本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
ASFF 中的 AwsEc2 资源
以下是AwsEc2资源的 Amazon 安全调查发现格式(ASFF)的示例。
Amazon Security Hub 会将各种来源的调查发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 Amazon 安全调查发现格式 (ASFF)。
AwsEc2ClientVpnEndpoint
该AwsEc2ClientVpnEndpoint对象提供有关 Amazon Client VPN 端点的信息。客户端 VPN 端点是您创建并配置以用于启用和管理客户端 VPN 会话的资源。这是所有 Client VPN 会话的终止点。
以下示例显示AwsEc2ClientVpnEndpoint对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2ClientVpnEndpoint属性的描述,请参阅《Amazon Security Hub API 参考》ClientVpnEndpointDetails中的 AwsEc2。
示例
"AwsEc2ClientVpnEndpoint": { "AuthenticationOptions": [ { "MutualAuthentication": { "ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Type": "certificate-authentication" } ], "ClientCidrBlock": "10.0.0.0/22", "ClientConnectOptions": { "Enabled": false }, "ClientLoginBannerOptions": { "Enabled": false }, "ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5", "ConnectionLogOptions": { "Enabled": false }, "Description": "test", "DnsServer": ["10.0.0.0"], "ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SecurityGroupIdSet": [ "sg-0f7a177b82b443691" ], "SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5", "SessionTimeoutHours": 24, "SplitTunnel": false, "TransportProtocol": "udp", "VpcId": "vpc-1a2b3c4d5e6f1a2b3", "VpnPort": 443 }
AwsEc2Eip
AwsEc2Eip 对象提供有关弹性 IP 地址的信息。
以下示例显示AwsEc2Eip对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2Eip属性的描述,请参阅《Amazon Security Hub API 参考》EipDetails中的 AwsEc2。
示例
"AwsEc2Eip": { "InstanceId": "instance1", "PublicIp": "192.0.2.04", "AllocationId": "eipalloc-example-id-1", "AssociationId": "eipassoc-example-id-1", "Domain": "vpc", "PublicIpv4Pool": "anycompany", "NetworkBorderGroup": "eu-central-1", "NetworkInterfaceId": "eni-example-id-1", "NetworkInterfaceOwnerId": "777788889999", "PrivateIpAddress": "192.0.2.03" }
AwsEc2Instance
该AwsEc2Instance对象提供有关 Amazon EC2 实例的详细信息。
以下示例显示AwsEc2Instance对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2Instance属性的描述,请参阅《Amazon Security Hub API 参考》InstanceDetails中的 AwsEc2。
示例
"AwsEc2Instance": { "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole", "ImageId": "ami-1234", "IpV4Addresses": [ "1.1.1.1" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "LaunchedAt": "2018-05-08T16:46:19.000Z", "MetadataOptions": { "HttpEndpoint": "enabled", "HttpProtocolIpv6": "enabled", "HttpPutResponseHopLimit": 1, "HttpTokens": "optional", "InstanceMetadataTags": "disabled", }, "Monitoring": { "State": "disabled" }, "NetworkInterfaces": [ { "NetworkInterfaceId": "eni-e5aa89a3" } ], "SubnetId": "subnet-123", "Type": "i3.xlarge", "VpcId": "vpc-123" }
AwsEc2LaunchTemplate
AwsEc2LaunchTemplate 对象包含有关指定实例配置信息的 Amazon Elastic Compute Cloud 启动模板的详细信息。
以下示例显示AwsEc2LaunchTemplate对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2LaunchTemplate属性的描述,请参阅《Amazon Security Hub API 参考》LaunchTemplateDetails中的 AwsEc2。
示例
"AwsEc2LaunchTemplate": { "DefaultVersionNumber": "1", "ElasticGpuSpecifications": ["string"], "ElasticInferenceAccelerators": ["string"], "Id": "lt-0a16e9802800bdd85", "ImageId": "ami-0d5eff06f840b45e9", "LatestVersionNumber": "1", "LaunchTemplateData": { "BlockDeviceMappings": [{ "DeviceName": "/dev/xvda", "Ebs": { "DeleteonTermination": true, "Encrypted": true, "SnapshotId": "snap-01047646ec075f543", "VolumeSize": 8, "VolumeType:" "gp2" } }], "MetadataOptions": { "HttpTokens": "enabled", "HttpPutResponseHopLimit" : 1 }, "Monitoring": { "Enabled": true, "NetworkInterfaces": [{ "AssociatePublicIpAddress" : true, }], "LaunchTemplateName": "string", "LicenseSpecifications": ["string"], "SecurityGroupIds": ["sg-01fce87ad6e019725"], "SecurityGroups": ["string"], "TagSpecifications": ["string"] }
AwsEc2NetworkAcl
AwsEc2NetworkAcl对象包含有关 Amazon EC2 网络控制列表(ACL)的详细信息。
以下示例显示AwsEc2NetworkAcl对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2NetworkAcl属性的描述,请参阅《Amazon Security Hub API 参考》NetworkAclDetails中的 AwsEc2。
示例
"AwsEc2NetworkAcl": { "IsDefault": false, "NetworkAclId": "acl-1234567890abcdef0", "OwnerId": "123456789012", "VpcId": "vpc-1234abcd", "Associations": [{ "NetworkAclAssociationId": "aclassoc-abcd1234", "NetworkAclId": "acl-021345abcdef6789", "SubnetId": "subnet-abcd1234" }], "Entries": [{ "CidrBlock": "10.24.34.0/23", "Egress": true, "IcmpTypeCode": { "Code": 10, "Type": 30 }, "Ipv6CidrBlock": "2001:DB8::/32", "PortRange": { "From": 20, "To": 40 }, "Protocol": "tcp", "RuleAction": "allow", "RuleNumber": 100 }] }
AwsEc2NetworkInterface
该AwsEc2NetworkInterface对象提供有关 Amazon EC2 网络接口的信息。
以下示例显示AwsEc2NetworkInterface对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2NetworkInterface属性的描述,请参阅《Amazon Security Hub API 参考》NetworkInterfaceDetails中的 AwsEc2。
示例
"AwsEc2NetworkInterface": { "Attachment": { "AttachTime": "2019-01-01T03:03:21Z", "AttachmentId": "eni-attach-43348162", "DeleteOnTermination": true, "DeviceIndex": 123, "InstanceId": "i-1234567890abcdef0", "InstanceOwnerId": "123456789012", "Status": 'ATTACHED' }, "SecurityGroups": [ { "GroupName": "my-security-group", "GroupId": "sg-903004f8" }, ], "NetworkInterfaceId": 'eni-686ea200', "SourceDestCheck": false }
AwsEc2RouteTable
AwsEc2RouteTable对象提供有关 Amazon EC2 路由表的信息。
以下示例显示AwsEc2RouteTable对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2RouteTable属性的描述,请参阅《Amazon Security Hub API 参考》RouteTableDetails中的 AwsEc2。
示例
"AwsEc2RouteTable": { "AssociationSet": [{ "AssociationSet": { "State": "associated" }, "Main": true, "RouteTableAssociationId": "rtbassoc-08e706c45de9f7512", "RouteTableId": "rtb-0a59bde9cf2548e34", }], "PropogatingVgwSet": [], "RouteTableId": "rtb-0a59bde9cf2548e34", "RouteSet": [ { "DestinationCidrBlock": "10.24.34.0/23", "GatewayId": "local", "Origin": "CreateRouteTable", "State": "active" }, { "DestinationCidrBlock": "10.24.34.0/24", "GatewayId": "igw-0242c2d7d513fc5d3", "Origin": "CreateRoute", "State": "active" } ], "VpcId": "vpc-0c250a5c33f51d456" }
AwsEc2SecurityGroup
该AwsEc2SecurityGroup对象描述了 Amazon EC2 安全组。
以下示例显示AwsEc2SecurityGroup对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2SecurityGroup属性的描述,请参阅《Amazon Security Hub API 参考》SecurityGroupDetails中的 AwsEc2。
示例
"AwsEc2SecurityGroup": { "GroupName": "MySecurityGroup", "GroupId": "sg-903004f8", "OwnerId": "123456789012", "VpcId": "vpc-1a2b3c4d", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "UserIdGroupPairs": [ { "UserId": "123456789012", "GroupId": "sg-903004f8" } ], "PrefixListIds": [ {"PrefixListId": "pl-63a5400a"} ] }, { "PrefixListIds": [], "FromPort": 22, "IpRanges": [ { "CidrIp": "203.0.113.0/24" } ], "ToPort": 22, "IpProtocol": "tcp", "UserIdGroupPairs": [] } ] }
AwsEc2Subnet
该AwsEc2Subnet对象提供有关 Amazon 中子网的信息 EC2。
以下示例显示AwsEc2Subnet对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2Subnet属性的描述,请参阅《Amazon Security Hub API 参考》SubnetDetails中的 AwsEc2。
示例
AwsEc2Subnet: { "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "us-west-2c", "AvailabilityZoneId": "usw2-az3", "AvailableIpAddressCount": 8185, "CidrBlock": "10.0.0.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "OwnerId": "123456789012", "State": "available", "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93", "SubnetId": "subnet-d5436c93", "VpcId": "vpc-153ade70", "Ipv6CidrBlockAssociationSet": [{ "AssociationId": "subnet-cidr-assoc-EXAMPLE", "Ipv6CidrBlock": "2001:DB8::/32", "CidrBlockState": "associated" }] }
AwsEc2TransitGateway
该AwsEc2TransitGateway对象提供有关互连 Virtual Pri EC2 vate Cloud (VPCs) 和本地网络的 Amazon 中转网关的详细信息。
以下是 Amazon 安全AwsEc2TransitGateway调查发现格式 (ASFF) 中的调查发现示例。要查看AwsEc2TransitGateway属性的描述,请参阅《Amazon Security Hub API 参考》TransitGatewayDetails中的 AwsEc2。
示例
"AwsEc2TransitGateway": { "AmazonSideAsn": 65000, "AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "AutoAcceptSharedAttachments": "disable", "DefaultRouteTableAssociation": "enable", "DefaultRouteTablePropagation": "enable", "Description": "sample transit gateway", "DnsSupport": "enable", "Id": "tgw-042ae6bf7a5c126c3", "MulticastSupport": "disable", "PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "TransitGatewayCidrBlocks": ["10.0.0.0/16"], "VpnEcmpSupport": "enable" }
AwsEc2Volume
AwsEc2Volume对象提供有关 Amazon EC2 卷的详细信息。
以下示例显示AwsEc2Volume对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2Volume属性的描述,请参阅《Amazon Security Hub API 参考》VolumeDetails中的 AwsEc2。
示例
"AwsEc2Volume": { "Attachments": [ { "AttachTime": "2017-10-17T14:47:11Z", "DeleteOnTermination": true, "InstanceId": "i-123abc456def789g", "Status": "attached" } ], "CreateTime": "2020-02-24T15:54:30Z", "Encrypted": true, "KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Size": 80, "SnapshotId": "", "Status": "available" }
AwsEc2Vpc
该AwsEc2Vpc对象提供有关亚马逊 EC2 VPC 的详细信息。
以下示例显示AwsEc2Vpc对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2Vpc属性的描述,请参阅《Amazon Security Hub API 参考》VpcDetails中的 AwsEc2。
示例
"AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlock": "192.0.2.0/24", "CidrBlockState": "associated" } ], "DhcpOptionsId": "dopt-4e42ce28", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlockState": "associated", "Ipv6CidrBlock": "192.0.2.0/24" } ], "State": "available" }
AwsEc2VpcEndpointService
AwsEc2VpcEndpointService 对象包含有关 VPC 端点服务的服务配置的详细信息。
以下示例显示AwsEc2VpcEndpointService对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2VpcEndpointService属性的描述,请参阅《Amazon Security Hub API 参考》VpcEndpointServiceDetails中的 AwsEc2。
示例
"AwsEc2VpcEndpointService": { "ServiceType": [ { "ServiceType": "Interface" } ], "ServiceId": "vpce-svc-example1", "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1", "ServiceState": "Available", "AvailabilityZones": [ "us-east-1" ], "AcceptanceRequired": true, "ManagesVpcEndpoints": false, "NetworkLoadBalancerArns": [ "arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1" ], "GatewayLoadBalancerArns": [], "BaseEndpointDnsNames": [ "vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com" ], "PrivateDnsName": "my-private-dns" }
AwsEc2VpcPeeringConnection
AwsEc2VpcPeeringConnection对象提供有关两者之间网络连接的详细信息 VPCs。
以下示例显示AwsEc2VpcPeeringConnection对象的 Amazon 安全调查发现格式 (ASFF)。要查看AwsEc2VpcPeeringConnection属性的描述,请参阅《Amazon Security Hub API 参考》VpcPeeringConnectionDetails中的 AwsEc2。
示例
"AwsEc2VpcPeeringConnection": { "AccepterVpcInfo": { "CidrBlock": "10.0.0.0/28", "CidrBlockSet": [{ "CidrBlock": "10.0.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "ExpirationTime": "2022-02-18T15:31:53.161Z", "RequesterVpcInfo": { "CidrBlock": "192.168.0.0/28", "CidrBlockSet": [{ "CidrBlock": "192.168.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "Status": { "Code": "initiating-request", "Message": "Active" }, "VpcPeeringConnectionId": "pcx-1a2b3c4d" }