本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
使用亚马逊 EventBridge
Amazon EventBridge 是一项无服务器事件总线服务,可以轻松地将您的应用程序与来自各种来源的数据连接起来。 EventBridge 提供来自您自己的应用程序、S oftware-as-a-Service (SaaS) 应用程序和 Amazon 服务的实时数据流,并将这些数据路由到 Lambda 等目标。这使您能够监控服务中发生的事件,并构建事件驱动的架构。有关更多信息,请参阅 Amazon EventBridge 用户指南。
作为受 S3 恶意软件防护保护的 S3 存储桶的所有者账户,在以下情况下向默认事件总线 GuardDuty发布 EventBridge 通知:
-
您的任何受@@ 保护存储桶的恶意软件防护计划资源状态会发生变化。有关各种状态的信息,请参见恶意软件防护计划资源状态。
-
标签事件失败的原因如下:
-
您 PassRole 的 IAM 缺少标记对象的权限。
该添加 IAM 策略权限模板包括为对象 GuardDuty 添加标签的权限。
-
IAM 中指定的存储桶资源或对象已 PassRole 不存在。
-
关联的 S3 对象已达到最大标签限制。有关标签限制的更多信息,请参阅 Amazon S3 用户指南中的使用标签对存储进行分类。
-
-
S 3 对象扫描结果将发布到您的默认 EventBridge 事件总线。
设置 EventBridge 规则
您可以在账户中设置 EventBridge 规则,将资源状态、扫描后标签失败事件或 S3 对象扫描结果发送给其他 Amazon Web Service人。作为委托 GuardDuty 管理员帐户,当恶意软件防护计划资源状态发生变化时,您将收到恶意软件防护计划资源状态通知。
将适用标准 EventBridge 定价。有关更多信息,请参阅 S3 恶意软件防护的定价。
在该示例中,所有以红色
显示的值均为占位符。这些值将根据您的 S3 对象的扫描结果而变化。
您可以根据以下场景创建 EventBridge 事件模式:
潜在detail-type
值
-
"GuardDuty Malware Protection Resource Status Active"
-
"GuardDuty Malware Protection Resource Status Warning"
-
"GuardDuty Malware Protection Resource Status Error"
事件模式
{ "detail-type": ["potential detail-type"], "source": ["aws.guardduty"] }
的示例通知架构 GuardDuty Malware Protection Resource Status Active
{ "version": "0", "id": "
6a7e8feb-b491-4cf7-a9f1-bf3703467718
", "detail-type": "GuardDuty Malware Protection Resource Status Active", "source": "aws.guardduty", "account": "111122223333
", "time": "2017-12-22T18:43:48Z
", "region": "us-east-1
", "resources": ["arn:aws:guardduty:
"], "detail": { "schemaVersion": "1.0", "eventTime": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE2024-02-28T01:01:01Z
", "s3BucketDetails": { "bucketName": "DOC-EXAMPLE-BUCKET
" }, "resourceStatus": "ACTIVE" } }
GuardDuty Malware Protection Resource Status Error
或的示例通知架构 GuardDuty Malware Protection Resource Status Warning
{ "version": "0", "id": "
fc7a35b7-83bd-3c1f-ecfa-1b8de9e7f7d2
", "detail-type": "GuardDuty Malware Protection Resource StatusError or Warning
", "source": "aws.guardduty", "account": "111122223333
", "time": "2017-12-22T18:43:48Z
", "region": "us-east-1
", "resources": ["arn:aws:guardduty:
"], "detail": { "schemaVersion": "1.0", "eventTime": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE2024-02-28T01:01:01Z
", "s3BucketDetails": { "bucketName": "DOC-EXAMPLE-BUCKET
" }, "resourceStatus": "ERROR
", "statusReasons": [{ "code": "EVENTBRIDGE_MANAGED_EVENTS_DELIVERY_DISABLED
" }, { "code": "PROTECTED_RESOURCE_DELETED
" }] } }
该resourceStatus
值可以是 Warning
或Error
。
当受保护存储桶的 “状态” 列更改为 “警告” 或 “错误” 时,将根据根本原因填充该statusReasons
值。有关故障排除步骤的信息,请参阅恶意软件防护计划故障排除状态详细信息。
事件模式:
{ "detail-type": "GuardDuty Malware Protection Post Scan Action Failed", "source": "aws.guardduty" }
通知架构示例:
{ "version": "0", "id": "
746acd83-d75c-5b84-91d2-dad5f13ba0d7
", "detail-type": "GuardDuty Malware Protection Post Scan Action Failed", "source": "aws.guardduty", "account": "111122223333
", "time": "2024-06-10T16:16:08Z
", "region": "us-east-1
", "resources": ["arn:aws:guardduty:
"], "detail": { "schemaVersion": "1.0", "eventTime": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE2024-06-10T16:16:08Z
", "s3ObjectDetails": { "bucketName": "DOC-EXAMPLE-BUCKET
", "objectKey": "2024-03-10-16-16-00-7D723DE8DBE9Y2E0
", "eTag": "0e9eeec810ad8b61d69112c15c2a5hb6
" }, "postScanActions": [{ "actionType": "TAGGING", "status": "FAILED", "failureReason": "ACCESS_DENIED
" }] } }
潜在failureReason
值包括ACCESS_DENIED
和MAX_TAG_LIMIT_EXCEEDED
。
{ "detail-type": ["GuardDuty Malware Protection Object Scan Result"], "source": ["aws.guardduty"] }
的示例通知架构 NO_THREATS_FOUND
{ "version": "0", "id": "
72c7d362-737a-6dce-fc78-9e27a0171419
", "detail-type": "GuardDuty Malware Protection Object Scan Result", "source": "aws.guardduty", "account": "111122223333
", "time": "2024-02-28T01:01:01Z
", "region": "us-east-1
", "resources": [arn:aws:guardduty:
], "detail": { "versionId": "1.0", "scanStatus": "COMPLETED", "resourceType": "S3_OBJECT", "s3ObjectDetails": { "bucketName": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLEDOC-EXAMPLE-BUCKET
", "objectKey": "APKAEIBAERJR2EXAMPLE
", "eTag": "ASIAI44QH8DHBEXAMPLE
" }, "scanResultDetails": { "scanResultStatus": "NO_THREATS_FOUND
", "threats": null } } }
的示例通知架构 THREATS_FOUND
{ "version": "0", "id": "
72c7d362-737a-6dce-fc78-9e27a0171419
", "detail-type": "GuardDuty Malware Protection Object Scan Result", "source": "aws.guardduty", "account": "111122223333
", "time": "2024-02-28T01:01:01Z
", "region": "us-east-1
", "resources": [arn:aws:guardduty:
], "detail": { "versionId": "1.0", "scanStatus": "COMPLETED", "resourceType": "S3_OBJECT", "s3ObjectDetails": { "bucketName": "us-east-1
:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLEDOC-EXAMPLE-BUCKET
", "objectKey": "APKAEIBAERJR2EXAMPLE
", "eTag": "ASIAI44QH8DHBEXAMPLE
" }, "scanResultDetails": { "scanResultStatus": "THREATS_FOUND
", "threats": [ { "name": "EICAR-Test-File (not a virus)
" } ] } } }