通过亚马逊 SNS 订阅 Security Hub CSPM 公告 - Amazon Security Hub
Amazon SNS 消息格式
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

通过亚马逊 SNS 订阅 Security Hub CSPM 公告

本节提供有关通过亚马逊简单通知服务 (Amazon SNS) Simple Notification Service 订阅 Security Hub 云安全态势管理 (CSPM) 公告以接收有关 Security Hub CSPM 的通知的信息。 Amazon

订阅后,您将收到有关以下事件的通知(请注意每个事件相应的 AnnouncementType):

  • GENERAL— 有关 Security Hub CSPM 服务的一般通知。

  • UPCOMING_STANDARDS_CONTROLS— 特定的 Security Hub CSPM 控件或标准将很快发布。此类公告可帮助您在发布之前准备响应和补救工作流程。

  • NEW_REGIONS— 新版本中提供了对 Security Hub CSPM 的支持。 Amazon Web Services 区域

  • NEW_STANDARDS_CONTROLS— 添加了新的 Security Hub CSPM 控件或标准。

  • UPDATED_STANDARDS_CONTROLS— 现有的 Security Hub CSPM 控制措施或标准已更新。

  • RETIRED_STANDARDS_CONTROLS— 现有的 Security Hub CSPM 控件或标准已停用。

  • UPDATED_ASFF— Amazon 安全调查结果格式 (ASFF) 语法、字段或值已更新。

  • NEW_INTEGRATION— 提供了与其他 Amazon 服务或第三方产品的新集成。

  • NEW_FEATURE— 新的 Security Hub CSPM 功能可用。

  • UPDATED_FEATURE— 现有的 Security Hub CSPM 功能已更新。

通知以 Amazon SNS 支持的所有格式提供。你可以订阅 Security Hub CSPM 所有可用内容中的 Sec urit Amazon Web Services 区域 y Hub CSPM 公告。

用户必须拥有 Subscribe 权限才能订阅 Amazon SNS 主题。您可以通过 Amazon SNS 策略、IAM policy 或两者来实现这一目标。有关更多信息,请参阅 Amazon Simple Notification Service 开发者指南中的 IAM 和 Amazon SNS 策略

注意

Security Hub CSPM 向任何订阅者发送有关 Security Hub CSPM 服务更新的亚马逊 SNS 公告。 Amazon Web Services 账户要接收有关 Security Hub CSPM 发现结果的通知,请参阅。在 Security Hub CSPM 中查看发现的详细信息和历史记录

您可以为 Amazon SNS 主题订阅 Amazon Simple Queue Service (Amazon SQS) 队列,但必须使用同一区域内的 Amazon SNS 主题 Amazon 资源名称(ARN)。有关更多信息,请参阅《亚马逊简单队列服务开发者指南》中的 “为队列订阅 Amazon SNS 主题。

您还可以使用 Amazon Lambda 函数在收到通知时调用事件。有关更多信息,包括示例函数代码,请参阅Amazon Lambda 开发者指南中的教程: Amazon Lambda 与 Amazon 简单通知服务一起使用

每个区域的 Amazon SNS 主题 ARNs 如下。

Amazon Web Services 区域 Amazon SNS 主题 ARN
美国东部(俄亥俄州) arn:aws:sns:us-east-2:291342846459:SecurityHubAnnouncements
美国东部(弗吉尼亚州北部) arn:aws:sns:us-east-1:088139225913:SecurityHubAnnouncements
美国西部(加利福尼亚北部) arn:aws:sns:us-west-1:137690824926:SecurityHubAnnouncements
美国西部(俄勒冈州) arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements
非洲(开普敦) arn:aws:sns:af-south-1:463142546776:SecurityHubAnnouncements
亚太地区(香港) arn:aws:sns:ap-east-1:464812404305:SecurityHubAnnouncements
亚太地区(海得拉巴) arn:aws:sns:ap-south-2:849907286123:SecurityHubAnnouncements
亚太地区(雅加达) arn:aws:sns:ap-southeast-3:627843640627:SecurityHubAnnouncements
亚太地区(孟买) arn:aws:sns:ap-south-1:707356269775:SecurityHubAnnouncements
亚太地区(大阪) arn:aws:sns:ap-northeast-3:633550238216:SecurityHubAnnouncements
亚太地区(首尔) arn:aws:sns:ap-northeast-2:374299265323:SecurityHubAnnouncements
亚太地区(新加坡) arn:aws:sns:ap-southeast-1:512267288502:SecurityHubAnnouncements
亚太地区(悉尼) arn:aws:sns:ap-southeast-2:475730049140:SecurityHubAnnouncements
亚太地区(东京) arn:aws:sns:ap-northeast-1:592469075483:SecurityHubAnnouncements
加拿大(中部) arn:aws:sns:ca-central-1:137749997395:SecurityHubAnnouncements
中国(北京) arn:aws-cn:sns:cn-north-1:672341567257:SecurityHubAnnouncements
中国(宁夏) arn:aws-cn:sns:cn-northwest-1:672534482217:SecurityHubAnnouncements
欧洲地区(法兰克福) arn:aws:sns:eu-central-1:871975303681:SecurityHubAnnouncements
欧洲地区(爱尔兰) arn:aws:sns:eu-west-1:705756202095:SecurityHubAnnouncements
欧洲地区(伦敦) arn:aws:sns:eu-west-2:883600840440:SecurityHubAnnouncements
欧洲地区(米兰) arn:aws:sns:eu-south-1:151363035580:SecurityHubAnnouncements
欧洲地区(巴黎) arn:aws:sns:eu-west-3:313420042571:SecurityHubAnnouncements
欧洲地区(西班牙) arn:aws:sns:eu-south-2:777487947751:SecurityHubAnnouncements
欧洲地区(斯德哥尔摩) arn:aws:sns:eu-north-1:191971010772:SecurityHubAnnouncements
欧洲(苏黎世) arn:aws:sns:eu-central-2:704347005078:SecurityHubAnnouncements
以色列(特拉维夫) arn:aws:sns:il-central-1:726652212146:SecurityHubAnnouncements
中东(巴林) arn:aws:sns:me-south-1:585146626860:SecurityHubAnnouncements
中东(阿联酋) arn:aws:sns:me-central-1:431548502100:SecurityHubAnnouncements
南美洲(圣保罗) arn:aws:sns:sa-east-1:359811883282:SecurityHubAnnouncements
Amazon GovCloud (美国东部) arn:aws-us-gov:sns:us-gov-east-1:239368469855:SecurityHubAnnouncements
Amazon GovCloud (美国西部) arn:aws-us-gov:sns:us-gov-west-1:239334163374:SecurityHubAnnouncements

分区内各区域的消息通常相同,因此您可以订阅每个分区中的一个区域,以接收影响该分区中所有区域的公告。与成员账户关联的公告不会复制到管理员账户中。因此,每个账户(包括管理员账户)将只有一份每份公告的副本。你可以决定要使用哪个账户来订阅 Security Hub CSPM 公告。

有关订阅 Security Hub CSPM 公告的费用信息,请参阅亚马逊 SNS 定价。

订阅 Security Hub CSPM 公告(控制台)

  1. 在 v3/home 上打开亚马逊 SNS 控制台。https://console.aws.amazon.com/sns/

  2. 在区域列表中,选择您要订阅 Security Hub CSPM 公告的区域。此示例使用us-west-2区域。

  3. 在导航窗格中,选择订阅,然后选择创建订阅

  4. 主题 ARN 框中,输入主题 ARN。例如 arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements

  5. 对于协议,请选择您希望如何接收 Security Hub CSPM 公告。如果您选择电子邮件,请在端点中输入要用于接收公告的电子邮件地址。

  6. 选择创建订阅

  7. 确认订阅。例如,如果您选择电子邮件协议,Amazon SNS 会向您提供的电子邮件发送一条订阅确认消息。

订阅 Security Hub CSPM 公告 ()Amazon CLI

  1. 运行以下命令:

     aws  sns --region us-west-2 subscribe --topic-arn arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements --protocol email --notification-endpoint your_email@your_domain.com

  2. 确认订阅。例如,如果您选择电子邮件协议,Amazon SNS 会向您提供的电子邮件发送一条订阅确认消息。

Amazon SNS 消息格式

以下示例显示了 Amazon SNS 发布的 Security Hub CSPM 关于引入新安全控制措施的公告。消息内容因公告类型而异,但所有公告类型的格式都相同。可选择包含一个 Link 字段,提供有关公告的详细信息。

示例:Security Hub CSPM 关于新控件(电子邮件协议)的公告

{
"AnnouncementType":"NEW_STANDARDS_CONTROLS",
"Title":"[New Controls] 36 new Security Hub CSPM controls added to the Amazon Foundational Security Best Practices standard",
"Description":"We have added 36 new controls to the Amazon Foundational Security Best Practices standard. These include controls for Amazon Auto Scaling (AutoScaling.3, AutoScaling.4, AutoScaling.6), Amazon CloudFormation (CloudFormation.1), Amazon CloudFront (CloudFront.10), Amazon Elastic Compute Cloud (Amazon EC2) (EC2.23, EC2.24, EC2.27), Amazon Elastic Container Registry (Amazon ECR) (ECR.1, ECR.2), Amazon Elastic Container Service (Amazon ECS) (ECS.3, ECS.4, ECS.5, ECS.8, ECS.10, ECS.12), Amazon Elastic File System (Amazon EFS) (EFS.3, EFS.4), Amazon Elastic Kubernetes Service (Amazon EKS) (EKS.2), Elastic Load Balancing (ELB.12, ELB.13, ELB.14), Amazon Kinesis (Kinesis.1), Amazon Network Firewall (NetworkFirewall.3, NetworkFirewall.4, NetworkFirewall.5), Amazon OpenSearch Service (OpenSearch.7), Amazon Redshift (Redshift.9), 
Amazon Simple Storage Service (Amazon S3) (S3.13), Amazon Simple Notification Service (SNS.2), Amazon WAF (WAF.2, WAF.3, WAF.4, WAF.6, WAF.7, WAF.8). If you enabled the Amazon Foundational Security Best Practices standard in an account and configured Security Hub CSPM to automatically enable new controls, these controls are enabled by default. Availability of controls can vary by Region. "
}

示例:Security Hub CSPM 关于新控件的公告(电子邮件-JSON 协议)

{
  "Type" : "Notification",
  "MessageId" : "d124c9cf-326a-5931-9263-92a92e7af49f",
  "TopicArn" : "arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements",
  "Message" : "{\"AnnouncementType\":\"NEW_STANDARDS_CONTROLS\",\"Title\":\"[New Controls] 36 new Security Hub CSPM controls added to the Amazon Foundational Security Best Practices standard\",\"Description\":\"We have added 36 new controls to the Amazon Foundational Security Best Practices standard. These include controls for Amazon Auto Scaling (AutoScaling.3, AutoScaling.4, AutoScaling.6), Amazon CloudFormation (CloudFormation.1), Amazon CloudFront (CloudFront.10), Amazon Elastic Compute Cloud (Amazon EC2) (EC2.23, EC2.24, EC2.27), Amazon Elastic Container Registry (Amazon ECR) (ECR.1, ECR.2), Amazon Elastic Container Service (Amazon ECS) (ECS.3, ECS.4, ECS.5, ECS.8, ECS.10, ECS.12), Amazon Elastic File System (Amazon EFS) (EFS.3, EFS.4), Amazon Elastic Kubernetes Service (Amazon EKS) (EKS.2), Elastic Load Balancing (ELB.12, ELB.13, ELB.14), Amazon Kinesis (Kinesis.1), Amazon Network Firewall (NetworkFirewall.3, NetworkFirewall.4, NetworkFirewall.5), Amazon OpenSearch Service (OpenSearch.7), Amazon Redshift (Redshift.9), 
Amazon Simple Storage Service (Amazon S3) (S3.13), Amazon Simple Notification Service (SNS.2), Amazon WAF (WAF.2, WAF.3, WAF.4, WAF.6, WAF.7, WAF.8). If you enabled the Amazon Foundational Security Best Practices standard in an account and configured SSecurity Hub CSPM to automatically enable new controls, these controls are enabled by default. Availability of controls can vary by Region. \"}",
  "Timestamp" : "2022-08-04T19:11:12.652Z",
  "SignatureVersion" : "1",
  "Signature" : "HTHgNFRYMetCvisulgLM4CVySvK9qCXFPHQDxYl9tuCFQuIrd7YO4m4YFR28XKMgzqrF20YP+EilipUm2SOTpEEtOTekU5bn74+YmNZfwr4aPFx0vUuQCVOshmHl37hjkiLjhCg/t53QQiLfP7MH+MTXIUPR37k5SuFCXvjpRQ8ynV532AH3Wpv0HmojDLMg+eg51V1fUsOG8yiJVCBEJhJ1yS+gkwJdhRk2UQab9RcAmE6COK3hRWcjDwqTXz5nR6Ywv1ZqZfLIl7gYKslt+jsyd/k+7kOqGmOJRDr7qhE7H+7vaGRLOptsQnbW8VmeYnDbahEO8FV+Mp1rpV+7Qg==",
  "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-56e67fcb41f6fec09b0196692625d385.pem",
  "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements:9d0230d7-d582-451d-9f15-0c32818bf61f"
}