {
"StateMachineArn": "string",
"Name": "string",
"Status": "string",
"RoleArn": "string",
"Type": "string",
"LoggingConfiguration": {
"Level": "string",
"IncludeExecutionData": boolean
},
"TracingConfiguration": {
"Enabled": boolean
}
},
"AwsWafRateBasedRule": {
"MatchPredicates": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"MetricName": "string",
"Name": "string",
"RateKey": "string",
"RateLimit": number,
"RuleId": "string"
},
"AwsWafRegionalRateBasedRule": {
"MatchPredicates": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"MetricName": "string",
"Name": "string",
"RateKey": "string",
"RateLimit": number,
"RuleId": "string"
},
"AwsWafRegionalRule": {
"MetricName": "string",
"Name": "string",
"RuleId": "string",
"PredicateList": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}]
},
"AwsWafRegionalRuleGroup": {
"MetricName": "string",
"Name": "string",
"RuleGroupId": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}]
},
"AwsWafRegionalWebAcl": {
"DefaultAction": "string",
"MetricName" : "string",
"Name": "string",
"RulesList" : [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string",
"ExcludedRules": [{
"ExclusionType": "string",
"RuleId": "string"
}],
"OverrideAction": {
"Type": "string"
}
}],
"WebAclId": "string"
},
"AwsWafRule": {
"MetricName": "string",
"Name": "string",
"PredicateList": [{
"DataId": "string",
"Negated": boolean,
"Type": "string"
}],
"RuleId": "string"
},
"AwsWafRuleGroup": {
"MetricName": "string",
"Name": "string",
"RuleGroupId": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}]
},
"AwsWafv2RuleGroup": {
"Arn": "string",
"Capacity": number,
"Description": "string",
"Id": "string",
"Name": "string",
"Rules": [{
"Action": {
"Allow": {
"CustomRequestHandling": {
"InsertHeaders": [
{
"Name": "string",
"Value": "string"
},
{
"Name": "string",
"Value": "string"
}
]
}
}
},
"Name": "string",
"Priority": number,
"VisibilityConfig": {
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string",
"SampledRequestsEnabled": boolean
}
}],
"VisibilityConfig": {
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string",
"SampledRequestsEnabled": boolean
}
},
"AwsWafWebAcl": {
"DefaultAction": "string",
"Name": "string",
"Rules": [{
"Action": {
"Type": "string"
},
"ExcludedRules": [{
"RuleId": "string"
}],
"OverrideAction": {
"Type": "string"
},
"Priority": number,
"RuleId": "string",
"Type": "string"
}],
"WebAclId": "string"
},
"AwsWafv2WebAcl": {
"Arn": "string",
"Capacity": number,
"CaptchaConfig": {
"ImmunityTimeProperty": {
"ImmunityTime": number
}
},
"DefaultAction": {
"Block": {}
},
"Description": "string",
"ManagedbyFirewallManager": boolean,
"Name": "string",
"Rules": [{
"Action": {
"RuleAction": {
"Block": {}
}
},
"Name": "string",
"Priority": number,
"VisibilityConfig": {
"SampledRequestsEnabled": boolean,
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string"
}
}],
"VisibilityConfig": {
"SampledRequestsEnabled": boolean,
"CloudWatchMetricsEnabled": boolean,
"MetricName": "string"
}
},
"AwsXrayEncryptionConfig": {
"KeyId": "string",
"Status": "string",
"Type": "string"
},
"CodeRepository": {
"CodeSecurityIntegrationArn": "string",
"ProjectName": "string",
"ProviderType": "string"
},
"Container": {
"ContainerRuntime": "string",
"ImageId": "string",
"ImageName": "string",
"LaunchedAt": "string",
"Name": "string",
"Privileged": boolean,
"VolumeMounts": [{
"Name": "string",
"MountPath": "string"
}]
},
"Other": {
"string": "string"
},
"Id": "string",
"Partition": "string",
"Region": "string",
"ResourceRole": "string",
"Tags": {
"string": "string"
},
"Type": "string"
}],
"SchemaVersion": "string",
"Severity": {
"Label": "string",
"Normalized": number,
"Original": "string"
},
"Sample": boolean,
"SourceUrl": "string",
"Threats": [{
"FilePaths": [{
"FileName": "string",
"FilePath": "string",
"Hash": "string",
"ResourceId": "string"
}],
"ItemCount": number,
"Name": "string",
"Severity": "string"
}],
"ThreatIntelIndicators": [{
"Category": "string",
"LastObservedAt": "string",
"Source": "string",
"SourceUrl": "string",
"Type": "string",
"Value": "string"
}],
"Title": "string",
"Types": ["string"],
"UpdatedAt": "string",
"UserDefinedFields": {
"string": "string"
},
"VerificationState": "string",
"Vulnerabilities": [{
"CodeVulnerabilities": [{
"Cwes": [
"string",
"string"
],
"FilePath": {
"EndLine": integer,
"FileName": "string",
"FilePath": "string",
"StartLine": integer
},
"SourceArn":"string"
}],
"Cvss": [{
"Adjustments": [{
"Metric": "string",
"Reason": "string"
}],
"BaseScore": number,
"BaseVector": "string",
"Source": "string",
"Version": "string"
}],
"EpssScore": number,
"ExploitAvailable": "string",
"FixAvailable": "string",
"Id": "string",
"LastKnownExploitAt": "string",
"ReferenceUrls": ["string"],
"RelatedVulnerabilities": ["string"],
"Vendor": {
"Name": "string",
"Url": "string",
"VendorCreatedAt": "string",
"VendorSeverity": "string",
"VendorUpdatedAt": "string"
},
"VulnerablePackages": [{
"Architecture": "string",
"Epoch": "string",
"FilePath": "string",
"FixedInVersion": "string",
"Name": "string",
"PackageManager": "string",
"Release": "string",
"Remediation": "string",
"SourceLayerArn": "string",
"SourceLayerHash": "string",
"Version": "string"
}]
}],
"Workflow": {
"Status": "string"
},
"WorkflowState": "string"
}
]
```
# 整合對 ASFF 欄位和值的影響
AWS Security Hub CSPM 為控制項提供兩種類型的整合:
+ **合併控制項檢視** – 使用這種類型的合併,每個控制項在所有標準中都有一個識別符。此外,在 Security Hub CSPM 主控台上,**控制**頁面會顯示所有標準的所有控制項。
+ **合併控制問題清單** – 使用這種類型的整合,Security Hub CSPM 會為控制項產生單一問題清單,即使控制項適用於多個啟用的標準。這可以減少問題清單雜訊。
您無法啟用或停用合併控制項檢視。如果您在 2023 年 2 月 23 日或之後啟用 Security Hub CSPM,則預設會啟用合併控制調查結果。否則,預設為停用。不過,對於組織,只有在管理員帳戶啟用合併控制問題清單時,才能為 Security Hub CSPM 成員帳戶啟用合併控制問題清單。若要進一步了解合併控制問題清單,請參閱 [產生和更新控制問題清單](controls-findings-create-update.md)。
這兩種類型的合併都會影響 中控制項問題清單的欄位和值[AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
**Topics**
+ [合併控制項檢視 – ASFF 變更](#securityhub-findings-format-consolidated-controls-view)
+ [合併控制調查結果 – ASFF 變更](#securityhub-findings-format-consolidated-control-findings)
+ [啟用合併控制調查結果前後IDs](#securityhub-findings-format-changes-generator-ids)
+ [合併如何影響控制 IDs和標題](#securityhub-findings-format-changes-ids-titles)
+ [更新整合的工作流程](#securityhub-findings-format-changes-prepare)
## 合併控制項檢視 – ASFF 變更
合併控制項檢視功能對 ASFF 中控制項調查結果的欄位和值進行了下列變更。如果您的工作流程不依賴這些 ASFF 欄位的值,則不需要採取任何動作。如果您有依賴這些欄位特定值的工作流程,請更新您的工作流程以使用目前的值。
| ASFF 欄位 | 合併控制項檢視之前的範本值 | 合併控制項檢視之後的範例值,以及變更的說明 |
| --- | --- | --- |
| Compliance.SecurityControlId | 不適用 (新欄位) | EC2.2 跨標準引進單一控制項 ID。 `ProductFields.RuleId`仍然為 CIS v1.2.0 控制項提供標準型控制項 ID。 `ProductFields.ControlId`仍然為其他標準中的控制項提供標準型控制項 ID。 |
| Compliance.AssociatedStandards | 不適用 (新欄位) | 【\$1"StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"\$1】 顯示要在哪些標準中啟用控制項。 |
| ProductFields.ArchivalReasons:0/Description | 不適用 (新欄位) | 「調查結果處於封存狀態,因為已開啟或關閉合併控制調查結果。這會導致在產生新問題清單時封存先前狀態的問題清單。」 說明 Security Hub CSPM 封存現有問題清單的原因。 |
| ProductFields.ArchivalReasons:0/ReasonCode | 不適用 (新欄位) | 「CONSOLIDATED\$1CONTROL\$1FINDINGS\$1UPDATE」 提供 Security Hub CSPM 已封存現有問題清單的原因。 |
| ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此欄位不再參考標準。 |
| Remediation.Recommendation.Text | 「如需如何修正此問題的指示,請參閱 AWS Security Hub CSPM PCI DSS 文件。」 | 「如需如何修正此問題的指示,請參閱 AWS Security Hub CSPM 控制文件。」 此欄位不再參考標準。 |
| Remediation.Recommendation.Url | https://docs.aws.amazon.com/console/securityhub/PCI.EC2.2/remediation | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation 此欄位不再參考標準。 |
## 合併控制調查結果 – ASFF 變更
如果您啟用合併控制調查結果,則 ASFF 中控制調查結果的欄位和值可能會受到下列變更的影響。這些變更是合併控制項檢視功能所引進的變更之外的變更。如果您的工作流程不依賴這些 ASFF 欄位的值,則不需要採取任何動作。如果您有依賴這些欄位特定值的工作流程,請更新您的工作流程以使用目前的值。
**提示**
如果您使用 v[2 AWS .0.0 上的自動化安全回應](https://aws.amazon.com/solutions/implementations/aws-security-hub-automated-response-and-remediation/)解決方案,請注意它支援合併的控制問題清單。這表示如果您啟用合併控制問題清單,您可以維護目前的工作流程。
| ASFF 欄位 | 啟用合併控制問題清單之前的範例值 | 啟用合併控制調查結果後的範例值,以及變更的說明 |
| --- | --- | --- |
| GeneratorId | aws-foundational-security-best-practices/v/1.0.0/Config.1 | security-control/Config.1 此欄位不再參考標準。 |
| Title | AWS Config 應啟用 PCI.Config.1 | AWS Config 應啟用 此欄位不再參考標準特定資訊。 |
| Id | arn:aws:securityhub:eu-central-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.IAM.5/finding/ab6d6a26-a156-48f0-9403-115983e5a956 | arn:aws:securityhub:eu-central-1:123456789012:security-control/iam.9/finding/ab6d6a26-a156-48f0-9403-115983e5a956 此欄位不再參考標準。 |
| ProductFields.ControlId | PCI.EC2.2 | 已移除。請`Compliance.SecurityControlId`改為參閱 。 此欄位會移除,以便使用單一、標準無關的控制 ID。 |
| ProductFields.RuleId | 1.3 | 已移除。請`Compliance.SecurityControlId`改為參閱 。 此欄位會移除,以便使用單一、標準無關的控制 ID。 |
| Description | 此 PCI DSS 控制項 AWS Config 會檢查目前帳戶和區域中是否已啟用 。 | 此 AWS 控制項 AWS Config 會檢查目前帳戶和區域中是否已啟用 。此欄位不再參考標準。 |
| 嚴重性 | 「嚴重性」:\$1 「產品」:90、 "標籤": "CRITICAL", 「標準化」:90、 "Original": "CRITICAL" \$1 | 「嚴重性」:\$1 "標籤": "CRITICAL", 「標準化」:90、 "Original": "CRITICAL" \$1 Security Hub CSPM 不再使用產品欄位來描述調查結果的嚴重性。 |
| 類型 | 【「軟體和組態檢查/產業和法規標準/PCI-DSS」】 | 【「軟體和組態檢查/產業和法規標準」】 此欄位不再參考標準。 |
| Compliance.RelatedRequirements | 【「PCI DSS 10.5.2」, 「PCI DSS 11.5」, 「CIS AWS Foundations 2.5」】 | 【「PCI DSS v3.2.1/10.5.2」, 「PCI DSS v3.2.1/11.5」, 「CIS AWS Foundations Benchmark v1.2.0/2.5」】 此欄位顯示所有啟用標準中的相關需求。 |
| CreatedAt | 2022-05-05T08:18:13.138Z | 2022-09-25T08:18:13.138Z 格式保持不變,但值會在您啟用合併控制問題清單時重設。 |
| FirstObservedAt | 2022-05-07T08:18:13.138Z | 2022-09-28T08:18:13.138Z 格式保持不變,但值會在您啟用合併控制問題清單時重設。 |
| ProductFields.RecommendationUrl | https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation | 已移除。請`Remediation.Recommendation.Url`改為參閱 。 |
| ProductFields.StandardsArn | arn:aws:securityhub::standards/aws-foundational-security-best-practices/v/1.0.0 | 已移除。請`Compliance.AssociatedStandards`改為參閱 。 |
| ProductFields.StandardsControlArn | arn:aws:securityhub:us-east-1:123456789012:control/aws-foundational-security-best-practices/v/1.0.0/Config.1 | 已移除。Security Hub CSPM 會針對跨標準的安全性檢查產生一個問題清單。 |
| ProductFields.StandardsGuideArn | arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0 | 已移除。請`Compliance.AssociatedStandards`改為參閱 。 |
| ProductFields.StandardsGuideSubscriptionArn | arn:aws:securityhub:us-east-2:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0 | 已移除。Security Hub CSPM 會針對跨標準的安全性檢查產生一個問題清單。 |
| ProductFields.StandardsSubscriptionArn | arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0 | 已移除。Security Hub CSPM 會針對跨標準的安全性檢查產生一個問題清單。 |
| ProductFields.aws/securityhub/FindingId | arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:subscription/aws-foundational-security-best-practices/v/1.0.0/Config.1/finding/751c2173-7372-4e12-8656-a5210dfb1d67 | arn:aws:securityhub:us-east-1::product/aws/securityhub/arn:aws:securityhub:us-east-1:123456789012:security-control/Config.1/finding/751c2173-7372-4e12-8656-a5210dfb1d67 此欄位不再參考標準。 |
### 開啟合併控制問題清單後,客戶提供 ASFF 欄位的值
如果您啟用合併控制問題清單,Security Hub CSPM 會跨標準產生一個問題清單,並封存原始問題清單 (每個標準都有不同的問題清單)。
您使用 Security Hub CSPM 主控台或 [https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html](https://docs.aws.amazon.com/securityhub/latest/userguide/finding-update-batchupdatefindings.html)操作對原始調查結果所做的更新,將不會保留在新的調查結果中。如有必要,您可以參考封存的問題清單來復原此資料。若要檢閱封存的問題清單,您可以使用 Security Hub CSPM 主控台上的**問題清單**頁面,並將**記錄狀態**篩選條件設定為**封存**。或者,您可以使用 Security Hub CSPM API [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html)的操作。
| 客戶提供的 ASFF 欄位 | 啟用合併控制問題清單之後的變更描述 |
| --- | --- |
| 可信度 | 重設為空白狀態。 |
| 重要性 | 重設為空白狀態。 |
| 注意 | 重設為空白狀態。 |
| RelatedFindings | 重設為空白狀態。 |
| 嚴重性 | 問題清單的預設嚴重性 (符合控制項的嚴重性)。 |
| 類型 | 重設為標準無關值。 |
| UserDefinedFields | 重設為空白狀態。 |
| VerificationState | 重設為空白狀態。 |
| 工作流程 | 新的失敗問題清單預設值為 NEW。新傳遞的問題清單的預設值為 RESOLVED。 |
## 啟用合併控制調查結果前後IDs
當您啟用合併控制調查結果時,下表列出控制項的產生器 ID 值變更。這些變更適用於自 2023 年 2 月 15 日起 Security Hub CSPM 支援的控制項。
| 啟用合併控制問題清單之前的 GeneratorID | 啟用合併控制問題清單後的 GeneratorID |
| --- | --- |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.1 | security-control/CloudWatch.1 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.10 | security-control/IAM.16 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.11 | security-control/IAM.17 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.12 | security-control/IAM.4 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.13 | security-control/IAM.9 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.14 | security-control/IAM.6 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.16 | security-control/IAM.2 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.2 | security-control/IAM.5 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.20 | security-control/IAM.18 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.22 | security-control/IAM.1 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.3 | security-control/IAM.8 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.4 | security-control/IAM.3 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.5 | security-control/IAM.11 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.6 | security-control/IAM.12 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.7 | security-control/IAM.13 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.8 | security-control/IAM.14 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/1.9 | security-control/IAM.15 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.1 | security-control/CloudTrail.1 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.2 | security-control/CloudTrail.4 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.3 | security-control/CloudTrail.6 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.4 | security-control/CloudTrail.5 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.5 | security-control/Config.1 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.6 | security-control/CloudTrail.7 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.7 | security-control/CloudTrail.2 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.8 | security-control/KMS.4 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/2.9 | security-control/EC2.6 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.1 | security-control/CloudWatch.2 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.2 | security-control/CloudWatch.3 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.3 | security-control/CloudWatch.1 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.4 | security-control/CloudWatch.4 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.5 | security-control/CloudWatch.5 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.6 | security-control/CloudWatch.6 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.7 | security-control/CloudWatch.7 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.8 | security-control/CloudWatch.8 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.9 | security-control/CloudWatch.9 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.10 | security-control/CloudWatch.10 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.11 | security-control/CloudWatch.11 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.12 | security-control/CloudWatch.12 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.13 | security-control/CloudWatch.13 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/3.14 | security-control/CloudWatch.14 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.1 | security-control/EC2.13 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.2 | security-control/EC2.14 |
| arn:aws:securityhub::ruleset/cis-aws-foundations-benchmark/v/1.2.0/rule/4.3 | security-control/EC2.2 |
| cis-aws-foundations-benchmark/v/1.4.0/1.10 | security-control/IAM.5 |
| cis-aws-foundations-benchmark/v/1.4.0/1.14 | security-control/IAM.3 |
| cis-aws-foundations-benchmark/v/1.4.0/1.16 | security-control/IAM.1 |
| cis-aws-foundations-benchmark/v/1.4.0/1.17 | security-control/IAM.18 |
| cis-aws-foundations-benchmark/v/1.4.0/1.4 | security-control/IAM.4 |
| cis-aws-foundations-benchmark/v/1.4.0/1.5 | security-control/IAM.9 |
| cis-aws-foundations-benchmark/v/1.4.0/1.6 | security-control/IAM.6 |
| cis-aws-foundations-benchmark/v/1.4.0/1.7 | security-control/CloudWatch.1 |
| cis-aws-foundations-benchmark/v/1.4.0/1.8 | security-control/IAM.15 |
| cis-aws-foundations-benchmark/v/1.4.0/1.9 | security-control/IAM.16 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.2 | security-control/S3.5 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.5.1 | security-control/S3.1 |
| cis-aws-foundations-benchmark/v/1.4.0/2.1.5.2 | security-control/S3.8 |
| cis-aws-foundations-benchmark/v/1.4.0/2.2.1 | security-control/EC2.7 |
| cis-aws-foundations-benchmark/v/1.4.0/2.3.1 | security-control/RDS.3 |
| cis-aws-foundations-benchmark/v/1.4.0/3.1 | security-control/CloudTrail.1 |
| cis-aws-foundations-benchmark/v/1.4.0/3.2 | security-control/CloudTrail.4 |
| cis-aws-foundations-benchmark/v/1.4.0/3.4 | security-control/CloudTrail.5 |
| cis-aws-foundations-benchmark/v/1.4.0/3.5 | security-control/Config.1 |
| cis-aws-foundations-benchmark/v/1.4.0/3.6 | security-control/S3.9 |
| cis-aws-foundations-benchmark/v/1.4.0/3.7 | security-control/CloudTrail.2 |
| cis-aws-foundations-benchmark/v/1.4.0/3.8 | security-control/KMS.4 |
| cis-aws-foundations-benchmark/v/1.4.0/3.9 | security-control/EC2.6 |
| cis-aws-foundations-benchmark/v/1.4.0/4.3 | security-control/CloudWatch.1 |
| cis-aws-foundations-benchmark/v/1.4.0/4.4 | security-control/CloudWatch.4 |
| cis-aws-foundations-benchmark/v/1.4.0/4.5 | security-control/CloudWatch.5 |
| cis-aws-foundations-benchmark/v/1.4.0/4.6 | security-control/CloudWatch.6 |
| cis-aws-foundations-benchmark/v/1.4.0/4.7 | security-control/CloudWatch.7 |
| cis-aws-foundations-benchmark/v/1.4.0/4.8 | security-control/CloudWatch.8 |
| cis-aws-foundations-benchmark/v/1.4.0/4.9 | security-control/CloudWatch.9 |
| cis-aws-foundations-benchmark/v/1.4.0/4.10 | security-control/CloudWatch.10 |
| cis-aws-foundations-benchmark/v/1.4.0/4.11 | security-control/CloudWatch.11 |
| cis-aws-foundations-benchmark/v/1.4.0/4.12 | security-control/CloudWatch.12 |
| cis-aws-foundations-benchmark/v/1.4.0/4.13 | security-control/CloudWatch.13 |
| cis-aws-foundations-benchmark/v/1.4.0/4.14 | security-control/CloudWatch.14 |
| cis-aws-foundations-benchmark/v/1.4.0/5.1 | security-control/EC2.21 |
| cis-aws-foundations-benchmark/v/1.4.0/5.3 | security-control/EC2.2 |
| aws-foundational-security-best-practices/v/1.0.0/Account.1 | security-control/Account.1 |
| aws-foundational-security-best-practices/v/1.0.0/ACM.1 | security-control/ACM.1 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.1 | security-control/APIGateway.1 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.2 | security-control/APIGateway.2 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.3 | security-control/APIGateway.3 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.4 | security-control/APIGateway.4 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.5 | security-control/APIGateway.5 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.8 | security-control/APIGateway.8 |
| aws-foundational-security-best-practices/v/1.0.0/APIGateway.9 | security-control/APIGateway.9 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling.1 | security-control/AutoScaling.1 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling.2 | security-control/AutoScaling.2 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling.3 | security-control/AutoScaling.3 |
| aws-foundational-security-best-practices/v/1.0.0/Autoscaling.5 | security-control/Autoscaling.5 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling.6 | security-control/AutoScaling.6 |
| aws-foundational-security-best-practices/v/1.0.0/AutoScaling.9 | security-control/AutoScaling.9 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.1 | security-control/CloudFront.1 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.3 | security-control/CloudFront.3 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.4 | security-control/CloudFront.4 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.5 | security-control/CloudFront.5 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.6 | security-control/CloudFront.6 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.7 | security-control/CloudFront.7 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.8 | security-control/CloudFront.8 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.9 | security-control/CloudFront.9 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.10 | security-control/CloudFront.10 |
| aws-foundational-security-best-practices/v/1.0.0/CloudFront.12 | security-control/CloudFront.12 |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail.1 | security-control/CloudTrail.1 |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail.2 | security-control/CloudTrail.2 |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail.4 | security-control/CloudTrail.4 |
| aws-foundational-security-best-practices/v/1.0.0/CloudTrail.5 | security-control/CloudTrail.5 |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild.1 | security-control/CodeBuild.1 |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild.2 | security-control/CodeBuild.2 |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild.3 | security-control/CodeBuild.3 |
| aws-foundational-security-best-practices/v/1.0.0/CodeBuild.4 | security-control/CodeBuild.4 |
| aws-foundational-security-best-practices/v/1.0.0/Config.1 | security-control/Config.1 |
| aws-foundational-security-best-practices/v/1.0.0/DMS.1 | security-control/DMS.1 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB.1 | security-control/DynamoDB.1 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB.2 | security-control/DynamoDB.2 |
| aws-foundational-security-best-practices/v/1.0.0/DynamoDB.3 | security-control/DynamoDB.3 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.1 | security-control/EC2.1 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.3 | security-control/EC2.3 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.4 | security-control/EC2.4 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.6 | security-control/EC2.6 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.7 | security-control/EC2.7 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.8 | security-control/EC2.8 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.9 | security-control/EC2.9 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.10 | security-control/EC2.10 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.15 | security-control/EC2.15 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.16 | security-control/EC2.16 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.17 | security-control/EC2.17 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.18 | security-control/EC2.18 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.19 | security-control/EC2.19 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.2 | security-control/EC2.2 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.20 | security-control/EC2.20 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.21 | security-control/EC2.21 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.23 | security-control/EC2.23 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.24 | security-control/EC2.24 |
| aws-foundational-security-best-practices/v/1.0.0/EC2.25 | security-control/EC2.25 |
| aws-foundational-security-best-practices/v/1.0.0/ECR.1 | security-control/ECR.1 |
| aws-foundational-security-best-practices/v/1.0.0/ECR.2 | security-control/ECR.2 |
| aws-foundational-security-best-practices/v/1.0.0/ECR.3 | security-control/ECR.3 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.1 | security-control/ECS.1 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.10 | security-control/ECS.10 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.12 | security-control/ECS.12 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.2 | security-control/ECS.2 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.3 | security-control/ECS.3 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.4 | security-control/ECS.4 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.5 | security-control/ECS.5 |
| aws-foundational-security-best-practices/v/1.0.0/ECS.8 | security-control/ECS.8 |
| aws-foundational-security-best-practices/v/1.0.0/EFS.1 | security-control/EFS.1 |
| aws-foundational-security-best-practices/v/1.0.0/EFS.2 | security-control/EFS.2 |
| aws-foundational-security-best-practices/v/1.0.0/EFS.3 | security-control/EFS.3 |
| aws-foundational-security-best-practices/v/1.0.0/EFS.4 | security-control/EFS.4 |
| aws-foundational-security-best-practices/v/1.0.0/EKS.2 | security-control/EKS.2 |
| aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk.1 | security-control/ElasticBeanstalk.1 |
| aws-foundational-security-best-practices/v/1.0.0/ElasticBeanstalk.2 | security-control/ElasticBeanstalk.2 |
| aws-foundational-security-best-practices/v/1.0.0/ELBv2.1 | security-control/ELB.1 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.2 | security-control/ELB.2 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.3 | security-control/ELB.3 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.4 | security-control/ELB.4 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.5 | security-control/ELB.5 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.6 | security-control/ELB.6 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.7 | security-control/ELB.7 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.8 | security-control/ELB.8 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.9 | security-control/ELB.9 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.10 | security-control/ELB.10 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.11 | security-control/ELB.11 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.12 | security-control/ELB.12 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.13 | security-control/ELB.13 |
| aws-foundational-security-best-practices/v/1.0.0/ELB.14 | security-control/ELB.14 |
| aws-foundational-security-best-practices/v/1.0.0/EMR.1 | security-control/EMR.1 |
| aws-foundational-security-best-practices/v/1.0.0/ES.1 | security-control/ES.1 |
| aws-foundational-security-best-practices/v/1.0.0/ES.2 | security-control/ES.2 |
| aws-foundational-security-best-practices/v/1.0.0/ES.3 | security-control/ES.3 |
| aws-foundational-security-best-practices/v/1.0.0/ES.4 | security-control/ES.4 |
| aws-foundational-security-best-practices/v/1.0.0/ES.5 | security-control/ES.5 |
| aws-foundational-security-best-practices/v/1.0.0/ES.6 | security-control/ES.6 |
| aws-foundational-security-best-practices/v/1.0.0/ES.7 | security-control/ES.7 |
| aws-foundational-security-best-practices/v/1.0.0/ES.8 | security-control/ES.8 |
| aws-foundational-security-best-practices/v/1.0.0/GuardDuty.1 | security-control/GuardDuty.1 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.1 | security-control/IAM.1 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.2 | security-control/IAM.2 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.21 | security-control/IAM.21 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.3 | security-control/IAM.3 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.4 | security-control/IAM.4 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.5 | security-control/IAM.5 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.6 | security-control/IAM.6 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.7 | security-control/IAM.7 |
| aws-foundational-security-best-practices/v/1.0.0/IAM.8 | security-control/IAM.8 |
| aws-foundational-security-best-practices/v/1.0.0/Kinesis.1 | security-control/Kinesis.1 |
| aws-foundational-security-best-practices/v/1.0.0/KMS.1 | security-control/KMS.1 |
| aws-foundational-security-best-practices/v/1.0.0/KMS.2 | security-control/KMS.2 |
| aws-foundational-security-best-practices/v/1.0.0/KMS.3 | security-control/KMS.3 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda.1 | security-control/Lambda.1 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda.2 | security-control/Lambda.2 |
| aws-foundational-security-best-practices/v/1.0.0/Lambda.5 | security-control/Lambda.5 |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.3 | security-control/NetworkFirewall.3 |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.4 | security-control/NetworkFirewall.4 |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.5 | security-control/NetworkFirewall.5 |
| aws-foundational-security-best-practices/v/1.0.0/NetworkFirewall.6 | security-control/NetworkFirewall.6 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.1 | security-control/Opensearch.1 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.2 | security-control/Opensearch.2 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.3 | security-control/Opensearch.3 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.4 | security-control/Opensearch.4 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.5 | security-control/Opensearch.5 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.6 | security-control/Opensearch.6 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.7 | security-control/Opensearch.7 |
| aws-foundational-security-best-practices/v/1.0.0/Opensearch.8 | security-control/Opensearch.8 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.1 | security-control/RDS.1 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.10 | security-control/RDS.10 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.11 | security-control/RDS.11 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.12 | security-control/RDS.12 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.13 | security-control/RDS.13 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.14 | security-control/RDS.14 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.15 | security-control/RDS.15 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.16 | security-control/RDS.16 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.17 | security-control/RDS.17 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.19 | security-control/RDS.19 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.2 | security-control/RDS.2 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.20 | security-control/RDS.20 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.21 | security-control/RDS.21 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.22 | security-control/RDS.22 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.23 | security-control/RDS.23 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.24 | security-control/RDS.24 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.25 | security-control/RDS.25 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.3 | security-control/RDS.3 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.4 | security-control/RDS.4 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.5 | security-control/RDS.5 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.6 | security-control/RDS.6 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.7 | security-control/RDS.7 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.8 | security-control/RDS.8 |
| aws-foundational-security-best-practices/v/1.0.0/RDS.9 | security-control/RDS.9 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.1 | security-control/Redshift.1 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.2 | security-control/Redshift.2 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.3 | security-control/Redshift.3 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.4 | security-control/Redshift.4 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.6 | security-control/Redshift。6 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.7 | security-control/Redshift。7 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.8 | security-control/Redshift。8 |
| aws-foundational-security-best-practices/v/1.0.0/Redshift.9 | security-control/Redshift.9 |
| aws-foundational-security-best-practices/v/1.0.0/S3.1 | security-control/S3.1 |
| aws-foundational-security-best-practices/v/1.0.0/S3.12 | security-control/S3.12 |
| aws-foundational-security-best-practices/v/1.0.0/S3.13 | security-control/S3.13 |
| aws-foundational-security-best-practices/v/1.0.0/S3.2 | security-control/S3.2 |
| aws-foundational-security-best-practices/v/1.0.0/S3.3 | security-control/S3.3 |
| aws-foundational-security-best-practices/v/1.0.0/S3.5 | security-control/S3.5 |
| aws-foundational-security-best-practices/v/1.0.0/S3.6 | security-control/S3.6 |
| aws-foundational-security-best-practices/v/1.0.0/S3.8 | security-control/S3.8 |
| aws-foundational-security-best-practices/v/1.0.0/S3.9 | security-control/S3.9 |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker.1 | security-control/SageMaker.1 |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker.2 | security-control/SageMaker.2 |
| aws-foundational-security-best-practices/v/1.0.0/SageMaker.3 | security-control/SageMaker.3 |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager.1 | security-control/SecretsManager.1 |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager.2 | security-control/SecretsManager.2 |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager.3 | security-control/SecretsManager.3 |
| aws-foundational-security-best-practices/v/1.0.0/SecretsManager.4 | security-control/SecretsManager.4 |
| aws-foundational-security-best-practices/v/1.0.0/SQS.1 | security-control/SQS.1 |
| aws-foundational-security-best-practices/v/1.0.0/SSM.1 | security-control/SSM.1 |
| aws-foundational-security-best-practices/v/1.0.0/SSM.2 | security-control/SSM.2 |
| aws-foundational-security-best-practices/v/1.0.0/SSM.3 | security-control/SSM.3 |
| aws-foundational-security-best-practices/v/1.0.0/SSM.4 | security-control/SSM.4 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.1 | security-control/WAF.1 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.2 | security-control/WAF.2 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.3 | security-control/WAF.3 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.4 | security-control/WAF.4 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.6 | security-control/WAF.6 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.7 | security-control/WAF.7 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.8 | security-control/WAF.8 |
| aws-foundational-security-best-practices/v/1.0.0/WAF.10 | security-control/WAF.10 |
| pci-dss/v/3.2.1/PCI.AutoScaling.1 | security-control/AutoScaling.1 |
| pci-dss/v/3.2.1/PCI.CloudTrail.1 | security-control/CloudTrail.2 |
| pci-dss/v/3.2.1/PCI.CloudTrail.2 | security-control/CloudTrail.3 |
| pci-dss/v/3.2.1/PCI.CloudTrail.3 | security-control/CloudTrail.4 |
| pci-dss/v/3.2.1/PCI.CloudTrail.4 | security-control/CloudTrail.5 |
| pci-dss/v/3.2.1/PCI.CodeBuild.1 | security-control/CodeBuild.1 |
| pci-dss/v/3.2.1/PCI.CodeBuild.2 | security-control/CodeBuild.2 |
| pci-dss/v/3.2.1/PCI.Config.1 | security-control/Config.1 |
| pci-dss/v/3.2.1/PCI.CW.1 | security-control/CloudWatch.1 |
| pci-dss/v/3.2.1/PCI.DMS.1 | security-control/DMS.1 |
| pci-dss/v/3.2.1/PCI.EC2.1 | security-control/EC2.1 |
| pci-dss/v/3.2.1/PCI.EC2.2 | security-control/EC2.2 |
| pci-dss/v/3.2.1/PCI.EC2.4 | security-control/EC2.12 |
| pci-dss/v/3.2.1/PCI.EC2.5 | security-control/EC2.13 |
| pci-dss/v/3.2.1/PCI.EC2.6 | security-control/EC2.6 |
| pci-dss/v/3.2.1/PCI.ELBv2.1 | security-control/ELB.1 |
| pci-dss/v/3.2.1/PCI.ES.1 | security-control/ES.2 |
| pci-dss/v/3.2.1/PCI.ES.2 | security-control/ES.1 |
| pci-dss/v/3.2.1/PCI.GuardDuty.1 | security-control/GuardDuty.1 |
| pci-dss/v/3.2.1/PCI.IAM.1 | security-control/IAM.4 |
| pci-dss/v/3.2.1/PCI.IAM.2 | security-control/IAM.2 |
| pci-dss/v/3.2.1/PCI.IAM.3 | security-control/IAM.1 |
| pci-dss/v/3.2.1/PCI.IAM.4 | security-control/IAM.6 |
| pci-dss/v/3.2.1/PCI.IAM.5 | security-control/IAM.9 |
| pci-dss/v/3.2.1/PCI.IAM.6 | security-control/IAM.19 |
| pci-dss/v/3.2.1/PCI.IAM.7 | security-control/IAM.8 |
| pci-dss/v/3.2.1/PCI.IAM.8 | security-control/IAM.10 |
| pci-dss/v/3.2.1/PCI.KMS.1 | security-control/KMS.4 |
| pci-dss/v/3.2.1/PCI.Lambda.1 | security-control/Lambda.1 |
| pci-dss/v/3.2.1/PCI.Lambda.2 | security-control/Lambda.3 |
| pci-dss/v/3.2.1/PCI.Opensearch.1 | security-control/Opensearch.2 |
| pci-dss/v/3.2.1/PCI.Opensearch.2 | security-control/Opensearch.1 |
| pci-dss/v/3.2.1/PCI.RDS.1 | security-control/RDS.1 |
| pci-dss/v/3.2.1/PCI.RDS.2 | security-control/RDS.2 |
| pci-dss/v/3.2.1/PCI.Redshift.1 | security-control/Redshift.1 |
| pci-dss/v/3.2.1/PCI.S3.1 | security-control/S3.3 |
| pci-dss/v/3.2.1/PCI.S3.2 | security-control/S3.2 |
| pci-dss/v/3.2.1/PCI.S3.3 | security-control/S3.7 |
| pci-dss/v/3.2.1/PCI.S3.5 | security-control/S3.5 |
| pci-dss/v/3.2.1/PCI.S3.6 | security-control/S3.1 |
| pci-dss/v/3.2.1/PCI.SageMaker.1 | security-control/SageMaker.1 |
| pci-dss/v/3.2.1/PCI.SSM.1 | security-control/SSM.2 |
| pci-dss/v/3.2.1/PCI.SSM.2 | security-control/SSM.3 |
| pci-dss/v/3.2.1/PCI.SSM.3 | security-control/SSM.1 |
| service-managed-aws-control-tower/v/1.0.0/ACM.1 | security-control/ACM.1 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway.1 | security-control/APIGateway.1 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway.2 | security-control/APIGateway.2 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway.3 | security-control/APIGateway.3 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway.4 | security-control/APIGateway.4 |
| service-managed-aws-control-tower/v/1.0.0/APIGateway.5 | security-control/APIGateway.5 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.1 | security-control/AutoScaling.1 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.2 | security-control/AutoScaling.2 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.3 | security-control/AutoScaling.3 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.4 | security-control/AutoScaling.4 |
| service-managed-aws-control-tower/v/1.0.0/Autoscaling.5 | security-control/Autoscaling.5 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.6 | security-control/AutoScaling.6 |
| service-managed-aws-control-tower/v/1.0.0/AutoScaling.9 | security-control/AutoScaling.9 |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail.1 | security-control/CloudTrail.1 |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail.2 | security-control/CloudTrail.2 |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail.4 | security-control/CloudTrail.4 |
| service-managed-aws-control-tower/v/1.0.0/CloudTrail.5 | security-control/CloudTrail.5 |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild.1 | security-control/CodeBuild.1 |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild.2 | security-control/CodeBuild.2 |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild.4 | security-control/CodeBuild.4 |
| service-managed-aws-control-tower/v/1.0.0/CodeBuild.5 | security-control/CodeBuild.5 |
| service-managed-aws-control-tower/v/1.0.0/DMS.1 | security-control/DMS.1 |
| service-managed-aws-control-tower/v/1.0.0/DynamoDB.1 | security-control/DynamoDB.1 |
| service-managed-aws-control-tower/v/1.0.0/DynamoDB.2 | security-control/DynamoDB.2 |
| service-managed-aws-control-tower/v/1.0.0/EC2.1 | security-control/EC2.1 |
| service-managed-aws-control-tower/v/1.0.0/EC2.2 | security-control/EC2.2 |
| service-managed-aws-control-tower/v/1.0.0/EC2.3 | security-control/EC2.3 |
| service-managed-aws-control-tower/v/1.0.0/EC2.4 | security-control/EC2.4 |
| service-managed-aws-control-tower/v/1.0.0/EC2.6 | security-control/EC2.6 |
| service-managed-aws-control-tower/v/1.0.0/EC2.7 | security-control/EC2.7 |
| service-managed-aws-control-tower/v/1.0.0/EC2.8 | security-control/EC2.8 |
| service-managed-aws-control-tower/v/1.0.0/EC2.9 | security-control/EC2.9 |
| service-managed-aws-control-tower/v/1.0.0/EC2.10 | security-control/EC2.10 |
| service-managed-aws-control-tower/v/1.0.0/EC2.15 | security-control/EC2.15 |
| service-managed-aws-control-tower/v/1.0.0/EC2.16 | security-control/EC2.16 |
| service-managed-aws-control-tower/v/1.0.0/EC2.17 | security-control/EC2.17 |
| service-managed-aws-control-tower/v/1.0.0/EC2.18 | security-control/EC2.18 |
| service-managed-aws-control-tower/v/1.0.0/EC2.19 | security-control/EC2.19 |
| service-managed-aws-control-tower/v/1.0.0/EC2.20 | security-control/EC2.20 |
| service-managed-aws-control-tower/v/1.0.0/EC2.21 | security-control/EC2.21 |
| service-managed-aws-control-tower/v/1.0.0/EC2.22 | security-control/EC2.22 |
| service-managed-aws-control-tower/v/1.0.0/ECR.1 | security-control/ECR.1 |
| service-managed-aws-control-tower/v/1.0.0/ECR.2 | security-control/ECR.2 |
| service-managed-aws-control-tower/v/1.0.0/ECR.3 | security-control/ECR.3 |
| service-managed-aws-control-tower/v/1.0.0/ECS.1 | security-control/ECS.1 |
| service-managed-aws-control-tower/v/1.0.0/ECS.2 | security-control/ECS.2 |
| service-managed-aws-control-tower/v/1.0.0/ECS.3 | security-control/ECS.3 |
| service-managed-aws-control-tower/v/1.0.0/ECS.4 | security-control/ECS.4 |
| service-managed-aws-control-tower/v/1.0.0/ECS.5 | security-control/ECS.5 |
| service-managed-aws-control-tower/v/1.0.0/ECS.8 | security-control/ECS.8 |
| service-managed-aws-control-tower/v/1.0.0/ECS.10 | security-control/ECS.10 |
| service-managed-aws-control-tower/v/1.0.0/ECS.12 | security-control/ECS.12 |
| service-managed-aws-control-tower/v/1.0.0/EFS.1 | security-control/EFS.1 |
| service-managed-aws-control-tower/v/1.0.0/EFS.2 | security-control/EFS.2 |
| service-managed-aws-control-tower/v/1.0.0/EFS.3 | security-control/EFS.3 |
| service-managed-aws-control-tower/v/1.0.0/EFS.4 | security-control/EFS.4 |
| service-managed-aws-control-tower/v/1.0.0/EKS.2 | security-control/EKS.2 |
| service-managed-aws-control-tower/v/1.0.0/ELB.2 | security-control/ELB.2 |
| service-managed-aws-control-tower/v/1.0.0/ELB.3 | security-control/ELB.3 |
| service-managed-aws-control-tower/v/1.0.0/ELB.4 | security-control/ELB.4 |
| service-managed-aws-control-tower/v/1.0.0/ELB.5 | security-control/ELB.5 |
| service-managed-aws-control-tower/v/1.0.0/ELB.6 | security-control/ELB.6 |
| service-managed-aws-control-tower/v/1.0.0/ELB.7 | security-control/ELB.7 |
| service-managed-aws-control-tower/v/1.0.0/ELB.8 | security-control/ELB.8 |
| service-managed-aws-control-tower/v/1.0.0/ELB.9 | security-control/ELB.9 |
| service-managed-aws-control-tower/v/1.0.0/ELB.10 | security-control/ELB.10 |
| service-managed-aws-control-tower/v/1.0.0/ELB.12 | security-control/ELB.12 |
| service-managed-aws-control-tower/v/1.0.0/ELB.13 | security-control/ELB.13 |
| service-managed-aws-control-tower/v/1.0.0/ELB.14 | security-control/ELB.14 |
| service-managed-aws-control-tower/v/1.0.0/ELBv2.1 | security-control/ELBv2.1 |
| service-managed-aws-control-tower/v/1.0.0/EMR.1 | security-control/EMR.1 |
| service-managed-aws-control-tower/v/1.0.0/ES.1 | security-control/ES.1 |
| service-managed-aws-control-tower/v/1.0.0/ES.2 | security-control/ES.2 |
| service-managed-aws-control-tower/v/1.0.0/ES.3 | security-control/ES.3 |
| service-managed-aws-control-tower/v/1.0.0/ES.4 | security-control/ES.4 |
| service-managed-aws-control-tower/v/1.0.0/ES.5 | security-control/ES.5 |
| service-managed-aws-control-tower/v/1.0.0/ES.6 | security-control/ES.6 |
| service-managed-aws-control-tower/v/1.0.0/ES.7 | security-control/ES.7 |
| service-managed-aws-control-tower/v/1.0.0/ES.8 | security-control/ES.8 |
| service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk.1 | security-control/ElasticBeanstalk.1 |
| service-managed-aws-control-tower/v/1.0.0/ElasticBeanstalk.2 | security-control/ElasticBeanstalk.2 |
| service-managed-aws-control-tower/v/1.0.0/GuardDuty.1 | security-control/GuardDuty.1 |
| service-managed-aws-control-tower/v/1.0.0/IAM.1 | security-control/IAM.1 |
| service-managed-aws-control-tower/v/1.0.0/IAM.2 | security-control/IAM.2 |
| service-managed-aws-control-tower/v/1.0.0/IAM.3 | security-control/IAM.3 |
| service-managed-aws-control-tower/v/1.0.0/IAM.4 | security-control/IAM.4 |
| service-managed-aws-control-tower/v/1.0.0/IAM.5 | security-control/IAM.5 |
| service-managed-aws-control-tower/v/1.0.0/IAM.6 | security-control/IAM.6 |
| service-managed-aws-control-tower/v/1.0.0/IAM.7 | security-control/IAM.7 |
| service-managed-aws-control-tower/v/1.0.0/IAM.8 | security-control/IAM.8 |
| service-managed-aws-control-tower/v/1.0.0/IAM.21 | security-control/IAM.21 |
| service-managed-aws-control-tower/v/1.0.0/Kinesis.1 | security-control/Kinesis.1 |
| service-managed-aws-control-tower/v/1.0.0/KMS.1 | security-control/KMS.1 |
| service-managed-aws-control-tower/v/1.0.0/KMS.2 | security-control/KMS.2 |
| service-managed-aws-control-tower/v/1.0.0/KMS.3 | security-control/KMS.3 |
| service-managed-aws-control-tower/v/1.0.0/Lambda.1 | security-control/Lambda.1 |
| service-managed-aws-control-tower/v/1.0.0/Lambda.2 | security-control/Lambda.2 |
| service-managed-aws-control-tower/v/1.0.0/Lambda.5 | security-control/Lambda.5 |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.3 | security-control/NetworkFirewall.3 |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.4 | security-control/NetworkFirewall.4 |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.5 | security-control/NetworkFirewall.5 |
| service-managed-aws-control-tower/v/1.0.0/NetworkFirewall.6 | security-control/NetworkFirewall.6 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.1 | security-control/Opensearch.1 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.2 | security-control/Opensearch.2 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.3 | security-control/Opensearch.3 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.4 | security-control/Opensearch.4 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.5 | security-control/Opensearch.5 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.6 | security-control/Opensearch.6 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.7 | security-control/Opensearch.7 |
| service-managed-aws-control-tower/v/1.0.0/Opensearch.8 | security-control/Opensearch.8 |
| service-managed-aws-control-tower/v/1.0.0/RDS.1 | security-control/RDS.1 |
| service-managed-aws-control-tower/v/1.0.0/RDS.2 | security-control/RDS.2 |
| service-managed-aws-control-tower/v/1.0.0/RDS.3 | security-control/RDS.3 |
| service-managed-aws-control-tower/v/1.0.0/RDS.4 | security-control/RDS.4 |
| service-managed-aws-control-tower/v/1.0.0/RDS.5 | security-control/RDS.5 |
| service-managed-aws-control-tower/v/1.0.0/RDS.6 | security-control/RDS.6 |
| service-managed-aws-control-tower/v/1.0.0/RDS.8 | security-control/RDS.8 |
| service-managed-aws-control-tower/v/1.0.0/RDS.9 | security-control/RDS.9 |
| service-managed-aws-control-tower/v/1.0.0/RDS.10 | security-control/RDS.10 |
| service-managed-aws-control-tower/v/1.0.0/RDS.11 | security-control/RDS.11 |
| service-managed-aws-control-tower/v/1.0.0/RDS.13 | security-control/RDS.13 |
| service-managed-aws-control-tower/v/1.0.0/RDS.17 | security-control/RDS.17 |
| service-managed-aws-control-tower/v/1.0.0/RDS.18 | security-control/RDS.18 |
| service-managed-aws-control-tower/v/1.0.0/RDS.19 | security-control/RDS.19 |
| service-managed-aws-control-tower/v/1.0.0/RDS.20 | security-control/RDS.20 |
| service-managed-aws-control-tower/v/1.0.0/RDS.21 | security-control/RDS.21 |
| service-managed-aws-control-tower/v/1.0.0/RDS.22 | security-control/RDS.22 |
| service-managed-aws-control-tower/v/1.0.0/RDS.23 | security-control/RDS.23 |
| service-managed-aws-control-tower/v/1.0.0/RDS.25 | security-control/RDS.25 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.1 | security-control/Redshift.1 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.2 | security-control/Redshift.2 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.4 | security-control/Redshift.4 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.6 | security-control/Redshift。6 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.7 | security-control/Redshift。7 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.8 | security-control/Redshift。8 |
| service-managed-aws-control-tower/v/1.0.0/Redshift.9 | security-control/Redshift.9 |
| service-managed-aws-control-tower/v/1.0.0/S3.1 | security-control/S3.1 |
| service-managed-aws-control-tower/v/1.0.0/S3.2 | security-control/S3.2 |
| service-managed-aws-control-tower/v/1.0.0/S3.3 | security-control/S3.3 |
| service-managed-aws-control-tower/v/1.0.0/S3.5 | security-control/S3.5 |
| service-managed-aws-control-tower/v/1.0.0/S3.6 | security-control/S3.6 |
| service-managed-aws-control-tower/v/1.0.0/S3.8 | security-control/S3.8 |
| service-managed-aws-control-tower/v/1.0.0/S3.9 | security-control/S3.9 |
| service-managed-aws-control-tower/v/1.0.0/S3.12 | security-control/S3.12 |
| service-managed-aws-control-tower/v/1.0.0/S3.13 | security-control/S3.13 |
| service-managed-aws-control-tower/v/1.0.0/SageMaker.1 | security-control/SageMaker.1 |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager.1 | security-control/SecretsManager.1 |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager.2 | security-control/SecretsManager.2 |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager.3 | security-control/SecretsManager.3 |
| service-managed-aws-control-tower/v/1.0.0/SecretsManager.4 | security-control/SecretsManager.4 |
| service-managed-aws-control-tower/v/1.0.0/SQS.1 | security-control/SQS.1 |
| service-managed-aws-control-tower/v/1.0.0/SSM.1 | security-control/SSM.1 |
| service-managed-aws-control-tower/v/1.0.0/SSM.2 | security-control/SSM.2 |
| service-managed-aws-control-tower/v/1.0.0/SSM.3 | security-control/SSM.3 |
| service-managed-aws-control-tower/v/1.0.0/SSM.4 | security-control/SSM.4 |
| service-managed-aws-control-tower/v/1.0.0/WAF.2 | security-control/WAF.2 |
| service-managed-aws-control-tower/v/1.0.0/WAF.3 | security-control/WAF.3 |
| service-managed-aws-control-tower/v/1.0.0/WAF.4 | security-control/WAF.4 |
## 合併如何影響控制 IDs和標題
合併控制項檢視和合併的控制項調查結果會將控制 IDs和標題跨標準標準化。*安全控制 ID* 和*安全控制標題*一詞是指這些標準無關的值。
Security Hub CSPM 主控台會顯示標準無關的安全控制 IDs和安全控制標題,無論您的帳戶是否啟用或停用合併控制調查結果。不過,如果您的帳戶停用合併控制調查結果,Security Hub CSPM 調查結果會包含 PCI DSS 和 CIS 1.2.0 版的標準特定控制標題。此外,Security Hub CSPM 調查結果包含標準特定的控制 ID 和安全控制 ID。如需整合如何影響控制調查結果的範例,請參閱 [控制問題清單的範例](sample-control-findings.md)。
對於屬於[AWS Control Tower 服務受管標準的](service-managed-standard-aws-control-tower.md)控制項,在啟用合併控制項問題清單時,`CT.`會從問題清單中的控制項 ID 和標題中移除字首。
若要在 Security Hub CSPM 中停用安全控制,您必須停用對應至安全控制的所有標準控制。下表顯示安全控制 IDs和標題與標準特定控制 IDs和標題的映射。屬於 AWS 基礎安全最佳實務 (FSBP) 標準的控制項 IDs 和標題已經是標準無關的。如需符合網際網路安全中心 (CIS) v3.0.0 要求的控制項映射,請參閱 [將控制項映射至每個版本中的 CIS 需求](cis-aws-foundations-benchmark.md#cis-version-comparison)。若要在此資料表上執行您自己的指令碼,您可以將[其下載為 .csv 檔案](samples/Consolidation_ID_Title_Changes.csv.zip)。
| 標準 | 標準控制項 ID 和標題 | 安全控制 ID 和標題 |
| --- | --- | --- |
| CIS v1.2.0 | 1.1 避免使用根使用者 | [【CloudWatch.1] 應該存在日誌指標篩選條件和警示以使用「根」使用者](cloudwatch-controls.md#cloudwatch-1) |
| CIS v1.2.0 | 1.10 確保 IAM 密碼政策防止密碼重複使用 | [【IAM.16】 確保 IAM 密碼政策防止密碼重複使用](iam-controls.md#iam-16) |
| CIS v1.2.0 | 1.11 確保 IAM 密碼政策在 90 天內過期密碼 | [【IAM.17】 確保 IAM 密碼政策在 90 天內過期密碼](iam-controls.md#iam-17) |
| CIS v1.2.0 | 1.12 確保不存在根使用者存取金鑰 | [【IAM.4】 IAM 根使用者存取金鑰不應存在](iam-controls.md#iam-4) |
| CIS v1.2.0 | 1.13 確定根使用者已啟用 MFA | [【IAM.9】 應為根使用者啟用 MFA](iam-controls.md#iam-9) |
| CIS v1.2.0 | 1.14 確定已啟用根使用者的硬體 MFA | [[IAM.6] 應為根使用者啟用硬體 MFA](iam-controls.md#iam-6) |
| CIS v1.2.0 | 1.16 確保 IAM 政策僅連接到群組或角色 | [【IAM.2】 IAM 使用者不應連接 IAM 政策](iam-controls.md#iam-2) |
| CIS v1.2.0 | 1.2 確保所有具有主控台密碼的 IAM 使用者都已啟用多重驗證 (MFA) | [[IAM.5] 應為所有擁有主控台密碼的 IAM 使用者啟用 MFA](iam-controls.md#iam-5) |
| CIS v1.2.0 | 1.20 確定已建立支援角色來使用 管理事件 支援 | [【IAM.18】 確保已建立支援角色來使用 管理事件 AWS 支援](iam-controls.md#iam-18) |
| CIS v1.2.0 | 1.22 確保未建立允許完整 "\$1:\$1" 管理權限的 IAM 政策 | [【IAM.1】 IAM 政策不應允許完整的「\$1」管理權限](iam-controls.md#iam-1) |
| CIS v1.2.0 | 1.3 確定停用 90 天 (含) 以上未使用的登入資料 | [【IAM.8】 應移除未使用的 IAM 使用者登入資料](iam-controls.md#iam-8) |
| CIS v1.2.0 | 1.4 確保每 90 天或更短期限輪換存取金鑰 | [【IAM.3】 IAM 使用者的存取金鑰應每 90 天或更短時間輪換一次](iam-controls.md#iam-3) |
| CIS v1.2.0 | 1.5 確保 IAM 密碼政策至少需要一個大寫字母 | [【IAM.11】 確保 IAM 密碼政策至少需要一個大寫字母](iam-controls.md#iam-11) |
| CIS v1.2.0 | 1.6 確保 IAM 密碼政策至少需要一個小寫字母 | [【IAM.12】 確保 IAM 密碼政策至少需要一個小寫字母](iam-controls.md#iam-12) |
| CIS v1.2.0 | 1.7 確保 IAM 密碼政策至少需要一個符號 | [【IAM.13】 確保 IAM 密碼政策至少需要一個符號](iam-controls.md#iam-13) |
| CIS v1.2.0 | 1.8 確保 IAM 密碼政策至少需要一個數字 | [【IAM.14】 確保 IAM 密碼政策至少需要一個數字](iam-controls.md#iam-14) |
| CIS v1.2.0 | 1.9 確保 IAM 密碼政策要求密碼長度下限為 14 或更高 | [【IAM.15】 確保 IAM 密碼政策要求密碼長度下限為 14 或更高](iam-controls.md#iam-15) |
| CIS v1.2.0 | 2.1 確保所有區域都已啟用 CloudTrail | [【CloudTrail.1] CloudTrail 應該啟用並設定至少一個包含讀取和寫入管理事件的多區域追蹤](cloudtrail-controls.md#cloudtrail-1) |
| CIS v1.2.0 | 2.2 確保 CloudTrail 日誌檔案驗證已啟用 | [【CloudTrail.4] 應啟用 CloudTrail 日誌檔案驗證](cloudtrail-controls.md#cloudtrail-4) |
| CIS v1.2.0 | 2.3 確保用於存放 CloudTrail 日誌的 S3 儲存貯體不可公開存取 | [【CloudTrail.6] 確保用於存放 CloudTrail 日誌的 S3 儲存貯體不可公開存取](cloudtrail-controls.md#cloudtrail-6) |
| CIS v1.2.0 | 2.4 確保 CloudTrail 追蹤與 CloudWatch Logs 整合 | [【CloudTrail.5] CloudTrail 追蹤應與 Amazon CloudWatch Logs 整合](cloudtrail-controls.md#cloudtrail-5) |
| CIS v1.2.0 | 2.5 確保 AWS Config 已啟用 | [【Config.1】 AWS Config 應啟用並使用服務連結角色進行資源記錄](config-controls.md#config-1) |
| CIS v1.2.0 | 2.6 確保 CloudTrail S3 儲存貯體上已啟用 S3 儲存貯體存取記錄 | [【CloudTrail.7] 確定 CloudTrail S3 儲存貯體上已啟用 S3 儲存貯體存取記錄](cloudtrail-controls.md#cloudtrail-7) |
| CIS v1.2.0 | 2.7 確保使用 KMS CMKs對 CloudTrail 日誌進行靜態加密 | [[CloudTrail.2] CloudTrail 應啟用靜態加密](cloudtrail-controls.md#cloudtrail-2) |
| CIS v1.2.0 | 2.8 確定輪換客戶建立的 CMK | [【KMS.4】 應啟用 AWS KMS 金鑰輪換](kms-controls.md#kms-4) |
| CIS v1.2.0 | 2.9 確定所有 VPC 中皆已啟用 VPC 流程記錄 | [【EC2.6】 應在所有 VPC 中啟用 VPCs 流程記錄](ec2-controls.md#ec2-6) |
| CIS v1.2.0 | 3.1 確定未經授權的 API 呼叫中存在日誌指標篩選條件和警示 | [【CloudWatch.2] 確保未經授權的 API 呼叫存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-2) |
| CIS v1.2.0 | 3.10 確定安全群組變更存在日誌指標篩選條件和警示 | [【CloudWatch.10] 確保安全群組變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-10) |
| CIS v1.2.0 | 3.11 確定網路存取控制清單 (NACL) 變更存在日誌指標篩選條件和警示 | [【CloudWatch.11] 確定網路存取控制清單 (NACL) 的變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-11) |
| CIS v1.2.0 | 3.12 確定網路閘道變更存在日誌指標篩選條件和警示 | [【CloudWatch.12] 確保網路閘道變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-12) |
| CIS v1.2.0 | 3.13 確定路由表變更存在日誌指標篩選條件和警示 | [【CloudWatch.13] 確保路由表變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-13) |
| CIS v1.2.0 | 3.14 確定 VPC 變更存在日誌指標篩選條件和警示 | [【CloudWatch.14] 確保 VPC 變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-14) |
| CIS v1.2.0 | 3.2 確保沒有 MFA 的管理主控台登入存在日誌指標篩選條件和警示 | [【CloudWatch.3] 確保沒有 MFA 的管理主控台登入存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-3) |
| CIS v1.2.0 | 3.3 確保根使用者的用量存在日誌指標篩選條件和警示 | [【CloudWatch.1] 應該存在日誌指標篩選條件和警示以使用「根」使用者](cloudwatch-controls.md#cloudwatch-1) |
| CIS v1.2.0 | 3.4 確保 IAM 政策變更存在日誌指標篩選條件和警示 | [【CloudWatch.4] 確保 IAM 政策變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-4) |
| CIS v1.2.0 | 3.5 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示 | [【CloudWatch.5] 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-5) |
| CIS v1.2.0 | 3.6 確保 AWS 管理主控台 存在驗證失敗的日誌指標篩選條件和警示 | [【CloudWatch.6] 確保 AWS 管理主控台 驗證失敗時存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-6) |
| CIS v1.2.0 | 3.7 確定停用或排定刪除客戶建立的 CMK,存在日誌指標篩選條件和警示 | [【CloudWatch.7] 確保日誌指標篩選條件和警示存在,以停用或排程刪除客戶受管金鑰](cloudwatch-controls.md#cloudwatch-7) |
| CIS v1.2.0 | 3.8 確定 S3 儲存貯體政策變更存在日誌指標篩選條件和警示 | [【CloudWatch.8] 確保 S3 儲存貯體政策變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-8) |
| CIS v1.2.0 | 3.9 確保 AWS Config 組態變更存在日誌指標篩選條件和警示 | [【CloudWatch.9] 確保 AWS Config 組態變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-9) |
| CIS v1.2.0 | 4.1 確保無安全群組允許從 0.0.0.0/0 輸入連接埠 22 | [【EC2.13】 安全群組不應允許從 0.0.0.0/0 或 ::/0 傳入連接埠 22](ec2-controls.md#ec2-13) |
| CIS v1.2.0 | 4.2 確保無安全群組允許從 0.0.0.0/0 輸入連接埠 3389 | [【EC2.14】 安全群組不應允許從 0.0.0.0/0 或 ::/0 傳入連接埠 3389](ec2-controls.md#ec2-14) |
| CIS v1.2.0 | 4.3 確保每個 VPC 的預設安全群組都會限制所有流量 | [【EC2.2】 VPC 預設安全群組不應允許傳入或傳出流量](ec2-controls.md#ec2-2) |
| CIS 1.4.0 版 | 1.10 確保所有具有主控台密碼的 IAM 使用者都已啟用多重驗證 (MFA) | [[IAM.5] 應為所有擁有主控台密碼的 IAM 使用者啟用 MFA](iam-controls.md#iam-5) |
| CIS 1.4.0 版 | 1.14 確保每 90 天或更短時間輪換存取金鑰 | [【IAM.3】 IAM 使用者的存取金鑰應每 90 天或更短時間輪換一次](iam-controls.md#iam-3) |
| CIS 1.4.0 版 | 1.16 確保未連接允許完整 "\$1:\$1" 管理權限的 IAM 政策 | [【IAM.1】 IAM 政策不應允許完整的「\$1」管理權限](iam-controls.md#iam-1) |
| CIS 1.4.0 版 | 1.17 確定已建立支援角色來使用 管理事件 支援 | [【IAM.18】 確保已建立支援角色來使用 管理事件 AWS 支援](iam-controls.md#iam-18) |
| CIS 1.4.0 版 | 1.4 確保根使用者帳戶存取金鑰不存在 | [【IAM.4】 IAM 根使用者存取金鑰不應存在](iam-controls.md#iam-4) |
| CIS 1.4.0 版 | 1.5 確定根使用者帳戶已啟用 MFA | [【IAM.9】 應為根使用者啟用 MFA](iam-controls.md#iam-9) |
| CIS 1.4.0 版 | 1.6 確定已啟用根使用者帳戶的硬體 MFA | [[IAM.6] 應為根使用者啟用硬體 MFA](iam-controls.md#iam-6) |
| CIS 1.4.0 版 | 1.7 避免將根使用者用於管理和日常任務 | [【CloudWatch.1] 應該存在日誌指標篩選條件和警示以使用「根」使用者](cloudwatch-controls.md#cloudwatch-1) |
| CIS 1.4.0 版 | 1.8 確保 IAM 密碼政策的長度下限為 14 或更高 | [【IAM.15】 確保 IAM 密碼政策要求密碼長度下限為 14 或更高](iam-controls.md#iam-15) |
| CIS 1.4.0 版 | 1.9 確保 IAM 密碼政策防止密碼重複使用 | [【IAM.16】 確保 IAM 密碼政策防止密碼重複使用](iam-controls.md#iam-16) |
| CIS 1.4.0 版 | 2.1.2 確保 S3 儲存貯體政策設定為拒絕 HTTP 請求 | [【S3.5】 S3 一般用途儲存貯體應要求請求使用 SSL](s3-controls.md#s3-5) |
| CIS 1.4.0 版 | 應啟用 2.1.5.1 S3 封鎖公開存取設定 | [【S3.1】 S3 一般用途儲存貯體應啟用封鎖公開存取設定](s3-controls.md#s3-1) |
| CIS 1.4.0 版 | 2.1.5.2 S3 封鎖公開存取設定應在儲存貯體層級啟用 | [【S3.8】 S3 一般用途儲存貯體應封鎖公開存取](s3-controls.md#s3-8) |
| CIS 1.4.0 版 | 2.2.1 確保已啟用 EBS 磁碟區加密 | [【EC2.7】 應啟用 EBS 預設加密](ec2-controls.md#ec2-7) |
| CIS 1.4.0 版 | 2.3.1 確定已啟用 RDS 執行個體的加密 | [[RDS.3] RDS 資料庫執行個體應啟用靜態加密](rds-controls.md#rds-3) |
| CIS 1.4.0 版 | 3.1 確保所有區域都已啟用 CloudTrail | [【CloudTrail.1] CloudTrail 應該啟用並設定至少一個包含讀取和寫入管理事件的多區域追蹤](cloudtrail-controls.md#cloudtrail-1) |
| CIS 1.4.0 版 | 3.2 確保已啟用 CloudTrail 日誌檔案驗證 | [【CloudTrail.4] 應啟用 CloudTrail 日誌檔案驗證](cloudtrail-controls.md#cloudtrail-4) |
| CIS 1.4.0 版 | 3.4 確保 CloudTrail 追蹤與 CloudWatch Logs 整合 | [【CloudTrail.5] CloudTrail 追蹤應與 Amazon CloudWatch Logs 整合](cloudtrail-controls.md#cloudtrail-5) |
| CIS 1.4.0 版 | 3.5 確保所有區域 AWS Config 都已啟用 | [【Config.1】 AWS Config 應啟用並使用服務連結角色進行資源記錄](config-controls.md#config-1) |
| CIS 1.4.0 版 | 3.6 確保 CloudTrail S3 儲存貯體上已啟用 S3 儲存貯體存取記錄 | [【CloudTrail.7] 確定 CloudTrail S3 儲存貯體上已啟用 S3 儲存貯體存取記錄](cloudtrail-controls.md#cloudtrail-7) |
| CIS 1.4.0 版 | 3.7 確保使用 KMS CMKs對 CloudTrail 日誌進行靜態加密 | [[CloudTrail.2] CloudTrail 應啟用靜態加密](cloudtrail-controls.md#cloudtrail-2) |
| CIS 1.4.0 版 | 3.8 確保已啟用客戶建立CMKs 輪換 | [【KMS.4】 應啟用 AWS KMS 金鑰輪換](kms-controls.md#kms-4) |
| CIS 1.4.0 版 | 3.9 確保所有 VPC 中都已啟用 VPCs流程記錄 | [【EC2.6】 應在所有 VPC 中啟用 VPCs 流程記錄](ec2-controls.md#ec2-6) |
| CIS 1.4.0 版 | 4.4 確保 IAM 政策變更存在日誌指標篩選條件和警示 | [【CloudWatch.4] 確保 IAM 政策變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-4) |
| CIS 1.4.0 版 | 4.5 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示 | [【CloudWatch.5] 確保 CloudTrail 組態變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-5) |
| CIS 1.4.0 版 | 4.6 確保 AWS 管理主控台 驗證失敗時存在日誌指標篩選條件和警示 | [【CloudWatch.6] 確保 AWS 管理主控台 驗證失敗時存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-6) |
| CIS 1.4.0 版 | 4.7 確保日誌指標篩選條件和警示存在,以停用或排程刪除客戶建立的 CMKs | [【CloudWatch.7] 確保日誌指標篩選條件和警示存在,以停用或排程刪除客戶受管金鑰](cloudwatch-controls.md#cloudwatch-7) |
| CIS 1.4.0 版 | 4.8 確保 S3 儲存貯體政策變更存在日誌指標篩選條件和警示 | [【CloudWatch.8] 確保 S3 儲存貯體政策變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-8) |
| CIS 1.4.0 版 | 4.9 確保 AWS Config 組態變更存在日誌指標篩選條件和警示 | [【CloudWatch.9] 確保 AWS Config 組態變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-9) |
| CIS 1.4.0 版 | 4.10 確保安全群組變更存在日誌指標篩選條件和警示 | [【CloudWatch.10] 確保安全群組變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-10) |
| CIS 1.4.0 版 | 4.11 確保網路存取控制清單 (NACL) 的變更存在日誌指標篩選條件和警示 | [【CloudWatch.11] 確定網路存取控制清單 (NACL) 的變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-11) |
| CIS 1.4.0 版 | 4.12 確保網路閘道變更存在日誌指標篩選條件和警示 | [【CloudWatch.12] 確保網路閘道變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-12) |
| CIS 1.4.0 版 | 4.13 確保路由表變更存在日誌指標篩選條件和警示 | [【CloudWatch.13] 確保路由表變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-13) |
| CIS 1.4.0 版 | 4.14 確保 VPC 變更存在日誌指標篩選條件和警示 | [【CloudWatch.14] 確保 VPC 變更存在日誌指標篩選條件和警示](cloudwatch-controls.md#cloudwatch-14) |
| CIS 1.4.0 版 | 5.1 確保網路 ACLs 不允許從 0.0.0.0/0 傳入遠端伺服器管理連接埠 | [【EC2.21】 網路 ACLs 不應允許從 0.0.0.0/0 傳入連接埠 22 或連接埠 3389](ec2-controls.md#ec2-21) |
| CIS 1.4.0 版 | 5.3 確保每個 VPC 的預設安全群組限制所有流量 | [【EC2.2】 VPC 預設安全群組不應允許傳入或傳出流量](ec2-controls.md#ec2-2) |
| PCI DSS v3.2.1 | 與負載平衡器相關聯的 PCI.AutoScaling.1 Auto Scaling 群組應使用負載平衡器運作狀態檢查 | [【AutoScaling.1] 與負載平衡器相關聯的 Auto Scaling 群組應使用 ELB 運作狀態檢查](autoscaling-controls.md#autoscaling-1) |
| PCI DSS v3.2.1 | PCI.CloudTrail.1 CloudTrail 日誌應使用 AWS KMS CMKs 進行靜態加密 | [[CloudTrail.2] CloudTrail 應啟用靜態加密](cloudtrail-controls.md#cloudtrail-2) |
| PCI DSS v3.2.1 | 應啟用 PCI.CloudTrail.2 CloudTrail | [【CloudTrail.3] 至少應啟用一個 CloudTrail 追蹤](cloudtrail-controls.md#cloudtrail-3) |
| PCI DSS v3.2.1 | 應啟用 PCI.CloudTrail.3 CloudTrail 日誌檔案驗證 | [【CloudTrail.4] 應啟用 CloudTrail 日誌檔案驗證](cloudtrail-controls.md#cloudtrail-4) |
| PCI DSS v3.2.1 | PCI.CloudTrail.4 CloudTrail 追蹤應與 Amazon CloudWatch Logs 整合 | [【CloudTrail.5] CloudTrail 追蹤應與 Amazon CloudWatch Logs 整合](cloudtrail-controls.md#cloudtrail-5) |
| PCI DSS v3.2.1 | PCI.CodeBuild.1 CodeBuild GitHub 或 Bitbucket 來源儲存庫 URLs應使用 OAuth | [【CodeBuild.1] CodeBuild Bitbucket 來源儲存庫 URLs 不應包含敏感登入資料](codebuild-controls.md#codebuild-1) |
| PCI DSS v3.2.1 | PCI.CodeBuild.2 CodeBuild 專案環境變數不應包含純文字登入資料 | [【CodeBuild.2] CodeBuild 專案環境變數不應包含純文字登入資料](codebuild-controls.md#codebuild-2) |
| PCI DSS v3.2.1 | AWS Config 應啟用 PCI.Config.1 | [【Config.1】 AWS Config 應啟用並使用服務連結角色進行資源記錄](config-controls.md#config-1) |
| PCI DSS v3.2.1 | PCI.CW.1 應使用「根」使用者的日誌指標篩選條件和警示 | [【CloudWatch.1] 應該存在日誌指標篩選條件和警示以使用「根」使用者](cloudwatch-controls.md#cloudwatch-1) |
| PCI DSS v3.2.1 | PCI.DMS.1 Database Migration Service 複寫執行個體不應為公有 | [【DMS.1】 Database Migration Service 複寫執行個體不應為公有](dms-controls.md#dms-1) |
| PCI DSS v3.2.1 | PCI.EC2.1 EBS 快照不應可公開還原 | [【EC2.1】 Amazon EBS 快照不應可公開還原](ec2-controls.md#ec2-1) |
| PCI DSS v3.2.1 | PCI.EC2.2 VPC 預設安全群組應禁止傳入和傳出流量 | [【EC2.2】 VPC 預設安全群組不應允許傳入或傳出流量](ec2-controls.md#ec2-2) |
| PCI DSS v3.2.1 | 應移除 PCI.EC2.4 未使用的 EC2 EIPs | [【EC2.12】 應移除未使用的 Amazon EC2 EIPs](ec2-controls.md#ec2-12) |
| PCI DSS v3.2.1 | PCI.EC2.5 安全群組不應允許從 0.0.0.0/0 傳入連接埠 22 | [【EC2.13】 安全群組不應允許從 0.0.0.0/0 或 ::/0 傳入連接埠 22](ec2-controls.md#ec2-13) |
| PCI DSS v3.2.1 | 應在所有 VPC 中啟用 PCI.EC2.6 VPCs 流程記錄 | [【EC2.6】 應在所有 VPC 中啟用 VPCs 流程記錄](ec2-controls.md#ec2-6) |
| PCI DSS v3.2.1 | PCI.ELBv2.1 Application Load Balancer 應設定為將所有 HTTP 請求重新導向至 HTTPS | [【ELB.1】 Application Load Balancer 應設定為將所有 HTTP 請求重新導向至 HTTPS](elb-controls.md#elb-1) |
| PCI DSS v3.2.1 | PCI.ES.1 Elasticsearch 網域應該位於 VPC 中 | [【ES.2】 不應公開存取 Elasticsearch 網域](es-controls.md#es-2) |
| PCI DSS v3.2.1 | PCI.ES.2 Elasticsearch 網域應該啟用靜態加密 | [【ES.1】 Elasticsearch 網域應該啟用靜態加密](es-controls.md#es-1) |
| PCI DSS v3.2.1 | 應啟用 PCI.GuardDuty.1 GuardDuty | [【GuardDuty.1] 應啟用 GuardDuty](guardduty-controls.md#guardduty-1) |
| PCI DSS v3.2.1 | PCI.IAM.1 IAM 根使用者存取金鑰不應存在 | [【IAM.4】 IAM 根使用者存取金鑰不應存在](iam-controls.md#iam-4) |
| PCI DSS v3.2.1 | PCI.IAM.2 IAM 使用者不應連接 IAM 政策 | [【IAM.2】 IAM 使用者不應連接 IAM 政策](iam-controls.md#iam-2) |
| PCI DSS v3.2.1 | PCI.IAM.3 IAM 政策不應允許完整的「\$1」管理權限 | [【IAM.1】 IAM 政策不應允許完整的「\$1」管理權限](iam-controls.md#iam-1) |
| PCI DSS v3.2.1 | 應為根使用者啟用 PCI.IAM.4 硬體 MFA | [[IAM.6] 應為根使用者啟用硬體 MFA](iam-controls.md#iam-6) |
| PCI DSS v3.2.1 | 應為根使用者啟用 PCI.IAM.5 Virtual MFA | [【IAM.9】 應為根使用者啟用 MFA](iam-controls.md#iam-9) |
| PCI DSS v3.2.1 | 應為所有 IAM 使用者啟用 PCI.IAM.6 MFA | [【IAM.19】 應為所有 IAM 使用者啟用 MFA](iam-controls.md#iam-19) |
| PCI DSS v3.2.1 | 如果未在預先定義的天數內使用 PCI.IAM.7 IAM 使用者登入資料,則應停用 | [【IAM.8】 應移除未使用的 IAM 使用者登入資料](iam-controls.md#iam-8) |
| PCI DSS v3.2.1 | IAM 使用者適用的 PCI.IAM.8 密碼政策應具有強大的組態 | [【IAM.10】 IAM 使用者的密碼政策應具有強大的組態](iam-controls.md#iam-10) |
| PCI DSS v3.2.1 | 應啟用 PCI.KMS.1 客戶主金鑰 (CMK) 輪換 | [【KMS.4】 應啟用 AWS KMS 金鑰輪換](kms-controls.md#kms-4) |
| PCI DSS v3.2.1 | PCI.Lambda.1 Lambda 函數應禁止公開存取 | [【Lambda.1】 Lambda 函數政策應禁止公開存取](lambda-controls.md#lambda-1) |
| PCI DSS v3.2.1 | PCI.Lambda.2 Lambda 函數應該位於 VPC 中 | [【Lambda.3】 Lambda 函數應該位於 VPC 中](lambda-controls.md#lambda-3) |
| PCI DSS v3.2.1 | PCI.Opensearch.1 OpenSearch 網域應該位於 VPC 中 | [【Opensearch.2】 不應公開存取 OpenSearch 網域](opensearch-controls.md#opensearch-2) |
| PCI DSS v3.2.1 | PCI.Opensearch.2 EBS 快照不應可公開還原 | [【Opensearch.1】 OpenSearch 網域應該啟用靜態加密](opensearch-controls.md#opensearch-1) |
| PCI DSS v3.2.1 | PCI.RDS.1 RDS 快照應為私有 | [【RDS.1】 RDS 快照應為私有](rds-controls.md#rds-1) |
| PCI DSS v3.2.1 | PCI.RDS.2 RDS 資料庫執行個體應禁止公開存取 | [【RDS.2】 RDS 資料庫執行個體應禁止公開存取,由 PubliclyAccessible 組態決定](rds-controls.md#rds-2) |
| PCI DSS v3.2.1 | PCI.Redshift.1 Amazon Redshift 叢集應禁止公開存取 | [【Redshift.1】 Amazon Redshift 叢集應禁止公開存取](redshift-controls.md#redshift-1) |
| PCI DSS v3.2.1 | PCI.S3.1 S3 儲存貯體應禁止公有寫入存取 | [【S3.3】 S3 一般用途儲存貯體應封鎖公有寫入存取](s3-controls.md#s3-3) |
| PCI DSS v3.2.1 | PCI.S3.2 S3 儲存貯體應禁止公開讀取存取 | [【S3.2】 S3 一般用途儲存貯體應封鎖公開讀取存取](s3-controls.md#s3-2) |
| PCI DSS v3.2.1 | PCI.S3.3 S3 儲存貯體應啟用跨區域複寫 | [【S3.7】 S3 一般用途儲存貯體應使用跨區域複寫](s3-controls.md#s3-7) |
| PCI DSS v3.2.1 | PCI.S3.5 S3 儲存貯體應要求請求使用 Secure Socket Layer | [【S3.5】 S3 一般用途儲存貯體應要求請求使用 SSL](s3-controls.md#s3-5) |
| PCI DSS v3.2.1 | 應啟用 PCI.S3.6 S3 封鎖公開存取設定 | [【S3.1】 S3 一般用途儲存貯體應啟用封鎖公開存取設定](s3-controls.md#s3-1) |
| PCI DSS v3.2.1 | PCI.SageMaker.1 Amazon SageMaker 筆記本執行個體不應具有直接網際網路存取 | [【SageMaker.1] Amazon SageMaker 筆記本執行個體不應具有直接網際網路存取](sagemaker-controls.md#sagemaker-1) |
| PCI DSS v3.2.1 | Systems Manager 管理的 PCI.SSM.1 EC2 執行個體在修補程式安裝後應具有 COMPLIANT 的修補程式合規狀態 | [【SSM.2】 Systems Manager 管理的 Amazon EC2 執行個體在修補程式安裝後應具有 COMPLIANT 的修補程式合規狀態](ssm-controls.md#ssm-2) |
| PCI DSS v3.2.1 | Systems Manager 管理的 PCI.SSM.2 EC2 執行個體應具有 COMPLIANT 的關聯合規狀態 | [【SSM.3】 Systems Manager 管理的 Amazon EC2 執行個體應具有 COMPLIANT 的關聯合規狀態](ssm-controls.md#ssm-3) |
| PCI DSS v3.2.1 | PCI.SSM.3 EC2 執行個體應該由 管理 AWS Systems Manager | [【SSM.1】 Amazon EC2 執行個體應該由 管理 AWS Systems Manager](ssm-controls.md#ssm-1) |
## 更新整合的工作流程
如果您的工作流程不依賴控制調查結果中任何欄位的特定格式,則不需要採取任何動作。
如果您的工作流程依賴控制調查結果中一或多個欄位的特定格式,如上表所述,您應該更新您的工作流程。例如,如果您建立的 Amazon EventBridge 規則觸發特定控制項 ID 的動作,例如在控制項 ID 等於 CIS 2.7 時叫用 AWS Lambda 函數,請更新規則以使用 CloudTrail.2,這是該控制項 `Compliance.SecurityControlId` 欄位的值。
如果您建立的[自訂洞見](securityhub-custom-insights.md)使用任何已變更的欄位或值,請更新這些洞見以使用新的欄位或值。
# 必要的頂層 ASFF 屬性
安全性 AWS 問題清單格式 (ASFF) 中的下列頂層屬性是 Security Hub CSPM 中所有問題清單的必要項目。如需這些屬性的詳細資訊,請參閱 *AWS Security Hub API 參考*[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html)中的 。
## AwsAccountId
調查結果套用的 AWS 帳戶 ID。
**範例**
```
"AwsAccountId": "111111111111"
```
## CreatedAt
指出問題清單擷取的潛在安全問題或事件建立的時間。
**範例**
```
"CreatedAt": "2017-03-22T13:22:13.933Z"
```
## Description
問題清單的描述。此欄位可以是非特定的範例文字或問題清單執行個體的特定詳細資訊。
對於 Security Hub CSPM 產生的控制項調查結果,此欄位提供控制項的說明。
如果您開啟[合併控制問題清單](controls-findings-create-update.md#consolidated-control-findings),則此欄位不會參考標準。
**範例**
```
"Description": "This AWS control checks whether AWS Config is enabled in the current account and Region."
```
## GeneratorId
產生問題清單的解決方案特定元件 (邏輯分散式單位) 識別符。
對於 Security Hub CSPM 產生的控制調查結果,如果您開啟[合併的控制調查結果](controls-findings-create-update.md#consolidated-control-findings),則此欄位不會參考標準。
**範例**
```
"GeneratorId": "security-control/Config.1"
```
## Id
問題清單的產品特定識別符。對於 Security Hub CSPM 產生的控制調查結果,此欄位會提供調查結果的 Amazon Resource Name (ARN)。
如果您開啟[合併控制問題清單](controls-findings-create-update.md#consolidated-control-findings),則此欄位不會參考標準。
**範例**
```
"Id": "arn:aws:securityhub:eu-central-1:123456789012:security-control/iam.9/finding/ab6d6a26-a156-48f0-9403-115983e5a956"
```
## ProductArn
Security Hub CSPM 產生的 Amazon Resource Name (ARN),可在產品向 Security Hub CSPM 註冊後唯一識別第三方調查結果產品。
此欄位的格式為 `arn:partition:securityhub:region:account-id:product/company-id/product-id`。
+ 對於與 Security Hub CSPM 整合 AWS 服務 的 , `company-id` 必須是 "`aws`",而 `product-id`必須是 AWS 公有服務名稱。由於 AWS 產品和服務未與 帳戶相關聯,因此 ARN 的 `account-id`區段為空白。尚未與 Security Hub CSPM 整合 AWS 服務 的 會被視為第三方產品。
+ 針對公有產品,`company-id` 和 `product-id` 必須是註冊時指定的 ID 值。
+ 針對私有產品,`company-id` 必須是帳戶 ID。`product-id` 必須是預留的 "default" 字詞,或註冊時指定的 ID。
**範例**
```
// Private ARN
"ProductArn": "arn:aws:securityhub:us-east-1:111111111111:product/111111111111/default"
// Public ARN
"ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty"
"ProductArn": "arn:aws:securityhub:us-west-2:222222222222:product/generico/secure-pro"
```
## Resources
物件`Resources`陣列提供一組資源資料類型,描述調查結果所參考 AWS 的資源。如需`Resources`物件可能包含之欄位的詳細資訊,包括需要哪些欄位,請參閱 *AWS Security Hub API 參考*[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Resource.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Resource.html)中的 。如需特定 `Resources` 物件的範例 AWS 服務,請參閱 [Resources ASFF 物件](asff-resources.md)。
**範例**
```
"Resources": [
{
"ApplicationArn": "arn:aws:resource-groups:us-west-2:123456789012:group/SampleApp/1234567890abcdef0",
"ApplicationName": "SampleApp",
"DataClassification": {
"DetailedResultsLocation": "Path_to_Folder_Or_File",
"Result": {
"MimeType": "text/plain",
"SizeClassified": 2966026,
"AdditionalOccurrences": false,
"Status": {
"Code": "COMPLETE",
"Reason": "Unsupportedfield"
},
"SensitiveData": [
{
"Category": "PERSONAL_INFORMATION",
"Detections": [
{
"Count": 34,
"Type": "GE_PERSONAL_ID",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 10,
"StartColumn": 20
}
],
"Pages": [],
"Records": [],
"Cells": []
}
},
{
"Count": 59,
"Type": "EMAIL_ADDRESS",
"Occurrences": {
"Pages": [
{
"PageNumber": 1,
"OffsetRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
},
"LineRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
}
}
]
}
},
{
"Count": 2229,
"Type": "URL",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 13
}
]
}
},
{
"Count": 13826,
"Type": "NameDetection",
"Occurrences": {
"Records": [
{
"RecordIndex": 1,
"JsonPath": "$.ssn.value"
}
]
}
},
{
"Count": 32,
"Type": "AddressDetection"
}
],
"TotalCount": 32
}
],
"CustomDataIdentifiers": {
"Detections": [
{
"Arn": "1712be25e7c7f53c731fe464f1c869b8",
"Name": "1712be25e7c7f53c731fe464f1c869b8",
"Count": 2
}
],
"TotalCount": 2
}
}
},
"Type": "AwsEc2Instance",
"Id": "arn:aws:ec2:us-west-2:123456789012:instance/i-abcdef01234567890",
"Partition": "aws",
"Region": "us-west-2",
"ResourceRole": "Target",
"Tags": {
"billingCode": "Lotus-1-2-3",
"needsPatching": true
},
"Details": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:role/IamInstanceProfileArn",
"ImageId": "ami-79fd7eee",
"IpV4Addresses": ["1.1.1.1"],
"IpV6Addresses": ["2001:db8:1234:1a2b::123"],
"KeyName": "testkey",
"LaunchedAt": "2018-09-29T01:25:54Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled"
}
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "PublicSubnet",
"Type": "i3.xlarge",
"VirtualizationType": "hvm",
"VpcId": "TestVPCIpv6"
}
]
```
## SchemaVersion
要格式化問題清單的結構描述版本。此欄位的值必須是 AWS識別的正式發佈版本之一。在目前版本中, AWS 安全調查結果格式結構描述版本為 `2018-10-08`。
**範例**
```
"SchemaVersion": "2018-10-08"
```
## 嚴重性
定義問題清單的重要性。如需此物件的詳細資訊,請參閱《 *AWS Security Hub API 參考*[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Severity.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Severity.html)》中的 。
`Severity` 是調查結果中最上層的物件,並巢狀在`FindingProviderFields`物件下。
只能使用 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 更新調查結果的最上層`Severity`物件的值。
若要提供嚴重性資訊,問題清單提供者應在提出 [https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchImportFindings.html) API 請求`FindingProviderFields`時更新 下的`Severity`物件。
如果新調查結果的`BatchImportFindings`請求僅提供 `Label`或僅提供 `Normalized`,Security Hub CSPM 會自動填入另一個欄位的值。
也可以填入 `Product`和 `Original` 欄位。
如果頂層`Finding.Severity`物件存在但`Finding.FindingProviderFields`不存在,Security Hub CSPM 會建立`FindingProviderFields.Severity`物件並將整個物件複製到`Finding.Severity object`其中。這可確保原始供應商提供的詳細資訊會保留在`FindingProviderFields.Severity`結構中,即使覆寫頂層`Severity`物件也是如此。
問題清單嚴重性不會將牽涉之資產或基礎資源的重要性納入考量。重要性的定義是與問題清單相關聯之資源的重要性層級。例如,與關鍵任務應用程式相關聯的資源,其重要性高於與非生產測試相關聯的資源。如果要擷取資源重要性的資訊,請使用 `Criticality` 欄位。
我們建議您在將問題清單的原生嚴重性分數轉譯為 ASFF `Severity.Label`中的 值時,使用下列指引。
+ `INFORMATIONAL` – 此類別可能包括 `PASSED`、 `WARNING`或 `NOT AVAILABLE`檢查的調查結果或敏感資料識別。
+ `LOW` – 可能導致未來入侵的問題清單。例如,此類別可能包含漏洞、組態弱點和公開密碼。
+ `MEDIUM` – 指出主動入侵,但未指出對手完成其目標的調查結果。例如,此類別可能包含惡意軟體活動、駭客活動和異常行為偵測。
+ `HIGH` 或 `CRITICAL` – 指出對手完成其目標的調查結果,例如作用中的資料遺失或入侵,或是拒絕服務。
**範例**
```
"Severity": {
"Label": "CRITICAL",
"Normalized": 90,
"Original": "CRITICAL"
}
```
## Title
問題清單的標題。此欄位可以包含非特定的範例文字或此問題清單執行個體的特定詳細資訊。
對於控制項調查結果,此欄位提供控制項的標題。如果您開啟[合併控制問題清單](controls-findings-create-update.md#consolidated-control-findings),則此欄位不會參考標準。
**範例**
```
"Title": "AWS Config should be enabled"
```
## 類型
一或多個格式為 `namespace/category/classifier` 的問題清單類型,可分類問題清單。如果您開啟[合併控制問題清單](controls-findings-create-update.md#consolidated-control-findings),則此欄位不會參考標準。
`Types` 應僅使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 更新。
尋找想要提供 值的提供者時,`Types`應使用 `Types` 下的 屬性[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_FindingProviderFields.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_FindingProviderFields.html)。
在下列清單中,最上層項目符號是命名空間,第二層項目符號是類別,第三層項目符號是分類器。我們建議調查結果提供者使用定義的命名空間來協助排序和分組調查結果。定義的類別和分類器也可以使用,但不是必要的。只有軟體和組態檢查命名空間有定義的分類器。
您可以定義namespace/category/classifier的部分路徑。例如,下列調查結果類型都是有效的:
+ TTP
+ TTPs/Defense Evasion
+ TTPs/Defense Evasion/CloudTrailStopped
下列清單中的策略、技術和程序 (TTPs) 類別符合 [MITRE ATT&CK MatrixTM](https://attack.mitre.org/matrices/enterprise/)。異常行為命名空間反映一般異常行為,例如一般統計異常,且與特定 TTP 不相符。不過,您可使用異常行為和 TTP 問題清單類型來分類問題清單。
**命名空間、類別和分類器的清單:**
+ 軟體和組態檢查
+ 漏洞
+ CVE
+ AWS 安全最佳實務
+ 網路連線能力
+ 執行時間行為分析
+ 產業和法規標準
+ AWS 基礎安全最佳實務
+ CIS 主機強化基準
+ CIS AWS Foundations 基準
+ PCI-DSS
+ 雲端安全性聯盟控制
+ ISO 90001 控制
+ ISO 27001 控制
+ ISO 27017 控制
+ ISO 27018 控制
+ SOC 1
+ SOC 2
+ HIPAA 控制 (美國)
+ NIST 800-53 控制 (美國)
+ NIST CSF 控制 (美國)
+ IRAP 控制 (澳大利亞)
+ K-ISMS 控制 (韓國)
+ MTCS 控制 (新加坡)
+ FISC 控制 (日本)
+ 個人編號法案控制 (日本)
+ ENS 控制 (西班牙)
+ Cyber Essentials Plus 控制 (英國)
+ G-Cloud 控制 (英國)
+ C5 控制 (德國)
+ IT-Grundschutz 控制 (德國)
+ GDPR 控制 (歐洲)
+ TISAX 控制 (歐洲)
+ 修補管理
+ TTP
+ 初始存取
+ 執行
+ Persistence
+ 權限提升
+ 防禦逃脫
+ 登入資料存取
+ 探索
+ 水平擴散
+ 收集
+ 命令和控制
+ 效果
+ 資料曝光
+ 資料外洩
+ 資料銷毀
+ 拒絕服務
+ 資源耗用
+ 異常行為
+ 應用程式
+ 網路流程
+ IP 位址
+ 使用者
+ VM
+ 容器
+ 無伺服器
+ 流程
+ 資料庫
+ 資料
+ 敏感資料識別
+ PII
+ 密碼
+ 法律聲明
+ 金融
+ 安全
+ 商業
**範例**
```
"Types": [
"Software and Configuration Checks/Vulnerabilities/CVE"
]
```
## UpdatedAt
指出調查結果提供者上次更新調查結果記錄的時間。
此時間戳記反映調查結果記錄上次或最近更新的時間。因此,它可能與`LastObservedAt`時間戳記不同,時間戳記會反映事件或漏洞上次或最近觀察到的時間。
更新問題清單記錄時,您必須將此時間戳記更新為目前的時間戳記。建立問題清單記錄時, `CreatedAt`和 `UpdatedAt`時間戳記必須相同。更新調查結果記錄後,此欄位的值必須比包含的所有先前值更新。
請注意, `UpdatedAt`無法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)操作更新。您只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)操作進行更新。
**範例**
```
"UpdatedAt": "2017-04-22T13:22:13.933Z"
```
# 選用最上層 ASFF 屬性
安全性 AWS 調查結果格式 (ASFF) 中的下列最上層屬性是 Security Hub CSPM 中調查結果的選用屬性。如需這些屬性的詳細資訊,請參閱 *AWS Security Hub API 參考*中的 [AwsSecurityFinding](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecurityFinding.html)。
## Action
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Action.html) 物件提供有關影響資源或對資源採取之動作的詳細資訊。
**範例**
```
"Action": {
"ActionType": "PORT_PROBE",
"PortProbeAction": {
"PortProbeDetails": [
{
"LocalPortDetails": {
"Port": 80,
"PortName": "HTTP"
},
"LocalIpDetails": {
"IpAddressV4": "192.0.2.0"
},
"RemoteIpDetails": {
"Country": {
"CountryName": "Example Country"
},
"City": {
"CityName": "Example City"
},
"GeoLocation": {
"Lon": 0,
"Lat": 0
},
"Organization": {
"AsnOrg": "ExampleASO",
"Org": "ExampleOrg",
"Isp": "ExampleISP",
"Asn": 64496
}
}
}
],
"Blocked": false
}
}
```
## AwsAccountName
調查結果套用 AWS 帳戶 到的名稱。
**範例**
```
"AwsAccountName": "jane-doe-testaccount"
```
## CompanyName
產生調查結果之產品的公司名稱。對於以控制項為基礎的調查結果,公司是 AWS。
Security Hub CSPM 會自動為每個調查結果填入此屬性。您無法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)或 進行更新[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。例外狀況是當您使用自訂整合時。請參閱 [將 Security Hub CSPM 與自訂產品整合](securityhub-custom-providers.md)。
當您使用 Security Hub CSPM 主控台依公司名稱篩選問題清單時,請使用此屬性。當您使用 Security Hub CSPM API 依公司名稱篩選問題清單時,您可以使用 下的 `aws/securityhub/CompanyName` 屬性`ProductFields`。Security Hub CSPM 不會同步這兩個屬性。
**範例**
```
"CompanyName": "AWS"
```
## 合規
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Compliance.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Compliance.html) 物件通常會提供有關控制項調查結果的詳細資訊,例如適用的標準和控制項檢查的狀態。
**範例**
```
"Compliance": {
"AssociatedStandards": [
{"StandardsId": "standards/aws-foundational-security-best-practices/v/1.0.0"},
{"StandardsId": "standards/service-managed-aws-control-tower/v/1.0.0"},
{"StandardsId": "standards/nist-800-53/v/5.0.0"}
],
"RelatedRequirements": [
"NIST.800-53.r5 AC-4",
"NIST.800-53.r5 AC-4(21)",
"NIST.800-53.r5 SC-7",
"NIST.800-53.r5 SC-7(11)",
"NIST.800-53.r5 SC-7(16)",
"NIST.800-53.r5 SC-7(21)",
"NIST.800-53.r5 SC-7(4)",
"NIST.800-53.r5 SC-7(5)"
],
"SecurityControlId": "EC2.18",
"SecurityControlParameters":[
{
"Name": "authorizedTcpPorts",
"Value": ["80", "443"]
},
{
"Name": "authorizedUdpPorts",
"Value": ["427"]
}
],
"Status": "NOT_AVAILABLE",
"StatusReasons": [
{
"ReasonCode": "CONFIG_RETURNS_NOT_APPLICABLE",
"Description": "This finding has a compliance status of NOT AVAILABLE because AWS Config sent Security Hub CSPM a finding with a compliance state of Not Applicable. The potential reasons for a Not Applicable finding from Config are that (1) a resource has been moved out of scope of the Config rule; (2) the Config rule has been deleted; (3) the resource has been deleted; or (4) the logic of the Config rule itself includes scenarios where Not Applicable is returned. The specific reason why Not Applicable is returned is not available in the Config rule evaluation."
}
]
}
```
## 可信度
調查結果準確識別其預期識別的行為或問題的可能性。
`Confidence` 應該只使用 更新[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。
尋找想要提供 值的提供者時,`Confidence`應使用 `Confidence` 下的 屬性`FindingProviderFields`。請參閱 [使用 更新問題清單 FindingProviderFields](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
`Confidence` 是以 0–100 為基準,使用比例比例來評分。0 表示 0% 可信度,100 表示 100% 可信度。例如,根據網路流量統計偏差的資料外洩偵測具有低可信度,因為尚未驗證實際的外洩。
**範例**
```
"Confidence": 42
```
## 重要性
指派給與問題清單相關聯資源的重要性層級。
`Criticality` 應僅透過呼叫 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 操作來更新。請勿使用 更新此物件[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)。
尋找想要提供 值的提供者時,`Criticality`應使用 `Criticality` 下的 屬性`FindingProviderFields`。請參閱 [使用 更新問題清單 FindingProviderFields](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
`Criticality` 以 0–100 為基準,使用僅支援完整整數的比率比例。0 分表示不重要的基礎資源,100 分預留給最重要的資源。
對於每個資源,指派 時請考慮下列事項`Criticality`:
+ 受影響的資源是否包含敏感資料 (例如具有 PII 的 S3 儲存貯體)?
+ 受影響的資源是否可讓對手深化其存取權或擴展其能力,以執行其他惡意活動 (例如,遭入侵的 sysadmin 帳戶)?
+ 此資源是否為企業重要資產 (例如,若遭入侵可能造成重大收益損失的業務系統)?
您可使用下列準則:
+ 支援關鍵任務系統或包含高度敏感資料的資源可以在 75–100 範圍內評分。
+ 支援重要 (但非關鍵系統) 或包含中等重要資料的資源可以在 25–74 範圍內評分。
+ 支援不重要系統或包含非敏感資料的資源應在 0–24 範圍內評分。
**範例**
```
"Criticality": 99
```
## 偵測
`Detection` 物件提供來自 Amazon GuardDuty 延伸威脅偵測之攻擊序列調查結果的詳細資訊。當多個事件符合潛在可疑活動時,GuardDuty 會產生攻擊序列調查結果。若要在 AWS Security Hub CSPM 中接收 GuardDuty 攻擊序列調查結果,您必須在帳戶中啟用 GuardDuty。如需詳細資訊,請參閱[《Amazon GuardDuty 使用者指南》中的 Amazon GuardDuty 延伸威脅偵測](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty-extended-threat-detection.html)。 *Amazon GuardDuty *
**範例**
```
"Detection": {
"Sequence": {
"Uid": "1111111111111-184ec3b9-cf8d-452d-9aad-f5bdb7afb010",
"Actors": [{
"Id": "USER:AROA987654321EXAMPLE:i-b188560f:1234567891",
"Session": {
"Uid": "1234567891",
"MfAStatus": "DISABLED",
"CreatedTime": "1716916944000",
"Issuer": "arn:aws:s3:::amzn-s3-demo-destination-bucket"
},
"User": {
"CredentialUid": "ASIAIOSFODNN7EXAMPLE",
"Name": "ec2_instance_role_production",
"Type": "AssumedRole",
"Uid": "AROA987654321EXAMPLE:i-b188560f",
"Account": {
"Uid": "AccountId",
"Name": "AccountName"
}
}
}],
"Endpoints": [{
"Id": "EndpointId",
"Ip": "203.0.113.1",
"Domain": "example.com",
"Port": 4040,
"Location": {
"City": "New York",
"Country": "US",
"Lat": 40.7123,
"Lon": -74.0068
},
"AutonomousSystem": {
"Name": "AnyCompany",
"Number": 64496
},
"Connection": {
"Direction": "INBOUND"
}
}],
"Signals": [{
"Id": "arn:aws:guardduty:us-east-1:123456789012:detector/d0bfe135ab8b4dd8c3eaae7df9900073/finding/535a382b1bcc44d6b219517a29058fb7",
"Title": "Someone ran a penetration test tool on your account.",
"ActorIds": ["USER:AROA987654321EXAMPLE:i-b188560f:1234567891"],
"Count": 19,
"FirstSeenAt": 1716916943000,
"SignalIndicators": [
{
"Key": "ATTACK_TACTIC",
"Title": "Attack Tactic",
"Values": [
"Impact"
]
},
{
"Key": "HIGH_RISK_API",
"Title": "High Risk Api",
"Values": [
"s3:DeleteObject"
]
},
{
"Key": "ATTACK_TECHNIQUE",
"Title": "Attack Technique",
"Values": [
"Data Destruction"
]
},
],
"LastSeenAt": 1716916944000,
"Name": "Test:IAMUser/KaliLinux",
"ResourceIds": [
"arn:aws:s3:::amzn-s3-demo-destination-bucket"
],
"Type": "FINDING"
}],
"SequenceIndicators": [
{
"Key": "ATTACK_TACTIC",
"Title": "Attack Tactic",
"Values": [
"Discovery",
"Exfiltration",
"Impact"
]
},
{
"Key": "HIGH_RISK_API",
"Title": "High Risk Api",
"Values": [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBuckets"
"s3:ListObjects"
]
},
{
"Key": "ATTACK_TECHNIQUE",
"Title": "Attack Technique",
"Values": [
"Cloud Service Discovery",
"Data Destruction"
]
}
]
}
}
```
## FindingProviderFields
`FindingProviderFields` 包含下列屬性:
+ `Confidence`
+ `Criticality`
+ `RelatedFindings`
+ `Severity`
+ `Types`
上述欄位會巢狀在 `FindingProviderFields` 物件下,但具有與最上層 ASFF 欄位同名的類比。當問題清單提供者將新問題清單傳送至 Security Hub CSPM 時,如果`FindingProviderFields`物件根據對應的頂層欄位為空白,Security Hub CSPM 會自動填入物件。
尋找提供者可以使用 Security Hub `FindingProviderFields` [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)CSPM API 的操作進行更新。尋找提供者無法使用 更新此物件[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。
如需 Security Hub CSPM 如何處理從 `BatchImportFindings` 到 `FindingProviderFields`和對應頂層屬性的更新的詳細資訊,請參閱 [使用 更新問題清單 FindingProviderFields](finding-update-batchimportfindings.md#batchimportfindings-findingproviderfields)。
客戶可以使用 `BatchUpdateFindings`操作更新最上層欄位。客戶無法更新 `FindingProviderFields`。
**範例**
```
"FindingProviderFields": {
"Confidence": 42,
"Criticality": 99,
"RelatedFindings":[
{
"ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "123e4567-e89b-12d3-a456-426655440000"
}
],
"Severity": {
"Label": "MEDIUM",
"Original": "MEDIUM"
},
"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ]
}
```
## FirstObservedAt
指出首次觀察到問題清單所擷取的潛在安全問題或事件。
此時間戳記會指定第一次觀察到事件或漏洞的時間。因此,它可能與`CreatedAt`時間戳記不同,時間戳記會反映此調查結果記錄的建立時間。
對於 Security Hub CSPM 產生和更新的控制調查結果,此時間戳記也可以指出資源最近變更的合規狀態。對於其他類型的問題清單,此時間戳記在問題清單記錄的更新之間應不可變,但如果確定更準確的時間戳記,則可以更新。
**範例**
```
"FirstObservedAt": "2017-03-22T13:22:13.933Z"
```
## LastObservedAt
指出安全性調查結果產品何時最近觀察到問題清單所擷取的潛在安全問題或事件。
此時間戳記指定事件或漏洞上次或最近觀察到的時間。因此,它可能與`UpdatedAt`時間戳記不同,時間戳記會反映此調查結果記錄上次或最近更新的時間。
您可以提供此時間戳記,但在第一次觀察時不需要。如果您在第一次觀察時填入此欄位,時間戳記應與`FirstObservedAt`時間戳記相同。您應該更新此欄位,以在每次觀察到問題清單時,反映上次或最近觀察到的時間戳記。
**範例**
```
"LastObservedAt": "2017-03-23T13:22:13.933Z"
```
## 惡意軟體
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Malware.html) 物件提供與問題清單相關的惡意程式清單。
**範例**
```
"Malware": [
{
"Name": "Stringler",
"Type": "COIN_MINER",
"Path": "/usr/sbin/stringler",
"State": "OBSERVED"
}
]
```
## 網路 (已淘汰)
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Network.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Network.html) 物件提供有關問題清單的網路相關資訊。
此物件已淘汰。若要提供此資料,您可以將資料映射至 中的資源`Resources`,或使用 `Action` 物件。
**範例**
```
"Network": {
"Direction": "IN",
"OpenPortRange": {
"Begin": 443,
"End": 443
},
"Protocol": "TCP",
"SourceIpV4": "1.2.3.4",
"SourceIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C",
"SourcePort": "42",
"SourceDomain": "example1.com",
"SourceMac": "00:0d:83:b1:c0:8e",
"DestinationIpV4": "2.3.4.5",
"DestinationIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C",
"DestinationPort": "80",
"DestinationDomain": "example2.com"
}
```
## NetworkPath
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_NetworkPathComponent.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_NetworkPathComponent.html) 物件提供與問題清單相關的網路路徑資訊。中的每個項目都`NetworkPath`代表路徑的元件。
**範例**
```
"NetworkPath" : [
{
"ComponentId": "abc-01a234bc56d8901ee",
"ComponentType": "AWS::EC2::InternetGateway",
"Egress": {
"Destination": {
"Address": [ "192.0.2.0/24" ],
"PortRanges": [
{
"Begin": 443,
"End": 443
}
]
},
"Protocol": "TCP",
"Source": {
"Address": ["203.0.113.0/24"]
}
},
"Ingress": {
"Destination": {
"Address": [ "198.51.100.0/24" ],
"PortRanges": [
{
"Begin": 443,
"End": 443
}
]
},
"Protocol": "TCP",
"Source": {
"Address": [ "203.0.113.0/24" ]
}
}
}
]
```
## 注意
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Note.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Note.html) 物件會指定使用者定義的備註,您可以將其新增至問題清單。
問題清單提供者可以提供問題清單的初始備註,但之後便無法新增備註。您只能使用 更新備註[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。
**範例**
```
"Note": {
"Text": "Don't forget to check under the mat.",
"UpdatedBy": "jsmith",
"UpdatedAt": "2018-08-31T00:15:09Z"
}
```
## PatchSummary
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_PatchSummary.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_PatchSummary.html) 物件會根據選取的合規標準,提供執行個體的修補程式合規狀態摘要。
**範例**
```
"PatchSummary" : {
"FailedCount" : 0,
"Id" : "pb-123456789098",
"InstalledCount" : 100,
"InstalledOtherCount" : 1023,
"InstalledPendingReboot" : 0,
"InstalledRejectedCount" : 0,
"MissingCount" : 100,
"Operation" : "Install",
"OperationEndTime" : "2018-09-27T23:39:31Z",
"OperationStartTime" : "2018-09-27T23:37:31Z",
"RebootOption" : "RebootIfNeeded"
}
```
## 流程
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ProcessDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ProcessDetails.html) 物件提供有關問題清單的程序相關詳細資訊。
範例:
```
"Process": {
"LaunchedAt": "2018-09-27T22:37:31Z",
"Name": "syslogd",
"ParentPid": 56789,
"Path": "/usr/sbin/syslogd",
"Pid": 12345,
"TerminatedAt": "2018-09-27T23:37:31Z"
}
```
## ProcessedAt
指出 Security Hub CSPM 收到問題清單並開始處理的時間。
這與 `CreatedAt`和 不同`UpdatedAt`,這是與調查結果提供者與安全問題和調查結果互動相關的必要時間戳記。`ProcessedAt` 時間戳記指出 Security Hub CSPM 何時開始處理問題清單。處理完成後,問題清單會出現在使用者帳戶中。
```
"ProcessedAt": "2023-03-23T13:22:13.933Z"
```
## ProductFields
一種資料類型,其中安全調查結果產品可以包含不屬於已定義 AWS 安全調查結果格式的其他解決方案特定詳細資訊。
對於 Security Hub CSPM 控制項產生的調查結果, `ProductFields`包含控制項的相關資訊。請參閱 [產生和更新控制問題清單](controls-findings-create-update.md)。
此欄位不應包含備援資料,且不得包含與 AWS Security Finding Format 欄位衝突的資料。
「`aws/`」字首僅代表 AWS 產品和服務的預留命名空間,不得與第三方整合的問題清單一起提交。
雖然非必要,但產品應該將欄位名稱格式化為 `company-id/product-id/field-name`,其中 `company-id` 和 `product-id` 符合問題清單 `ProductArn` 所提供的內容。
當 Security Hub CSPM 封存現有的問題清單時,`Archival`會使用參考欄位。例如,Security Hub CSPM 會在您停用控制項或標準以及開啟或關閉[合併控制項問題清單時封存現有的問題清單](controls-findings-create-update.md#consolidated-control-findings)。
此欄位也可能包含標準的相關資訊,其中包含產生調查結果的控制項。
**範例**
```
"ProductFields": {
"API", "DeleteTrail",
"ArchivalReasons:0/Description": "The finding is in an ARCHIVED state because consolidated control findings has been turned on or off. This causes findings in the previous state to be archived when new findings are being generated.",
"ArchivalReasons:0/ReasonCode": "CONSOLIDATED_CONTROL_FINDINGS_UPDATE",
"aws/inspector/AssessmentTargetName": "My prod env",
"aws/inspector/AssessmentTemplateName": "My daily CVE assessment",
"aws/inspector/RulesPackageName": "Common Vulnerabilities and Exposures",
"generico/secure-pro/Action.Type", "AWS_API_CALL",
"generico/secure-pro/Count": "6",
"Service_Name": "cloudtrail.amazonaws.com"
}
```
## ProductName
提供產生調查結果的產品名稱。對於以控制項為基礎的調查結果,產品名稱為 Security Hub CSPM。
Security Hub CSPM 會自動為每個調查結果填入此屬性。您無法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)或 進行更新[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。例外狀況是當您使用自訂整合時。請參閱 [將 Security Hub CSPM 與自訂產品整合](securityhub-custom-providers.md)。
當您使用 Security Hub CSPM 主控台依產品名稱篩選問題清單時,請使用此屬性。
當您使用 Security Hub CSPM API 依產品名稱篩選問題清單時,您可以使用 下的 `aws/securityhub/ProductName` 屬性`ProductFields`。
Security Hub CSPM 不會同步這兩個屬性。
## RecordState
提供問題清單的記錄狀態。
根據預設,會將服務一開始產生的問題清單視為 `ACTIVE`。
`ARCHIVED` 狀態表示問題清單應被隱藏看不到。封存的問題清單不會立即刪除。您可以搜尋、檢閱和報告這些項目。如果刪除關聯的資源、資源不存在或停用控制項,Security Hub CSPM 會自動封存以控制項為基礎的調查結果。
`RecordState` 旨在尋找提供者,並且只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)操作更新。您無法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)操作進行更新。
若要追蹤調查問題清單的狀態,請使用 [`Workflow`](#asff-workflow)而非 `RecordState`。
如果記錄狀態從 變更為 `ARCHIVED` `ACTIVE`,且調查結果的工作流程狀態為 `NOTIFIED`或 `RESOLVED`,Security Hub CSPM 會自動將工作流程狀態變更為 `NEW`。
**範例**
```
"RecordState": "ACTIVE"
```
## 區域
指定 AWS 區域 從中產生調查結果的 。
Security Hub CSPM 會自動為每個調查結果填入此屬性。您無法使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)或 進行更新[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。
**範例**
```
"Region": "us-west-2"
```
## RelatedFindings
提供與目前問題清單相關的問題清單。
`RelatedFindings` 應該只使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) API 操作更新。您不應該使用 更新此物件[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)。
對於[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchImportFindings.html)請求,問題清單提供者應使用 下的 `RelatedFindings` 物件[`FindingProviderFields`](#asff-findingproviderfields)。
若要檢視`RelatedFindings`屬性的描述,請參閱 *AWS Security Hub API 參考*[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_RelatedFinding.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_RelatedFinding.html)中的 。
**範例**
```
"RelatedFindings": [
{ "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "123e4567-e89b-12d3-a456-426655440000" },
{ "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty",
"Id": "AcmeNerfHerder-111111111111-x189dx7824" }
]
```
## RiskAssessment
**範例**
```
"RiskAssessment": {
"Posture": {
"FindingTotal": 4,
"Indicators": [
{
"Type": "Reachability",
"Findings": [
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/1234567890abcdef0",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
},
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/abcdef01234567890",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
}
]
},
{
"Type": "Vulnerability",
"Findings": [
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/021345abcdef6789",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
},
{
"Id": "arn:aws:inspector2:us-east-2:123456789012:finding/021345ghijkl6789",
"ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
"Title": "Finding title"
}
]
}
]
}
}
```
## 修補
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Remediation.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Remediation.html) 物件可提供處理問題清單的建議修補步驟資訊。
**範例**
```
"Remediation": {
"Recommendation": {
"Text": "For instructions on how to fix this issue, see the AWS Security Hub CSPM documentation for EC2.2.",
"Url": "https://docs.aws.amazon.com/console/securityhub/EC2.2/remediation"
}
}
```
## 樣本
指定問題清單是否為範例問題清單。
```
"Sample": true
```
## SourceUrl
`SourceUrl` 物件提供 URL,可連結至有關問題清單產品中目前問題清單的頁面。
```
"SourceUrl": "http://sourceurl.com"
```
## ThreatIntelIndicators
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ThreatIntelIndicator.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ThreatIntelIndicator.html) 物件會提供與問題清單相關的威脅情報詳細資訊。
**範例**
```
"ThreatIntelIndicators": [
{
"Category": "BACKDOOR",
"LastObservedAt": "2018-09-27T23:37:31Z",
"Source": "Threat Intel Weekly",
"SourceUrl": "http://threatintelweekly.org/backdoors/8888",
"Type": "IPV4_ADDRESS",
"Value": "8.8.8.8",
}
]
```
## 威脅
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Threat.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Threat.html) 物件提供調查結果偵測到之威脅的詳細資訊。
**範例**
```
"Threats": [{
"FilePaths": [{
"FileName": "b.txt",
"FilePath": "/tmp/b.txt",
"Hash": "sha256",
"ResourceId": "arn:aws:ec2:us-west-2:123456789012:volume/vol-032f3bdd89aee112f"
}],
"ItemCount": 3,
"Name": "Iot.linux.mirai.vwisi",
"Severity": "HIGH"
}]
```
## UserDefinedFields
提供與調查結果相關聯的名稱值字串對清單。這些是新增到問題清單的自訂使用者定義欄位。這些欄位可以透過您的特定組態自動產生。
尋找提供者不應將此欄位用於產品產生的資料。反之,問題清單提供者可以將 `ProductFields` 欄位用於未對應至任何標準 AWS 安全性問題清單格式欄位的資料。
這些欄位只能使用 [https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html) 更新。
**範例**
```
"UserDefinedFields": {
"reviewedByCio": "true",
"comeBackToLater": "Check this again on Monday"
}
```
## VerificationState
提供調查結果的真實性。問題清單產品可為`UNKNOWN`此欄位提供 的值。如果問題清單產品的系統中有有意義的類比,問題清單產品應該提供此欄位的值。調查問題清單後,使用者判斷或動作通常會填入此欄位。
問題清單提供者可以提供此屬性的初始值,但之後便無法更新該值。您只能使用 更新此屬性[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。
```
"VerificationState": "Confirmed"
```
## 漏洞
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Vulnerability.html) 物件提供與調查結果相關聯的漏洞清單。
**範例**
```
"Vulnerabilities" : [
{
"CodeVulnerabilities": [{
"Cwes": [
"CWE-798",
"CWE-799"
],
"FilePath": {
"EndLine": 421,
"FileName": "package-lock.json",
"FilePath": "package-lock.json",
"StartLine": 420
},
"SourceArn":"arn:aws:lambda:us-east-1:123456789012:layer:AWS-AppConfig-Extension:114"
}],
"Cvss": [
{
"BaseScore": 4.7,
"BaseVector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"Version": "V3"
},
{
"BaseScore": 4.7,
"BaseVector": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"Version": "V2"
}
],
"EpssScore": 0.015,
"ExploitAvailable": "YES",
"FixAvailable": "YES",
"Id": "CVE-2020-12345",
"LastKnownExploitAt": "2020-01-16T00:01:35Z",
"ReferenceUrls":[
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12418",
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17563"
],
"RelatedVulnerabilities": ["CVE-2020-12345"],
"Vendor": {
"Name": "Alas",
"Url":"https://alas.aws.amazon.com/ALAS-2020-1337.html",
"VendorCreatedAt":"2020-01-16T00:01:43Z",
"VendorSeverity":"Medium",
"VendorUpdatedAt":"2020-01-16T00:01:43Z"
},
"VulnerablePackages": [
{
"Architecture": "x86_64",
"Epoch": "1",
"FilePath": "/tmp",
"FixedInVersion": "0.14.0",
"Name": "openssl",
"PackageManager": "OS",
"Release": "16.amzn2.0.3",
"Remediation": "Update aws-crt to 0.14.0",
"SourceLayerArn": "arn:aws:lambda:us-west-2:123456789012:layer:id",
"SourceLayerHash": "sha256:c1962c35b63a6ff6ce7df6e042ee82371a605ca9515569edec46ff14f926f001",
"Version": "1.0.2k"
}
]
}
]
```
## 工作流程
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Workflow.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_Workflow.html) 物件會提供關於問題清單調查狀態的相關資訊。
此欄位旨在供客戶搭配修復、協同運作和票證工具使用。這不適用於問題清單提供者。
您只能使用 更新 `Workflow` 欄位[https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html](https://docs.aws.amazon.com//securityhub/1.0/APIReference/API_BatchUpdateFindings.html)。客戶也只能從主控台進行更新。請參閱 [在 Security Hub CSPM 中設定問題清單的工作流程狀態](findings-workflow-status.md)。
**範例**
```
"Workflow": {
"Status": "NEW"
}
```
## WorkflowState (已淘汰)
此物件已淘汰,並已由`Workflow`物件的 `Status` 欄位取代。
此欄位提供調查結果的工作流程狀態。問題清單產品可針對此欄位提供 `NEW` 值。如果問題清單產品系統中有意義的類比,問題清單產品可針對此欄位提供值。
**範例**
```
"WorkflowState": "NEW"
```
# Resources ASFF 物件
在 AWS 安全調查結果格式 (ASFF) 中, `Resources` 物件會提供調查結果所涉及資源的相關資訊。它包含最多 32 個資源物件的陣列。若要判斷資源名稱的格式,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。如需每個資源物件的範例,請從下列清單中選取資源。
**Topics**
+ [ASFF 中的資源屬性](asff-resources-attributes.md)
+ [AwsAmazonMQ ASFF 中的 資源](asff-resourcedetails-awsamazonmq.md)
+ [AwsApiGateway ASFF 中的 資源](asff-resourcedetails-awsapigateway.md)
+ [AwsAppSync ASFF 中的 資源](asff-resourcedetails-awsappsync.md)
+ [AwsAthena ASFF 中的 資源](asff-resourcedetails-awsathena.md)
+ [AwsAutoScaling ASFF 中的 資源](asff-resourcedetails-awsautoscaling.md)
+ [AwsBackup ASFF 中的 資源](asff-resourcedetails-awsbackup.md)
+ [AwsCertificateManager ASFF 中的 資源](asff-resourcedetails-awscertificatemanager.md)
+ [AwsCloudFormation ASFF 中的 資源](asff-resourcedetails-awscloudformation.md)
+ [AwsCloudFront ASFF 中的 資源](asff-resourcedetails-awscloudfront.md)
+ [AwsCloudTrail ASFF 中的 資源](asff-resourcedetails-awscloudtrail.md)
+ [AwsCloudWatch ASFF 中的 資源](asff-resourcedetails-awscloudwatch.md)
+ [AwsCodeBuild ASFF 中的 資源](asff-resourcedetails-awscodebuild.md)
+ [AwsDms ASFF 中的 資源](asff-resourcedetails-awsdms.md)
+ [AwsDynamoDB ASFF 中的 資源](asff-resourcedetails-awsdynamodb.md)
+ [AwsEc2 ASFF 中的 資源](asff-resourcedetails-awsec2.md)
+ [AwsEcr ASFF 中的 資源](asff-resourcedetails-awsecr.md)
+ [AwsEcs ASFF 中的 資源](asff-resourcedetails-awsecs.md)
+ [AwsEfs ASFF 中的 資源](asff-resourcedetails-awsefs.md)
+ [AwsEks ASFF 中的 資源](asff-resourcedetails-awseks.md)
+ [AwsElasticBeanstalk ASFF 中的 資源](asff-resourcedetails-awselasticbeanstalk.md)
+ [AwsElasticSearch ASFF 中的 資源](asff-resourcedetails-awselasticsearch.md)
+ [AwsElb ASFF 中的 資源](asff-resourcedetails-awselb.md)
+ [AwsEventBridge ASFF 中的 資源](asff-resourcedetails-awsevent.md)
+ [AwsGuardDuty ASFF 中的 資源](asff-resourcedetails-awsguardduty.md)
+ [AwsIam ASFF 中的 資源](asff-resourcedetails-awsiam.md)
+ [AwsKinesis ASFF 中的 資源](asff-resourcedetails-awskinesis.md)
+ [AwsKms ASFF 中的 資源](asff-resourcedetails-awskms.md)
+ [AwsLambda](asff-resourcedetails-awslambda.md)
+ [AwsMsk ASFF 中的 資源](asff-resourcedetails-awsmsk.md)
+ [AwsNetworkFirewall ASFF 中的 資源](asff-resourcedetails-awsnetworkfirewall.md)
+ [AwsOpenSearchService ASFF 中的 資源](asff-resourcedetails-awsopensearchservice.md)
+ [AwsRds ASFF 中的 資源](asff-resourcedetails-awsrds.md)
+ [AwsRedshift ASFF 中的 資源](asff-resourcedetails-awsredshift.md)
+ [AwsRoute53 ASFF 中的 資源](asff-resourcedetails-awsroute53.md)
+ [AwsS3 ASFF 中的 資源](asff-resourcedetails-awss3.md)
+ [AwsSageMaker ASFF 中的 資源](asff-resourcedetails-awssagemaker.md)
+ [AwsSecretsManager ASFF 中的 資源](asff-resourcedetails-awssecretsmanager.md)
+ [AwsSns ASFF 中的 資源](asff-resourcedetails-awssns.md)
+ [AwsSqs ASFF 中的 資源](asff-resourcedetails-awssqs.md)
+ [AwsSsm ASFF 中的 資源](asff-resourcedetails-awsssm.md)
+ [AwsStepFunctions ASFF 中的 資源](asff-resourcedetails-awsstepfunctions.md)
+ [AwsWaf ASFF 中的 資源](asff-resourcedetails-awswaf.md)
+ [AwsXray ASFF 中的 資源](asff-resourcedetails-awsxray.md)
+ [CodeRepository ASFF 中的 物件](asff-resourcedetails-coderepository.md)
+ [Container ASFF 中的 物件](asff-resourcedetails-container.md)
+ [Other ASFF 中的 物件](asff-resourcedetails-other.md)
# ASFF 中的資源屬性
以下是 AWS 安全性調查結果格式 (ASFF) 中`Resources`物件的描述和範例。如需有關這些欄位的詳細資訊,請參閱 [Resources](asff-required-attributes.md#Resources)。
## ApplicationArn
識別問題清單所涉及應用程式的 Amazon Resource Name (ARN)。
**範例**
```
"ApplicationArn": "arn:aws:resource-groups:us-west-2:123456789012:group/SampleApp/1234567890abcdef0"
```
## ApplicationName
識別問題清單所涉及的應用程式名稱。
**範例**
```
"ApplicationName": "SampleApp"
```
## DataClassification
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DataClassificationDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DataClassificationDetails.html) 欄位提供有關在資源上偵測到的敏感資料的資訊。
**範例**
```
"DataClassification": {
"DetailedResultsLocation": "Path_to_Folder_Or_File",
"Result": {
"MimeType": "text/plain",
"SizeClassified": 2966026,
"AdditionalOccurrences": false,
"Status": {
"Code": "COMPLETE",
"Reason": "Unsupportedfield"
},
"SensitiveData": [
{
"Category": "PERSONAL_INFORMATION",
"Detections": [
{
"Count": 34,
"Type": "GE_PERSONAL_ID",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 10,
"StartColumn": 20
}
],
"Pages": [],
"Records": [],
"Cells": []
}
},
{
"Count": 59,
"Type": "EMAIL_ADDRESS",
"Occurrences": {
"Pages": [
{
"PageNumber": 1,
"OffsetRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
},
"LineRange": {
"Start": 1,
"End": 100,
"StartColumn": 10
}
}
]
}
},
{
"Count": 2229,
"Type": "URL",
"Occurrences": {
"LineRanges": [
{
"Start": 1,
"End": 13
}
]
}
},
{
"Count": 13826,
"Type": "NameDetection",
"Occurrences": {
"Records": [
{
"RecordIndex": 1,
"JsonPath": "$.ssn.value"
}
]
}
},
{
"Count": 32,
"Type": "AddressDetection"
}
],
"TotalCount": 32
}
],
"CustomDataIdentifiers": {
"Detections": [
{
"Arn": "1712be25e7c7f53c731fe464f1c869b8",
"Name": "1712be25e7c7f53c731fe464f1c869b8",
"Count": 2,
}
],
"TotalCount": 2
}
}
}
```
## 詳細資訊
[https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ResourceDetails.html) 欄位提供使用適當物件之單一資源的其他資訊。每個資源都必須在物件中的個別資源`Resources`物件中提供。
請注意,如果調查結果大小超過 240 KB 的上限,則會從調查結果中移除`Details`物件。對於使用 AWS Config 規則的控制項調查結果,您可以在 AWS Config 主控台上檢視資源詳細資訊。
Security Hub CSPM 為其支援的資源類型提供一組可用的資源詳細資訊。這些詳細資訊對應至 `Type` 物件的值。盡可能使用提供的類型。
例如,如果資源是 S3 儲存貯體,請將資源設定為 `Type``AwsS3Bucket`,並在 [`AwsS3Bucket`](asff-resourcedetails-awss3.md#asff-resourcedetails-awss3bucket) 物件中提供資源詳細資訊。
[`Other`](asff-resourcedetails-other.md) 物件可讓您提供自訂欄位和值。在下列情況下,您可以使用 `Other` 物件:
+ 資源類型 (資源 的值`Type`) 沒有對應的詳細資訊物件。若要提供資源的詳細資訊,您可以使用 [`Other`](asff-resourcedetails-other.md) 物件。
+ 資源類型的 物件不包含您要填入的所有欄位。在此情況下,請使用資源類型的詳細資訊物件來填入可用的欄位。使用 `Other` 物件來填入不在類型特定物件中的欄位。
+ 資源類型不是提供的類型之一。在此情況下,將 `Resource.Type`設定為 `Other`,並使用 `Other` 物件填入詳細資訊。
**範例**
```
"Details": {
"AwsEc2Instance": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:role/IamInstanceProfileArn",
"ImageId": "ami-79fd7eee",
"IpV4Addresses": ["1.1.1.1"],
"IpV6Addresses": ["2001:db8:1234:1a2b::123"],
"KeyName": "testkey",
"LaunchedAt": "2018-09-29T01:25:54Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled"
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "PublicSubnet",
"Type": "i3.xlarge",
"VirtualizationType": "hvm",
"VpcId": "TestVPCIpv6"
},
"AwsS3Bucket": {
"OwnerId": "da4d66eac431652a4d44d490a00500bded52c97d235b7b4752f9f688566fe6de",
"OwnerName": "acmes3bucketowner"
},
"Other": { "LightPen": "blinky", "SerialNo": "1234abcd"}
}
```
## Id
指定資源類型的識別符。
對於 Amazon Resource Name (ARNs) 識別 AWS 的資源,這是 ARN。
對於缺少 ARNs AWS 的資源,這是建立資源之 AWS 服務定義的識別符。
對於非AWS 資源,這是與資源相關聯的唯一識別符。
**範例**
```
"Id": "arn:aws:s3:::amzn-s3-demo-bucket"
```
## 分割區
資源所在的分割區。分割區是 的群組 AWS 區域。每個 的範圍 AWS 帳戶 都是一個分割區。
支援下列分割區:
+ `aws` – AWS 區域
+ `aws-cn` - 中國區域
+ `aws-us-gov` – AWS GovCloud (US) Region
**範例**
```
"Partition": "aws"
```
## 區域
AWS 區域 此資源所在的 程式碼。如需區域代碼清單,請參閱[區域端點](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints)。
**範例**
```
"Region": "us-west-2"
```
## ResourceRole
識別調查結果中資源的角色。資源是調查結果活動的目標或執行活動的動作者。
**範例**
```
"ResourceRole": "target"
```
## Tags (標籤)
此欄位提供問題清單所涉及資源的標籤索引鍵和值資訊。您可以標記 AWS Resource Groups 標記 API `GetResources`操作[支援的資源](https://docs.aws.amazon.com/resourcegroupstagging/latest/APIReference/supported-services.html)。Security Hub CSPM 透過[服務連結角色](using-service-linked-roles.md)呼叫此操作,並在 AWS Security Finding Format (ASFF) `Resource.Id` 欄位填入資源 ARN 時擷取 AWS 資源標籤。系統會忽略無效的資源 IDs。
您可以將資源標籤新增至 Security Hub CSPM 擷取的問題清單,包括整合 AWS 服務 和第三方產品的問題清單。
新增標籤會告訴您在處理問題清單時與資源相關聯的標籤。您只能針對具有關聯標籤的資源包含 `Tags` 屬性。如果資源沒有相關聯的標籤,請不要在問題清單中包含 `Tags` 屬性。
在問題清單中包含資源標籤,不需要建置資料擴充管道或手動擴充安全問題清單的中繼資料。您也可以使用標籤來搜尋或篩選問題清單和洞見,並建立[自動化規則](automation-rules.md)。
如需適用於標籤的限制資訊,請參閱[標籤命名限制和要求](https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html#tag-conventions)。
您只能提供存在於此欄位中 AWS 資源上的標籤。若要提供未在 AWS 安全調查結果格式中定義的資料,請使用`Other`詳細資訊子欄位。
**範例**
```
"Tags": {
"billingCode": "Lotus-1-2-3",
"needsPatching": "true"
}
```
## Type
您要提供詳細資訊的資源類型。
盡可能使用提供的資源類型之一,例如 `AwsEc2Instance` 或 `AwsS3Bucket`。
如果資源類型不符合任何提供的資源類型,請將資源設定為 `Type` `Other`,並使用`Other`詳細資訊子欄位填入詳細資訊。
支援的值會列在[資源](asff-resources.md)下。
**範例**
```
"Type": "AwsS3Bucket"
```
# AwsAmazonMQ ASFF 中的 資源
以下是 `AwsAmazonMQ` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAmazonMQBroker
`AwsAmazonMQBroker` 提供 Amazon MQ 代理程式的相關資訊,這是在 Amazon MQ 上執行的訊息代理程式環境。
下列範例顯示`AwsAmazonMQBroker`物件的 ASFF。若要檢視`AwsAmazonMQBroker`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsAmazonMQBroker](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAmazonMQBrokerDetails.html)。
**範例**
```
"AwsAmazonMQBroker": {
"AutoMinorVersionUpgrade": true,
"BrokerArn": "arn:aws:mq:us-east-1:123456789012:broker:TestBroker:b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"BrokerId": "b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"BrokerName": "TestBroker",
"Configuration": {
"Id": "c-a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
"Revision": 1
},
"DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ",
"EncryptionOptions": {
"UseAwsOwnedKey": true
},
"EngineType": "ActiveMQ",
"EngineVersion": "5.17.2",
"HostInstanceType": "mq.t2.micro",
"Logs": {
"Audit": false,
"AuditLogGroup": "/aws/amazonmq/broker/b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111/audit",
"General": false,
"GeneralLogGroup": "/aws/amazonmq/broker/b-a1b2c3d4-5678-90ab-cdef-EXAMPLE11111/general"
},
"MaintenanceWindowStartTime": {
"DayOfWeek": "MONDAY",
"TimeOfDay": "22:00",
"TimeZone": "UTC"
},
"PubliclyAccessible": true,
"SecurityGroups": [
"sg-021345abcdef6789"
],
"StorageType": "efs",
"SubnetIds": [
"subnet-1234567890abcdef0",
"subnet-abcdef01234567890"
],
"Users": [
{
"Username": "admin"
}
]
}
```
# AwsApiGateway ASFF 中的 資源
以下是 `AwsApiGateway` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsApiGatewayRestApi
`AwsApiGatewayRestApi` 物件包含 Amazon API Gateway 第 1 版中 REST API 的相關資訊。
以下是安全`AwsApiGatewayRestApi`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayRestApi`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayRestApiDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayRestApiDetails.html)。
**範例**
```
AwsApiGatewayRestApi: {
"Id": "exampleapi",
"Name": "Security Hub",
"Description": "AWS Security Hub",
"CreatedDate": "2018-11-18T10:20:05-08:00",
"Version": "2018-10-26",
"BinaryMediaTypes" : ["-'*~1*'"],
"MinimumCompressionSize": 1024,
"ApiKeySource": "AWS_ACCOUNT_ID",
"EndpointConfiguration": {
"Types": [
"REGIONAL"
]
}
}
```
## AwsApiGatewayStage
`AwsApiGatewayStage` 物件提供第 1 版 Amazon API Gateway 階段的相關資訊。
以下是安全`AwsApiGatewayStage`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayStage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayStageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayStageDetails.html)。
**範例**
```
"AwsApiGatewayStage": {
"DeploymentId": "n7hlmf",
"ClientCertificateId": "a1b2c3",
"StageName": "Prod",
"Description" : "Stage Description",
"CacheClusterEnabled": false,
"CacheClusterSize" : "1.6",
"CacheClusterStatus": "NOT_AVAILABLE",
"MethodSettings": [
{
"MetricsEnabled": true,
"LoggingLevel": "INFO",
"DataTraceEnabled": false,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 5.0,
"CachingEnabled": false,
"CacheTtlInSeconds": 300,
"CacheDataEncrypted": false,
"RequireAuthorizationForCacheControl": true,
"UnauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER",
"HttpMethod": "POST",
"ResourcePath": "/echo"
}
],
"Variables": {"test": "value"},
"DocumentationVersion": "2.0",
"AccessLogSettings": {
"Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }",
"DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod"
},
"CanarySettings": {
"PercentTraffic": 0.0,
"DeploymentId": "ul73s8",
"StageVariableOverrides" : [
"String" : "String"
],
"UseStageCache": false
},
"TracingEnabled": false,
"CreatedDate": "2018-07-11T10:55:18-07:00",
"LastUpdatedDate": "2020-08-26T11:51:04-07:00",
"WebAclArn" : "arn:aws:waf-regional:us-west-2:111122223333:webacl/cb606bd8-5b0b-4f0b-830a-dd304e48a822"
}
```
## AwsApiGatewayV2Api
`AwsApiGatewayV2Api` 物件包含 Amazon API Gateway 中第 2 版 API 的相關資訊。
以下是安全`AwsApiGatewayV2Api`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Api`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayV2ApiDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayV2ApiDetails.html)。
**範例**
```
"AwsApiGatewayV2Api": {
"ApiEndpoint": "https://example.us-west-2.amazonaws.com",
"ApiId": "a1b2c3d4",
"ApiKeySelectionExpression": "$request.header.x-api-key",
"CreatedDate": "2020-03-28T00:32:37Z",
"Description": "ApiGatewayV2 Api",
"Version": "string",
"Name": "my-api",
"ProtocolType": "HTTP",
"RouteSelectionExpression": "$request.method $request.path",
"CorsConfiguration": {
"AllowOrigins": [ "*" ],
"AllowCredentials": true,
"ExposeHeaders": [ "string" ],
"MaxAge": 3000,
"AllowMethods": [
"GET",
"PUT",
"POST",
"DELETE",
"HEAD"
],
"AllowHeaders": [ "*" ]
}
}
```
## AwsApiGatewayV2Stage
`AwsApiGatewayV2Stage` 包含 Amazon API Gateway 第 2 版階段的相關資訊。
以下是安全`AwsApiGatewayV2Stage`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsApiGatewayV2StageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsApiGatewayV2StageDetails.html)。
**範例**
```
"AwsApiGatewayV2Stage": {
"CreatedDate": "2020-04-08T00:36:05Z",
"Description" : "ApiGatewayV2",
"DefaultRouteSettings": {
"DetailedMetricsEnabled": false,
"LoggingLevel": "INFO",
"DataTraceEnabled": true,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 50
},
"DeploymentId": "x1zwyv",
"LastUpdatedDate": "2020-04-08T00:36:13Z",
"RouteSettings": {
"DetailedMetricsEnabled": false,
"LoggingLevel": "INFO",
"DataTraceEnabled": true,
"ThrottlingBurstLimit": 100,
"ThrottlingRateLimit": 50
},
"StageName": "prod",
"StageVariables": [
"function": "my-prod-function"
],
"AccessLogSettings": {
"Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }",
"DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod"
},
"AutoDeploy": false,
"LastDeploymentStatusMessage": "Message",
"ApiGatewayManaged": true,
}
```
# AwsAppSync ASFF 中的 資源
以下是 `AwsAppSync` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAppSyncGraphQLApi
`AwsAppSyncGraphQLApi` 提供 AWS AppSync GraphQL API 的相關資訊,這是應用程式的頂層建構。
下列範例顯示`AwsAppSyncGraphQLApi`物件的 ASFF。若要檢視`AwsAppSyncGraphQLApi`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsAppSyncGraphQLApi](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAppSyncGraphQLApiDetails.html)。
**範例**
```
"AwsAppSyncGraphQLApi": {
"AdditionalAuthenticationProviders": [
{
"AuthenticationType": "AWS_LAMBDA",
"LambdaAuthorizerConfig": {
"AuthorizerResultTtlInSeconds": 300,
"AuthorizerUri": "arn:aws:lambda:us-east-1:123456789012:function:mylambdafunc"
}
},
{
"AuthenticationType": "AWS_IAM"
}
],
"ApiId": "021345abcdef6789",
"Arn": "arn:aws:appsync:eu-central-1:123456789012:apis/021345abcdef6789",
"AuthenticationType": "API_KEY",
"Id": "021345abcdef6789",
"LogConfig": {
"CloudWatchLogsRoleArn": "arn:aws:iam::123456789012:role/service-role/appsync-graphqlapi-logs-eu-central-1",
"ExcludeVerboseContent": true,
"FieldLogLevel": "ALL"
},
"Name": "My AppSync App",
"XrayEnabled": true,
}
```
# AwsAthena ASFF 中的 資源
以下是 `AwsAthena` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAthenaWorkGroup
`AwsAthenaWorkGroup` 提供 Amazon Athena 工作群組的相關資訊。工作群組可協助您區隔使用者、團隊、應用程式或工作負載。它還可協助您設定資料處理和追蹤成本的限制。
下列範例顯示`AwsAthenaWorkGroup`物件的 ASFF。若要檢視`AwsAthenaWorkGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsAthenaWorkGroup](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAthenaWorkGroupDetails.html)。
**範例**
```
"AwsAthenaWorkGroup": {
"Description": "My workgroup for prod workloads",
"Name": "MyWorkgroup",
"WorkgroupConfiguration" {
"ResultConfiguration": {
"EncryptionConfiguration": {
"EncryptionOption": "SSE_KMS",
"KmsKey": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
}
}
},
"State": "ENABLED"
}
```
# AwsAutoScaling ASFF 中的 資源
以下是 `AwsAutoScaling` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsAutoScalingAutoScalingGroup
`AwsAutoScalingAutoScalingGroup` 物件提供自動擴展群組的詳細資訊。
以下是 AWS 安全`AwsAutoScalingAutoScalingGroup`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsAutoScalingAutoScalingGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsAutoScalingAutoScalingGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAutoScalingAutoScalingGroupDetails.html)。
**範例**
```
"AwsAutoScalingAutoScalingGroup": {
"CreatedTime": "2017-10-17T14:47:11Z",
"HealthCheckGracePeriod": 300,
"HealthCheckType": "EC2",
"LaunchConfigurationName": "mylaunchconf",
"LoadBalancerNames": [],
"LaunchTemplate": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"MixedInstancesPolicy": {
"InstancesDistribution": {
"OnDemandAllocationStrategy": "prioritized",
"OnDemandBaseCapacity": number,
"OnDemandPercentageAboveBaseCapacity": number,
"SpotAllocationStrategy": "lowest-price",
"SpotInstancePools": number,
"SpotMaxPrice": "string"
},
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateId": "string",
"LaunchTemplateName": "string",
"Version": "string"
},
"CapacityRebalance": true,
"Overrides": [
{
"InstanceType": "string",
"WeightedCapacity": "string"
}
]
}
}
}
}
```
## AwsAutoScalingLaunchConfiguration
`AwsAutoScalingLaunchConfiguration` 物件提供啟動組態的詳細資訊。
以下是 AWS 安全`AwsAutoScalingLaunchConfiguration`調查結果格式 (ASFF) 中的範例調查結果。
若要檢視`AwsAutoScalingLaunchConfiguration`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsAutoScalingLaunchConfigurationDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsAutoScalingLaunchConfigurationDetails.html)。
**範例**
```
AwsAutoScalingLaunchConfiguration: {
"LaunchConfigurationName": "newtest",
"ImageId": "ami-058a3739b02263842",
"KeyName": "55hundredinstance",
"SecurityGroups": [ "sg-01fce87ad6e019725" ],
"ClassicLinkVpcSecurityGroups": [],
"UserData": "...Base64-Encoded user data..."
"InstanceType": "a1.metal",
"KernelId": "",
"RamdiskId": "ari-a51cf9cc",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sdh",
"Ebs": {
"VolumeSize": 30,
"VolumeType": "gp2",
"DeleteOnTermination": false,
"Encrypted": true,
"SnapshotId": "snap-ffaa1e69",
"VirtualName": "ephemeral1"
}
},
{
"DeviceName": "/dev/sdb",
"NoDevice": true
},
{
"DeviceName": "/dev/sda1",
"Ebs": {
"SnapshotId": "snap-02420cd3d2dea1bc0",
"VolumeSize": 8,
"VolumeType": "gp2",
"DeleteOnTermination": true,
"Encrypted": false
}
},
{
"DeviceName": "/dev/sdi",
"Ebs": {
"VolumeSize": 20,
"VolumeType": "gp2",
"DeleteOnTermination": false,
"Encrypted": true
}
},
{
"DeviceName": "/dev/sdc",
"NoDevice": true
}
],
"InstanceMonitoring": {
"Enabled": false
},
"CreatedTime": 1620842933453,
"EbsOptimized": false,
"AssociatePublicIpAddress": true,
"SpotPrice": "0.045"
}
```
# AwsBackup ASFF 中的 資源
以下是 `AwsBackup` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsBackupBackupPlan
`AwsBackupBackupPlan` 物件提供備份計畫的相關資訊 AWS Backup 。 AWS Backup 備份計畫是一種政策表達式,可定義您要備份 AWS 資源的時間和方式。
下列範例顯示 `AwsBackupBackupPlan` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsBackupBackupPlan`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsBackupBackupPlan](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupBackupPlanDetails.html)。
**範例**
```
"AwsBackupBackupPlan": {
"BackupPlan": {
"AdvancedBackupSettings": [{
"BackupOptions": {
"WindowsVSS":"enabled"
},
"ResourceType":"EC2"
}],
"BackupPlanName": "test",
"BackupPlanRule": [{
"CompletionWindowMinutes": 10080,
"CopyActions": [{
"DestinationBackupVaultArn": "arn:aws:backup:us-east-1:858726136373:backup-vault:aws/efs/automatic-backup-vault",
"Lifecycle": {
"DeleteAfterDays": 365,
"MoveToColdStorageAfterDays": 30
}
}],
"Lifecycle": {
"DeleteAfterDays": 35
},
"RuleName": "DailyBackups",
"ScheduleExpression": "cron(0 5 ? * * *)",
"StartWindowMinutes": 480,
"TargetBackupVault": "Default"
},
{
"CompletionWindowMinutes": 10080,
"CopyActions": [{
"DestinationBackupVaultArn": "arn:aws:backup:us-east-1:858726136373:backup-vault:aws/efs/automatic-backup-vault",
"Lifecycle": {
"DeleteAfterDays": 365,
"MoveToColdStorageAfterDays": 30
}
}],
"Lifecycle": {
"DeleteAfterDays": 35
},
"RuleName": "Monthly",
"ScheduleExpression": "cron(0 5 1 * ? *)",
"StartWindowMinutes": 480,
"TargetBackupVault": "Default"
}]
},
"BackupPlanArn": "arn:aws:backup:us-east-1:858726136373:backup-plan:b6d6b896-590d-4ee1-bf29-c5ccae63f4e7",
"BackupPlanId": "b6d6b896-590d-4ee1-bf29-c5ccae63f4e7",
"VersionId": "ZDVjNDIzMjItYTZiNS00NzczLTg4YzctNmExMWM2NjZhY2E1"
}
```
## AwsBackupBackupVault
`AwsBackupBackupVault` 物件提供備份保存庫的相關資訊 AWS Backup 。 AWS Backup 備份文件庫是存放和組織備份的容器。
下列範例顯示 `AwsBackupBackupVault` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsBackupBackupVault`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsBackupBackupVault](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupBackupVaultDetails.html)。
**範例**
```
"AwsBackupBackupVault": {
"AccessPolicy": {
"Statement": [{
"Action": [
"backup:DeleteBackupVault",
"backup:DeleteBackupVaultAccessPolicy",
"backup:DeleteRecoveryPoint",
"backup:StartCopyJob",
"backup:StartRestoreJob",
"backup:UpdateRecoveryPointLifecycle"
],
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": "*"
}],
"Version": "2012-10-17"
},
"BackupVaultArn": "arn:aws:backup:us-east-1:123456789012:backup-vault:aws/efs/automatic-backup-vault",
"BackupVaultName": "aws/efs/automatic-backup-vault",
"EncrytionKeyArn": "arn:aws:kms:us-east-1:444455556666:key/72ba68d4-5e43-40b0-ba38-838bf8d06ca0",
"Notifications": {
"BackupVaultEvents": ["BACKUP_JOB_STARTED", "BACKUP_JOB_COMPLETED", "COPY_JOB_STARTED"],
"SNSTopicArn": "arn:aws:sns:us-west-2:111122223333:MyVaultTopic"
}
}
```
## AwsBackupRecoveryPoint
`AwsBackupRecoveryPoint` 物件提供備份的相關資訊 AWS Backup ,也稱為復原點。 AWS Backup 復原點代表資源在指定時間的內容。
下列範例顯示 `AwsBackupRecoveryPoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsBackupBackupVault`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsBackupRecoveryPoint](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsBackupRecoveryPointDetails.html)。
**範例**
```
"AwsBackupRecoveryPoint": {
"BackupSizeInBytes": 0,
"BackupVaultName": "aws/efs/automatic-backup-vault",
"BackupVaultArn": "arn:aws:backup:us-east-1:111122223333:backup-vault:aws/efs/automatic-backup-vault",
"CalculatedLifecycle": {
"DeleteAt": "2021-08-30T06:51:58.271Z",
"MoveToColdStorageAt": "2020-08-10T06:51:58.271Z"
},
"CompletionDate": "2021-07-26T07:21:40.361Z",
"CreatedBy": {
"BackupPlanArn": "arn:aws:backup:us-east-1:111122223333:backup-plan:aws/efs/73d922fb-9312-3a70-99c3-e69367f9fdad",
"BackupPlanId": "aws/efs/73d922fb-9312-3a70-99c3-e69367f9fdad",
"BackupPlanVersion": "ZGM4YzY5YjktMWYxNC00ZTBmLWE5MjYtZmU5OWNiZmM5ZjIz",
"BackupRuleId": "2a600c2-42ad-4196-808e-084923ebfd25"
},
"CreationDate": "2021-07-26T06:51:58.271Z",
"EncryptionKeyArn": "arn:aws:kms:us-east-1:111122223333:key/72ba68d4-5e43-40b0-ba38-838bf8d06ca0",
"IamRoleArn": "arn:aws:iam::111122223333:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup",
"IsEncrypted": true,
"LastRestoreTime": "2021-07-26T06:51:58.271Z",
"Lifecycle": {
"DeleteAfterDays": 35,
"MoveToColdStorageAfterDays": 15
},
"RecoveryPointArn": "arn:aws:backup:us-east-1:111122223333:recovery-point:151a59e4-f1d5-4587-a7fd-0774c6e91268",
"ResourceArn": "arn:aws:elasticfilesystem:us-east-1:858726136373:file-system/fs-15bd31a1",
"ResourceType": "EFS",
"SourceBackupVaultArn": "arn:aws:backup:us-east-1:111122223333:backup-vault:aws/efs/automatic-backup-vault",
"Status": "COMPLETED",
"StatusMessage": "Failure message",
"StorageClass": "WARM"
}
```
# AwsCertificateManager ASFF 中的 資源
以下是 `AwsCertificateManager` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCertificateManagerCertificate
`AwsCertificateManagerCertificate` 物件提供 AWS Certificate Manager (ACM) 憑證的詳細資訊。
以下是 AWS 安全`AwsCertificateManagerCertificate`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsCertificateManagerCertificate`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCertificateManagerCertificateDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCertificateManagerCertificateDetails.html)。
**範例**
```
"AwsCertificateManagerCertificate": {
"CertificateAuthorityArn": "arn:aws:acm:us-west-2:444455556666:certificate-authority/example",
"CreatedAt": "2019-05-24T18:12:02.000Z",
"DomainName": "example.amazondomains.com",
"DomainValidationOptions": [
{
"DomainName": "example.amazondomains.com",
"ResourceRecord": {
"Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com",
"Type": "CNAME",
"Value": "_example.acm-validations.aws."
},
"ValidationDomain": "example.amazondomains.com",
"ValidationEmails": [sample_email@sample.com],
"ValidationMethod": "DNS",
"ValidationStatus": "SUCCESS"
}
],
"ExtendedKeyUsages": [
{
"Name": "TLS_WEB_SERVER_AUTHENTICATION",
"OId": "1.3.6.1.5.5.7.3.1"
},
{
"Name": "TLS_WEB_CLIENT_AUTHENTICATION",
"OId": "1.3.6.1.5.5.7.3.2"
}
],
"FailureReason": "",
"ImportedAt": "2018-08-17T00:13:00.000Z",
"InUseBy": ["arn:aws:amazondomains:us-west-2:444455556666:loadbalancer/example"],
"IssuedAt": "2020-04-26T00:41:17.000Z",
"Issuer": "Amazon",
"KeyAlgorithm": "RSA-1024",
"KeyUsages": [
{
"Name": "DIGITAL_SIGNATURE",
},
{
"Name": "KEY_ENCIPHERMENT",
}
],
"NotAfter": "2021-05-26T12:00:00.000Z",
"NotBefore": "2020-04-26T00:00:00.000Z",
"Options": {
"CertificateTransparencyLoggingPreference": "ENABLED",
}
"RenewalEligibility": "ELIGIBLE",
"RenewalSummary": {
"DomainValidationOptions": [
{
"DomainName": "example.amazondomains.com",
"ResourceRecord": {
"Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com",
"Type": "CNAME",
"Value": "_example.acm-validations.aws.com",
},
"ValidationDomain": "example.amazondomains.com",
"ValidationEmails": ["sample_email@sample.com"],
"ValidationMethod": "DNS",
"ValidationStatus": "SUCCESS"
}
],
"RenewalStatus": "SUCCESS",
"RenewalStatusReason": "",
"UpdatedAt": "2020-04-26T00:41:35.000Z",
},
"Serial": "02:ac:86:b6:07:2f:0a:61:0e:3a:ac:fd:d9:ab:17:1a",
"SignatureAlgorithm": "SHA256WITHRSA",
"Status": "ISSUED",
"Subject": "CN=example.amazondomains.com",
"SubjectAlternativeNames": ["example.amazondomains.com"],
"Type": "AMAZON_ISSUED"
}
```
# AwsCloudFormation ASFF 中的 資源
以下是 `AwsCloudFormation` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudFormationStack
`AwsCloudFormationStack` 物件提供有關巢狀為最上層範本中資源之堆疊的詳細資訊 AWS CloudFormation 。
下列範例顯示 `AwsCloudFormationStack` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsCloudFormationStack`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCloudFormationStackDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudFormationStackDetails.html)。
**範例**
```
"AwsCloudFormationStack": {
"Capabilities": [
"CAPABILITY_IAM",
"CAPABILITY_NAMED_IAM"
],
"CreationTime": "2022-02-18T15:31:53.161Z",
"Description": "AWS CloudFormation Sample",
"DisableRollback": true,
"DriftInformation": {
"StackDriftStatus": "DRIFTED"
},
"EnableTerminationProtection": false,
"LastUpdatedTime": "2022-02-18T15:31:53.161Z",
"NotificationArns": [
"arn:aws:sns:us-east-1:978084797471:sample-sns-cfn"
],
"Outputs": [{
"Description": "URL for newly created LAMP stack",
"OutputKey": "WebsiteUrl",
"OutputValue": "http://ec2-44-193-18-241.compute-1.amazonaws.com"
}],
"RoleArn": "arn:aws:iam::012345678910:role/exampleRole",
"StackId": "arn:aws:cloudformation:us-east-1:978084797471:stack/sample-stack/e5d9f7e0-90cf-11ec-88c6-12ac1f91724b",
"StackName": "sample-stack",
"StackStatus": "CREATE_COMPLETE",
"StackStatusReason": "Success",
"TimeoutInMinutes": 1
}
```
# AwsCloudFront ASFF 中的 資源
以下是 `AwsCloudFront` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudFrontDistribution
`AwsCloudFrontDistribution` 物件提供 Amazon CloudFront 分佈組態的詳細資訊。
以下是 AWS 安全`AwsCloudFrontDistribution`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsCloudFrontDistribution`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCloudFrontDistributionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudFrontDistributionDetails.html)。
**範例**
```
"AwsCloudFrontDistribution": {
"CacheBehaviors": {
"Items": [
{
"ViewerProtocolPolicy": "https-only"
}
]
},
"DefaultCacheBehavior": {
"ViewerProtocolPolicy": "https-only"
},
"DefaultRootObject": "index.html",
"DomainName": "d2wkuj2w9l34gt.cloudfront.net",
"Etag": "E37HOT42DHPVYH",
"LastModifiedTime": "2015-08-31T21:11:29.093Z",
"Logging": {
"Bucket": "myawslogbucket.s3.amazonaws.com",
"Enabled": false,
"IncludeCookies": false,
"Prefix": "myawslog/"
},
"OriginGroups": {
"Items": [
{
"FailoverCriteria": {
"StatusCodes": {
"Items": [
200,
301,
404
]
"Quantity": 3
}
}
}
]
},
"Origins": {
"Items": [
{
"CustomOriginConfig": {
"HttpPort": 80,
"HttpsPort": 443,
"OriginKeepaliveTimeout": 60,
"OriginProtocolPolicy": "match-viewer",
"OriginReadTimeout": 30,
"OriginSslProtocols": {
"Items": ["SSLv3", "TLSv1"],
"Quantity": 2
}
}
},
]
},
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"Id": "my-origin",
"OriginPath": "/production",
"S3OriginConfig": {
"OriginAccessIdentity": "origin-access-identity/cloudfront/E2YFS67H6VB6E4"
}
]
},
"Status": "Deployed",
"ViewerCertificate": {
"AcmCertificateArn": "arn:aws:acm::123456789012:AcmCertificateArn",
"Certificate": "ASCAJRRE5XYF52TKRY5M4",
"CertificateSource": "iam",
"CloudFrontDefaultCertificate": true,
"IamCertificateId": "ASCAJRRE5XYF52TKRY5M4",
"MinimumProtocolVersion": "TLSv1.2_2021",
"SslSupportMethod": "sni-only"
},
"WebAclId": "waf-1234567890"
}
```
# AwsCloudTrail ASFF 中的 資源
以下是 `AwsCloudTrail` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudTrailTrail
`AwsCloudTrailTrail` 物件提供線索的詳細資訊 AWS CloudTrail 。
以下是安全`AwsCloudTrailTrail`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsCloudTrailTrail`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCloudTrailTrailDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudTrailTrailDetails.html)。
**範例**
```
"AwsCloudTrailTrail": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:CloudTrail/regression:*",
"CloudWatchLogsRoleArn": "arn:aws:iam::866482105055:role/CloudTrail_CloudWatchLogs",
"HasCustomEventSelectors": true,
"HomeRegion": "us-west-2",
"IncludeGlobalServiceEvents": true,
"IsMultiRegionTrail": true,
"IsOrganizationTrail": false,
"KmsKeyId": "kmsKeyId",
"LogFileValidationEnabled": true,
"Name": "regression-trail",
"S3BucketName": "cloudtrail-bucket",
"S3KeyPrefix": "s3KeyPrefix",
"SnsTopicArn": "arn:aws:sns:us-east-2:123456789012:MyTopic",
"SnsTopicName": "snsTopicName",
"TrailArn": "arn:aws:cloudtrail:us-west-2:123456789012:trail"
}
```
# AwsCloudWatch ASFF 中的 資源
以下是 `AwsCloudWatch` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCloudWatchAlarm
`AwsCloudWatchAlarm` 物件提供 Amazon CloudWatch 警示的詳細資訊,可在警示變更狀態時監看指標或執行動作。
下列範例顯示 `AwsCloudWatchAlarm` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsCloudWatchAlarm`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCloudWatchAlarmDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCloudWatchAlarmDetails.html)。
**範例**
```
"AwsCloudWatchAlarm": {
"ActionsEnabled": true,
"AlarmActions": [
"arn:aws:automate:region:ec2:stop",
"arn:aws:automate:region:ec2:terminate"
],
"AlarmArn": "arn:aws:cloudwatch:us-west-2:012345678910:alarm:sampleAlarm",
"AlarmConfigurationUpdatedTimestamp": "2022-02-18T15:31:53.161Z",
"AlarmDescription": "Alarm Example",
"AlarmName": "Example",
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"DatapointsToAlarm": 1,
"Dimensions": [{
"Name": "InstanceId",
"Value": "i-1234567890abcdef0"
}],
"EvaluateLowSampleCountPercentile": "evaluate",
"EvaluationPeriods": 1,
"ExtendedStatistic": "p99.9",
"InsufficientDataActions": [
"arn:aws:automate:region:ec2:stop"
],
"MetricName": "Sample Metric",
"Namespace": "YourNamespace",
"OkActions": [
"arn:aws:swf:region:account-id:action/actions/AWS_EC2.InstanceId.Stop/1.0"
],
"Period": 1,
"Statistic": "SampleCount",
"Threshold": 12.3,
"ThresholdMetricId": "t1",
"TreatMissingData": "notBreaching",
"Unit": "Kilobytes/Second"
}
```
# AwsCodeBuild ASFF 中的 資源
以下是 `AwsCodeBuild` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsCodeBuildProject
`AwsCodeBuildProject` 物件提供了 AWS CodeBuild 專案的資訊。
以下是安全`AwsCodeBuildProject`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsCodeBuildProject`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsCodeBuildProjectDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsCodeBuildProjectDetails.html)。
**範例**
```
"AwsCodeBuildProject": {
"Artifacts": [
{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}
],
"SecondaryArtifacts": [
{
"ArtifactIdentifier": "string",
"EncryptionDisabled": boolean,
"Location": "string",
"Name": "string",
"NamespaceType": "string",
"OverrideArtifactName": boolean,
"Packaging": "string",
"Path": "string",
"Type": "string"
}
],
"EncryptionKey": "string",
"Certificate": "string",
"Environment": {
"Certificate": "string",
"EnvironmentVariables": [
{
"Name": "string",
"Type": "string",
"Value": "string"
}
],
"ImagePullCredentialsType": "string",
"PrivilegedMode": boolean,
"RegistryCredential": {
"Credential": "string",
"CredentialProvider": "string"
},
"Type": "string"
},
"LogsConfig": {
"CloudWatchLogs": {
"GroupName": "string",
"Status": "string",
"StreamName": "string"
},
"S3Logs": {
"EncryptionDisabled": boolean,
"Location": "string",
"Status": "string"
}
},
"Name": "string",
"ServiceRole": "string",
"Source": {
"Type": "string",
"Location": "string",
"GitCloneDepth": integer
},
"VpcConfig": {
"VpcId": "string",
"Subnets": ["string"],
"SecurityGroupIds": ["string"]
}
}
```
# AwsDms ASFF 中的 資源
以下是 `AwsDms` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsDmsEndpoint
`AwsDmsEndpoint` 物件提供有關 AWS Database Migration Service (AWS DMS) 端點的資訊。端點提供資料存放區的連線、資料存放區類型和位置資訊。
下列範例顯示 `AwsDmsEndpoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsDmsEndpoint`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsDmsEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsEndpointDeatils.html)。
**範例**
```
"AwsDmsEndpoint": {
"CertificateArn": "arn:aws:dms:us-east-1:123456789012:cert:EXAMPLEIGDURVZGVJQZDPWJ5A7F2YDJVSMTBWFI",
"DatabaseName": "Test",
"EndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:EXAMPLEQB3CZY33F7XV253NAJVBNPK6MJQVFVQA",
"EndpointIdentifier": "target-db",
"EndpointType": "TARGET",
"EngineName": "mariadb",
"KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Port": 3306,
"ServerName": "target-db.exampletafyu.us-east-1.rds.amazonaws.com",
"SslMode": "verify-ca",
"Username": "admin"
}
```
## AwsDmsReplicationInstance
`AwsDmsReplicationInstance` 物件提供有關 AWS Database Migration Service (AWS DMS) 複寫執行個體的資訊。DMS 使用複寫執行個體來連線至來源資料存放區、讀取來源資料,以及格式化資料以供目標資料存放區使用。
下列範例顯示 `AwsDmsReplicationInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsDmsReplicationInstance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsDmsReplicationInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsReplicationInstanceDetails.html)。
**範例**
```
"AwsDmsReplicationInstance": {
"AllocatedStorage": 50,
"AutoMinorVersionUpgrade": true,
"AvailabilityZone": "us-east-1b",
"EngineVersion": "3.5.1",
"KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"MultiAZ": false,
"PreferredMaintenanceWindow": "wed:08:08-wed:08:38",
"PubliclyAccessible": true,
"ReplicationInstanceClass": "dms.c5.xlarge",
"ReplicationInstanceIdentifier": "second-replication-instance",
"ReplicationSubnetGroup": {
"ReplicationSubnetGroupIdentifier": "default-vpc-2344f44f"
},
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-003a34e205138138b"
}
]
}
```
## AwsDmsReplicationTask
`AwsDmsReplicationTask` 物件提供有關 AWS Database Migration Service (AWS DMS) 複寫任務的資訊。複寫任務會將一組資料從來源端點移至目標端點。
下列範例顯示 `AwsDmsReplicationInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsDmsReplicationInstance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsDmsReplicationInstance](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDmsReplicationTaskDetails.html)。
**範例**
```
"AwsDmsReplicationTask": {
"CdcStartPosition": "2023-08-28T14:26:22",
"Id": "arn:aws:dms:us-east-1:123456789012:task:YDYUOHZIXWKQSUCBMUCQCNY44SJW74VJNB5DFWQ",
"MigrationType": "cdc",
"ReplicationInstanceArn": "arn:aws:dms:us-east-1:123456789012:rep:T7V6RFDP23PYQWUL26N3PF5REKML4YOUGIMYJUI",
"ReplicationTaskIdentifier": "test-task",
"ReplicationTaskSettings": "{\"Logging\":{\"EnableLogging\":false,\"EnableLogContext\":false,\"LogComponents\":[{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TRANSFORMATION\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SOURCE_UNLOAD\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"IO\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TARGET_LOAD\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"PERFORMANCE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SOURCE_CAPTURE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"SORTER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"REST_SERVER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"VALIDATOR_EXT\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TARGET_APPLY\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TASK_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"TABLES_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"METADATA_MANAGER\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"FILE_FACTORY\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"COMMON\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"ADDONS\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"DATA_STRUCTURE\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"COMMUNICATION\"},{\"Severity\":\"LOGGER_SEVERITY_DEFAULT\",\"Id\":\"FILE_TRANSFER\"}],\"CloudWatchLogGroup\":null,\"CloudWatchLogStream\":null},\"StreamBufferSettings\":{\"StreamBufferCount\":3,\"CtrlStreamBufferSizeInMB\":5,\"StreamBufferSizeInMB\":8},\"ErrorBehavior\":{\"FailOnNoTablesCaptured\":true,\"ApplyErrorUpdatePolicy\":\"LOG_ERROR\",\"FailOnTransactionConsistencyBreached\":false,\"RecoverableErrorThrottlingMax\":1800,\"DataErrorEscalationPolicy\":\"SUSPEND_TABLE\",\"ApplyErrorEscalationCount\":0,\"RecoverableErrorStopRetryAfterThrottlingMax\":true,\"RecoverableErrorThrottling\":true,\"ApplyErrorFailOnTruncationDdl\":false,\"DataTruncationErrorPolicy\":\"LOG_ERROR\",\"ApplyErrorInsertPolicy\":\"LOG_ERROR\",\"EventErrorPolicy\":\"IGNORE\",\"ApplyErrorEscalationPolicy\":\"LOG_ERROR\",\"RecoverableErrorCount\":-1,\"DataErrorEscalationCount\":0,\"TableErrorEscalationPolicy\":\"STOP_TASK\",\"RecoverableErrorInterval\":5,\"ApplyErrorDeletePolicy\":\"IGNORE_RECORD\",\"TableErrorEscalationCount\":0,\"FullLoadIgnoreConflicts\":true,\"DataErrorPolicy\":\"LOG_ERROR\",\"TableErrorPolicy\":\"SUSPEND_TABLE\"},\"TTSettings\":{\"TTS3Settings\":null,\"TTRecordSettings\":null,\"EnableTT\":false},\"FullLoadSettings\":{\"CommitRate\":10000,\"StopTaskCachedChangesApplied\":false,\"StopTaskCachedChangesNotApplied\":false,\"MaxFullLoadSubTasks\":8,\"TransactionConsistencyTimeout\":600,\"CreatePkAfterFullLoad\":false,\"TargetTablePrepMode\":\"DO_NOTHING\"},\"TargetMetadata\":{\"ParallelApplyBufferSize\":0,\"ParallelApplyQueuesPerThread\":0,\"ParallelApplyThreads\":0,\"TargetSchema\":\"\",\"InlineLobMaxSize\":0,\"ParallelLoadQueuesPerThread\":0,\"SupportLobs\":true,\"LobChunkSize\":64,\"TaskRecoveryTableEnabled\":false,\"ParallelLoadThreads\":0,\"LobMaxSize\":0,\"BatchApplyEnabled\":false,\"FullLobMode\":true,\"LimitedSizeLobMode\":false,\"LoadMaxFileSize\":0,\"ParallelLoadBufferSize\":0},\"BeforeImageSettings\":null,\"ControlTablesSettings\":{\"historyTimeslotInMinutes\":5,\"HistoryTimeslotInMinutes\":5,\"StatusTableEnabled\":false,\"SuspendedTablesTableEnabled\":false,\"HistoryTableEnabled\":false,\"ControlSchema\":\"\",\"FullLoadExceptionTableEnabled\":false},\"LoopbackPreventionSettings\":null,\"CharacterSetSettings\":null,\"FailTaskWhenCleanTaskResourceFailed\":false,\"ChangeProcessingTuning\":{\"StatementCacheSize\":50,\"CommitTimeout\":1,\"BatchApplyPreserveTransaction\":true,\"BatchApplyTimeoutMin\":1,\"BatchSplitSize\":0,\"BatchApplyTimeoutMax\":30,\"MinTransactionSize\":1000,\"MemoryKeepTime\":60,\"BatchApplyMemoryLimit\":500,\"MemoryLimitTotal\":1024},\"ChangeProcessingDdlHandlingPolicy\":{\"HandleSourceTableDropped\":true,\"HandleSourceTableTruncated\":true,\"HandleSourceTableAltered\":true},\"PostProcessingRules\":null}",
"SourceEndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:TZPWV2VCXEGHYOKVKRNHAKJ4Q3RUXACNGFGYWRI",
"TableMappings": "{\"rules\":[{\"rule-type\":\"selection\",\"rule-id\":\"969761702\",\"rule-name\":\"969761702\",\"object-locator\":{\"schema-name\":\"%table\",\"table-name\":\"%example\"},\"rule-action\":\"exclude\",\"filters\":[]}]}",
"TargetEndpointArn": "arn:aws:dms:us-east-1:123456789012:endpoint:ABR8LBOQB3CZY33F7XV253NAJVBNPK6MJQVFVQA"
}
```
# AwsDynamoDB ASFF 中的 資源
以下是 `AwsDynamoDB` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsDynamoDbTable
`AwsDynamoDbTable` 物件提供 Amazon DynamoDB 資料表的詳細資訊。
以下是安全`AwsDynamoDbTable`調查結果格式 AWS (ASFF) 中的範例調查結果。若要檢視`AwsDynamoDbTable`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsDynamoDbTableDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsDynamoDbTableDetails.html)。
**範例**
```
"AwsDynamoDbTable": {
"AttributeDefinitions": [
{
"AttributeName": "attribute1",
"AttributeType": "value 1"
},
{
"AttributeName": "attribute2",
"AttributeType": "value 2"
},
{
"AttributeName": "attribute3",
"AttributeType": "value 3"
}
],
"BillingModeSummary": {
"BillingMode": "PAY_PER_REQUEST",
"LastUpdateToPayPerRequestDateTime": "2019-12-03T15:23:10.323Z"
},
"CreationDateTime": "2019-12-03T15:23:10.248Z",
"DeletionProtectionEnabled": true,
"GlobalSecondaryIndexes": [
{
"Backfilling": false,
"IndexArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/index/exampleIndex",
"IndexName": "standardsControlArnIndex",
"IndexSizeBytes": 1862513,
"IndexStatus": "ACTIVE",
"ItemCount": 20,
"KeySchema": [
{
"AttributeName": "City",
"KeyType": "HASH"
},
{
"AttributeName": "Date",
"KeyType": "RANGE"
}
],
"Projection": {
"NonKeyAttributes": ["predictorName"],
"ProjectionType": "ALL"
},
"ProvisionedThroughput": {
"LastIncreaseDateTime": "2019-03-14T13:21:00.399Z",
"LastDecreaseDateTime": "2019-03-14T12:47:35.193Z",
"NumberOfDecreasesToday": 0,
"ReadCapacityUnits": 100,
"WriteCapacityUnits": 50
},
}
],
"GlobalTableVersion": "V1",
"ItemCount": 2705,
"KeySchema": [
{
"AttributeName": "zipcode",
"KeyType": "HASH"
}
],
"LatestStreamArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/stream/2019-12-03T23:23:10.248",
"LatestStreamLabel": "2019-12-03T23:23:10.248",
"LocalSecondaryIndexes": [
{
"IndexArn": "arn:aws:dynamodb:us-east-1:111122223333:table/exampleGroup/index/exampleId",
"IndexName": "CITY_DATE_INDEX_NAME",
"KeySchema": [
{
"AttributeName": "zipcode",
"KeyType": "HASH"
}
],
"Projection": {
"NonKeyAttributes": ["predictorName"],
"ProjectionType": "ALL"
},
}
],
"ProvisionedThroughput": {
"LastIncreaseDateTime": "2019-03-14T13:21:00.399Z",
"LastDecreaseDateTime": "2019-03-14T12:47:35.193Z",
"NumberOfDecreasesToday": 0,
"ReadCapacityUnits": 100,
"WriteCapacityUnits": 50
},
"Replicas": [
{
"GlobalSecondaryIndexes":[
{
"IndexName": "CITY_DATE_INDEX_NAME",
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": 10
}
}
],
"KmsMasterKeyId" : "KmsKeyId"
"ProvisionedThroughputOverride": {
"ReadCapacityUnits": 10
},
"RegionName": "regionName",
"ReplicaStatus": "CREATING",
"ReplicaStatusDescription": "replicaStatusDescription"
}
],
"RestoreSummary" : {
"SourceBackupArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/backup/backup1",
"SourceTableArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable",
"RestoreDateTime": "2020-06-22T17:40:12.322Z",
"RestoreInProgress": true
},
"SseDescription": {
"InaccessibleEncryptionDateTime": "2018-01-26T23:50:05.000Z",
"Status": "ENABLED",
"SseType": "KMS",
"KmsMasterKeyArn": "arn:aws:kms:us-east-1:111122223333:key/key1"
},
"StreamSpecification" : {
"StreamEnabled": true,
"StreamViewType": "NEW_IMAGE"
},
"TableId": "example-table-id-1",
"TableName": "example-table",
"TableSizeBytes": 1862513,
"TableStatus": "ACTIVE"
}
```
# AwsEc2 ASFF 中的 資源
以下是 `AwsEc2` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEc2ClientVpnEndpoint
`AwsEc2ClientVpnEndpoint` 物件提供 AWS Client VPN 端點的相關資訊。Client VPN 端點是您建立和設定以啟用和管理用戶端 VPN 工作階段的資源。它是所有用户端 VPN 工作階段的終止點。
下列範例顯示 `AwsEc2ClientVpnEndpoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2ClientVpnEndpoint`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2ClientVpnEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2ClientVpnEndpointDetails.html)。
**範例**
```
"AwsEc2ClientVpnEndpoint": {
"AuthenticationOptions": [
{
"MutualAuthentication": {
"ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Type": "certificate-authentication"
}
],
"ClientCidrBlock": "10.0.0.0/22",
"ClientConnectOptions": {
"Enabled": false
},
"ClientLoginBannerOptions": {
"Enabled": false
},
"ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5",
"ConnectionLogOptions": {
"Enabled": false
},
"Description": "test",
"DnsServer": ["10.0.0.0"],
"ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"SecurityGroupIdSet": [
"sg-0f7a177b82b443691"
],
"SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5",
"SessionTimeoutHours": 24,
"SplitTunnel": false,
"TransportProtocol": "udp",
"VpcId": "vpc-1a2b3c4d5e6f1a2b3",
"VpnPort": 443
}
```
## AwsEc2Eip
`AwsEc2Eip` 物件提供彈性 IP 地址的相關資訊。
下列範例顯示 `AwsEc2Eip` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Eip`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2EipDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2EipDetails.html)。
**範例**
```
"AwsEc2Eip": {
"InstanceId": "instance1",
"PublicIp": "192.0.2.04",
"AllocationId": "eipalloc-example-id-1",
"AssociationId": "eipassoc-example-id-1",
"Domain": "vpc",
"PublicIpv4Pool": "anycompany",
"NetworkBorderGroup": "eu-central-1",
"NetworkInterfaceId": "eni-example-id-1",
"NetworkInterfaceOwnerId": "777788889999",
"PrivateIpAddress": "192.0.2.03"
}
```
## AwsEc2Instance
`AwsEc2Instance` 物件提供 Amazon EC2 執行個體的詳細資訊。
下列範例顯示 `AwsEc2Instance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Instance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2InstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2InstanceDetails.html)。
**範例**
```
"AwsEc2Instance": {
"IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole",
"ImageId": "ami-1234",
"IpV4Addresses": [ "1.1.1.1" ],
"IpV6Addresses": [ "2001:db8:1234:1a2b::123" ],
"KeyName": "my_keypair",
"LaunchedAt": "2018-05-08T16:46:19.000Z",
"MetadataOptions": {
"HttpEndpoint": "enabled",
"HttpProtocolIpv6": "enabled",
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional",
"InstanceMetadataTags": "disabled",
},
"Monitoring": {
"State": "disabled"
},
"NetworkInterfaces": [
{
"NetworkInterfaceId": "eni-e5aa89a3"
}
],
"SubnetId": "subnet-123",
"Type": "i3.xlarge",
"VpcId": "vpc-123"
}
```
## AwsEc2LaunchTemplate
`AwsEc2LaunchTemplate` 物件包含指定執行個體組態資訊的 Amazon Elastic Compute Cloud 啟動範本詳細資訊。
下列範例顯示 `AwsEc2LaunchTemplate` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2LaunchTemplate`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2LaunchTemplateDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2LaunchTemplateDetals.html)。
**範例**
```
"AwsEc2LaunchTemplate": {
"DefaultVersionNumber": "1",
"ElasticGpuSpecifications": ["string"],
"ElasticInferenceAccelerators": ["string"],
"Id": "lt-0a16e9802800bdd85",
"ImageId": "ami-0d5eff06f840b45e9",
"LatestVersionNumber": "1",
"LaunchTemplateData": {
"BlockDeviceMappings": [{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteonTermination": true,
"Encrypted": true,
"SnapshotId": "snap-01047646ec075f543",
"VolumeSize": 8,
"VolumeType:" "gp2"
}
}],
"MetadataOptions": {
"HttpTokens": "enabled",
"HttpPutResponseHopLimit" : 1
},
"Monitoring": {
"Enabled": true,
"NetworkInterfaces": [{
"AssociatePublicIpAddress" : true,
}],
"LaunchTemplateName": "string",
"LicenseSpecifications": ["string"],
"SecurityGroupIds": ["sg-01fce87ad6e019725"],
"SecurityGroups": ["string"],
"TagSpecifications": ["string"]
}
```
## AwsEc2NetworkAcl
`AwsEc2NetworkAcl` 物件包含 Amazon EC2 網路存取控制清單 (ACL) 的詳細資訊。
下列範例顯示 `AwsEc2NetworkAcl` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2NetworkAcl`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2NetworkAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2NetworkAclDetails.html)。
**範例**
```
"AwsEc2NetworkAcl": {
"IsDefault": false,
"NetworkAclId": "acl-1234567890abcdef0",
"OwnerId": "123456789012",
"VpcId": "vpc-1234abcd",
"Associations": [{
"NetworkAclAssociationId": "aclassoc-abcd1234",
"NetworkAclId": "acl-021345abcdef6789",
"SubnetId": "subnet-abcd1234"
}],
"Entries": [{
"CidrBlock": "10.24.34.0/23",
"Egress": true,
"IcmpTypeCode": {
"Code": 10,
"Type": 30
},
"Ipv6CidrBlock": "2001:DB8::/32",
"PortRange": {
"From": 20,
"To": 40
},
"Protocol": "tcp",
"RuleAction": "allow",
"RuleNumber": 100
}]
}
```
## AwsEc2NetworkInterface
`AwsEc2NetworkInterface` 物件提供有關 Amazon EC2 網路介面的資訊。
下列範例顯示 `AwsEc2NetworkInterface` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2NetworkInterface`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2NetworkInterfaceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2NetworkInterfaceDetails.html)。
**範例**
```
"AwsEc2NetworkInterface": {
"Attachment": {
"AttachTime": "2019-01-01T03:03:21Z",
"AttachmentId": "eni-attach-43348162",
"DeleteOnTermination": true,
"DeviceIndex": 123,
"InstanceId": "i-1234567890abcdef0",
"InstanceOwnerId": "123456789012",
"Status": 'ATTACHED'
},
"SecurityGroups": [
{
"GroupName": "my-security-group",
"GroupId": "sg-903004f8"
},
],
"NetworkInterfaceId": 'eni-686ea200',
"SourceDestCheck": false
}
```
## AwsEc2RouteTable
`AwsEc2RouteTable` 物件提供有關 Amazon EC2 路由表的資訊。
下列範例顯示 `AwsEc2RouteTable` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2RouteTable`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2RouteTableDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2RouteTableDetails.html)。
**範例**
```
"AwsEc2RouteTable": {
"AssociationSet": [{
"AssociationSet": {
"State": "associated"
},
"Main": true,
"RouteTableAssociationId": "rtbassoc-08e706c45de9f7512",
"RouteTableId": "rtb-0a59bde9cf2548e34",
}],
"PropogatingVgwSet": [],
"RouteTableId": "rtb-0a59bde9cf2548e34",
"RouteSet": [
{
"DestinationCidrBlock": "10.24.34.0/23",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "10.24.34.0/24",
"GatewayId": "igw-0242c2d7d513fc5d3",
"Origin": "CreateRoute",
"State": "active"
}
],
"VpcId": "vpc-0c250a5c33f51d456"
}
```
## AwsEc2SecurityGroup
`AwsEc2SecurityGroup` 物件描述 Amazon EC2 安全群組。
下列範例顯示 `AwsEc2SecurityGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2SecurityGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2SecurityGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2SecurityGroupDetails.html)。
**範例**
```
"AwsEc2SecurityGroup": {
"GroupName": "MySecurityGroup",
"GroupId": "sg-903004f8",
"OwnerId": "123456789012",
"VpcId": "vpc-1a2b3c4d",
"IpPermissions": [
{
"IpProtocol": "-1",
"IpRanges": [],
"UserIdGroupPairs": [
{
"UserId": "123456789012",
"GroupId": "sg-903004f8"
}
],
"PrefixListIds": [
{"PrefixListId": "pl-63a5400a"}
]
},
{
"PrefixListIds": [],
"FromPort": 22,
"IpRanges": [
{
"CidrIp": "203.0.113.0/24"
}
],
"ToPort": 22,
"IpProtocol": "tcp",
"UserIdGroupPairs": []
}
]
}
```
## AwsEc2Subnet
`AwsEc2Subnet` 物件提供 Amazon EC2 中子網路的相關資訊。
下列範例顯示 `AwsEc2Subnet` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Subnet`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2SubnetDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2SubnetDetails.html)。
**範例**
```
AwsEc2Subnet: {
"AssignIpv6AddressOnCreation": false,
"AvailabilityZone": "us-west-2c",
"AvailabilityZoneId": "usw2-az3",
"AvailableIpAddressCount": 8185,
"CidrBlock": "10.0.0.0/24",
"DefaultForAz": false,
"MapPublicIpOnLaunch": false,
"OwnerId": "123456789012",
"State": "available",
"SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93",
"SubnetId": "subnet-d5436c93",
"VpcId": "vpc-153ade70",
"Ipv6CidrBlockAssociationSet": [{
"AssociationId": "subnet-cidr-assoc-EXAMPLE",
"Ipv6CidrBlock": "2001:DB8::/32",
"CidrBlockState": "associated"
}]
}
```
## AwsEc2TransitGateway
`AwsEc2TransitGateway` 物件提供 Amazon EC2 傳輸閘道的詳細資訊,可互連您的虛擬私有雲端 (VPCs) 和內部部署網路。
以下是 AWS 安全`AwsEc2TransitGateway`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsEc2TransitGateway`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2TransitGatewayDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2TransitGatewayDetails.html)。
**範例**
```
"AwsEc2TransitGateway": {
"AmazonSideAsn": 65000,
"AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
"AutoAcceptSharedAttachments": "disable",
"DefaultRouteTableAssociation": "enable",
"DefaultRouteTablePropagation": "enable",
"Description": "sample transit gateway",
"DnsSupport": "enable",
"Id": "tgw-042ae6bf7a5c126c3",
"MulticastSupport": "disable",
"PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc",
"TransitGatewayCidrBlocks": ["10.0.0.0/16"],
"VpnEcmpSupport": "enable"
}
```
## AwsEc2Volume
`AwsEc2Volume` 物件提供 Amazon EC2 磁碟區的詳細資訊。
下列範例顯示 `AwsEc2Volume` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Volume`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VolumeDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VolumeDetails.html)。
**範例**
```
"AwsEc2Volume": {
"Attachments": [
{
"AttachTime": "2017-10-17T14:47:11Z",
"DeleteOnTermination": true,
"InstanceId": "i-123abc456def789g",
"Status": "attached"
}
],
"CreateTime": "2020-02-24T15:54:30Z",
"Encrypted": true,
"KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"Size": 80,
"SnapshotId": "",
"Status": "available"
}
```
## AwsEc2Vpc
`AwsEc2Vpc` 物件提供 Amazon EC2 VPC 的詳細資訊。
下列範例顯示 `AwsEc2Vpc` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2Vpc`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VpcDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcDetails.html)。
**範例**
```
"AwsEc2Vpc": {
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
"CidrBlock": "192.0.2.0/24",
"CidrBlockState": "associated"
}
],
"DhcpOptionsId": "dopt-4e42ce28",
"Ipv6CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97",
"CidrBlockState": "associated",
"Ipv6CidrBlock": "192.0.2.0/24"
}
],
"State": "available"
}
```
## AwsEc2VpcEndpointService
`AwsEc2VpcEndpointService` 物件包含 VPC 端點服務的服務組態詳細資訊。
下列範例顯示 `AwsEc2VpcEndpointService` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2VpcEndpointService`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VpcEndpointServiceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcEndpointServiceDetails.html)。
**範例**
```
"AwsEc2VpcEndpointService": {
"ServiceType": [
{
"ServiceType": "Interface"
}
],
"ServiceId": "vpce-svc-example1",
"ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1",
"ServiceState": "Available",
"AvailabilityZones": [
"us-east-1"
],
"AcceptanceRequired": true,
"ManagesVpcEndpoints": false,
"NetworkLoadBalancerArns": [
"arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1"
],
"GatewayLoadBalancerArns": [],
"BaseEndpointDnsNames": [
"vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com"
],
"PrivateDnsName": "my-private-dns"
}
```
## AwsEc2VpcPeeringConnection
`AwsEc2VpcPeeringConnection` 物件提供兩個 VPCs之間網路連線的詳細資訊。
下列範例顯示 `AwsEc2VpcPeeringConnection` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEc2VpcPeeringConnection`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEc2VpcPeeringConnectionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEc2VpcPeeringConnectionDetails.html)。
**範例**
```
"AwsEc2VpcPeeringConnection": {
"AccepterVpcInfo": {
"CidrBlock": "10.0.0.0/28",
"CidrBlockSet": [{
"CidrBlock": "10.0.0.0/28"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
}],
"OwnerId": "012345678910",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": true,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": true
},
"Region": "us-west-2",
"VpcId": "vpc-i123456"
},
"ExpirationTime": "2022-02-18T15:31:53.161Z",
"RequesterVpcInfo": {
"CidrBlock": "192.168.0.0/28",
"CidrBlockSet": [{
"CidrBlock": "192.168.0.0/28"
}],
"Ipv6CidrBlockSet": [{
"Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64"
}],
"OwnerId": "012345678910",
"PeeringOptions": {
"AllowDnsResolutionFromRemoteVpc": true,
"AllowEgressFromLocalClassicLinkToRemoteVpc": false,
"AllowEgressFromLocalVpcToRemoteClassicLink": true
},
"Region": "us-west-2",
"VpcId": "vpc-i123456"
},
"Status": {
"Code": "initiating-request",
"Message": "Active"
},
"VpcPeeringConnectionId": "pcx-1a2b3c4d"
}
```
# AwsEcr ASFF 中的 資源
以下是 `AwsEcr` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEcrContainerImage
`AwsEcrContainerImage` 物件提供 Amazon ECR 映像的相關資訊。
下列範例顯示 `AwsEcrContainerImage` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcrContainerImage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcrContainerImageDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcrContainerImageDetails.html)。
**範例**
```
"AwsEcrContainerImage": {
"RegistryId": "123456789012",
"RepositoryName": "repository-name",
"Architecture": "amd64"
"ImageDigest": "sha256:a568e5c7a953fbeaa2904ac83401f93e4a076972dc1bae527832f5349cd2fb10",
"ImageTags": ["00000000-0000-0000-0000-000000000000"],
"ImagePublishedAt": "2019-10-01T20:06:12Z"
}
```
## AwsEcrRepository
`AwsEcrRepository` 物件提供有關 Amazon Elastic Container Registry 儲存庫的資訊。
下列範例顯示 `AwsEcrRepository` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcrRepository`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcrRepositoryDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcrRepositoryDetails.html)。
**範例**
```
"AwsEcrRepository": {
"LifecyclePolicy": {
"RegistryId": "123456789012",
},
"RepositoryName": "sample-repo",
"Arn": "arn:aws:ecr:us-west-2:111122223333:repository/sample-repo",
"ImageScanningConfiguration": {
"ScanOnPush": true
},
"ImageTagMutability": "IMMUTABLE"
}
```
# AwsEcs ASFF 中的 資源
以下是 `AwsEcs` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEcsCluster
`AwsEcsCluster` 物件提供有關 Amazon Elastic Container Service 叢集的詳細資訊。
下列範例顯示 `AwsEcsCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsCluster`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcsClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsClusterDetails.html)。
**範例**
```
"AwsEcsCluster": {
"CapacityProviders": [],
"ClusterSettings": [
{
"Name": "containerInsights",
"Value": "enabled"
}
],
"Configuration": {
"ExecuteCommandConfiguration": {
"KmsKeyId": "kmsKeyId",
"LogConfiguration": {
"CloudWatchEncryptionEnabled": true,
"CloudWatchLogGroupName": "cloudWatchLogGroupName",
"S3BucketName": "s3BucketName",
"S3EncryptionEnabled": true,
"S3KeyPrefix": "s3KeyPrefix"
},
"Logging": "DEFAULT"
}
}
"DefaultCapacityProviderStrategy": [
{
"Base": 0,
"CapacityProvider": "capacityProvider",
"Weight": 1
}
]
}
```
## AwsEcsContainer
`AwsEcsContainer` 物件包含 Amazon ECS 容器的詳細資訊。
下列範例顯示 `AwsEcsContainer` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsContainer`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcsContainerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsContainerDetails.html)。
**範例**
```
"AwsEcsContainer": {
"Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3",
"MountPoints": [{
"ContainerPath": "/mnt/etc",
"SourceVolume": "vol-03909e9"
}],
"Name": "knote",
"Privileged": true
}
```
## AwsEcsService
`AwsEcsService` 物件提供 Amazon ECS 叢集內服務的詳細資訊。
下列範例顯示 `AwsEcsService` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsService`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcsServiceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsServiceDetails.html)。
**範例**
```
"AwsEcsService": {
"CapacityProviderStrategy": [
{
"Base": 12,
"CapacityProvider": "",
"Weight": ""
}
],
"Cluster": "arn:aws:ecs:us-east-1:111122223333:cluster/example-ecs-cluster",
"DeploymentConfiguration": {
"DeploymentCircuitBreaker": {
"Enable": false,
"Rollback": false
},
"MaximumPercent": 200,
"MinimumHealthyPercent": 100
},
"DeploymentController": "",
"DesiredCount": 1,
"EnableEcsManagedTags": false,
"EnableExecuteCommand": false,
"HealthCheckGracePeriodSeconds": 1,
"LaunchType": "FARGATE",
"LoadBalancers": [
{
"ContainerName": "",
"ContainerPort": 23,
"LoadBalancerName": "",
"TargetGroupArn": ""
}
],
"Name": "sample-app-service",
"NetworkConfiguration": {
"AwsVpcConfiguration": {
"Subnets": [
"Subnet-example1",
"Subnet-example2"
],
"SecurityGroups": [
"Sg-0ce48e9a6e5b457f5"
],
"AssignPublicIp": "ENABLED"
}
},
"PlacementConstraints": [
{
"Expression": "",
"Type": ""
}
],
"PlacementStrategies": [
{
"Field": "",
"Type": ""
}
],
"PlatformVersion": "LATEST",
"PropagateTags": "",
"Role": "arn:aws:iam::111122223333:role/aws-servicerole/ecs.amazonaws.com/ServiceRoleForECS",
"SchedulingStrategy": "REPLICA",
"ServiceName": "sample-app-service",
"ServiceArn": "arn:aws:ecs:us-east-1:111122223333:service/example-ecs-cluster/sample-app-service",
"ServiceRegistries": [
{
"ContainerName": "",
"ContainerPort": 1212,
"Port": 1221,
"RegistryArn": ""
}
],
"TaskDefinition": "arn:aws:ecs:us-east-1:111122223333:task-definition/example-taskdef:1"
}
```
## AwsEcsTask
`AwsEcsTask` 物件提供 Amazon ECS 任務的詳細資訊。
下列範例顯示 `AwsEcsTask` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsTask`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcsTask](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsTaskDetails.html)。
**範例**
```
"AwsEcsTask": {
"ClusterArn": "arn:aws:ecs:us-west-2:123456789012:task/MyCluster/1234567890123456789",
"CreatedAt": "1557134011644",
"Group": "service:fargate-service",
"StartedAt": "1557134011644",
"StartedBy": "ecs-svc/1234567890123456789",
"TaskDefinitionArn": "arn:aws:ecs:us-west-2:123456789012:task-definition/sample-fargate:2",
"Version": 3,
"Volumes": [{
"Name": "string",
"Host": {
"SourcePath": "string"
}
}],
"Containers": {
"Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3",
"MountPoints": [{
"ContainerPath": "/mnt/etc",
"SourceVolume": "vol-03909e9"
}],
"Name": "knote",
"Privileged": true
}
}
```
## AwsEcsTaskDefinition
`AwsEcsTaskDefinition` 物件包含任務定義的詳細資訊。任務定義說明 Amazon Elastic Container Service 任務的容器和磁碟區定義。
下列範例顯示 `AwsEcsTaskDefinition` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEcsTaskDefinition`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEcsTaskDefinitionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEcsTaskDefinitionDetails.html)。
**範例**
```
"AwsEcsTaskDefinition": {
"ContainerDefinitions": [
{
"Command": ['ruby', 'hi.rb'],
"Cpu":128,
"Essential": true,
"HealthCheck": {
"Command": ["CMD-SHELL", "curl -f http://localhost/ || exit 1"],
"Interval": 10,
"Retries": 3,
"StartPeriod": 5,
"Timeout": 20
},
"Image": "tongueroo/sinatra:latest",
"Interactive": true,
"Links": [],
"LogConfiguration": {
"LogDriver": "awslogs",
"Options": {
"awslogs-group": "/ecs/sinatra-hi",
"awslogs-region": "ap-southeast-1",
"awslogs-stream-prefix": "ecs"
},
"SecretOptions": []
},
"MemoryReservation": 128,
"Name": "web",
"PortMappings": [
{
"ContainerPort": 4567,
"HostPort":4567,
"Protocol": "tcp"
}
],
"Privileged": true,
"StartTimeout": 10,
"StopTimeout": 100,
}
],
"Family": "sinatra-hi",
"NetworkMode": "host",
"RequiresCompatibilities": ["EC2"],
"Status": "ACTIVE",
"TaskRoleArn": "arn:aws:iam::111122223333:role/ecsTaskExecutionRole",
}
```
# AwsEfs ASFF 中的 資源
以下是 `AwsEfs` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEfsAccessPoint
`AwsEfsAccessPoint` 物件提供存放在 Amazon Elastic File System 中的檔案詳細資訊。
下列範例顯示 `AwsEfsAccessPoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEfsAccessPoint`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEfsAccessPointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEfsAccessPointDetails.html)。
**範例**
```
"AwsEfsAccessPoint": {
"AccessPointId": "fsap-05c4c0e79ba0b118a",
"Arn": "arn:aws:elasticfilesystem:us-east-1:863155670886:access-point/fsap-05c4c0e79ba0b118a",
"ClientToken": "AccessPointCompliant-ASk06ZZSXsEp",
"FileSystemId": "fs-0f8137f731cb32146",
"PosixUser": {
"Gid": "1000",
"SecondaryGids": ["0", "4294967295"],
"Uid": "1234"
},
"RootDirectory": {
"CreationInfo": {
"OwnerGid": "1000",
"OwnerUid": "1234",
"Permissions": "777"
},
"Path": "/tmp/example"
}
}
```
# AwsEks ASFF 中的 資源
以下是 `AwsEks` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEksCluster
`AwsEksCluster` 物件提供 Amazon EKS 叢集的詳細資訊。
下列範例顯示 `AwsEksCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEksCluster`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEksClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEksClusterDetails.html)。
**範例**
```
{
"AwsEksCluster": {
"Name": "example",
"Arn": "arn:aws:eks:us-west-2:222222222222:cluster/example",
"CreatedAt": 1565804921.901,
"Version": "1.12",
"RoleArn": "arn:aws:iam::222222222222:role/example-cluster-ServiceRole-1XWBQWYSFRE2Q",
"ResourcesVpcConfig": {
"EndpointPublicAccess": false,
"SubnetIds": [
"subnet-021345abcdef6789",
"subnet-abcdef01234567890",
"subnet-1234567890abcdef0"
],
"SecurityGroupIds": [
"sg-abcdef01234567890"
]
},
"Logging": {
"ClusterLogging": [
{
"Types": [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler"
],
"Enabled": true
}
]
},
"Status": "CREATING",
"CertificateAuthorityData": {},
}
}
```
# AwsElasticBeanstalk ASFF 中的 資源
以下是 `AwsElasticBeanstalk` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElasticBeanstalkEnvironment
`AwsElasticBeanstalkEnvironment` 物件包含 AWS Elastic Beanstalk 環境的詳細資訊。
下列範例顯示 `AwsElasticBeanstalkEnvironment` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElasticBeanstalkEnvironment`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsElasticBeanstalkEnvironmentDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElasticBeanstalkEnvironmentDetails.html)。
**範例**
```
"AwsElasticBeanstalkEnvironment": {
"ApplicationName": "MyApplication",
"Cname": "myexampleapp-env.devo-2.elasticbeanstalk-internal.com",
"DateCreated": "2021-04-30T01:38:01.090Z",
"DateUpdated": "2021-04-30T01:38:01.090Z",
"Description": "Example description of my awesome application",
"EndpointUrl": "eb-dv-e-p-AWSEBLoa-abcdef01234567890-021345abcdef6789.us-east-1.elb.amazonaws.com",
"EnvironmentArn": "arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/MyApplication/myapplication-env",
"EnvironmentId": "e-abcd1234",
"EnvironmentLinks": [
{
"EnvironmentName": "myexampleapp-env",
"LinkName": "myapplicationLink"
}
],
"EnvironmentName": "myapplication-env",
"OptionSettings": [
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "BatchSize",
"Value": "100"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "Timeout",
"Value": "600"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "BatchSizeType",
"Value": "Percentage"
},
{
"Namespace": "aws:elasticbeanstalk:command",
"OptionName": "IgnoreHealthCheck",
"Value": "false"
},
{
"Namespace": "aws:elasticbeanstalk:application",
"OptionName": "Application Healthcheck URL",
"Value": "TCP:80"
}
],
"PlatformArn": "arn:aws:elasticbeanstalk:us-east-1::platform/Tomcat 8 with Java 8 running on 64bit Amazon Linux/2.7.7",
"SolutionStackName": "64bit Amazon Linux 2017.09 v2.7.7 running Tomcat 8 Java 8",
"Status": "Ready",
"Tier": {
"Name": "WebServer"
"Type": "Standard"
"Version": "1.0"
},
"VersionLabel": "Sample Application"
}
```
# AwsElasticSearch ASFF 中的 資源
以下是 `AwsElasticSearch` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElasticSearchDomain
`AwsElasticSearchDomain` 物件提供 Amazon OpenSearch Service 網域的詳細資訊。
下列範例顯示 `AwsElasticSearchDomain` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElasticSearchDomain`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsElasticSearchDomainDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElasticsearchDomainDetails.html)。
**範例**
```
"AwsElasticSearchDomain": {
"AccessPolicies": "string",
"DomainStatus": {
"DomainId": "string",
"DomainName": "string",
"Endpoint": "string",
"Endpoints": {
"string": "string"
}
},
"DomainEndpointOptions": {
"EnforceHTTPS": boolean,
"TLSSecurityPolicy": "string"
},
"ElasticsearchClusterConfig": {
"DedicatedMasterCount": number,
"DedicatedMasterEnabled": boolean,
"DedicatedMasterType": "string",
"InstanceCount": number,
"InstanceType": "string",
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": number
},
"ZoneAwarenessEnabled": boolean
},
"ElasticsearchVersion": "string",
"EncryptionAtRestOptions": {
"Enabled": boolean,
"KmsKeyId": "string"
},
"LogPublishingOptions": {
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "string",
"Enabled": boolean
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": boolean
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "string",
"Cancellable": boolean,
"CurrentVersion": "string",
"Description": "string",
"NewVersion": "string",
"UpdateAvailable": boolean,
"UpdateStatus": "string"
},
"VPCOptions": {
"AvailabilityZones": [
"string"
],
"SecurityGroupIds": [
"string"
],
"SubnetIds": [
"string"
],
"VPCId": "string"
}
}
```
# AwsElb ASFF 中的 資源
以下是 `AwsElb` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsElbLoadBalancer
`AwsElbLoadBalancer` 物件包含 Classic Load Balancer 的詳細資訊。
下列範例顯示 `AwsElbLoadBalancer` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElbLoadBalancer`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsElbLoadBalancerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElbLoadBalancerDetails.html)。
**範例**
```
"AwsElbLoadBalancer": {
"AvailabilityZones": ["us-west-2a"],
"BackendServerDescriptions": [
{
"InstancePort": 80,
"PolicyNames": ["doc-example-policy"]
}
],
"CanonicalHostedZoneName": "Z3DZXE0EXAMPLE",
"CanonicalHostedZoneNameID": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com",
"CreatedTime": "2020-08-03T19:22:44.637Z",
"DnsName": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com",
"HealthCheck": {
"HealthyThreshold": 2,
"Interval": 30,
"Target": "HTTP:80/png",
"Timeout": 3,
"UnhealthyThreshold": 2
},
"Instances": [
{
"InstanceId": "i-example"
}
],
"ListenerDescriptions": [
{
"Listener": {
"InstancePort": 443,
"InstanceProtocol": "HTTPS",
"LoadBalancerPort": 443,
"Protocol": "HTTPS",
"SslCertificateId": "arn:aws:iam::444455556666:server-certificate/my-server-cert"
},
"PolicyNames": ["ELBSecurityPolicy-TLS-1-2-2017-01"]
}
],
"LoadBalancerAttributes": {
"AccessLog": {
"EmitInterval": 60,
"Enabled": true,
"S3BucketName": "amzn-s3-demo-bucket",
"S3BucketPrefix": "doc-example-prefix"
},
"ConnectionDraining": {
"Enabled": false,
"Timeout": 300
},
"ConnectionSettings": {
"IdleTimeout": 30
},
"CrossZoneLoadBalancing": {
"Enabled": true
},
"AdditionalAttributes": [{
"Key": "elb.http.desyncmitigationmode",
"Value": "strictest"
}]
},
"LoadBalancerName": "example-load-balancer",
"Policies": {
"AppCookieStickinessPolicies": [
{
"CookieName": "",
"PolicyName": ""
}
],
"LbCookieStickinessPolicies": [
{
"CookieExpirationPeriod": 60,
"PolicyName": "my-example-cookie-policy"
}
],
"OtherPolicies": [
"my-PublicKey-policy",
"my-authentication-policy",
"my-SSLNegotiation-policy",
"my-ProxyProtocol-policy",
"ELBSecurityPolicy-2015-03"
]
},
"Scheme": "internet-facing",
"SecurityGroups": ["sg-example"],
"SourceSecurityGroup": {
"GroupName": "my-elb-example-group",
"OwnerAlias": "444455556666"
},
"Subnets": ["subnet-example"],
"VpcId": "vpc-a01106c2"
}
```
## AwsElbv2LoadBalancer
`AwsElbv2LoadBalancer` 物件提供了負載平衡器的資訊。
下列範例顯示 `AwsElbv2LoadBalancer` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsElbv2LoadBalancer`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsElbv2LoadBalancerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsElbv2LoadBalancerDetails.html)。
**範例**
```
"AwsElbv2LoadBalancer": {
"AvailabilityZones": {
"SubnetId": "string",
"ZoneName": "string"
},
"CanonicalHostedZoneId": "string",
"CreatedTime": "string",
"DNSName": "string",
"IpAddressType": "string",
"LoadBalancerAttributes": [
{
"Key": "string",
"Value": "string"
}
],
"Scheme": "string",
"SecurityGroups": [ "string" ],
"State": {
"Code": "string",
"Reason": "string"
},
"Type": "string",
"VpcId": "string"
}
```
# AwsEventBridge ASFF 中的 資源
以下是 `AwsEventBridge` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsEventSchemasRegistry
`AwsEventSchemasRegistry` 物件提供有關 Amazon EventBridge 結構描述登錄檔的資訊。結構描述會定義傳送至 EventBridge 的事件結構。結構描述登錄檔是收集結構描述並將其邏輯分組的容器。
下列範例顯示 `AwsEventSchemasRegistry` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEventSchemasRegistry`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEventSchemasRegistry](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventSchemasRegistryDetails.html)。
**範例**
```
"AwsEventSchemasRegistry": {
"Description": "This is an example event schema registry.",
"RegistryArn": "arn:aws:schemas:us-east-1:123456789012:registry/schema-registry",
"RegistryName": "schema-registry"
}
```
## AwsEventsEndpoint
`AwsEventsEndpoint` 物件提供有關 Amazon EventBridge 全域端點的資訊。端點可以透過提高區域容錯能力來改善應用程式的可用性。
下列範例顯示 `AwsEventsEndpoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEventsEndpoint`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEventsEndpointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventsEndpointDetails.html)。
**範例**
```
"AwsEventsEndpoint": {
"Arn": "arn:aws:events:us-east-1:123456789012:endpoint/my-endpoint",
"Description": "This is a sample endpoint.",
"EndpointId": "04k1exajoy.veo",
"EndpointUrl": "https://04k1exajoy.veo.endpoint.events.amazonaws.com",
"EventBuses": [
{
"EventBusArn": "arn:aws:events:us-east-1:123456789012:event-bus/default"
},
{
"EventBusArn": "arn:aws:events:us-east-2:123456789012:event-bus/default"
}
],
"Name": "my-endpoint",
"ReplicationConfig": {
"State": "ENABLED"
},
"RoleArn": "arn:aws:iam::123456789012:role/service-role/Amazon_EventBridge_Invoke_Event_Bus_1258925394",
"RoutingConfig": {
"FailoverConfig": {
"Primary": {
"HealthCheck": "arn:aws:route53:::healthcheck/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"Secondary": {
"Route": "us-east-2"
}
}
},
"State": "ACTIVE"
}
```
## AwsEventsEventbus
`AwsEventsEventbus` 物件提供有關 Amazon EventBridge 全域端點的資訊。端點可以透過提高區域容錯能力來改善應用程式的可用性。
下列範例顯示 `AwsEventsEventbus` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsEventsEventbus`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsEventsEventbusDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsEventsEventbusDetails.html)。
**範例**
```
"AwsEventsEventbus":
"Arn": "arn:aws:events:us-east-1:123456789012:event-bus/my-event-bus",
"Name": "my-event-bus",
"Policy": "{\"Version\":\"2012-10-17\", \"Statement\":[{\"Sid\":\"AllowAllAccountsFromOrganizationToPutEvents\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"events:PutEvents\",\"Resource\":\"arn:aws:events:us-east-1:123456789012:event-bus/my-event-bus\",\"Condition\":{\"StringEquals\":{\"aws:PrincipalOrgID\":\"o-ki7yjtkjv5\"}}},{\"Sid\":\"AllowAccountToManageRulesTheyCreated\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:root\"},\"Action\":[\"events:PutRule\",\"events:PutTargets\",\"events:DeleteRule\",\"events:RemoveTargets\",\"events:DisableRule\",\"events:EnableRule\",\"events:TagResource\",\"events:UntagResource\",\"events:DescribeRule\",\"events:ListTargetsByRule\",\"events:ListTagsForResource\"],\"Resource\":\"arn:aws:events:us-east-1:123456789012:rule/my-event-bus\",\"Condition\":{\"StringEqualsIfExists\":{\"events:creatorAccount\":\"123456789012\"}}}]}"
```
# AwsGuardDuty ASFF 中的 資源
以下是 `AwsGuardDuty` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsGuardDutyDetector
`AwsGuardDutyDetector` 物件提供 Amazon GuardDuty 偵測器的相關資訊。偵測器是一種用來代表 GuardDuty 服務的物件。GuardDuty 需要偵測器才能運作。
下列範例顯示 `AwsGuardDutyDetector` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsGuardDutyDetector`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsGuardDutyDetector](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsGuardDutyDetectorDetails.html)。
**範例**
```
"AwsGuardDutyDetector": {
"FindingPublishingFrequency": "SIX_HOURS",
"ServiceRole": "arn:aws:iam::123456789012:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty",
"Status": "ENABLED",
"DataSources": {
"CloudTrail": {
"Status": "ENABLED"
},
"DnsLogs": {
"Status": "ENABLED"
},
"FlowLogs": {
"Status": "ENABLED"
},
"S3Logs": {
"Status": "ENABLED"
},
"Kubernetes": {
"AuditLogs": {
"Status": "ENABLED"
}
},
"MalwareProtection": {
"ScanEc2InstanceWithFindings": {
"EbsVolumes": {
"Status": "ENABLED"
}
},
"ServiceRole": "arn:aws:iam::123456789012:role/aws-service-role/malware-protection.guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDutyMalwareProtection"
}
}
}
```
# AwsIam ASFF 中的 資源
以下是 `AwsIam` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsIamAccessKey
`AwsIamAccessKey` 物件包含與問題清單相關的 IAM 存取金鑰詳細資訊。
下列範例顯示 `AwsIamAccessKey` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamAccessKey`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsIamAccessKeyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamAccessKeyDetails.html)。
**範例**
```
"AwsIamAccessKey": {
"AccessKeyId": "string",
"AccountId": "string",
"CreatedAt": "string",
"PrincipalId": "string",
"PrincipalName": "string",
"PrincipalType": "string",
"SessionContext": {
"Attributes": {
"CreationDate": "string",
"MfaAuthenticated": boolean
},
"SessionIssuer": {
"AccountId": "string",
"Arn": "string",
"PrincipalId": "string",
"Type": "string",
"UserName": "string"
}
},
"Status": "string"
}
```
## AwsIamGroup
`AwsIamGroup` 物件包含 IAM 群組的詳細資訊。
下列範例顯示 `AwsIamGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsIamGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamGroupDetails.html)。
**範例**
```
"AwsIamGroup": {
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/ExampleManagedAccess",
"PolicyName": "ExampleManagedAccess",
}
],
"CreateDate": "2020-04-28T14:08:37.000Z",
"GroupId": "AGPA4TPS3VLP7QEXAMPLE",
"GroupName": "Example_User_Group",
"GroupPolicyList": [
{
"PolicyName": "ExampleGroupPolicy"
}
],
"Path": "/"
}
```
## AwsIamPolicy
`AwsIamPolicy` 物件代表 IAM 許可政策。
下列範例顯示 `AwsIamPolicy` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamPolicy`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsIamPolicyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamPolicyDetails.html)。
**範例**
```
"AwsIamPolicy": {
"AttachmentCount": 1,
"CreateDate": "2017-09-14T08:17:29.000Z",
"DefaultVersionId": "v1",
"Description": "Example IAM policy",
"IsAttachable": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 5,
"PolicyId": "ANPAJ2UCCR6DPCEXAMPLE",
"PolicyName": "EXAMPLE-MANAGED-POLICY",
"PolicyVersionList": [
{
"VersionId": "v1",
"IsDefaultVersion": true,
"CreateDate": "2017-09-14T08:17:29.000Z"
}
],
"UpdateDate": "2017-09-14T08:17:29.000Z"
}
```
## AwsIamRole
`AwsIamRole` 物件包含 IAM 角色的相關資訊,包括角色的所有政策。
下列範例顯示 `AwsIamRole` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamRole`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsIamRoleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamRoleDetails.html)。
**範例**
```
"AwsIamRole": {
"AssumeRolePolicyDocument": "{'Version': '2012-10-17', 'Statement': [{'Effect': 'Allow','Action': 'sts:AssumeRole'}]}",
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/ExamplePolicy1",
"PolicyName": "Example policy 1"
},
{
"PolicyArn": "arn:aws:iam::444455556666:policy/ExamplePolicy2",
"PolicyName": "Example policy 2"
}
],
"CreateDate": "2020-03-14T07:19:14.000Z",
"InstanceProfileList": [
{
"Arn": "arn:aws:iam::333333333333:ExampleProfile",
"CreateDate": "2020-03-11T00:02:27Z",
"InstanceProfileId": "AIPAIXEU4NUHUPEXAMPLE",
"InstanceProfileName": "ExampleInstanceProfile",
"Path": "/",
"Roles": [
{
"Arn": "arn:aws:iam::444455556666:role/example-role",
"AssumeRolePolicyDocument": "",
"CreateDate": "2020-03-11T00:02:27Z",
"Path": "/",
"RoleId": "AROAJ52OTH4H7LEXAMPLE",
"RoleName": "example-role",
}
]
}
],
"MaxSessionDuration": 3600,
"Path": "/",
"PermissionsBoundary": {
"PermissionsBoundaryArn": "arn:aws:iam::aws:policy/AdministratorAccess",
"PermissionsBoundaryType": "PermissionsBoundaryPolicy"
},
"RoleId": "AROA4TPS3VLEXAMPLE",
"RoleName": "BONESBootstrapHydra-OverbridgeOpsFunctionsLambda",
"RolePolicyList": [
{
"PolicyName": "Example role policy"
}
]
}
```
## AwsIamUser
`AwsIamUser` 物件提供使用者的相關資訊。
下列範例顯示 `AwsIamUser` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsIamUser`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsIamUserDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsIamUserDetails.html)。
**範例**
```
"AwsIamUser": {
"AttachedManagedPolicies": [
{
"PolicyName": "ExamplePolicy",
"PolicyArn": "arn:aws:iam::aws:policy/ExampleAccess"
}
],
"CreateDate": "2018-01-26T23:50:05.000Z",
"GroupList": [],
"Path": "/",
"PermissionsBoundary" : {
"PermissionsBoundaryArn" : "arn:aws:iam::aws:policy/AdministratorAccess",
"PermissionsBoundaryType" : "PermissionsBoundaryPolicy"
},
"UserId": "AIDACKCEVSQ6C2EXAMPLE",
"UserName": "ExampleUser",
"UserPolicyList": [
{
"PolicyName": "InstancePolicy"
}
]
}
```
# AwsKinesis ASFF 中的 資源
以下是 `AwsKinesis` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsKinesisStream
`AwsKinesisStream` 物件提供有關 Amazon Kinesis Data Streams 的詳細資訊。
下列範例顯示 `AwsKinesisStream` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsKinesisStream`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsKinesisStreamDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsKinesisStreamDetails.html)。
**範例**
```
"AwsKinesisStream": {
"Name": "test-vir-kinesis-stream",
"Arn": "arn:aws:kinesis:us-east-1:293279581038:stream/test-vir-kinesis-stream",
"RetentionPeriodHours": 24,
"ShardCount": 2,
"StreamEncryption": {
"EncryptionType": "KMS",
"KeyId": "arn:aws:kms:us-east-1:293279581038:key/849cf029-4143-4c59-91f8-ea76007247eb"
}
}
```
# AwsKms ASFF 中的 資源
以下是 `AwsKms` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsKmsKey
`AwsKmsKey` 物件提供有關 的詳細資訊 AWS KMS key。
下列範例顯示 `AwsKmsKey` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsKmsKey`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsKmsKeyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsKmsKeyDetails.html)。
**範例**
```
"AwsKmsKey": {
"AWSAccountId": "string",
"CreationDate": "string",
"Description": "string",
"KeyId": "string",
"KeyManager": "string",
"KeyRotationStatus": boolean,
"KeyState": "string",
"Origin": "string"
}
```
# AwsLambda
以下是 `AwsLambda` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsLambdaFunction
`AwsLambdaFunction` 物件提供 Lambda 函數組態的詳細資訊。
下列範例顯示 `AwsLambdaFunction` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsLambdaFunction`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsLambdaFunctionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsLambdaFunctionDetails.html)。
**範例**
```
"AwsLambdaFunction": {
"Architectures": [
"x86_64"
],
"Code": {
"S3Bucket": "amzn-s3-demo-bucket",
"S3Key": "samplekey",
"S3ObjectVersion": "2",
"ZipFile": "myzip.zip"
},
"CodeSha256": "1111111111111abcdef",
"DeadLetterConfig": {
"TargetArn": "arn:aws:lambda:us-east-2:123456789012:queue:myqueue:2"
},
"Environment": {
"Variables": {
"Stage": "foobar"
},
"Error": {
"ErrorCode": "Sample-error-code",
"Message": "Caller principal is a manager."
}
},
"FunctionName": "CheckOut",
"Handler": "main.py:lambda_handler",
"KmsKeyArn": "arn:aws:kms:us-west-2:123456789012:key/mykey",
"LastModified": "2001-09-11T09:00:00Z",
"Layers": {
"Arn": "arn:aws:lambda:us-east-2:123456789012:layer:my-layer:3",
"CodeSize": 169
},
"PackageType": "Zip",
"RevisionId": "23",
"Role": "arn:aws:iam::123456789012:role/Accounting-Role",
"Runtime": "go1.7",
"Timeout": 15,
"TracingConfig": {
"Mode": "Active"
},
"Version": "$LATEST$",
"VpcConfig": {
"SecurityGroupIds": ["sg-085912345678492fb", "sg-08591234567bdgdc"],
"SubnetIds": ["subnet-071f712345678e7c8", "subnet-07fd123456788a036"]
},
"MasterArn": "arn:aws:lambda:us-east-2:123456789012:\$LATEST",
"MemorySize": 2048
}
```
## AwsLambdaLayerVersion
`AwsLambdaLayerVersion` 物件提供 Lambda layer 版本的詳細資訊。
下列範例顯示 `AwsLambdaLayerVersion` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsLambdaLayerVersion`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsLambdaLayerVersionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsLambdaLayerVersionDetails.html)。
**範例**
```
"AwsLambdaLayerVersion": {
"Version": 2,
"CompatibleRuntimes": [
"java8"
],
"CreatedDate": "2019-10-09T22:02:00.274+0000"
}
```
# AwsMsk ASFF 中的 資源
以下是 `AwsMsk` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsMskCluster
`AwsMskCluster` 物件提供有關 Amazon Managed Streaming for Apache Kafka (Amazon MSK) 叢集的資訊。
下列範例顯示 `AwsMskCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsMskCluster`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsMskClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsMskClusterDetails.html)。
**範例**
```
"AwsMskCluster": {
"ClusterInfo": {
"ClientAuthentication": {
"Sasl": {
"Scram": {
"Enabled": true
},
"Iam": {
"Enabled": true
}
},
"Tls": {
"CertificateAuthorityArnList": [],
"Enabled": false
},
"Unauthenticated": {
"Enabled": false
}
},
"ClusterName": "my-cluster",
"CurrentVersion": "K2PWKAKR8XB7XF",
"EncryptionInfo": {
"EncryptionAtRest": {
"DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
},
"EncryptionInTransit": {
"ClientBroker": "TLS",
"InCluster": true
}
},
"EnhancedMonitoring": "PER_TOPIC_PER_BROKER",
"NumberOfBrokerNodes": 3
}
}
```
# AwsNetworkFirewall ASFF 中的 資源
以下是 `AwsNetworkFirewall` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsNetworkFirewallFirewall
`AwsNetworkFirewallFirewall` 物件包含 AWS Network Firewall 防火牆的詳細資訊。
下列範例顯示 `AwsNetworkFirewallFirewall` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsNetworkFirewallFirewall`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsNetworkFirewallFirewallDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallFirewallDetails.html)。
**範例**
```
"AwsNetworkFirewallFirewall": {
"DeleteProtection": false,
"FirewallArn": "arn:aws:network-firewall:us-east-1:024665936331:firewall/testfirewall",
"FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall",
"FirewallId": "dea7d8e9-ae38-4a8a-b022-672a830a99fa",
"FirewallName": "testfirewall",
"FirewallPolicyChangeProtection": false,
"SubnetChangeProtection": false,
"SubnetMappings": [
{
"SubnetId": "subnet-0183481095e588cdc"
},
{
"SubnetId": "subnet-01f518fad1b1c90b0"
}
],
"VpcId": "vpc-40e83c38"
}
```
## AwsNetworkFirewallFirewallPolicy
`AwsNetworkFirewallFirewallPolicy` 物件提供防火牆政策的詳細資訊。防火牆政策會定義網路防火牆的行為。
下列範例顯示 `AwsNetworkFirewallFirewallPolicy` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsNetworkFirewallFirewallPolicy`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsNetworkFirewallFirewallPolicyDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallFirewallPolicyDetails.html)。
**範例**
```
"AwsNetworkFirewallFirewallPolicy": {
"FirewallPolicy": {
"StatefulRuleGroupReferences": [
{
"ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/PatchesOnly"
}
],
"StatelessDefaultActions": [ "aws:forward_to_sfe" ],
"StatelessFragmentDefaultActions": [ "aws:forward_to_sfe" ],
"StatelessRuleGroupReferences": [
{
"Priority": 1,
"ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1"
}
]
},
"FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall",
"FirewallPolicyId": "9ceeda22-6050-4048-a0ca-50ce47f0cc65",
"FirewallPolicyName": "InitialFirewall",
"Description": "Initial firewall"
}
```
## AwsNetworkFirewallRuleGroup
`AwsNetworkFirewallRuleGroup` 物件提供 AWS Network Firewall 規則群組的詳細資訊。規則群組用於檢查和控制網路流量。無狀態規則群組適用於個別封包。狀態規則群組會套用到流量流程中的封包。
防火牆政策中會參考規則群組。
下列範例顯示 `AwsNetworkFirewallRuleGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsNetworkFirewallRuleGroup`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsNetworkFirewallRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsNetworkFirewallRuleGroupDetails.html)。
**範例 – 無狀態規則群組**
```
"AwsNetworkFirewallRuleGroup": {
"Capacity": 600,
"RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1",
"RuleGroupId": "fb13c4df-b6da-4c1e-91ec-84b7a5487493",
"RuleGroupName": "Stateless-1"
"Description": "Example of a stateless rule group",
"Type": "STATELESS",
"RuleGroup": {
"RulesSource": {
"StatelessRulesAndCustomActions": {
"CustomActions": [],
"StatelessRules": [
{
"Priority": 1,
"RuleDefinition": {
"Actions": [
"aws:pass"
],
"MatchAttributes": {
"DestinationPorts": [
{
"FromPort": 443,
"ToPort": 443
}
],
"Destinations": [
{
"AddressDefinition": "192.0.2.0/24"
}
],
"Protocols": [
6
],
"SourcePorts": [
{
"FromPort": 0,
"ToPort": 65535
}
],
"Sources": [
{
"AddressDefinition": "198.51.100.0/24"
}
]
}
}
}
]
}
}
}
}
```
**範例 – 狀態規則群組**
```
"AwsNetworkFirewallRuleGroup": {
"Capacity": 100,
"RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/tupletest",
"RuleGroupId": "38b71c12-da80-4643-a6c5-03337f8933e0",
"RuleGroupName": "ExampleRuleGroup",
"Description": "Example of a stateful rule group",
"Type": "STATEFUL",
"RuleGroup": {
"RuleSource": {
"StatefulRules": [
{
"Action": "PASS",
"Header": {
"Destination": "Any",
"DestinationPort": "443",
"Direction": "ANY",
"Protocol": "TCP",
"Source": "Any",
"SourcePort": "Any"
},
"RuleOptions": [
{
"Keyword": "sid:1"
}
]
}
]
}
}
}
```
以下是`AwsNetworkFirewallRuleGroup`屬性的有效值範例清單:
+ `Action`
有效值:`PASS` \$1 `DROP` \$1 `ALERT`
+ `Protocol`
有效值: `IP` \$1 `TCP` \$1 `UDP` \$1 `ICMP` \$1 `HTTP` `FTP` \$1 \$1 `TLS` \$1 `SMB` \$1 `DNS` \$1 `DCERPC` \$1 `SSH` \$1 `SMTP` `IMAP` \$1 `MSN` \$1 `KRB5` \$1 `IKEV2` \$1 `TFTP` \$1 \$1 `NTP` \$1 \$1 \$1 `DHCP`
+ `Flags`
有效值:`FIN` \$1 `SYN` \$1 `RST` \$1 `PSH` \$1 `ACK` \$1 `URG` \$1 `ECE` \$1 `CWR`
+ `Masks`
有效值:`FIN` \$1 `SYN` \$1 `RST` \$1 `PSH` \$1 `ACK` \$1 `URG` \$1 `ECE` \$1 `CWR`
# AwsOpenSearchService ASFF 中的 資源
以下是 `AwsOpenSearchService` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsOpenSearchServiceDomain
`AwsOpenSearchServiceDomain` 物件包含 Amazon OpenSearch Service 網域的相關資訊。
下列範例顯示 `AwsOpenSearchServiceDomain` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsOpenSearchServiceDomain`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsOpenSearchServiceDomainDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsOpenSearchServiceDomainDetails.html)。
**範例**
```
"AwsOpenSearchServiceDomain": {
"AccessPolicies": "IAM_Id",
"AdvancedSecurityOptions": {
"Enabled": true,
"InternalUserDatabaseEnabled": true,
"MasterUserOptions": {
"MasterUserArn": "arn:aws:iam::123456789012:user/third-master-use",
"MasterUserName": "third-master-use",
"MasterUserPassword": "some-password"
}
},
"Arn": "arn:aws:Opensearch:us-east-1:111122223333:somedomain",
"ClusterConfig": {
"InstanceType": "c5.large.search",
"InstanceCount": 1,
"DedicatedMasterEnabled": true,
"ZoneAwarenessEnabled": false,
"ZoneAwarenessConfig": {
"AvailabilityZoneCount": 2
},
"DedicatedMasterType": "c5.large.search",
"DedicatedMasterCount": 3,
"WarmEnabled": true,
"WarmCount": 3,
"WarmType": "ultrawarm1.large.search"
},
"DomainEndpoint": "https://es-2021-06-23t17-04-qowmgghud5vofgb5e4wmi.eu-central-1.es.amazonaws.com",
"DomainEndpointOptions": {
"EnforceHTTPS": false,
"TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
"CustomEndpointCertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/bda1bff1-79c0-49d0-abe6-50a15a7477d4",
"CustomEndpointEnabled": true,
"CustomEndpoint": "example.com"
},
"DomainEndpoints": {
"vpc": "vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com"
},
"DomainName": "my-domain",
"EncryptionAtRestOptions": {
"Enabled": false,
"KmsKeyId": "1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a"
},
"EngineVersion": "7.1",
"Id": "123456789012",
"LogPublishingOptions": {
"IndexSlowLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-index-slow-logs",
"Enabled": true
},
"SearchSlowLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-slow-logs",
"Enabled": true
},
"AuditLogs": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111122223333:log-group:/aws/aes/domains/es-slow-logs",
"Enabled": true
}
},
"NodeToNodeEncryptionOptions": {
"Enabled": true
},
"ServiceSoftwareOptions": {
"AutomatedUpdateDate": "2022-04-28T14:08:37.000Z",
"Cancellable": false,
"CurrentVersion": "R20210331",
"Description": "There is no software update available for this domain.",
"NewVersion": "OpenSearch_1.0",
"UpdateAvailable": false,
"UpdateStatus": "COMPLETED",
"OptionalDeployment": false
},
"VpcOptions": {
"SecurityGroupIds": [
"sg-2a3a4a5a"
],
"SubnetIds": [
"subnet-1a2a3a4a"
],
}
}
```
# AwsRds ASFF 中的 資源
以下是 `AwsRds` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRdsDbCluster
`AwsRdsDbCluster` 物件提供 Amazon RDS 資料庫叢集的詳細資訊。
下列範例顯示 `AwsRdsDbCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbCluster`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbClusterDetails.html)。
**範例**
```
"AwsRdsDbCluster": {
"ActivityStreamStatus": "stopped",
"AllocatedStorage": 1,
"AssociatedRoles": [
{
"RoleArn": "arn:aws:iam::777788889999:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
"Status": "PENDING"
}
],
"AutoMinorVersionUpgrade": true,
"AvailabilityZones": [
"us-east-1a",
"us-east-1c",
"us-east-1e"
],
"BackupRetentionPeriod": 1,
"ClusterCreateTime": "2020-06-22T17:40:12.322Z",
"CopyTagsToSnapshot": true,
"CrossAccountClone": false,
"CustomEndpoints": [],
"DatabaseName": "Sample name",
"DbClusterIdentifier": "database-3",
"DbClusterMembers": [
{
"DbClusterParameterGroupStatus": "in-sync",
"DbInstanceIdentifier": "database-3-instance-1",
"IsClusterWriter": true,
"PromotionTier": 1,
}
],
"DbClusterOptionGroupMemberships": [],
"DbClusterParameterGroup": "cluster-parameter-group",
"DbClusterResourceId": "cluster-example",
"DbSubnetGroup": "subnet-group",
"DeletionProtection": false,
"DomainMemberships": [],
"Status": "modifying",
"EnabledCloudwatchLogsExports": [
"audit",
"error",
"general",
"slowquery"
],
"Endpoint": "database-3.cluster-example.us-east-1.rds.amazonaws.com",
"Engine": "aurora-mysql",
"EngineMode": "provisioned",
"EngineVersion": "5.7.mysql_aurora.2.03.4",
"HostedZoneId": "ZONE1",
"HttpEndpointEnabled": false,
"IamDatabaseAuthenticationEnabled": false,
"KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
"MasterUsername": "admin",
"MultiAz": false,
"Port": 3306,
"PreferredBackupWindow": "04:52-05:22",
"PreferredMaintenanceWindow": "sun:09:32-sun:10:02",
"ReaderEndpoint": "database-3.cluster-ro-example.us-east-1.rds.amazonaws.com",
"ReadReplicaIdentifiers": [],
"Status": "Modifying",
"StorageEncrypted": true,
"VpcSecurityGroups": [
{
"Status": "active",
"VpcSecurityGroupId": "sg-example-1"
}
],
}
```
## AwsRdsDbClusterSnapshot
`AwsRdsDbClusterSnapshot` 物件包含 Amazon RDS 資料庫叢集快照的相關資訊。
下列範例顯示 `AwsRdsDbClusterSnapshot` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbClusterSnapshot`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbClusterSnapshotDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbClusterSnapshotDetails.html)。
**範例**
```
"AwsRdsDbClusterSnapshot": {
"AllocatedStorage": 0,
"AvailabilityZones": [
"us-east-1a",
"us-east-1d",
"us-east-1e"
],
"ClusterCreateTime": "2020-06-12T13:23:15.577Z",
"DbClusterIdentifier": "database-2",
"DbClusterSnapshotAttributes": [{
"AttributeName": "restore",
"AttributeValues": ["123456789012"]
}],
"DbClusterSnapshotIdentifier": "rds:database-2-2020-06-23-03-52",
"Engine": "aurora",
"EngineVersion": "5.6.10a",
"IamDatabaseAuthenticationEnabled": false,
"KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
"LicenseModel": "aurora",
"MasterUsername": "admin",
"PercentProgress": 100,
"Port": 0,
"SnapshotCreateTime": "2020-06-22T17:40:12.322Z",
"SnapshotType": "automated",
"Status": "available",
"StorageEncrypted": true,
"VpcId": "vpc-faf7e380"
}
```
## AwsRdsDbInstance
`AwsRdsDbInstance` 物件提供 Amazon RDS 資料庫執行個體的詳細資訊。
下列範例顯示 `AwsRdsDbInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbInstance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbInstanceDetails.html)。
**範例**
```
"AwsRdsDbInstance": {
"AllocatedStorage": 20,
"AssociatedRoles": [],
"AutoMinorVersionUpgrade": true,
"AvailabilityZone": "us-east-1d",
"BackupRetentionPeriod": 7,
"CaCertificateIdentifier": "certificate1",
"CharacterSetName": "",
"CopyTagsToSnapshot": true,
"DbClusterIdentifier": "",
"DbInstanceArn": "arn:aws:rds:us-east-1:111122223333:db:database-1",
"DbInstanceClass": "db.t2.micro",
"DbInstanceIdentifier": "database-1",
"DbInstancePort": 0,
"DbInstanceStatus": "available",
"DbiResourceId": "db-EXAMPLE123",
"DbName": "",
"DbParameterGroups": [
{
"DbParameterGroupName": "default.mysql5.7",
"ParameterApplyStatus": "in-sync"
}
],
"DbSecurityGroups": [],
"DbSubnetGroup": {
"DbSubnetGroupName": "my-group-123abc",
"DbSubnetGroupDescription": "My subnet group",
"VpcId": "vpc-example1",
"SubnetGroupStatus": "Complete",
"Subnets": [
{
"SubnetIdentifier": "subnet-123abc",
"SubnetAvailabilityZone": {
"Name": "us-east-1d"
},
"SubnetStatus": "Active"
},
{
"SubnetIdentifier": "subnet-456def",
"SubnetAvailabilityZone": {
"Name": "us-east-1c"
},
"SubnetStatus": "Active"
}
],
"DbSubnetGroupArn": ""
},
"DeletionProtection": false,
"DomainMemberships": [],
"EnabledCloudWatchLogsExports": [],
"Endpoint": {
"address": "database-1.example.us-east-1.rds.amazonaws.com",
"port": 3306,
"hostedZoneId": "ZONEID1"
},
"Engine": "mysql",
"EngineVersion": "5.7.22",
"EnhancedMonitoringResourceArn": "arn:aws:logs:us-east-1:111122223333:log-group:Example:log-stream:db-EXAMPLE1",
"IamDatabaseAuthenticationEnabled": false,
"InstanceCreateTime": "2020-06-22T17:40:12.322Z",
"Iops": "",
"KmsKeyId": "",
"LatestRestorableTime": "2020-06-24T05:50:00.000Z",
"LicenseModel": "general-public-license",
"ListenerEndpoint": "",
"MasterUsername": "admin",
"MaxAllocatedStorage": 1000,
"MonitoringInterval": 60,
"MonitoringRoleArn": "arn:aws:iam::111122223333:role/rds-monitoring-role",
"MultiAz": false,
"OptionGroupMemberships": [
{
"OptionGroupName": "default:mysql-5-7",
"Status": "in-sync"
}
],
"PreferredBackupWindow": "03:57-04:27",
"PreferredMaintenanceWindow": "thu:10:13-thu:10:43",
"PendingModifiedValues": {
"DbInstanceClass": "",
"AllocatedStorage": "",
"MasterUserPassword": "",
"Port": "",
"BackupRetentionPeriod": "",
"MultiAZ": "",
"EngineVersion": "",
"LicenseModel": "",
"Iops": "",
"DbInstanceIdentifier": "",
"StorageType": "",
"CaCertificateIdentifier": "",
"DbSubnetGroupName": "",
"PendingCloudWatchLogsExports": "",
"ProcessorFeatures": []
},
"PerformanceInsightsEnabled": false,
"PerformanceInsightsKmsKeyId": "",
"PerformanceInsightsRetentionPeriod": "",
"ProcessorFeatures": [],
"PromotionTier": "",
"PubliclyAccessible": false,
"ReadReplicaDBClusterIdentifiers": [],
"ReadReplicaDBInstanceIdentifiers": [],
"ReadReplicaSourceDBInstanceIdentifier": "",
"SecondaryAvailabilityZone": "",
"StatusInfos": [],
"StorageEncrypted": false,
"StorageType": "gp2",
"TdeCredentialArn": "",
"Timezone": "",
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-example1",
"Status": "active"
}
]
}
```
## AwsRdsDbSecurityGroup
`AwsRdsDbSecurityGroup` 物件包含 Amazon Relational Database Service 的相關資訊
下列範例顯示 `AwsRdsDbSecurityGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbSecurityGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbSecurityGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbSecurityGroupDetails.html)。
**範例**
```
"AwsRdsDbSecurityGroup": {
"DbSecurityGroupArn": "arn:aws:rds:us-west-1:111122223333:secgrp:default",
"DbSecurityGroupDescription": "default",
"DbSecurityGroupName": "mysecgroup",
"Ec2SecurityGroups": [
{
"Ec2SecurityGroupuId": "myec2group",
"Ec2SecurityGroupName": "default",
"Ec2SecurityGroupOwnerId": "987654321021",
"Status": "authorizing"
}
],
"IpRanges": [
{
"Cidrip": "0.0.0.0/0",
"Status": "authorizing"
}
],
"OwnerId": "123456789012",
"VpcId": "vpc-1234567f"
}
```
## AwsRdsDbSnapshot
`AwsRdsDbSnapshot` 物件包含 Amazon RDS 資料庫叢集快照的詳細資訊。
下列範例顯示 `AwsRdsDbSnapshot` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsDbSnapshot`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsDbSnapshotDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsDbSnapshotDetails.html)。
**範例**
```
"AwsRdsDbSnapshot": {
"DbSnapshotIdentifier": "rds:database-1-2020-06-22-17-41",
"DbInstanceIdentifier": "database-1",
"SnapshotCreateTime": "2020-06-22T17:41:29.967Z",
"Engine": "mysql",
"AllocatedStorage": 20,
"Status": "available",
"Port": 3306,
"AvailabilityZone": "us-east-1d",
"VpcId": "vpc-example1",
"InstanceCreateTime": "2020-06-22T17:40:12.322Z",
"MasterUsername": "admin",
"EngineVersion": "5.7.22",
"LicenseModel": "general-public-license",
"SnapshotType": "automated",
"Iops": null,
"OptionGroupName": "default:mysql-5-7",
"PercentProgress": 100,
"SourceRegion": null,
"SourceDbSnapshotIdentifier": "",
"StorageType": "gp2",
"TdeCredentialArn": "",
"Encrypted": false,
"KmsKeyId": "",
"Timezone": "",
"IamDatabaseAuthenticationEnabled": false,
"ProcessorFeatures": [],
"DbiResourceId": "db-resourceexample1"
}
```
## AwsRdsEventSubscription
`AwsRdsEventSubscription` 包含 RDS 事件通知訂閱的詳細資訊。訂閱可讓 RDS 將事件發佈至 SNS 主題。
下列範例顯示 `AwsRdsEventSubscription` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRdsEventSubscription`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRdsEventSubscriptionDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRdsEventSubscriptionDetails.html)。
**範例**
```
"AwsRdsEventSubscription": {
"CustSubscriptionId": "myawsuser-secgrp",
"CustomerAwsId": "111111111111",
"Enabled": true,
"EventCategoriesList": [
"configuration change",
"failure"
],
"EventSubscriptionArn": "arn:aws:rds:us-east-1:111111111111:es:my-instance-events",
"SnsTopicArn": "arn:aws:sns:us-east-1:111111111111:myawsuser-RDS",
"SourceIdsList": [
"si-sample",
"mysqldb-rr"
],
"SourceType": "db-security-group",
"Status": "creating",
"SubscriptionCreationTime": "2021-06-27T01:38:01.090Z"
}
```
# AwsRedshift ASFF 中的 資源
以下是 `AwsRedshift` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRedshiftCluster
`AwsRedshiftCluster` 物件包含 Amazon Redshift 叢集的詳細資訊。
下列範例顯示 `AwsRedshiftCluster` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRedshiftCluster`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRedshiftClusterDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRedshiftClusterDetails.html)。
**範例**
```
"AwsRedshiftCluster": {
"AllowVersionUpgrade": true,
"AutomatedSnapshotRetentionPeriod": 1,
"AvailabilityZone": "us-west-2d",
"ClusterAvailabilityStatus": "Unavailable",
"ClusterCreateTime": "2020-08-03T19:22:44.637Z",
"ClusterIdentifier": "redshift-cluster-1",
"ClusterNodes": [
{
"NodeRole": "LEADER",
"PrivateIPAddress": "192.0.2.108",
"PublicIPAddress": "198.51.100.29"
},
{
"NodeRole": "COMPUTE-0",
"PrivateIPAddress": "192.0.2.22",
"PublicIPAddress": "198.51.100.63"
},
{
"NodeRole": "COMPUTE-1",
"PrivateIPAddress": "192.0.2.224",
"PublicIPAddress": "198.51.100.226"
}
],
"ClusterParameterGroups": [
{
"ClusterParameterStatusList": [
{
"ParameterName": "max_concurrency_scaling_clusters",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "enable_user_activity_logging",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "auto_analyze",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "query_group",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "datestyle",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "extra_float_digits",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "search_path",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "statement_timeout",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "wlm_json_configuration",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "require_ssl",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
},
{
"ParameterName": "use_fips_ssl",
"ParameterApplyStatus": "in-sync",
"ParameterApplyErrorDescription": "parameterApplyErrorDescription"
}
],
"ParameterApplyStatus": "in-sync",
"ParameterGroupName": "temp"
}
],
"ClusterPublicKey": "JalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Amazon-Redshift",
"ClusterRevisionNumber": 17498,
"ClusterSecurityGroups": [
{
"ClusterSecurityGroupName": "default",
"Status": "active"
}
],
"ClusterSnapshotCopyStatus": {
"DestinationRegion": "us-west-2",
"ManualSnapshotRetentionPeriod": -1,
"RetentionPeriod": 1,
"SnapshotCopyGrantName": "snapshotCopyGrantName"
},
"ClusterStatus": "available",
"ClusterSubnetGroupName": "default",
"ClusterVersion": "1.0",
"DBName": "dev",
"DeferredMaintenanceWindows": [
{
"DeferMaintenanceEndTime": "2020-10-07T20:34:01.000Z",
"DeferMaintenanceIdentifier": "deferMaintenanceIdentifier",
"DeferMaintenanceStartTime": "2020-09-07T20:34:01.000Z"
}
],
"ElasticIpStatus": {
"ElasticIp": "203.0.113.29",
"Status": "active"
},
"ElasticResizeNumberOfNodeOptions": "4",
"Encrypted": false,
"Endpoint": {
"Address": "redshift-cluster-1.example.us-west-2.redshift.amazonaws.com",
"Port": 5439
},
"EnhancedVpcRouting": false,
"ExpectedNextSnapshotScheduleTime": "2020-10-13T20:34:01.000Z",
"ExpectedNextSnapshotScheduleTimeStatus": "OnTrack",
"HsmStatus": {
"HsmClientCertificateIdentifier": "hsmClientCertificateIdentifier",
"HsmConfigurationIdentifier": "hsmConfigurationIdentifier",
"Status": "applying"
},
"IamRoles": [
{
"ApplyStatus": "in-sync",
"IamRoleArn": "arn:aws:iam::111122223333:role/RedshiftCopyUnload"
}
],
"KmsKeyId": "kmsKeyId",
"LoggingStatus": {
"BucketName": "amzn-s3-demo-bucket",
"LastFailureMessage": "test message",
"LastFailureTime": "2020-08-09T13:00:00.000Z",
"LastSuccessfulDeliveryTime": "2020-08-08T13:00:00.000Z",
"LoggingEnabled": true,
"S3KeyPrefix": "/"
},
"MaintenanceTrackName": "current",
"ManualSnapshotRetentionPeriod": -1,
"MasterUsername": "awsuser",
"NextMaintenanceWindowStartTime": "2020-08-09T13:00:00.000Z",
"NodeType": "dc2.large",
"NumberOfNodes": 2,
"PendingActions": [],
"PendingModifiedValues": {
"AutomatedSnapshotRetentionPeriod": 0,
"ClusterIdentifier": "clusterIdentifier",
"ClusterType": "clusterType",
"ClusterVersion": "clusterVersion",
"EncryptionType": "None",
"EnhancedVpcRouting": false,
"MaintenanceTrackName": "maintenanceTrackName",
"MasterUserPassword": "masterUserPassword",
"NodeType": "dc2.large",
"NumberOfNodes": 1,
"PubliclyAccessible": true
},
"PreferredMaintenanceWindow": "sun:13:00-sun:13:30",
"PubliclyAccessible": true,
"ResizeInfo": {
"AllowCancelResize": true,
"ResizeType": "ClassicResize"
},
"RestoreStatus": {
"CurrentRestoreRateInMegaBytesPerSecond": 15,
"ElapsedTimeInSeconds": 120,
"EstimatedTimeToCompletionInSeconds": 100,
"ProgressInMegaBytes": 10,
"SnapshotSizeInMegaBytes": 1500,
"Status": "restoring"
},
"SnapshotScheduleIdentifier": "snapshotScheduleIdentifier",
"SnapshotScheduleState": "ACTIVE",
"VpcId": "vpc-example",
"VpcSecurityGroups": [
{
"Status": "active",
"VpcSecurityGroupId": "sg-example"
}
]
}
```
# AwsRoute53 ASFF 中的 資源
以下是 `AwsRoute53` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsRoute53HostedZone
`AwsRoute53HostedZone` 物件提供有關 Amazon Route 53 託管區域的資訊,包括指派給託管區域的四個名稱伺服器。託管區域代表可一起管理的記錄集合,屬於單一父系網域名稱。
下列範例顯示 `AwsRoute53HostedZone` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsRoute53HostedZone`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsRoute53HostedZoneDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsRoute53HostedZoneDetails.html)。
**範例**
```
"AwsRoute53HostedZone": {
"HostedZone": {
"Id": "Z06419652JEMGO9TA2XKL",
"Name": "asff.testing",
"Config": {
"Comment": "This is an example comment."
}
},
"NameServers": [
"ns-470.awsdns-32.net",
"ns-1220.awsdns-12.org",
"ns-205.awsdns-13.com",
"ns-1960.awsdns-51.co.uk"
],
"QueryLoggingConfig": {
"CloudWatchLogsLogGroupArn": {
"CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123456789012:log-group:asfftesting:*",
"Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"HostedZoneId": "Z00932193AF5H180PPNZD"
}
},
"Vpcs": [
{
"Id": "vpc-05d7c6e36bc03ea76",
"Region": "us-east-1"
}
]
}
```
# AwsS3 ASFF 中的 資源
以下是 `AwsS3` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsS3AccessPoint
`AwsS3AccessPoint` 提供 Amazon S3 存取點的相關資訊。S3 存取點是連接至 S3 儲存貯體的具名網路端點,可用來執行 S3 物件操作。
下列範例顯示 `AwsS3AccessPoint` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3AccessPoint`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsS3AccessPointDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3AccessPointDetails.html)。
**範例**
```
"AwsS3AccessPoint": {
"AccessPointArn": "arn:aws:s3:us-east-1:123456789012:accesspoint/asff-access-point",
"Alias": "asff-access-point-hrzrlukc5m36ft7okagglf3gmwluquse1b-s3alias",
"Bucket": "amzn-s3-demo-bucket",
"BucketAccountId": "123456789012",
"Name": "asff-access-point",
"NetworkOrigin": "VPC",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true
},
"VpcConfiguration": {
"VpcId": "vpc-1a2b3c4d5e6f1a2b3"
}
}
```
## AwsS3AccountPublicAccessBlock
`AwsS3AccountPublicAccessBlock` 提供帳戶 Amazon S3 公有存取區塊組態的相關資訊。
下列範例顯示 `AwsS3AccountPublicAccessBlock` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3AccountPublicAccessBlock`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsS3AccountPublicAccessBlockDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3AccountPublicAccessBlockDetails.html)。
**範例**
```
"AwsS3AccountPublicAccessBlock": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": false,
"RestrictPublicBuckets": true
}
```
## AwsS3Bucket
`AwsS3Bucket` 物件提供 Amazon S3 儲存貯體的詳細資訊。
下列範例顯示 `AwsS3Bucket` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3Bucket`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsS3BucketDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3BucketDetails.html)。
**範例**
```
"AwsS3Bucket": {
"AccessControlList": "{\"grantSet\":null,\"grantList\":[{\"grantee\":{\"id\":\"4df55416215956920d9d056aa8b99803a294ea221222bb668b55a8c6bca81094\",\"displayName\":null},\"permission\":\"FullControl\"},{\"grantee\":\"AllUsers\",\"permission\":\"ReadAcp\"},{\"grantee\":\"AuthenticatedUsers\",\"permission\":\"ReadAcp\"}",,
"BucketLifecycleConfiguration": {
"Rules": [
{
"AbortIncompleteMultipartUpload": {
"DaysAfterInitiation": 5
},
"ExpirationDate": "2021-11-10T00:00:00.000Z",
"ExpirationInDays": 365,
"ExpiredObjectDeleteMarker": false,
"Filter": {
"Predicate": {
"Operands": [
{
"Prefix": "tmp/",
"Type": "LifecyclePrefixPredicate"
},
{
"Tag": {
"Key": "ArchiveAge",
"Value": "9m"
},
"Type": "LifecycleTagPredicate"
}
],
"Type": "LifecycleAndOperator"
}
},
"ID": "Move rotated logs to Glacier",
"NoncurrentVersionExpirationInDays": -1,
"NoncurrentVersionTransitions": [
{
"Days": 2,
"StorageClass": "GLACIER"
}
],
"Prefix": "rotated/",
"Status": "Enabled",
"Transitions": [
{
"Date": "2020-11-10T00:00:00.000Z",
"Days": 100,
"StorageClass": "GLACIER"
}
]
}
]
},
"BucketLoggingConfiguration": {
"DestinationBucketName": "s3serversideloggingbucket-123456789012",
"LogFilePrefix": "buckettestreadwrite23435/"
},
"BucketName": "amzn-s3-demo-bucket",
"BucketNotificationConfiguration": {
"Configurations": [{
"Destination": "arn:aws:lambda:us-east-1:123456789012:function:s3_public_write",
"Events": [
"s3:ObjectCreated:Put"
],
"Filter": {
"S3KeyFilter": {
"FilterRules": [
{
"Name": "AffS3BucketNotificationConfigurationS3KeyFilterRuleName.PREFIX",
"Value": "pre"
},
{
"Name": "AffS3BucketNotificationConfigurationS3KeyFilterRuleName.SUFFIX",
"Value": "suf"
},
]
}
},
"Type": "LambdaConfiguration"
}]
},
"BucketVersioningConfiguration": {
"IsMfaDeleteEnabled": true,
"Status": "Off"
},
"BucketWebsiteConfiguration": {
"ErrorDocument": "error.html",
"IndexDocumentSuffix": "index.html",
"RedirectAllRequestsTo": {
"HostName": "example.com",
"Protocol": "http"
},
"RoutingRules": [{
"Condition": {
"HttpErrorCodeReturnedEquals": "Redirected",
"KeyPrefixEquals": "index"
},
"Redirect": {
"HostName": "example.com",
"HttpRedirectCode": "401",
"Protocol": "HTTP",
"ReplaceKeyPrefixWith": "string",
"ReplaceKeyWith": "string"
}
}]
},
"CreatedAt": "2007-11-30T01:46:56.000Z",
"ObjectLockConfiguration": {
"ObjectLockEnabled": "Enabled",
"Rule": {
"DefaultRetention": {
"Days": null,
"Mode": "GOVERNANCE",
"Years": 12
},
},
},
"OwnerId": "AIDACKCEVSQ6C2EXAMPLE",
"OwnerName": "s3bucketowner",
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true,
},
"ServerSideEncryptionConfiguration": {
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256",
"KMSMasterKeyID": "12345678-abcd-abcd-abcd-123456789012"
}
}
]
}
}
```
## AwsS3Object
`AwsS3Object` 物件提供 Amazon S3 物件的相關資訊。
下列範例顯示 `AwsS3Object` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsS3Object`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsS3ObjectDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsS3ObjectDetails.html)。
**範例**
```
"AwsS3Object": {
"ContentType": "text/html",
"ETag": "\"30a6ec7e1a9ad79c203d05a589c8b400\"",
"LastModified": "2012-04-23T18:25:43.511Z",
"ServerSideEncryption": "aws:kms",
"SSEKMSKeyId": "arn:aws:kms:us-west-2:123456789012:key/4dff8393-e225-4793-a9a0-608ec069e5a7",
"VersionId": "ws31OurgOOjH_HHllIxPE35P.MELYaYh"
}
```
# AwsSageMaker ASFF 中的 資源
以下是 `AwsSageMaker` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSageMakerNotebookInstance
`AwsSageMakerNotebookInstance` 物件提供有關 Amazon SageMaker AI 筆記本執行個體的資訊,這是執行 Jupyter 筆記本應用程式的機器學習運算執行個體。
下列範例顯示 `AwsSageMakerNotebookInstance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSageMakerNotebookInstance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsSageMakerNotebookInstanceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSageMakerNotebookInstanceDetails.html)。
**範例**
```
"AwsSageMakerNotebookInstance": {
"DirectInternetAccess": "Disabled",
"InstanceMetadataServiceConfiguration": {
"MinimumInstanceMetadataServiceVersion": "1",
},
"InstanceType": "ml.t2.medium",
"LastModifiedTime": "2022-09-09 22:48:32.012000+00:00",
"NetworkInterfaceId": "eni-06c09ac2541a1bed3",
"NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:001098605940:notebook-instance/sagemakernotebookinstancerootaccessdisabledcomplia-8myjcyofzixm",
"NotebookInstanceName": "SagemakerNotebookInstanceRootAccessDisabledComplia-8MYjcyofZiXm",
"NotebookInstanceStatus": "InService",
"PlatformIdentifier": "notebook-al1-v1",
"RoleArn": "arn:aws:iam::001098605940:role/sechub-SageMaker-1-scenar-SageMakerCustomExecution-1R0X32HGC38IW",
"RootAccess": "Disabled",
"SecurityGroups": [
"sg-06b347359ab068745"
],
"SubnetId": "subnet-02c0deea5fa64578e",
"Url": "sagemakernotebookinstancerootaccessdisabledcomplia-8myjcyofzixm.notebook.us-east-1.sagemaker.aws",
"VolumeSizeInGB": 5
}
```
# AwsSecretsManager ASFF 中的 資源
以下是 `AwsSecretsManager` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSecretsManagerSecret
`AwsSecretsManagerSecret` 物件提供 Secrets Manager 秘密的詳細資訊。
下列範例顯示 `AwsSecretsManagerSecret` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSecretsManagerSecret`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsSecretsManagerSecretDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSecretsManagerSecretDetails.html)。
**範例**
```
"AwsSecretsManagerSecret": {
"RotationRules": {
"AutomaticallyAfterDays": 30
},
"RotationOccurredWithinFrequency": true,
"KmsKeyId": "kmsKeyId",
"RotationEnabled": true,
"RotationLambdaArn": "arn:aws:lambda:us-west-2:777788889999:function:MyTestRotationLambda",
"Deleted": false,
"Name": "MyTestDatabaseSecret",
"Description": "My test database secret"
}
```
# AwsSns ASFF 中的 資源
以下是 `AwsSns` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSnsTopic
`AwsSnsTopic` 物件包含 Amazon Simple Notification Service 主題的詳細資訊。
下列範例顯示 `AwsSnsTopic` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSnsTopic`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsSnsTopicDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSnsTopicDetails.html)。
**範例**
```
"AwsSnsTopic": {
"ApplicationSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/ApplicationSuccessFeedbackRoleArn",
"FirehoseFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/FirehoseFailureFeedbackRoleArn",
"FirehoseSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/FirehoseSuccessFeedbackRoleArn",
"HttpFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/HttpFailureFeedbackRoleArn",
"HttpSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/HttpSuccessFeedbackRoleArn",
"KmsMasterKeyId": "alias/ExampleAlias",
"Owner": "123456789012",
"SqsFailureFeedbackRoleArn": "arn:aws:iam::123456789012:role/SqsFailureFeedbackRoleArn",
"SqsSuccessFeedbackRoleArn": "arn:aws:iam::123456789012:role/SqsSuccessFeedbackRoleArn",
"Subscription": {
"Endpoint": "http://sampleendpoint.com",
"Protocol": "http"
},
"TopicName": "SampleTopic"
}
```
# AwsSqs ASFF 中的 資源
以下是 `AwsSqs` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSqsQueue
`AwsSqsQueue` 物件包含 Amazon Simple Queue Service 佇列的相關資訊。
下列範例顯示 `AwsSqsQueue` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSqsQueue`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsSqsQueueDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSqsQueueDetails.html)。
**範例**
```
"AwsSqsQueue": {
"DeadLetterTargetArn": "arn:aws:sqs:us-west-2:123456789012:queue/target",
"KmsDataKeyReusePeriodSeconds": 60,,
"KmsMasterKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
"QueueName": "sample-queue"
}
```
# AwsSsm ASFF 中的 資源
以下是 `AwsSsm` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsSsmPatchCompliance
`AwsSsmPatchCompliance` 物件會根據用來修補執行個體的修補程式基準,提供執行個體上修補程式狀態的相關資訊。
下列範例顯示 `AwsSsmPatchCompliance` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsSsmPatchCompliance`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsSsmPatchComplianceDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsSsmPatchComplianceDetails.html)。
**範例**
```
"AwsSsmPatchCompliance": {
"Patch": {
"ComplianceSummary": {
"ComplianceType": "Patch",
"CompliantCriticalCount": 0,
"CompliantHighCount": 0,
"CompliantInformationalCount": 0,
"CompliantLowCount": 0,
"CompliantMediumCount": 0,
"CompliantUnspecifiedCount": 461,
"ExecutionType": "Command",
"NonCompliantCriticalCount": 0,
"NonCompliantHighCount": 0,
"NonCompliantInformationalCount": 0,
"NonCompliantLowCount": 0,
"NonCompliantMediumCount": 0,
"NonCompliantUnspecifiedCount": 0,
"OverallSeverity": "UNSPECIFIED",
"PatchBaselineId": "pb-0c5b2769ef7cbe587",
"PatchGroup": "ExamplePatchGroup",
"Status": "COMPLIANT"
}
}
}
```
# AwsStepFunctions ASFF 中的 資源
以下是 `AwsStepFunctions` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsStepFunctionStateMachine
`AwsStepFunctionStateMachine` 物件提供有關 AWS Step Functions 狀態機器的資訊,這是由一系列事件驅動步驟組成的工作流程。
下列範例顯示 `AwsStepFunctionStateMachine` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsStepFunctionStateMachine`屬性的說明,請參閱 *AWS Security Hub API 參考*中的 [AwsStepFunctionStateMachine](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsStepFunctionStateMachineDetails.html)。
**範例**
```
"AwsStepFunctionStateMachine": {
"StateMachineArn": "arn:aws:states:us-east-1:123456789012:stateMachine:StepFunctionsLogDisableNonCompliantResource-fQLujTeXvwsb",
"Name": "StepFunctionsLogDisableNonCompliantResource-fQLujTeXvwsb",
"Status": "ACTIVE",
"RoleArn": "arn:aws:iam::123456789012:role/teststepfunc-StatesExecutionRole-1PNM71RVO1UKT",
"Type": "STANDARD",
"LoggingConfiguration": {
"Level": "OFF",
"IncludeExecutionData": false
},
"TracingConfiguration": {
"Enabled": false
}
}
```
# AwsWaf ASFF 中的 資源
以下是 `AwsWaf` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsWafRateBasedRule
`AwsWafRateBasedRule` 物件包含全域 AWS WAF 資源的速率型規則詳細資訊。以 AWS WAF 速率為基礎的規則提供設定,指出何時允許、封鎖或計數請求。以速率為基礎的規則包括在指定期間內到達的請求數量。
下列範例顯示 `AwsWafRateBasedRule` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRateBasedRule`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRateBasedRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRateBasedRuleDetails.html)。
**範例**
```
"AwsWafRateBasedRule":{
"MatchPredicates" : [{
"DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0",
"Negated" : "True",
"Type" : "IPMatch" ,
}],
"MetricName" : "MetricName",
"Name" : "Test",
"RateKey" : "IP",
"RateLimit" : 235000,
"RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f"
}
```
## AwsWafRegionalRateBasedRule
`AwsWafRegionalRateBasedRule` 物件包含區域資源的速率型規則詳細資訊。以速率為基礎的規則提供設定,指出何時允許、封鎖或計數請求。以速率為基礎的規則包括在指定期間內到達的請求數量。
下列範例顯示 `AwsWafRegionalRateBasedRule` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRegionalRateBasedRule`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalRateBasedRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRateBasedRuleDetails.html)。
**範例**
```
"AwsWafRegionalRateBasedRule":{
"MatchPredicates" : [{
"DataId" : "391b7a7e-5f00-40d2-b114-3f27ceacbbb0",
"Negated" : "True",
"Type" : "IPMatch" ,
}],
"MetricName" : "MetricName",
"Name" : "Test",
"RateKey" : "IP",
"RateLimit" : 235000,
"RuleId" : "5dfb4085-f103-4ec6-b39a-d4a0dae5f47f"
}
```
## AwsWafRegionalRule
`AwsWafRegionalRule` 物件提供有關 AWS WAF 區域性規則 的詳細資訊。此規則會識別您要允許、封鎖或計數的 Web 請求。
下列範例顯示 `AwsWafRegionalRule` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRegionalRule`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRuleDetails.html)。
**範例**
```
"AwsWafRegionalRule": {
"MetricName": "SampleWAF_Rule__Metric_1",
"Name": "bb-waf-regional-rule-not-empty-conditions-compliant",
"RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de95fe",
"PredicateList": [{
"DataId": "127d9346-e607-4e93-9286-c1296fb5445a",
"Negated": false,
"Type": "GeoMatch"
}]
}
```
## AwsWafRegionalRuleGroup
`AwsWafRegionalRuleGroup` 物件提供區域性規則群組的詳細資訊 AWS WAF 。規則群組是您新增至 Web 存取控制清單 (Web ACL) 的預先定義規則集合。
下列範例顯示 `AwsWafRegionalRuleGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafRegionalRuleGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalRuleGroupDetails.html)。
**範例**
```
"AwsWafRegionalRuleGroup": {
"MetricName": "SampleWAF_Metric_1",
"Name": "bb-WAFClassicRuleGroupWithRuleCompliant",
"RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb",
"Rules": [{
"Action": {
"Type": "ALLOW"
}
}],
"Priority": 1,
"RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c",
"Type": "REGULAR"
}
```
## AwsWafRegionalWebAcl
`AwsWafRegionalWebAcl` 提供有關 AWS WAF 區域 Web 存取控制清單 (Web ACL) 的詳細資訊。Web ACL 包含規則,可識別您要允許、封鎖或計數的請求。
以下是安全`AwsWafRegionalWebAcl`調查結果格式 (ASFF) 中 AWS 的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRegionalWebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRegionalWebAclDetails.html)。
**範例**
```
"AwsWafRegionalWebAcl": {
"DefaultAction": "ALLOW",
"MetricName" : "web-regional-webacl-metric-1",
"Name": "WebACL_123",
"RulesList": [
{
"Action": {
"Type": "Block"
},
"Priority": 3,
"RuleId": "24445857-852b-4d47-bd9c-61f05e4d223c",
"Type": "REGULAR",
"ExcludedRules": [
{
"ExclusionType": "Exclusion",
"RuleId": "Rule_id_1"
}
],
"OverrideAction": {
"Type": "OVERRIDE"
}
}
],
"WebAclId": "443c76f4-2e72-4c89-a2ee-389d501c1f67"
}
```
## AwsWafRule
`AwsWafRule` 提供 AWS WAF 規則的相關資訊。 AWS WAF 規則會識別您要允許、封鎖或計數的 Web 請求。
以下是 AWS 安全`AwsWafRule`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRuleDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRuleDetails.html)。
**範例**
```
"AwsWafRule": {
"MetricName": "AwsWafRule_Metric_1",
"Name": "AwsWafRule_Name_1",
"PredicateList": [{
"DataId": "cdd225da-32cf-4773-1dc2-3bca3ed9c19c",
"Negated": false,
"Type": "GeoMatch"
}],
"RuleId": "8f651760-24fa-40a6-a9ed-4b60f1de953e"
}
```
## AwsWafRuleGroup
`AwsWafRuleGroup` 提供 AWS WAF 規則群組的相關資訊。規則群組是您新增至 Web AWS WAF 存取控制清單 (Web ACL) 的預先定義規則集合。
以下是 AWS 安全`AwsWafRuleGroup`調查結果格式 (ASFF) 中的範例調查結果。若要檢視`AwsApiGatewayV2Stage`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafRuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafRuleGroupDetails.html)。
**範例**
```
"AwsWafRuleGroup": {
"MetricName": "SampleWAF_Metric_1",
"Name": "bb-WAFRuleGroupWithRuleCompliant",
"RuleGroupId": "2012ca6d-e66d-4d9b-b766-bfb03ad77cfb",
"Rules": [{
"Action": {
"Type": "ALLOW",
},
"Priority": 1,
"RuleId": "cdd225da-32cf-4773-8dc5-3bca3ed9c19c",
"Type": "REGULAR"
}]
}
```
## AwsWafv2RuleGroup
`AwsWafv2RuleGroup` 物件提供有關 an AWS WAF V2 規則群組的詳細資訊。
下列範例顯示 `AwsWafv2RuleGroup` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafv2RuleGroup`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafv2RuleGroupDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafv2RuleGroupDetails.html)。
**範例**
```
"AwsWafv2RuleGroup": {
"Arn": "arn:aws:wafv2:us-east-1:123456789012:global/rulegroup/wafv2rulegroupasff/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Capacity": 1000,
"Description": "Resource for ASFF",
"Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Name": "wafv2rulegroupasff",
"Rules": [{
"Action": {
"Allow": {
"CustomRequestHandling": {
"InsertHeaders": [
{
"Name": "AllowActionHeader1Name",
"Value": "AllowActionHeader1Value"
},
{
"Name": "AllowActionHeader2Name",
"Value": "AllowActionHeader2Value"
}
]
}
},
"Name": "RuleOne",
"Priority": 1,
"VisibilityConfig": {
"CloudWatchMetricsEnabled": true,
"MetricName": "rulegroupasff",
"SampledRequestsEnabled": false
}
}],
"VisibilityConfig": {
"CloudWatchMetricsEnabled": true,
"MetricName": "rulegroupasff",
"SampledRequestsEnabled": false
}
}
```
## AwsWafWebAcl
`AwsWafWebAcl` 物件提供 AWS WAF Web ACL 的詳細資訊。
下列範例顯示 `AwsWafWebAcl` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafWebAcl`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafWebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafWebAclDetails.html)。
**範例**
```
"AwsWafWebAcl": {
"DefaultAction": "ALLOW",
"Name": "MyWafAcl",
"Rules": [
{
"Action": {
"Type": "ALLOW"
},
"ExcludedRules": [
{
"RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98"
}
],
"OverrideAction": {
"Type": "NONE"
},
"Priority": 1,
"RuleId": "5432a230-0113-5b83-bbb2-89375c5bfa98",
"Type": "REGULAR"
}
],
"WebAclId": "waf-1234567890"
}
```
## AwsWafv2WebAcl
`AwsWafv2WebAcl` 物件提供有關 an AWS WAF V2 Web ACL 的詳細資訊。
下列範例顯示 `AwsWafv2WebAcl` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsWafv2WebAcl`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsWafv2WebAclDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsWafv2WebAclDetails.html)。
**範例**
```
"AwsWafv2WebAcl": {
"Arn": "arn:aws:wafv2:us-east-1:123456789012:regional/webacl/WebACL-RoaD4QexqSxG/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"Capacity": 1326,
"CaptchaConfig": {
"ImmunityTimeProperty": {
"ImmunityTime": 500
}
},
"DefaultAction": {
"Block": {}
},
"Description": "Web ACL for JsonBody testing",
"ManagedbyFirewallManager": false,
"Name": "WebACL-RoaD4QexqSxG",
"Rules": [{
"Action": {
"RuleAction": {
"Block": {}
}
},
"Name": "TestJsonBodyRule",
"Priority": 1,
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "JsonBodyMatchMetric"
}
}],
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "TestingJsonBodyMetric"
}
}
```
# AwsXray ASFF 中的 資源
以下是 `AwsXray` 資源 AWS 的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM 將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
## AwsXrayEncryptionConfig
`AwsXrayEncryptionConfig` 物件包含 加密組態的相關資訊 AWS X-Ray。
下列範例顯示 `AwsXrayEncryptionConfig` 物件 AWS 的安全調查結果格式 (ASFF)。若要檢視`AwsXrayEncryptionConfig`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [AwsXrayEncryptionConfigDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_AwsXrayEncryptionConfigDetails.html)。
**範例**
```
"AwsXRayEncryptionConfig":{
"KeyId": "arn:aws:kms:us-east-2:222222222222:key/example-key",
"Status": "UPDATING",
"Type":"KMS"
}
```
# CodeRepository ASFF 中的 物件
`CodeRepository` 物件提供連線至 AWS 資源的外部程式碼儲存庫相關資訊,並設定 Amazon Inspector 掃描漏洞。
下列範例顯示 `CodeRepository` 物件 AWS 的安全調查結果格式 (ASFF) 語法。若要檢視`CodeRepository`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [CodeRepositoryDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_CodeRepositoryDetails.html)。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
**範例**
```
"CodeRepository": {
"ProviderType": "GITLAB_SELF_MANAGED",
"ProjectName": "projectName",
"CodeSecurityIntegrationArn": "arn:aws:inspector2:us-east-1:123456789012:codesecurity-integration/00000000-0000-0000-0000-000000000000"
}
```
# Container ASFF 中的 物件
下列範例顯示 `Container` 物件 AWS 的安全調查結果格式 (ASFF) 語法。若要檢視`Container`屬性的描述,請參閱 *AWS Security Hub API 參考*中的 [ContainerDetails](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_ContainerDetails.html)。如需 ASFF 的背景資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
**範例**
```
"Container": {
"ContainerRuntime": "docker",
"ImageId": "image12",
"ImageName": "1111111/knotejs@sha256:372131c9fef111111111111115f4ed3ea5f9dce4dc3bd34ce21846588a3",
"LaunchedAt": "2018-09-29T01:25:54Z",
"Name": "knote",
"Privileged": true,
"VolumeMounts": [{
"Name": "vol-03909e9",
"MountPath": "/mnt/etc"
}]
}
```
# Other ASFF 中的 物件
在 AWS 安全調查結果格式 (ASFF) 中, `Other` 物件會指定自訂欄位和值。如需 ASFF 的詳細資訊,請參閱 [AWS 安全調查結果格式 (ASFF)](securityhub-findings-format.md)。
透過使用 `Other` 物件,您可以指定資源的自訂欄位和值。您可以針對下列案例使用 `Other` 物件:
+ 資源類型沒有對應的`Details`物件。若要指定資源的詳細資訊,請使用 `Other` 物件。
+ 資源類型的 `Details` 物件不包含您要指定的所有屬性。在此情況下,請使用 資源類型的 `Details` 物件來指定可用的屬性。使用 `Other` 物件來指定不在類型特定`Details`物件中的屬性。
+ 資源類型不是提供的類型之一。在此情況下,將 `Resource.Type` 設定為 `Other`並使用 `Other` 物件來指定詳細資訊。
**類型:**最多 50 個鍵值對的映射
每個鍵/值對必須符合下列需求。
+ 金鑰必須包含少於 128 個字元。
+ 此值必須包含少於 1,024 個字元。