本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AwsEc2 ASFF 中的资源
以下是AwsEc2资源 AWS 的安全调查结果格式 (ASFF) 语法的示例。
AWS Security Hub CSPM 将各种来源的发现标准化为 ASFF。有关 ASFF 的背景信息,请参阅 AWS 安全调查结果格式 (ASFF)。
AwsEc2ClientVpnEndpoint
该AwsEc2ClientVpnEndpoint对象提供有关 AWS Client VPN 端点的信息。客户端 VPN 端点是您创建并配置以用于启用和管理客户端 VPN 会话的资源。这是所有 Client VPN 会话的终止点。
以下示例显示了AwsEc2ClientVpnEndpoint对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2ClientVpnEndpoint 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2ClientVpnEndpointDetails。
示例
"AwsEc2ClientVpnEndpoint": { "AuthenticationOptions": [ { "MutualAuthentication": { "ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Type": "certificate-authentication" } ], "ClientCidrBlock": "10.0.0.0/22", "ClientConnectOptions": { "Enabled": false }, "ClientLoginBannerOptions": { "Enabled": false }, "ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5", "ConnectionLogOptions": { "Enabled": false }, "Description": "test", "DnsServer": ["10.0.0.0"], "ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SecurityGroupIdSet": [ "sg-0f7a177b82b443691" ], "SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5", "SessionTimeoutHours": 24, "SplitTunnel": false, "TransportProtocol": "udp", "VpcId": "vpc-1a2b3c4d5e6f1a2b3", "VpnPort": 443 }
AwsEc2Eip
AwsEc2Eip 对象提供有关弹性 IP 地址的信息。
以下示例显示了AwsEc2Eip对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2Eip 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2EipDetails。
示例
"AwsEc2Eip": { "InstanceId": "instance1", "PublicIp": "192.0.2.04", "AllocationId": "eipalloc-example-id-1", "AssociationId": "eipassoc-example-id-1", "Domain": "vpc", "PublicIpv4Pool": "anycompany", "NetworkBorderGroup": "eu-central-1", "NetworkInterfaceId": "eni-example-id-1", "NetworkInterfaceOwnerId": "777788889999", "PrivateIpAddress": "192.0.2.03" }
AwsEc2Instance
AwsEc2Instance 对象提供有关 Amazon EC2 实例的详细信息。
以下示例显示了AwsEc2Instance对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2Instance 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2InstanceDetails。
示例
"AwsEc2Instance": { "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole", "ImageId": "ami-1234", "IpV4Addresses": [ "1.1.1.1" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "LaunchedAt": "2018-05-08T16:46:19.000Z", "MetadataOptions": { "HttpEndpoint": "enabled", "HttpProtocolIpv6": "enabled", "HttpPutResponseHopLimit": 1, "HttpTokens": "optional", "InstanceMetadataTags": "disabled", }, "Monitoring": { "State": "disabled" }, "NetworkInterfaces": [ { "NetworkInterfaceId": "eni-e5aa89a3" } ], "SubnetId": "subnet-123", "Type": "i3.xlarge", "VpcId": "vpc-123" }
AwsEc2LaunchTemplate
AwsEc2LaunchTemplate 对象包含有关指定实例配置信息的 Amazon Elastic Compute Cloud 启动模板的详细信息。
以下示例显示了AwsEc2LaunchTemplate对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2LaunchTemplate 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2LaunchTemplateDetails。
示例
"AwsEc2LaunchTemplate": { "DefaultVersionNumber": "1", "ElasticGpuSpecifications": ["string"], "ElasticInferenceAccelerators": ["string"], "Id": "lt-0a16e9802800bdd85", "ImageId": "ami-0d5eff06f840b45e9", "LatestVersionNumber": "1", "LaunchTemplateData": { "BlockDeviceMappings": [{ "DeviceName": "/dev/xvda", "Ebs": { "DeleteonTermination": true, "Encrypted": true, "SnapshotId": "snap-01047646ec075f543", "VolumeSize": 8, "VolumeType:" "gp2" } }], "MetadataOptions": { "HttpTokens": "enabled", "HttpPutResponseHopLimit" : 1 }, "Monitoring": { "Enabled": true, "NetworkInterfaces": [{ "AssociatePublicIpAddress" : true, }], "LaunchTemplateName": "string", "LicenseSpecifications": ["string"], "SecurityGroupIds": ["sg-01fce87ad6e019725"], "SecurityGroups": ["string"], "TagSpecifications": ["string"] }
AwsEc2NetworkAcl
AwsEc2NetworkAcl 对象包含有关 Amazon EC2 网络访问控制列表(ACL)的详细信息。
以下示例显示了AwsEc2NetworkAcl对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2NetworkAcl 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2NetworkAclDetails。
示例
"AwsEc2NetworkAcl": { "IsDefault": false, "NetworkAclId": "acl-1234567890abcdef0", "OwnerId": "123456789012", "VpcId": "vpc-1234abcd", "Associations": [{ "NetworkAclAssociationId": "aclassoc-abcd1234", "NetworkAclId": "acl-021345abcdef6789", "SubnetId": "subnet-abcd1234" }], "Entries": [{ "CidrBlock": "10.24.34.0/23", "Egress": true, "IcmpTypeCode": { "Code": 10, "Type": 30 }, "Ipv6CidrBlock": "2001:DB8::/32", "PortRange": { "From": 20, "To": 40 }, "Protocol": "tcp", "RuleAction": "allow", "RuleNumber": 100 }] }
AwsEc2NetworkInterface
AwsEc2NetworkInterface 对象提供有关 Amazon EC2 网络接口的信息。
以下示例显示了AwsEc2NetworkInterface对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2NetworkInterface 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2NetworkInterfaceDetails。
示例
"AwsEc2NetworkInterface": { "Attachment": { "AttachTime": "2019-01-01T03:03:21Z", "AttachmentId": "eni-attach-43348162", "DeleteOnTermination": true, "DeviceIndex": 123, "InstanceId": "i-1234567890abcdef0", "InstanceOwnerId": "123456789012", "Status": 'ATTACHED' }, "SecurityGroups": [ { "GroupName": "my-security-group", "GroupId": "sg-903004f8" }, ], "NetworkInterfaceId": 'eni-686ea200', "SourceDestCheck": false }
AwsEc2RouteTable
AwsEc2RouteTable 对象提供有关 Amazon EC2 路由表的信息。
以下示例显示了AwsEc2RouteTable对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2RouteTable 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2RouteTableDetails。
示例
"AwsEc2RouteTable": { "AssociationSet": [{ "AssociationSet": { "State": "associated" }, "Main": true, "RouteTableAssociationId": "rtbassoc-08e706c45de9f7512", "RouteTableId": "rtb-0a59bde9cf2548e34", }], "PropogatingVgwSet": [], "RouteTableId": "rtb-0a59bde9cf2548e34", "RouteSet": [ { "DestinationCidrBlock": "10.24.34.0/23", "GatewayId": "local", "Origin": "CreateRouteTable", "State": "active" }, { "DestinationCidrBlock": "10.24.34.0/24", "GatewayId": "igw-0242c2d7d513fc5d3", "Origin": "CreateRoute", "State": "active" } ], "VpcId": "vpc-0c250a5c33f51d456" }
AwsEc2SecurityGroup
AwsEc2SecurityGroup 对象描述 Amazon EC2 安全组。
以下示例显示了AwsEc2SecurityGroup对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2SecurityGroup 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2SecurityGroupDetails。
示例
"AwsEc2SecurityGroup": { "GroupName": "MySecurityGroup", "GroupId": "sg-903004f8", "OwnerId": "123456789012", "VpcId": "vpc-1a2b3c4d", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "UserIdGroupPairs": [ { "UserId": "123456789012", "GroupId": "sg-903004f8" } ], "PrefixListIds": [ {"PrefixListId": "pl-63a5400a"} ] }, { "PrefixListIds": [], "FromPort": 22, "IpRanges": [ { "CidrIp": "203.0.113.0/24" } ], "ToPort": 22, "IpProtocol": "tcp", "UserIdGroupPairs": [] } ] }
AwsEc2Subnet
AwsEc2Subnet 对象提供有关 Amazon EC2 中子网的信息。
以下示例显示了AwsEc2Subnet对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2Subnet 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2SubnetDetails。
示例
AwsEc2Subnet: { "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "us-west-2c", "AvailabilityZoneId": "usw2-az3", "AvailableIpAddressCount": 8185, "CidrBlock": "10.0.0.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "OwnerId": "123456789012", "State": "available", "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93", "SubnetId": "subnet-d5436c93", "VpcId": "vpc-153ade70", "Ipv6CidrBlockAssociationSet": [{ "AssociationId": "subnet-cidr-assoc-EXAMPLE", "Ipv6CidrBlock": "2001:DB8::/32", "CidrBlockState": "associated" }] }
AwsEc2TransitGateway
AwsEc2TransitGateway 对象提供有关互连虚拟私有云(VPC)和本地网络的 Amazon EC2 中转网关的详细信息。
以下是 AWS 安全AwsEc2TransitGateway调查结果格式 (ASFF) 中的示例发现。要查看 AwsEc2TransitGateway 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2TransitGatewayDetails。
示例
"AwsEc2TransitGateway": { "AmazonSideAsn": 65000, "AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "AutoAcceptSharedAttachments": "disable", "DefaultRouteTableAssociation": "enable", "DefaultRouteTablePropagation": "enable", "Description": "sample transit gateway", "DnsSupport": "enable", "Id": "tgw-042ae6bf7a5c126c3", "MulticastSupport": "disable", "PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "TransitGatewayCidrBlocks": ["10.0.0.0/16"], "VpnEcmpSupport": "enable" }
AwsEc2Volume
AwsEc2Volume 对象提供有关 Amazon EC2 卷的详细信息。
以下示例显示了AwsEc2Volume对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2Volume 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2VolumeDetails。
示例
"AwsEc2Volume": { "Attachments": [ { "AttachTime": "2017-10-17T14:47:11Z", "DeleteOnTermination": true, "InstanceId": "i-123abc456def789g", "Status": "attached" } ], "CreateTime": "2020-02-24T15:54:30Z", "Encrypted": true, "KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Size": 80, "SnapshotId": "", "Status": "available" }
AwsEc2Vpc
AwsEc2Vpc 对象提供有关 Amazon EC2 VPC 的详细信息。
以下示例显示了AwsEc2Vpc对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2Vpc 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2VpcDetails。
示例
"AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlock": "192.0.2.0/24", "CidrBlockState": "associated" } ], "DhcpOptionsId": "dopt-4e42ce28", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlockState": "associated", "Ipv6CidrBlock": "192.0.2.0/24" } ], "State": "available" }
AwsEc2VpcEndpointService
AwsEc2VpcEndpointService 对象包含有关 VPC 端点服务的服务配置的详细信息。
以下示例显示了AwsEc2VpcEndpointService对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2VpcEndpointService 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2VpcEndpointServiceDetails。
示例
"AwsEc2VpcEndpointService": { "ServiceType": [ { "ServiceType": "Interface" } ], "ServiceId": "vpce-svc-example1", "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1", "ServiceState": "Available", "AvailabilityZones": [ "us-east-1" ], "AcceptanceRequired": true, "ManagesVpcEndpoints": false, "NetworkLoadBalancerArns": [ "arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1" ], "GatewayLoadBalancerArns": [], "BaseEndpointDnsNames": [ "vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com" ], "PrivateDnsName": "my-private-dns" }
AwsEc2VpcPeeringConnection
AwsEc2VpcPeeringConnection 对象提供有关两个 VPC 之间网络连接的详细信息。
以下示例显示了AwsEc2VpcPeeringConnection对象 AWS 的安全调查结果格式 (ASFF)。要查看 AwsEc2VpcPeeringConnection 属性的描述,请参阅 AWS Security Hub API 参考中的 AwsEc2VpcPeeringConnectionDetails。
示例
"AwsEc2VpcPeeringConnection": { "AccepterVpcInfo": { "CidrBlock": "10.0.0.0/28", "CidrBlockSet": [{ "CidrBlock": "10.0.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "ExpirationTime": "2022-02-18T15:31:53.161Z", "RequesterVpcInfo": { "CidrBlock": "192.168.0.0/28", "CidrBlockSet": [{ "CidrBlock": "192.168.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "Status": { "Code": "initiating-request", "Message": "Active" }, "VpcPeeringConnectionId": "pcx-1a2b3c4d" }
