本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
通过亚马逊订阅 Security Hub 公告 SNS
本节提供有关通过亚马逊简单通知服务 (亚马逊SNS) 订阅 Sec Amazon urity Hub 公告以接收有关 Security Hub 的通知的信息。
订阅后,您将收到有关以下事件的通知(请注意每个事件相应的 AnnouncementType
):
-
GENERAL
:有关 Security Hub 服务的常规通知。 -
UPCOMING_STANDARDS_CONTROLS
:特定的 Security Hub 控件或标准将很快发布。此类公告可帮助您在发布之前准备响应和补救工作流程。 -
NEW_REGIONS
:新 Amazon Web Services 区域中提供了对 Security Hub 的支持。 -
NEW_STANDARDS_CONTROLS
:添加了新的 Security Hub 控件或标准。 -
UPDATED_STANDARDS_CONTROLS
:现有的 Security Hub 控件或标准已更新。 -
RETIRED_STANDARDS_CONTROLS
:现有的 Security Hub 控件或标准已停用。 -
UPDATED_ASFF
— Amazon 安全调查结果格式 (ASFF) 语法、字段或值已更新。 -
NEW_INTEGRATION
— 提供了与其他 Amazon 服务或第三方产品的新集成。 -
NEW_FEATURE
:新的 Security Hub 功能可用。 -
UPDATED_FEATURE
:现有的 Security Hub 功能已更新。
通知以 Amazon SNS 支持的所有格式提供。您可以在 Security Hub 可用的所有Amazon Web Services 区域 中订阅 Security Hub 公告。
用户必须拥有订阅 Amazon SNS 主题的Subscribe
权限。您可以通过 Amazon SNS IAM 政策、政策或两者兼而有之实现这一目标。有关更多信息,请参阅《亚马逊简单通知服务开发者指南》中的IAM和亚马逊SNS政策。
注意
Security Hub 会向任何订阅 Amazon Web Services 账户者发送有关 Security Hub 服务更新的亚马逊SNS公告。要接收有关 Security Hub 调查发现的通知,请参阅 查看 Security Hub 中的调查发现的详细信息和历史记录。
您可以为亚马逊SNS主题订阅亚马逊简单队列服务 (AmazonSQS) 队列,但必须使用位于同一地区的亚马逊SNS主题亚马逊资源名称 (ARN)。有关更多信息,请参阅《亚马逊简单SQS队列服务开发者指南》中的教程:为亚马逊队列订阅亚马逊SNS主题。
您还可以在收到通知时使用 Amazon Lambda 函数来调用事件。有关更多信息,包括示例函数代码,请参阅Amazon Lambda 开发者指南中的教程: Amazon Lambda 与 Amazon 简单通知服务一起使用。
每个区域的 Amazon SNS 主题ARNs如下所示。
Amazon Web Services 区域 | 亚马逊SNS话题 ARN |
---|---|
美国东部(俄亥俄州) | arn:aws:sns:us-east-2:291342846459:SecurityHubAnnouncements |
美国东部(弗吉尼亚州北部) | arn:aws:sns:us-east-1:088139225913:SecurityHubAnnouncements |
美国西部(加利福尼亚北部) | arn:aws:sns:us-west-1:137690824926:SecurityHubAnnouncements |
美国西部(俄勒冈州) | arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements |
非洲(开普敦) | arn:aws:sns:af-south-1:463142546776:SecurityHubAnnouncements |
亚太地区(香港) | arn:aws:sns:ap-east-1:464812404305:SecurityHubAnnouncements |
亚太地区(海得拉巴) | arn:aws:sns:ap-south-2:849907286123:SecurityHubAnnouncements |
亚太地区(雅加达) | arn:aws:sns:ap-southeast-3:627843640627:SecurityHubAnnouncements |
亚太地区(孟买) | arn:aws:sns:ap-south-1:707356269775:SecurityHubAnnouncements |
亚太地区(大阪) | arn:aws:sns:ap-northeast-3:633550238216:SecurityHubAnnouncements |
亚太地区(首尔) | arn:aws:sns:ap-northeast-2:374299265323:SecurityHubAnnouncements |
亚太地区(新加坡) | arn:aws:sns:ap-southeast-1:512267288502:SecurityHubAnnouncements |
亚太地区(悉尼) | arn:aws:sns:ap-southeast-2:475730049140:SecurityHubAnnouncements |
亚太地区(东京) | arn:aws:sns:ap-northeast-1:592469075483:SecurityHubAnnouncements |
加拿大(中部) | arn:aws:sns:ca-central-1:137749997395:SecurityHubAnnouncements |
中国(北京) | arn:aws-cn:sns:cn-north-1:672341567257:SecurityHubAnnouncements |
中国(宁夏) | arn:aws-cn:sns:cn-northwest-1:672534482217:SecurityHubAnnouncements |
欧洲地区(法兰克福) | arn:aws:sns:eu-central-1:871975303681:SecurityHubAnnouncements |
欧洲地区(爱尔兰) | arn:aws:sns:eu-west-1:705756202095:SecurityHubAnnouncements |
欧洲地区(伦敦) | arn:aws:sns:eu-west-2:883600840440:SecurityHubAnnouncements |
欧洲地区(米兰) | arn:aws:sns:eu-south-1:151363035580:SecurityHubAnnouncements |
欧洲地区(巴黎) | arn:aws:sns:eu-west-3:313420042571:SecurityHubAnnouncements |
欧洲(西班牙) | arn:aws:sns:eu-south-2:777487947751:SecurityHubAnnouncements |
欧洲地区(斯德哥尔摩) | arn:aws:sns:eu-north-1:191971010772:SecurityHubAnnouncements |
欧洲(苏黎世) | arn:aws:sns:eu-central-2:704347005078:SecurityHubAnnouncements |
以色列(特拉维夫) | arn:aws:sns:il-central-1:726652212146:SecurityHubAnnouncements |
中东(巴林) | arn:aws:sns:me-south-1:585146626860:SecurityHubAnnouncements |
中东 (UAE) | arn:aws:sns:me-central-1:431548502100:SecurityHubAnnouncements |
南美洲(圣保罗) | arn:aws:sns:sa-east-1:359811883282:SecurityHubAnnouncements |
Amazon GovCloud (美国东部) | arn:aws-us-gov:sns:us-gov-east-1:239368469855:SecurityHubAnnouncements |
Amazon GovCloud (美国西部) | arn:aws-us-gov:sns:us-gov-west-1:239334163374:SecurityHubAnnouncements |
分区内各区域的消息通常相同,因此您可以订阅每个分区中的一个区域,以接收影响该分区中所有区域的公告。与成员账户关联的公告不会复制到管理员账户中。因此,每个账户(包括管理员账户)将只有一份每份公告的副本。您可以决定要使用哪个账户来订阅 Security Hub 公告。
有关订阅 Security Hub 公告的费用信息,请参阅亚马逊SNS定价
订阅 Security Hub 公告(控制台)
在 https://console.aws.amazon.com/sns/v3/
hom SNS e 上打开亚马逊主机。 -
在“区域”列表中,选择要在其中订阅 Security Hub 公告的区域。此示例使用
us-west-2
区域。 -
在导航窗格中,选择订阅,然后选择创建订阅。
-
在 “主题ARN” 框中ARN输入主题。例如,
arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements
。 -
在协议中,选择您希望如何接收 Security Hub 公告。如果您选择电子邮件,请在端点中输入要用于接收公告的电子邮件地址。
-
选择创建订阅。
-
确认订阅。例如,如果您选择电子邮件协议,Amazon SNS 将向您提供的电子邮件发送订阅确认消息。
订阅 Security Hub 公告(Amazon CLI)
-
运行以下命令:
aws sns --region
us-west-2
subscribe --topic-arnarn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements
--protocolemail
--notification-endpointyour_email@your_domain.com
-
确认订阅。例如,如果您选择电子邮件协议,Amazon SNS 将向您提供的电子邮件发送订阅确认消息。
Amazon SNS 消息格式
以下示例显示了亚马逊发布的 Security Hub SNS 关于引入新安全控制措施的公告。消息内容因公告类型而异,但所有公告类型的格式都相同。可选择包含一个 Link
字段,提供有关公告的详细信息。
示例:Security Hub 关于新控件的公告(电子邮件协议)
{ "AnnouncementType":"NEW_STANDARDS_CONTROLS", "Title":"[New Controls] 36 new Security Hub controls added to the Amazon Foundational Security Best Practices standard", "Description":"We have added 36 new controls to the Amazon Foundational Security Best Practices standard. These include controls for Amazon Auto Scaling (AutoScaling.3, AutoScaling.4, AutoScaling.6), Amazon CloudFormation (CloudFormation.1), Amazon CloudFront (CloudFront.10), Amazon Elastic Compute Cloud (Amazon EC2) (EC2.23, EC2.24, EC2.27), Amazon Elastic Container Registry (Amazon ECR) (ECR.1, ECR.2), Amazon Elastic Container Service (Amazon ECS) (ECS.3, ECS.4, ECS.5, ECS.8, ECS.10, ECS.12), Amazon Elastic File System (Amazon EFS) (EFS.3, EFS.4), Amazon Elastic Kubernetes Service (Amazon EKS) (EKS.2), Elastic Load Balancing (ELB.12, ELB.13, ELB.14), Amazon Kinesis (Kinesis.1), Amazon Network Firewall (NetworkFirewall.3, NetworkFirewall.4, NetworkFirewall.5), Amazon OpenSearch Service (OpenSearch.7), Amazon Redshift (Redshift.9), Amazon Simple Storage Service (Amazon S3) (S3.13), Amazon Simple Notification Service (SNS.2), Amazon WAF (WAF.2, WAF.3, WAF.4, WAF.6, WAF.7, WAF.8). If you enabled the Amazon Foundational Security Best Practices standard in an account and configured Security Hub to automatically enable new controls, these controls are enabled by default. Availability of controls can vary by Region. " }
示例:Security Hub 发布新控件(电子邮件JSON协议)
{ "Type" : "Notification", "MessageId" : "d124c9cf-326a-5931-9263-92a92e7af49f", "TopicArn" : "arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements", "Message" : "{\"AnnouncementType\":\"NEW_STANDARDS_CONTROLS\",\"Title\":\"[New Controls] 36 new Security Hub controls added to the Amazon Foundational Security Best Practices standard\",\"Description\":\"We have added 36 new controls to the Amazon Foundational Security Best Practices standard. These include controls for Amazon Auto Scaling (AutoScaling.3, AutoScaling.4, AutoScaling.6), Amazon CloudFormation (CloudFormation.1), Amazon CloudFront (CloudFront.10), Amazon Elastic Compute Cloud (Amazon EC2) (EC2.23, EC2.24, EC2.27), Amazon Elastic Container Registry (Amazon ECR) (ECR.1, ECR.2), Amazon Elastic Container Service (Amazon ECS) (ECS.3, ECS.4, ECS.5, ECS.8, ECS.10, ECS.12), Amazon Elastic File System (Amazon EFS) (EFS.3, EFS.4), Amazon Elastic Kubernetes Service (Amazon EKS) (EKS.2), Elastic Load Balancing (ELB.12, ELB.13, ELB.14), Amazon Kinesis (Kinesis.1), Amazon Network Firewall (NetworkFirewall.3, NetworkFirewall.4, NetworkFirewall.5), Amazon OpenSearch Service (OpenSearch.7), Amazon Redshift (Redshift.9), Amazon Simple Storage Service (Amazon S3) (S3.13), Amazon Simple Notification Service (SNS.2), Amazon WAF (WAF.2, WAF.3, WAF.4, WAF.6, WAF.7, WAF.8). If you enabled the Amazon Foundational Security Best Practices standard in an account and configured SSecurity Hub to automatically enable new controls, these controls are enabled by default. Availability of controls can vary by Region. \"}", "Timestamp" : "2022-08-04T19:11:12.652Z", "SignatureVersion" : "1", "Signature" : "HTHgNFRYMetCvisulgLM4CVySvK9qCXFPHQDxYl9tuCFQuIrd7YO4m4YFR28XKMgzqrF20YP+EilipUm2SOTpEEtOTekU5bn74+YmNZfwr4aPFx0vUuQCVOshmHl37hjkiLjhCg/t53QQiLfP7MH+MTXIUPR37k5SuFCXvjpRQ8ynV532AH3Wpv0HmojDLMg+eg51V1fUsOG8yiJVCBEJhJ1yS+gkwJdhRk2UQab9RcAmE6COK3hRWcjDwqTXz5nR6Ywv1ZqZfLIl7gYKslt+jsyd/k+7kOqGmOJRDr7qhE7H+7vaGRLOptsQnbW8VmeYnDbahEO8FV+Mp1rpV+7Qg==", "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-56e67fcb41f6fec09b0196692625d385.pem", "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements:9d0230d7-d582-451d-9f15-0c32818bf61f" }