本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
ASFF 中的 AwsEc2 资源
以下是AwsEc2资源 Amazon 的安全调查结果格式 (ASFF) 语法的示例。
Amazon Security Hub 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 Amazon 安全调查结果格式 (ASFF)。
AwsEc2ClientVpnEndpoint
该AwsEc2ClientVpnEndpoint对象提供有关 Amazon Client VPN 端点的信息。客户端 VPN 端点是您创建并配置以用于启用和管理客户端 VPN 会话的资源。这是所有 Client VPN 会话的终止点。
以下示例显示了AwsEc2ClientVpnEndpoint对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2ClientVpnEndpoint属性的描述,请参阅《Amazon Security Hub API 参考》ClientVpnEndpointDetails中的 AwsEc2。
示例
"AwsEc2ClientVpnEndpoint": { "AuthenticationOptions": [ { "MutualAuthentication": { "ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Type": "certificate-authentication" } ], "ClientCidrBlock": "10.0.0.0/22", "ClientConnectOptions": { "Enabled": false }, "ClientLoginBannerOptions": { "Enabled": false }, "ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5", "ConnectionLogOptions": { "Enabled": false }, "Description": "test", "DnsServer": ["10.0.0.0"], "ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SecurityGroupIdSet": [ "sg-0f7a177b82b443691" ], "SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5", "SessionTimeoutHours": 24, "SplitTunnel": false, "TransportProtocol": "udp", "VpcId": "vpc-1a2b3c4d5e6f1a2b3", "VpnPort": 443 }
AwsEc2Eip
AwsEc2Eip 对象提供有关弹性 IP 地址的信息。
以下示例显示了AwsEc2Eip对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2Eip属性的描述,请参阅《Amazon Security Hub API 参考》EipDetails中的 AwsEc2。
示例
"AwsEc2Eip": { "InstanceId": "instance1", "PublicIp": "192.0.2.04", "AllocationId": "eipalloc-example-id-1", "AssociationId": "eipassoc-example-id-1", "Domain": "vpc", "PublicIpv4Pool": "anycompany", "NetworkBorderGroup": "eu-central-1", "NetworkInterfaceId": "eni-example-id-1", "NetworkInterfaceOwnerId": "777788889999", "PrivateIpAddress": "192.0.2.03" }
AwsEc2Instance
该AwsEc2Instance对象提供有关 Amazon EC2 实例的详细信息。
以下示例显示了AwsEc2Instance对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2Instance属性的描述,请参阅《Amazon Security Hub API 参考》InstanceDetails中的 AwsEc2。
示例
"AwsEc2Instance": { "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole", "ImageId": "ami-1234", "IpV4Addresses": [ "1.1.1.1" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "LaunchedAt": "2018-05-08T16:46:19.000Z", "MetadataOptions": { "HttpEndpoint": "enabled", "HttpProtocolIpv6": "enabled", "HttpPutResponseHopLimit": 1, "HttpTokens": "optional", "InstanceMetadataTags": "disabled", }, "Monitoring": { "State": "disabled" }, "NetworkInterfaces": [ { "NetworkInterfaceId": "eni-e5aa89a3" } ], "SubnetId": "subnet-123", "Type": "i3.xlarge", "VpcId": "vpc-123" }
AwsEc2LaunchTemplate
AwsEc2LaunchTemplate 对象包含有关指定实例配置信息的 Amazon Elastic Compute Cloud 启动模板的详细信息。
以下示例显示了AwsEc2LaunchTemplate对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2LaunchTemplate属性的描述,请参阅《Amazon Security Hub API 参考》LaunchTemplateDetails中的 AwsEc2。
示例
"AwsEc2LaunchTemplate": { "DefaultVersionNumber": "1", "ElasticGpuSpecifications": ["string"], "ElasticInferenceAccelerators": ["string"], "Id": "lt-0a16e9802800bdd85", "ImageId": "ami-0d5eff06f840b45e9", "LatestVersionNumber": "1", "LaunchTemplateData": { "BlockDeviceMappings": [{ "DeviceName": "/dev/xvda", "Ebs": { "DeleteonTermination": true, "Encrypted": true, "SnapshotId": "snap-01047646ec075f543", "VolumeSize": 8, "VolumeType:" "gp2" } }], "MetadataOptions": { "HttpTokens": "enabled", "HttpPutResponseHopLimit" : 1 }, "Monitoring": { "Enabled": true, "NetworkInterfaces": [{ "AssociatePublicIpAddress" : true, }], "LaunchTemplateName": "string", "LicenseSpecifications": ["string"], "SecurityGroupIds": ["sg-01fce87ad6e019725"], "SecurityGroups": ["string"], "TagSpecifications": ["string"] }
AwsEc2NetworkAcl
该AwsEc2NetworkAcl对象包含有关 Amazon EC2 网络访问控制列表 (ACL) 的详细信息。
以下示例显示了AwsEc2NetworkAcl对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2NetworkAcl属性的描述,请参阅《Amazon Security Hub API 参考》NetworkAclDetails中的 AwsEc2。
示例
"AwsEc2NetworkAcl": { "IsDefault": false, "NetworkAclId": "acl-1234567890abcdef0", "OwnerId": "123456789012", "VpcId": "vpc-1234abcd", "Associations": [{ "NetworkAclAssociationId": "aclassoc-abcd1234", "NetworkAclId": "acl-021345abcdef6789", "SubnetId": "subnet-abcd1234" }], "Entries": [{ "CidrBlock": "10.24.34.0/23", "Egress": true, "IcmpTypeCode": { "Code": 10, "Type": 30 }, "Ipv6CidrBlock": "2001:DB8::/32", "PortRange": { "From": 20, "To": 40 }, "Protocol": "tcp", "RuleAction": "allow", "RuleNumber": 100 }] }
AwsEc2NetworkInterface
该AwsEc2NetworkInterface对象提供有关 Amazon EC2 网络接口的信息。
以下示例显示了AwsEc2NetworkInterface对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2NetworkInterface属性的描述,请参阅《Amazon Security Hub API 参考》NetworkInterfaceDetails中的 AwsEc2。
示例
"AwsEc2NetworkInterface": { "Attachment": { "AttachTime": "2019-01-01T03:03:21Z", "AttachmentId": "eni-attach-43348162", "DeleteOnTermination": true, "DeviceIndex": 123, "InstanceId": "i-1234567890abcdef0", "InstanceOwnerId": "123456789012", "Status": 'ATTACHED' }, "SecurityGroups": [ { "GroupName": "my-security-group", "GroupId": "sg-903004f8" }, ], "NetworkInterfaceId": 'eni-686ea200', "SourceDestCheck": false }
AwsEc2RouteTable
该AwsEc2RouteTable对象提供有关 Amazon EC2 路由表的信息。
以下示例显示了AwsEc2RouteTable对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2RouteTable属性的描述,请参阅《Amazon Security Hub API 参考》RouteTableDetails中的 AwsEc2。
示例
"AwsEc2RouteTable": { "AssociationSet": [{ "AssociationSet": { "State": "associated" }, "Main": true, "RouteTableAssociationId": "rtbassoc-08e706c45de9f7512", "RouteTableId": "rtb-0a59bde9cf2548e34", }], "PropogatingVgwSet": [], "RouteTableId": "rtb-0a59bde9cf2548e34", "RouteSet": [ { "DestinationCidrBlock": "10.24.34.0/23", "GatewayId": "local", "Origin": "CreateRouteTable", "State": "active" }, { "DestinationCidrBlock": "10.24.34.0/24", "GatewayId": "igw-0242c2d7d513fc5d3", "Origin": "CreateRoute", "State": "active" } ], "VpcId": "vpc-0c250a5c33f51d456" }
AwsEc2SecurityGroup
该AwsEc2SecurityGroup对象描述了 Amazon EC2 安全组。
以下示例显示了AwsEc2SecurityGroup对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2SecurityGroup属性的描述,请参阅《Amazon Security Hub API 参考》SecurityGroupDetails中的 AwsEc2。
示例
"AwsEc2SecurityGroup": { "GroupName": "MySecurityGroup", "GroupId": "sg-903004f8", "OwnerId": "123456789012", "VpcId": "vpc-1a2b3c4d", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "UserIdGroupPairs": [ { "UserId": "123456789012", "GroupId": "sg-903004f8" } ], "PrefixListIds": [ {"PrefixListId": "pl-63a5400a"} ] }, { "PrefixListIds": [], "FromPort": 22, "IpRanges": [ { "CidrIp": "203.0.113.0/24" } ], "ToPort": 22, "IpProtocol": "tcp", "UserIdGroupPairs": [] } ] }
AwsEc2Subnet
该AwsEc2Subnet对象提供有关 Amazon 中子网的信息 EC2。
以下示例显示了AwsEc2Subnet对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2Subnet属性的描述,请参阅《Amazon Security Hub API 参考》SubnetDetails中的 AwsEc2。
示例
AwsEc2Subnet: { "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "us-west-2c", "AvailabilityZoneId": "usw2-az3", "AvailableIpAddressCount": 8185, "CidrBlock": "10.0.0.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "OwnerId": "123456789012", "State": "available", "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93", "SubnetId": "subnet-d5436c93", "VpcId": "vpc-153ade70", "Ipv6CidrBlockAssociationSet": [{ "AssociationId": "subnet-cidr-assoc-EXAMPLE", "Ipv6CidrBlock": "2001:DB8::/32", "CidrBlockState": "associated" }] }
AwsEc2TransitGateway
该AwsEc2TransitGateway对象提供有关将您的虚拟私有云 (VPCs) 和本地网络互连的 Amazon EC2 传输网关的详细信息。
以下是 Amazon 安全AwsEc2TransitGateway调查结果格式 (ASFF) 中的示例发现。要查看AwsEc2TransitGateway属性的描述,请参阅《Amazon Security Hub API 参考》TransitGatewayDetails中的 AwsEc2。
示例
"AwsEc2TransitGateway": { "AmazonSideAsn": 65000, "AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "AutoAcceptSharedAttachments": "disable", "DefaultRouteTableAssociation": "enable", "DefaultRouteTablePropagation": "enable", "Description": "sample transit gateway", "DnsSupport": "enable", "Id": "tgw-042ae6bf7a5c126c3", "MulticastSupport": "disable", "PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "TransitGatewayCidrBlocks": ["10.0.0.0/16"], "VpnEcmpSupport": "enable" }
AwsEc2Volume
该AwsEc2Volume对象提供有关 Amazon EC2 卷的详细信息。
以下示例显示了AwsEc2Volume对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2Volume属性的描述,请参阅《Amazon Security Hub API 参考》VolumeDetails中的 AwsEc2。
示例
"AwsEc2Volume": { "Attachments": [ { "AttachTime": "2017-10-17T14:47:11Z", "DeleteOnTermination": true, "InstanceId": "i-123abc456def789g", "Status": "attached" } ], "CreateTime": "2020-02-24T15:54:30Z", "Encrypted": true, "KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Size": 80, "SnapshotId": "", "Status": "available" }
AwsEc2Vpc
该AwsEc2Vpc对象提供有关亚马逊 EC2 VPC 的详细信息。
以下示例显示了AwsEc2Vpc对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2Vpc属性的描述,请参阅《Amazon Security Hub API 参考》VpcDetails中的 AwsEc2。
示例
"AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlock": "192.0.2.0/24", "CidrBlockState": "associated" } ], "DhcpOptionsId": "dopt-4e42ce28", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlockState": "associated", "Ipv6CidrBlock": "192.0.2.0/24" } ], "State": "available" }
AwsEc2VpcEndpointService
AwsEc2VpcEndpointService 对象包含有关 VPC 端点服务的服务配置的详细信息。
以下示例显示了AwsEc2VpcEndpointService对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2VpcEndpointService属性的描述,请参阅《Amazon Security Hub API 参考》VpcEndpointServiceDetails中的 AwsEc2。
示例
"AwsEc2VpcEndpointService": { "ServiceType": [ { "ServiceType": "Interface" } ], "ServiceId": "vpce-svc-example1", "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1", "ServiceState": "Available", "AvailabilityZones": [ "us-east-1" ], "AcceptanceRequired": true, "ManagesVpcEndpoints": false, "NetworkLoadBalancerArns": [ "arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1" ], "GatewayLoadBalancerArns": [], "BaseEndpointDnsNames": [ "vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com" ], "PrivateDnsName": "my-private-dns" }
AwsEc2VpcPeeringConnection
该AwsEc2VpcPeeringConnection对象提供有关两者之间网络连接的详细信息 VPCs。
以下示例显示了AwsEc2VpcPeeringConnection对象 Amazon 的安全调查结果格式 (ASFF)。要查看AwsEc2VpcPeeringConnection属性的描述,请参阅《Amazon Security Hub API 参考》VpcPeeringConnectionDetails中的 AwsEc2。
示例
"AwsEc2VpcPeeringConnection": { "AccepterVpcInfo": { "CidrBlock": "10.0.0.0/28", "CidrBlockSet": [{ "CidrBlock": "10.0.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "ExpirationTime": "2022-02-18T15:31:53.161Z", "RequesterVpcInfo": { "CidrBlock": "192.168.0.0/28", "CidrBlockSet": [{ "CidrBlock": "192.168.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "Status": { "Code": "initiating-request", "Message": "Active" }, "VpcPeeringConnectionId": "pcx-1a2b3c4d" }