ASFF 中的 AwsEc2 资源
以下是 AwsEc2 资源的 Amazon 安全调查发现格式(ASFF)的示例。
Amazon Security Hub CSPM 会将各种来源的调查发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 Amazon安全调查发现格式 (ASFF)。
AwsEc2ClientVpnEndpoint
AwsEc2ClientVpnEndpoint 对象提供有关 Amazon Client VPN 端点的信息。客户端 VPN 端点是您创建并配置以用于启用和管理客户端 VPN 会话的资源。这是所有 Client VPN 会话的终止点。
以下示例显示了 AwsEc2ClientVpnEndpoint 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2ClientVpnEndpoint 属性的描述,请参阅《Amazon Security Hub CSPM API 参考》中的 AwsEc2ClientVpnEndpointDetails。
示例:
"AwsEc2ClientVpnEndpoint": { "AuthenticationOptions": [ { "MutualAuthentication": { "ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Type": "certificate-authentication" } ], "ClientCidrBlock": "10.0.0.0/22", "ClientConnectOptions": { "Enabled": false }, "ClientLoginBannerOptions": { "Enabled": false }, "ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5", "ConnectionLogOptions": { "Enabled": false }, "Description": "test", "DnsServer": ["10.0.0.0"], "ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SecurityGroupIdSet": [ "sg-0f7a177b82b443691" ], "SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5", "SessionTimeoutHours": 24, "SplitTunnel": false, "TransportProtocol": "udp", "VpcId": "vpc-1a2b3c4d5e6f1a2b3", "VpnPort": 443 }
AwsEc2Eip
AwsEc2Eip 对象提供有关弹性 IP 地址的信息。
以下示例显示了 AwsEc2Eip 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2Eip 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2EipDetails。
示例:
"AwsEc2Eip": { "InstanceId": "instance1", "PublicIp": "192.0.2.04", "AllocationId": "eipalloc-example-id-1", "AssociationId": "eipassoc-example-id-1", "Domain": "vpc", "PublicIpv4Pool": "anycompany", "NetworkBorderGroup": "eu-central-1", "NetworkInterfaceId": "eni-example-id-1", "NetworkInterfaceOwnerId": "777788889999", "PrivateIpAddress": "192.0.2.03" }
AwsEc2Instance
AwsEc2Instance 对象提供有关 Amazon EC2 实例的详细信息。
以下示例显示了 AwsEc2Instance 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2Instance 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2InstanceDetails。
示例:
"AwsEc2Instance": { "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole", "ImageId": "ami-1234", "IpV4Addresses": [ "1.1.1.1" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "LaunchedAt": "2018-05-08T16:46:19.000Z", "MetadataOptions": { "HttpEndpoint": "enabled", "HttpProtocolIpv6": "enabled", "HttpPutResponseHopLimit": 1, "HttpTokens": "optional", "InstanceMetadataTags": "disabled", }, "Monitoring": { "State": "disabled" }, "NetworkInterfaces": [ { "NetworkInterfaceId": "eni-e5aa89a3" } ], "SubnetId": "subnet-123", "Type": "i3.xlarge", "VpcId": "vpc-123" }
AwsEc2LaunchTemplate
AwsEc2LaunchTemplate 对象包含有关指定实例配置信息的 Amazon Elastic Compute Cloud 启动模板的详细信息。
以下示例显示了 AwsEc2LaunchTemplate 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2LaunchTemplate 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2LaunchTemplateDetails。
示例:
"AwsEc2LaunchTemplate": { "DefaultVersionNumber": "1", "ElasticGpuSpecifications": ["string"], "ElasticInferenceAccelerators": ["string"], "Id": "lt-0a16e9802800bdd85", "ImageId": "ami-0d5eff06f840b45e9", "LatestVersionNumber": "1", "LaunchTemplateData": { "BlockDeviceMappings": [{ "DeviceName": "/dev/xvda", "Ebs": { "DeleteonTermination": true, "Encrypted": true, "SnapshotId": "snap-01047646ec075f543", "VolumeSize": 8, "VolumeType:" "gp2" } }], "MetadataOptions": { "HttpTokens": "enabled", "HttpPutResponseHopLimit" : 1 }, "Monitoring": { "Enabled": true, "NetworkInterfaces": [{ "AssociatePublicIpAddress" : true, }], "LaunchTemplateName": "string", "LicenseSpecifications": ["string"], "SecurityGroupIds": ["sg-01fce87ad6e019725"], "SecurityGroups": ["string"], "TagSpecifications": ["string"] }
AwsEc2NetworkAcl
AwsEc2NetworkAcl 对象包含有关 Amazon EC2 网络访问控制列表(ACL)的详细信息。
以下示例显示了 AwsEc2NetworkAcl 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2NetworkAcl 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2NetworkAclDetails。
示例:
"AwsEc2NetworkAcl": { "IsDefault": false, "NetworkAclId": "acl-1234567890abcdef0", "OwnerId": "123456789012", "VpcId": "vpc-1234abcd", "Associations": [{ "NetworkAclAssociationId": "aclassoc-abcd1234", "NetworkAclId": "acl-021345abcdef6789", "SubnetId": "subnet-abcd1234" }], "Entries": [{ "CidrBlock": "10.24.34.0/23", "Egress": true, "IcmpTypeCode": { "Code": 10, "Type": 30 }, "Ipv6CidrBlock": "2001:DB8::/32", "PortRange": { "From": 20, "To": 40 }, "Protocol": "tcp", "RuleAction": "allow", "RuleNumber": 100 }] }
AwsEc2NetworkInterface
AwsEc2NetworkInterface 对象提供有关 Amazon EC2 网络接口的信息。
以下示例显示了 AwsEc2NetworkInterface 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2NetworkInterface 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2NetworkInterfaceDetails。
示例:
"AwsEc2NetworkInterface": { "Attachment": { "AttachTime": "2019-01-01T03:03:21Z", "AttachmentId": "eni-attach-43348162", "DeleteOnTermination": true, "DeviceIndex": 123, "InstanceId": "i-1234567890abcdef0", "InstanceOwnerId": "123456789012", "Status": 'ATTACHED' }, "SecurityGroups": [ { "GroupName": "my-security-group", "GroupId": "sg-903004f8" }, ], "NetworkInterfaceId": 'eni-686ea200', "SourceDestCheck": false }
AwsEc2RouteTable
AwsEc2RouteTable 对象提供有关 Amazon EC2 路由表的信息。
以下示例显示了 AwsEc2RouteTable 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2RouteTable 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2RouteTableDetails。
示例:
"AwsEc2RouteTable": { "AssociationSet": [{ "AssociationSet": { "State": "associated" }, "Main": true, "RouteTableAssociationId": "rtbassoc-08e706c45de9f7512", "RouteTableId": "rtb-0a59bde9cf2548e34", }], "PropogatingVgwSet": [], "RouteTableId": "rtb-0a59bde9cf2548e34", "RouteSet": [ { "DestinationCidrBlock": "10.24.34.0/23", "GatewayId": "local", "Origin": "CreateRouteTable", "State": "active" }, { "DestinationCidrBlock": "10.24.34.0/24", "GatewayId": "igw-0242c2d7d513fc5d3", "Origin": "CreateRoute", "State": "active" } ], "VpcId": "vpc-0c250a5c33f51d456" }
AwsEc2SecurityGroup
AwsEc2SecurityGroup 对象描述 Amazon EC2 安全组。
以下示例显示了 AwsEc2SecurityGroup 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2SecurityGroup 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2SecurityGroupDetails。
示例:
"AwsEc2SecurityGroup": { "GroupName": "MySecurityGroup", "GroupId": "sg-903004f8", "OwnerId": "123456789012", "VpcId": "vpc-1a2b3c4d", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "UserIdGroupPairs": [ { "UserId": "123456789012", "GroupId": "sg-903004f8" } ], "PrefixListIds": [ {"PrefixListId": "pl-63a5400a"} ] }, { "PrefixListIds": [], "FromPort": 22, "IpRanges": [ { "CidrIp": "203.0.113.0/24" } ], "ToPort": 22, "IpProtocol": "tcp", "UserIdGroupPairs": [] } ] }
AwsEc2Subnet
AwsEc2Subnet 对象提供有关 Amazon EC2 中子网的信息。
以下示例显示了 AwsEc2Subnet 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2Subnet 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2SubnetDetails。
示例:
AwsEc2Subnet: { "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "us-west-2c", "AvailabilityZoneId": "usw2-az3", "AvailableIpAddressCount": 8185, "CidrBlock": "10.0.0.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "OwnerId": "123456789012", "State": "available", "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93", "SubnetId": "subnet-d5436c93", "VpcId": "vpc-153ade70", "Ipv6CidrBlockAssociationSet": [{ "AssociationId": "subnet-cidr-assoc-EXAMPLE", "Ipv6CidrBlock": "2001:DB8::/32", "CidrBlockState": "associated" }] }
AwsEc2TransitGateway
AwsEc2TransitGateway 对象提供有关互连虚拟私有云 (VPC) 和本地网络的 Amazon EC2 中转网关的详细信息。
以下是 Amazon 安全调查发现格式 (ASFF) 中的 AwsEc2TransitGateway 调查发现示例。要查看 AwsEc2TransitGateway 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2TransitGatewayDetails。
示例:
"AwsEc2TransitGateway": { "AmazonSideAsn": 65000, "AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "AutoAcceptSharedAttachments": "disable", "DefaultRouteTableAssociation": "enable", "DefaultRouteTablePropagation": "enable", "Description": "sample transit gateway", "DnsSupport": "enable", "Id": "tgw-042ae6bf7a5c126c3", "MulticastSupport": "disable", "PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "TransitGatewayCidrBlocks": ["10.0.0.0/16"], "VpnEcmpSupport": "enable" }
AwsEc2Volume
AwsEc2Volume 对象提供有关 Amazon EC2 卷的详细信息。
以下示例显示了 AwsEc2Volume 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2Volume 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2VolumeDetails。
示例:
"AwsEc2Volume": { "Attachments": [ { "AttachTime": "2017-10-17T14:47:11Z", "DeleteOnTermination": true, "InstanceId": "i-123abc456def789g", "Status": "attached" } ], "CreateTime": "2020-02-24T15:54:30Z", "Encrypted": true, "KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Size": 80, "SnapshotId": "", "Status": "available" }
AwsEc2Vpc
AwsEc2Vpc 对象提供有关 Amazon EC2 VPC 的详细信息。
以下示例显示了 AwsEc2Vpc 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2Vpc 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2VpcDetails。
示例:
"AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlock": "192.0.2.0/24", "CidrBlockState": "associated" } ], "DhcpOptionsId": "dopt-4e42ce28", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlockState": "associated", "Ipv6CidrBlock": "192.0.2.0/24" } ], "State": "available" }
AwsEc2VpcEndpointService
AwsEc2VpcEndpointService 对象包含有关 VPC 端点服务的服务配置的详细信息。
以下示例显示了 AwsEc2VpcEndpointService 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2VpcEndpointService 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2VpcEndpointServiceDetails。
示例:
"AwsEc2VpcEndpointService": { "ServiceType": [ { "ServiceType": "Interface" } ], "ServiceId": "vpce-svc-example1", "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1", "ServiceState": "Available", "AvailabilityZones": [ "us-east-1" ], "AcceptanceRequired": true, "ManagesVpcEndpoints": false, "NetworkLoadBalancerArns": [ "arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1" ], "GatewayLoadBalancerArns": [], "BaseEndpointDnsNames": [ "vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com" ], "PrivateDnsName": "my-private-dns" }
AwsEc2VpcPeeringConnection
AwsEc2VpcPeeringConnection 对象提供有关两个 VPC 之间网络连接的详细信息。
以下示例显示了 AwsEc2VpcPeeringConnection 对象的 Amazon 安全调查发现格式 (ASFF)。要查看 AwsEc2VpcPeeringConnection 属性的描述,请参阅 Amazon Security Hub CSPM API 参考中的 AwsEc2VpcPeeringConnectionDetails。
示例:
"AwsEc2VpcPeeringConnection": { "AccepterVpcInfo": { "CidrBlock": "10.0.0.0/28", "CidrBlockSet": [{ "CidrBlock": "10.0.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "ExpirationTime": "2022-02-18T15:31:53.161Z", "RequesterVpcInfo": { "CidrBlock": "192.168.0.0/28", "CidrBlockSet": [{ "CidrBlock": "192.168.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "Status": { "Code": "initiating-request", "Message": "Active" }, "VpcPeeringConnectionId": "pcx-1a2b3c4d" }