使用亚马逊简单通知服务订阅 Security Hub 公告 - Amazon Security Hub
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

使用亚马逊简单通知服务订阅 Security Hub 公告

本节提供有关通过 Amazon Simple Notification Service (Amazon SNS) 订阅Security Hub 公告以接收有关Security Hub 通知。

订阅后,您将收到有关以下事件的通知(请注意每个AnnouncementType活动的相应通知):

  • GENERAL— 有关 Security Hub 服务的一般通知。

  • UPCOMING_STANDARDS_CONTROLS— 指定的Security Hub 控件或标准将很快发布。此类公告可帮助您在发布之前准备响应和补救工作流程。

  • NEW_REGIONS— 新版本中提供了对Security Hub SupportAmazon Web Services 区域。

  • NEW_STANDARDS_CONTROLS— 添加了新的Security Hub 控件或标准。

  • UPDATED_STANDARDS_CONTROLS— 现有Security Hub 控制措施或标准已更新。

  • RETIRED_STANDARDS_CONTROLS— 现有的 Security Hub 控件或标准已停用。

  • UPDATED_ASFF—Amazon 安全查找格式 (ASFF) 语法、字段或值已更新。

  • NEW_INTEGRATION— 可以与其他Amazon服务或第三方产品进行新的集成。

  • NEW_FEATURE— 新的Security Hub 功能可用。

  • UPDATED_FEATURE— 现有Security Hub 功能已更新。

通知以 Amazon SNS 支持的所有格式提供。你可以在 Security Hub 的所有Amazon Web Services 区域可用版本中订阅Security Hub 公告。

用户账户必须拥有 sns::subscribe IAM 权限才能订阅 Amazon SNS 主题。

注意

Security Hub 向任何订阅的账户发送有关Security Hub 服务更新的Amazon SNS 公告。Amazon要在您的 Security Hub 帐户中接收有关发现的通知,请参阅在中查看查找结果列表和详细信息Amazon Security Hub

您可以订阅一个 Amazon SNS 主题的Amazon Simple Queue Service (Amazon SQS) 队列节点,但必须使用同一区域的 Amazon SNS 主题Amazon SNS 主题Amazon SNS 主题。有关更多信息,请参阅教程:订阅 Amazon S imple Queue Service 开发人员指南中的 Amazon SNS 主题

您还可以在收到通知时使用Amazon Lambda函数调用事件。有关更多信息,请参阅《Amazon Simple Notification Service 开发人员指南》中的使用 Amazon SNS 通知调用 Lambda 函数

每个区域的Amazon SNS 主题 ARN 如下所示。

Amazon 区域 Amazon SNS 主题 ARN
美国东部(俄亥俄) arn:aws:sns:us-east-2:291342846459:SecurityHubAnnouncements
美国东部(弗吉尼亚北部) arn:aws:sns:us-east-1:088139225913:SecurityHubAnnouncements
美国西部(加利福尼亚北部) arn:aws:sns:us-west-1:137690824926:SecurityHubAnnouncements
美国西部(俄勒冈) arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements
Africa (Cape Town) arn:aws:sns:af-south-1:463142546776:SecurityHubAnnouncements
Asia Pacific (Hong Kong) arn:aws:sns:ap-east-1:464812404305:SecurityHubAnnouncements
亚太地区(雅加达) arn:aws:sns:ap-southeast-3:627843640627:SecurityHubAnnouncements
亚太地区(孟买) arn:aws:sns:ap-south-1:707356269775:SecurityHubAnnouncements
Asia Pacific (Osaka) arn:aws:sns:ap-northeast-3:633550238216:SecurityHubAnnouncements
Asia Pacific (Seoul) arn:aws:sns:ap-northeast-2:374299265323:SecurityHubAnnouncements
亚太地区(新加坡) arn:aws:sns:ap-southeast-1:512267288502:SecurityHubAnnouncements
亚太地区(悉尼) arn:aws:sns:ap-southeast-2:475730049140:SecurityHubAnnouncements
亚太区域(东京) arn:aws:sns:ap-northeast-1:592469075483:SecurityHubAnnouncements
加拿大(中部) arn:aws:sns:ca-central-1:137749997395:SecurityHubAnnouncements
China (Beijing) arn:aws-cn:sns:cn-north-1:672341567257:SecurityHubAnnouncements
China (Ningxia) arn:aws-cn:sns:cn-northwest-1:672534482217:SecurityHubAnnouncements
欧洲(法兰克福) arn:aws:sns:eu-central-1:871975303681:SecurityHubAnnouncements
欧洲(爱尔兰) arn:aws:sns:eu-west-1:705756202095:SecurityHubAnnouncements
欧洲(伦敦) arn:aws:sns:eu-west-2:883600840440:SecurityHubAnnouncements
欧洲(米兰) arn:aws:sns:eu-south-1:151363035580:SecurityHubAnnouncements
Europe (Paris) arn:aws:sns:eu-west-3:313420042571:SecurityHubAnnouncements
Europe (Stockholm) arn:aws:sns:eu-north-1:191971010772:SecurityHubAnnouncements
Middle East (Bahrain) arn:aws:sns:me-south-1:585146626860:SecurityHubAnnouncements
南美洲(圣保罗) arn:aws:sns:sa-east-1:359811883282:SecurityHubAnnouncements
Amazon GovCloud (美国东部) arn:aws-us-gov:sns:us-gov-east-1:239368469855:SecurityHubAnnouncements
Amazon GovCloud (美国西部) arn:aws-us-gov:sns:us-gov-west-1:239334163374:SecurityHubAnnouncements

一个分区内不同区域的消息通常是相同的,因此您可以订阅每个分区中的一个区域,以接收影响该分区中所有区域的公告。与成员帐户关联的公告不会复制到管理员帐户中。因此,每个账户,包括管理员账户,每份公告只有一份副本。您可以决定要使用哪个帐户订阅 Security Hub 公告。

有关订阅 Security Hub 公告的费用信息,请参阅 Amazon SNS 定价

订阅Security Hub 公告(控制台)

  1. 通过以下网址打开 Amazon SNS 控制台:https://console.aws.amazon.com/sns/v3/home

  2. 在 Revice Hub 公告中,选择您要订阅 Security Hub 公告的区域。此示例使用us-west-2区域。

  3. 在导航窗格中,选择订阅,然后选择创建订阅

  4. 在主题 ARN 框中输入主题 ARN。例如,arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements

  5. 对于协议,选择接收Security Hub 公告的方式。如果您选择 E ma il ad dre ss (电子邮件),输入您要用于接收公告的电子邮件地址。

  6. 选择 Create subscription(创建订阅)。

  7. 确认订阅。例如,如果您选择电子邮件协议,Amazon SNS 会向您提供的电子邮件发送一条订阅确认消息。

订阅Security Hub 公告 (Amazon CLI)

  1. 运行以下 命令:

    aws sns --region us-west-2 subscribe --topic-arn arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements --protocol email --notification-endpoint your_email@your_domain.com
  2. 确认订阅。例如,如果您选择电子邮件协议,Amazon SNS 会向您提供的电子邮件发送一条订阅确认消息。

Amazon SNS 消息格式

以下示例显示了 Amazon SNS 发布的关于引入新安全控制措施的安全Security Hub 公告。消息内容因事件类型而异。

示例:Security Hub 关于新控件(电子邮件协议)的公告

{ "AnnouncementType":"NEW_STANDARDS_CONTROLS", "Title":"[New Controls] 36 new Security Hub controls added to the Amazon Foundational Security Best Practices standard", "Description":"We have added 36 new controls to the Amazon Foundational Security Best Practices standard. These include controls for Amazon Auto Scaling (AutoScaling.3, AutoScaling.4, AutoScaling.6), Amazon CloudFormation (CloudFormation.1), Amazon CloudFront (CloudFront.10), Amazon Elastic Compute Cloud (Amazon EC2) (EC2.23, EC2.24, EC2.27), Amazon Elastic Container Registry (Amazon ECR) (ECR.1, ECR.2), Amazon Elastic Container Service (Amazon ECS) (ECS.3, ECS.4, ECS.5, ECS.8, ECS.10, ECS.12), Amazon Elastic File System (Amazon EFS) (EFS.3, EFS.4), Amazon Elastic Kubernetes Service (Amazon EKS) (EKS.2), Elastic Load Balancing (ELB.12, ELB.13, ELB.14), Amazon Kinesis (Kinesis.1), Amazon Network Firewall (NetworkFirewall.3, NetworkFirewall.4, NetworkFirewall.5), Amazon OpenSearch Service (OpenSearch.7), Amazon Redshift (Redshift.9), Amazon Simple Storage Service (Amazon S3) (S3.13), Amazon Simple Notification Service (SNS.2), Amazon WAF (WAF.2, WAF.3, WAF.4, WAF.6, WAF.7, WAF.8). If you enabled the Amazon Foundational Security Best Practices standard in an account and configured Security Hub to automatically enable new controls, these controls are enabled by default. Availability of controls can vary by Region. " }

示例:Security Hub 关于新控件的公告(电子邮件-JSON 协议)

{ "Type" : "Notification", "MessageId" : "d124c9cf-326a-5931-9263-92a92e7af49f", "TopicArn" : "arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements", "Message" : "{\"AnnouncementType\":\"NEW_STANDARDS_CONTROLS\",\"Title\":\"[New Controls] 36 new Security Hub controls added to the Amazon Foundational Security Best Practices standard\",\"Description\":\"We have added 36 new controls to the Amazon Foundational Security Best Practices standard. These include controls for Amazon Auto Scaling (AutoScaling.3, AutoScaling.4, AutoScaling.6), Amazon CloudFormation (CloudFormation.1), Amazon CloudFront (CloudFront.10), Amazon Elastic Compute Cloud (Amazon EC2) (EC2.23, EC2.24, EC2.27), Amazon Elastic Container Registry (Amazon ECR) (ECR.1, ECR.2), Amazon Elastic Container Service (Amazon ECS) (ECS.3, ECS.4, ECS.5, ECS.8, ECS.10, ECS.12), Amazon Elastic File System (Amazon EFS) (EFS.3, EFS.4), Amazon Elastic Kubernetes Service (Amazon EKS) (EKS.2), Elastic Load Balancing (ELB.12, ELB.13, ELB.14), Amazon Kinesis (Kinesis.1), Amazon Network Firewall (NetworkFirewall.3, NetworkFirewall.4, NetworkFirewall.5), Amazon OpenSearch Service (OpenSearch.7), Amazon Redshift (Redshift.9), Amazon Simple Storage Service (Amazon S3) (S3.13), Amazon Simple Notification Service (SNS.2), Amazon WAF (WAF.2, WAF.3, WAF.4, WAF.6, WAF.7, WAF.8). If you enabled the Amazon Foundational Security Best Practices standard in an account and configured SSecurity Hub to automatically enable new controls, these controls are enabled by default. Availability of controls can vary by Region. \"}", "Timestamp" : "2022-08-04T19:11:12.652Z", "SignatureVersion" : "1", "Signature" : "HTHgNFRYMetCvisulgLM4CVySvK9qCXFPHQDxYl9tuCFQuIrd7YO4m4YFR28XKMgzqrF20YP+EilipUm2SOTpEEtOTekU5bn74+YmNZfwr4aPFx0vUuQCVOshmHl37hjkiLjhCg/t53QQiLfP7MH+MTXIUPR37k5SuFCXvjpRQ8ynV532AH3Wpv0HmojDLMg+eg51V1fUsOG8yiJVCBEJhJ1yS+gkwJdhRk2UQab9RcAmE6COK3hRWcjDwqTXz5nR6Ywv1ZqZfLIl7gYKslt+jsyd/k+7kOqGmOJRDr7qhE7H+7vaGRLOptsQnbW8VmeYnDbahEO8FV+Mp1rpV+7Qg==", "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-56e67fcb41f6fec09b0196692625d385.pem", "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements:9d0230d7-d582-451d-9f15-0c32818bf61f" }