本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# Verified Access 日志
AWS Verified Access 评估每个访问请求后,它会记录所有访问尝试。这提供了对应用程序访问的集中可见性,并有助于您快速响应安全事件和审核请求。Verified Access 支持开放式网络安全架构框架 (OCSF) 日志记录格式。
启用日志记录后,您需要配置将日志发送到的目标。用于配置日志记录目标的 IAM 主体需要具有一定的权限才能使日志记录正常工作。可以在 [Verified Access 日志记录权限](access-logs-permissions.md) 部分中查看每个日志记录目的地的必需 IAM 权限。Verified Access 支持将访问日志发布到以下目的地:
+ Amazon Log CloudWatch s 日志组
+ Amazon S3 存储桶
+ Amazon Data Firehose 传输流
**Topics**
+ [Verified Access 日志记录版本](logging-versions.md)
+ [Verified Access 日志记录权限](access-logs-permissions.md)
+ [启用或禁用 Verified Access 日志](access-logs-enable.md)
+ [启用或禁用 Verified Access 信任上下文](include-trust-context.md)
+ [Verified Access 的 OCSF 版本 0.1 日志示例](ocsfv01-examples.md)
+ [Verified Access 的 OCSF 版本 1.0.0-rc.2 日志示例](ocsfv1-examples.md)
# Verified Access 日志记录版本
默认情况下,Verified Access 日志记录系统使用开放式网络安全架构框架 (OCSF) 版本 0.1。有关使用 0.1 版的示例日志,请参阅[Verified Access 的 OCSF 版本 0.1 日志示例](ocsfv01-examples.md)。
最新的日志记录版本与 OCSF 版本 1.0.0-rc.2 兼容。有关架构的更多信息,请参阅 [OCSF 架构](https://schema.ocsf.io/1.0.0-rc.2/classes/access_activity)。有关使用 1.0.0-rc.2 版本的示例日志,请参阅。[Verified Access 的 OCSF 版本 1.0.0-rc.2 日志示例](ocsfv1-examples.md)
请注意,如果已验证访问端点使用 TCP 协议,则无法使用 OCSF 版本 0.1。
**使用控制台升级日志记录版本**
1. 打开位于 [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/) 的 Amazon VPC 控制台。
1. 在导航窗格中,选择 **Verified Access 实例**。
1. 选择适当的 Verified Access 实例。
1. 在 **Verified Access 实例日志记录配置**选项卡上,选择**修改 Verified Access 实例日志记录配置**。
1. 从**更新日志版本**下拉列表中选择 **ocsf-1.0.0-rc.2**。
1. 选择**修改 Verified Access 实例日志记录配置**。
**要升级日志版本,请使用 AWS CLI**
使用-loggin [modify-verified-access-instanceg-](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-verified-access-instance-logging-configuration.html) configuration 命令。
# Verified Access 日志记录权限
用于配置日志记录目标的 IAM 主体需要具有一定的权限才能使日志记录正常工作。以下部分显示了每个日志记录目标所需的权限。
**要发送到 CloudWatch 日志,请执行以下操作:**
+ 对 Verified Access 实例的 `ec2:ModifyVerifiedAccessInstanceLoggingConfiguration`
+ 对所有资源的 `logs:CreateLogDelivery`、`logs:DeleteLogDelivery`、`logs:GetLogDelivery`、`logs:ListLogDeliveries` 和 `logs:UpdateLogDelivery`
+ 对目的地日志组的 `logs:DescribeLogGroups`、`logs:DescribeResourcePolicies` 和 `logs:PutResourcePolicy`
**对于传输到 Amazon S3:**
+ 对 Verified Access 实例的 `ec2:ModifyVerifiedAccessInstanceLoggingConfiguration`
+ 对所有资源的 `logs:CreateLogDelivery`、`logs:DeleteLogDelivery`、`logs:GetLogDelivery`、`logs:ListLogDeliveries` 和 `logs:UpdateLogDelivery`
+ 对目的地存储桶的 `s3:GetBucketPolicy` 和 `s3:PutBucketPolicy`
**对于传输到 Firehose:**
+ 对 Verified Access 实例的 `ec2:ModifyVerifiedAccessInstanceLoggingConfiguration`
+ 对所有资源的 `firehose:TagDeliveryStream`
+ 对所有资源的 `iam:CreateServiceLinkedRole`
+ 对所有资源的 `logs:CreateLogDelivery`、`logs:DeleteLogDelivery`、`logs:GetLogDelivery`、`logs:ListLogDeliveries` 和 `logs:UpdateLogDelivery`
# 启用或禁用 Verified Access 日志
您可以使用本节中的过程启用或禁用日志记录。启用日志记录后,您需要配置将日志发送到的目标。用于配置日志记录目标的 IAM 主体需要具有一定的权限才能使日志记录正常工作。可以在 [Verified Access 日志记录权限](access-logs-permissions.md) 部分中查看每个日志记录目的地的必需 IAM 权限。
**Topics**
+ [启用访问日志](#enable-access-logs)
+ [禁用访问日志](#disable-access-logs)
## 启用访问日志
**启用已验证访问日志**
1. 打开位于 [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/) 的 Amazon VPC 控制台。
1. 在导航窗格中,选择 **Verified Access 实例**。
1. 选择 Verified Access 实例。
1. 在 **Verified Access 实例日志记录配置**选项卡上,选择**修改 Verified Access 实例日志记录配置**。
1. (可选)要在日志中包含从信任提供商发送的信任数据,请执行以下操作:
1. 从**更新日志版本**下拉列表中选择 **ocsf-1.0.0-rc.2**。
1. 选择**包括信任上下文**。
1. 请执行以下操作之一:
+ 打开 “**传送到 Amazon CloudWatch 日志**”。选择目的地日志组。
+ 开启**传输到 Amazon S3**。输入目的地存储桶的名称、所有者和前缀。
+ 打开**传输到 Firehose**。创建目的地传输流。
1. 选择**修改 Verified Access 实例日志记录配置**。
**要启用已验证访问日志,请使用 AWS CLI**
使用-loggin [modify-verified-access-instanceg-](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-verified-access-instance-logging-configuration.html) configuration 命令。
## 禁用访问日志
您可以随时禁用 Verified Access 实例的访问日志。禁用访问日志后,日志数据将保留在日志目的地,直到您将其删除。
**禁用已验证访问日志**
1. 打开位于 [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/) 的 Amazon VPC 控制台。
1. 在导航窗格中,选择 **Verified Access 实例**。
1. 选择 Verified Access 实例。
1. 在 **Verified Access 实例日志记录配置**选项卡上,选择**修改 Verified Access 实例日志记录配置**。
1. 关闭日志传输。
1. 选择**修改 Verified Access 实例日志记录配置**。
**要禁用已验证的访问日志,请使用 AWS CLI**
使用-loggin [modify-verified-access-instanceg-](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-verified-access-instance-logging-configuration.html) configuration 命令。
# 启用或禁用 Verified Access 信任上下文
可以选择性地启用信任提供商发送的信任上下文,以包含在 Verified Access 日志中。在定义允许或拒绝访问应用程序的策略时,这可能很有用。启用后,可在日志的 `data` 字段下找到信任上下文。如果禁用信任上下文,则 `data` 字段将设置为 `null`。要将 Verified Access 配置为在日志中包含信任上下文,请按照以下过程操作。
**注意**
在 Verified Access 日志中包含信任上下文需要升级到最新的日志记录版本 `ocsf-1.0.0-rc.2`。以下过程假定您已启用日志记录。如果不是这样,请参阅 [启用访问日志](access-logs-enable.md#enable-access-logs) 了解完整过程。
**Topics**
+ [启用信任上下文](#enable-trust-context)
+ [禁用信任上下文](#disable-trust-context)
## 启用信任上下文
**使用控制台在 Verified Access 日志中包含信任上下文**
1. 打开位于 [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/) 的 Amazon VPC 控制台。
1. 在导航窗格中,选择 **Verified Access 实例**。
1. 选择适当的 Verified Access 实例。
1. 在 **Verified Access 实例日志记录配置**选项卡上,选择**修改 Verified Access 实例日志记录配置**。
1. 从**更新日志版本**下拉列表中选择 **ocsf-1.0.0-rc.2**。
1. 开启**包括信任上下文**。
1. 选择**修改 Verified Access 实例日志记录配置**。
**要在已验证的访问权限日志中包含信任上下文,请使用 AWS CLI**
使用-loggin [modify-verified-access-instanceg-](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-verified-access-instance-logging-configuration.html) configuration 命令。
## 禁用信任上下文
如果您不想再在日志中包含信任上下文,可以按照以下过程操作,将其删除。
**使用控制台从 Verified Access 日志中删除信任上下文**
1. 打开位于 [https://console.aws.amazon.com/vpc/](https://console.aws.amazon.com/vpc/) 的 Amazon VPC 控制台。
1. 在导航窗格中,选择 **Verified Access 实例**。
1. 选择适当的 Verified Access 实例。
1. 在 **Verified Access 实例日志记录配置**选项卡上,选择**修改 Verified Access 实例日志记录配置**。
1. 关闭**包括信任上下文**。
1. 选择**修改 Verified Access 实例日志记录配置**。
**要从 “已验证访问权限” 日志中删除信任上下文,请使用 AWS CLI**
使用-loggin [modify-verified-access-instanceg-](https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-verified-access-instance-logging-configuration.html) configuration 命令。
# Verified Access 的 OCSF 版本 0.1 日志示例
以下是使用 OCSF 版本 0.1 的示例日志。
**Topics**
+ [通过 OIDC 授予访问权限](#access-granted-oidc)
+ [通过 OIDC 和 JAMF 授予访问权限](#access-granted-oidc-jamf)
+ [通过 OIDC 授予访问权限以及 CrowdStrike](#access-granted-oidc-crowdstrike)
+ [由于缺少 Cookie,访问被拒绝](#access-denied-cookie)
+ [访问被策略拒绝](#access-denied-policy)
+ [未知日志条目](#unknown-access)
## 通过 OIDC 授予访问权限
在此示例日志条目中,Verified Access 允许通过 OIDC 用户信任提供商访问端点。
```
{
"activity": "Access Granted",
"activity_id": "1",
"category_name": "Application Activity",
"category_uid": "8",
"class_name": "Access Logs",
"class_uid": "208001",
"device": {
"ip": "10.2.7.68",
"type": "Unknown",
"type_id": 0
},
"duration": "0.004",
"end_time": "1668580194344",
"time": "1668580194344",
"http_request": {
"http_method": "GET",
"url": {
"hostname": "hello.app.example.com",
"path": "/",
"port": 443,
"scheme": "https",
"text": "https://hello.app.example.com:443/"
},
"user_agent": "python-requests/2.28.1",
"version": "HTTP/1.1"
},
"http_response": {
"code": 200
},
"identity": {
"authorizations": [
{
"decision": "Allow",
"policy": {
"name": "inline"
}
}
],
"idp": {
"name": "user",
"uid": "vatp-09bc4cbce2EXAMPLE"
},
"user": {
"email_addr": "johndoe@example.com",
"name": "Test User Display",
"uid": "johndoe@example.com",
"uuid": "00u6wj48lbxTAEXAMPLE"
}
},
"message": "",
"metadata": {
"uid": "Root=1-63748362-6408d24241120b942EXAMPLE",
"logged_time": 1668580281337,
"version": "0.1",
"product": {
"name": "Verified Access",
"vendor_name": "AWS"
}
},
"ref_time": "2022-11-16T06:29:54.344948Z",
"proxy": {
"ip": "192.168.34.167",
"port": 443,
"svc_name": "Verified Access",
"uid": "vai-002fa341aeEXAMPLE"
},
"severity": "Informational",
"severity_id": "1",
"src_endpoint": {
"ip": "172.24.57.68",
"port": "48234"
},
"start_time": "1668580194340",
"status_code": "100",
"status_details": "Access Granted",
"status_id": "1",
"status": "Success",
"type_uid": "20800101",
"type_name": "AccessLogs: Access Granted",
"unmapped": null
}
```
## 通过 OIDC 和 JAMF 授予访问权限
在此示例日志条目中,Verified Access 允许通过 OIDC 和 JAMF 设备信任提供商访问端点。
```
{
"activity": "Access Granted",
"activity_id": "1",
"category_name": "Application Activity",
"category_uid": "8",
"class_name": "Access Logs",
"class_uid": "208001",
"device": {
"ip": "10.2.7.68",
"type": "Unknown",
"type_id": 0,
"uid": "41b07859-4222-4f41-f3b9-97dc1EXAMPLE"
},
"duration": "0.347",
"end_time": "1668804944086",
"time": "1668804944086",
"http_request": {
"http_method": "GET",
"url": {
"hostname": "hello.app.example.com",
"path": "/",
"port": 443,
"scheme": "h2",
"text": "https://hello.app.example.com:443/"
},
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
"version": "HTTP/2.0"
},
"http_response": {
"code": 304
},
"identity": {
"authorizations": [
{
"decision": "Allow",
"policy": {
"name": "inline"
}
}
],
"idp": {
"name": "oidc",
"uid": "vatp-9778003bc2EXAMPLE"
},
"user": {
"email_addr": "johndoe@example.com",
"name": "Test User Display",
"uid": "johndoe@example.com",
"uuid": "4f040d0f96becEXAMPLE"
}
},
"message": "",
"metadata": {
"uid": "Root=1-321318ce-6100d340adf4fb29dEXAMPLE",
"logged_time": 1668805278555,
"version": "0.1",
"product": {
"name": "Verified Access",
"vendor_name": "AWS"
}
},
"ref_time": "2022-11-18T20:55:44.086480Z",
"proxy": {
"ip": "10.5.192.96",
"port": 443,
"svc_name": "Verified Access",
"uid": "vai-3598f66575EXAMPLE"
},
"severity": "Informational",
"severity_id": "1",
"src_endpoint": {
"ip": "192.168.20.246",
"port": 61769
},
"start_time": "1668804943739",
"status_code": "100",
"status_details": "Access Granted",
"status_id": "1",
"status": "Success",
"type_uid": "20800101",
"type_name": "AccessLogs: Access Granted",
"unmapped": null
}
```
## 通过 OIDC 授予访问权限以及 CrowdStrike
在此示例日志条目中,Verified Access 允许通过 OIDC 和 CrowdStrike 设备信任提供商访问端点。
```
{
"activity": "Access Granted",
"activity_id": "1",
"category_name": "Application Activity",
"category_uid": "8",
"class_name": "Access Logs",
"class_uid": "208001",
"device": {
"ip": "10.2.173.3",
"os": {
"name": "Windows 11",
"type": "Windows",
"type_id": 100
},
"type": "Unknown",
"type_id": 0,
"uid": "122978434f65093aee5dfbdc0EXAMPLE",
"hw_info": {
"serial_number": "751432a1-d504-fd5e-010d-5ed11EXAMPLE"
}
},
"duration": "0.028",
"end_time": "1668816620842",
"time": "1668816620842",
"http_request": {
"http_method": "GET",
"url": {
"hostname": "test.app.example.com",
"path": "/",
"port": 443,
"scheme": "h2",
"text": "https://test.app.example.com:443/"
},
"user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
"version": "HTTP/2.0"
},
"http_response": {
"code": 304
},
"identity": {
"authorizations": [
{
"decision": "Allow",
"policy": {
"name": "inline"
}
}
],
"idp": {
"name": "oidc",
"uid": "vatp-506d9753f6EXAMPLE"
},
"user": {
"email_addr": "johndoe@example.com",
"name": "Test User Display",
"uid": "johndoe@example.com",
"uuid": "23bb45b16a389EXAMPLE"
}
},
"message": "",
"metadata": {
"uid": "Root=1-c16c5a65-b641e4056cc6cb0eeEXAMPLE",
"logged_time": 1668816977134,
"version": "0.1",
"product": {
"name": "Verified Access",
"vendor_name": "AWS"
}
},
"ref_time": "2022-11-19T00:10:20.842295Z",
"proxy": {
"ip": "192.168.144.62",
"port": 443,
"svc_name": "Verified Access",
"uid": "vai-2f80f37e64EXAMPLE"
},
"severity": "Informational",
"severity_id": "1",
"src_endpoint": {
"ip": "10.14.173.3",
"port": 55706
},
"start_time": "1668816620814",
"status_code": "100",
"status_details": "Access Granted",
"status_id": "1",
"status": "Success",
"type_uid": "20800101",
"type_name": "AccessLogs: Access Granted",
"unmapped": null
}
```
## 由于缺少 Cookie,访问被拒绝
在此示例日志条目中,由于缺少身份验证 Cookie,Verified Access 拒绝访问。
```
{
"activity": "Access Denied",
"activity_id": "2",
"category_name": "Application Activity",
"category_uid": "8",
"class_name": "Access Logs",
"class_uid": "208001",
"device": null,
"duration": "0.0",
"end_time": "1668593568259",
"time": "1668593568259",
"http_request": {
"http_method": "POST",
"url": {
"hostname": "hello.app.example.com",
"path": "/dns-query",
"port": 443,
"scheme": "h2",
"text": "https://hello.app.example.com:443/dns-query"
},
"user_agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML",
"version": "HTTP/2.0"
},
"http_response": {
"code": 302
},
"identity": null,
"message": "",
"metadata": {
"uid": "Root=1-5cf1c832-a565309ce20cc7dafEXAMPLE",
"logged_time": 1668593776720,
"version": "0.1",
"product": {
"name": "Verified Access",
"vendor_name": "AWS"
}
},
"ref_time": "2022-11-16T10:12:48.259762Z",
"proxy": {
"ip": "192.168.34.167",
"port": 443,
"svc_name": "Verified Access",
"uid": "vai-108ed7a672EXAMPLE"
},
"severity": "Informational",
"severity_id": "1",
"src_endpoint": {
"ip": "10.7.178.16",
"port": "46246"
},
"start_time": "1668593568258",
"status_code": "200",
"status_details": "Authentication Denied",
"status_id": "2",
"status": "Failure",
"type_uid": "20800102",
"type_name": "AccessLogs: Access Denied",
"unmapped": null
}
```
## 访问被策略拒绝
在此示例日志条目中,Verified Access 拒绝了一个经过身份验证的请求,因为访问策略不允许该请求。
```
{
"activity": "Access Denied",
"activity_id": "2",
"category_name": "Application Activity",
"category_uid": "8",
"class_name": "Access Logs",
"class_uid": "208001",
"device": {
"ip": "10.4.133.137",
"type": "Unknown",
"type_id": 0
},
"duration": "0.023",
"end_time": "1668573630978",
"time": "1668573630978",
"http_request": {
"http_method": "GET",
"url": {
"hostname": "hello.app.example.com",
"path": "/",
"port": 443,
"scheme": "h2",
"text": "https://hello.app.example.com:443/"
},
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
"version": "HTTP/2.0"
},
"http_response": {
"code": 401
},
"identity": {
"authorizations": [],
"idp": {
"name": "user",
"uid": "vatp-e048b3e0f8EXAMPLE"
},
"user": {
"email_addr": "johndoe@example.com",
"name": "Test User Display",
"uid": "johndoe@example.com",
"uuid": "0e1281ad3580aEXAMPLE"
}
},
"message": "",
"metadata": {
"uid": "Root=1-531a036a-09e95794c7b96aefbEXAMPLE",
"logged_time": 1668573773753,
"version": "0.1",
"product": {
"name": "Verified Access",
"vendor_name": "AWS"
}
},
"ref_time": "2022-11-16T04:40:30.978732Z",
"proxy": {
"ip": "3.223.34.167",
"port": 443,
"svc_name": "Verified Access",
"uid": "vai-021d5eaed2EXAMPLE"
},
"severity": "Informational",
"severity_id": "1",
"src_endpoint": {
"ip": "10.4.133.137",
"port": "31746"
},
"start_time": "1668573630955",
"status_code": "300",
"status_details": "Authorization Denied",
"status_id": "2",
"status": "Failure",
"type_uid": "20800102",
"type_name": "AccessLogs: Access Denied",
"unmapped": null
}
```
## 未知日志条目
在此示例日志条目中,Verified Access 无法生成完整的日志条目,因此它会发出未知的日志条目。这可以确保每个请求都出现在访问日志中。
```
{
"activity": "Unknown",
"activity_id": "0",
"category_name": "Application Activity",
"category_uid": "8",
"class_name": "Access Logs",
"class_uid": "208001",
"device": null,
"duration": "0.004",
"end_time": "1668580207898",
"time": "1668580207898",
"http_request": {
"http_method": "GET",
"url": {
"hostname": "hello.app.example.com",
"path": "/",
"port": 443,
"scheme": "https",
"text": "https://hello.app.example.com:443/"
},
"user_agent": "python-requests/2.28.1",
"version": "HTTP/1.1"
},
"http_response": {
"code": 200
},
"identity": null,
"message": "",
"metadata": {
"uid": "Root=1-435eb955-6b5a1d529343f5adaEXAMPLE",
"logged_time": 1668580579147,
"version": "0.1",
"product": {
"name": "Verified Access",
"vendor_name": "AWS"
}
},
"ref_time": "2022-11-16T06:30:07.898344Z",
"proxy": {
"ip": "10.1.34.167",
"port": 443,
"svc_name": "Verified Access",
"uid": "vai-6c32b53b3cEXAMPLE"
},
"severity": "Informational",
"severity_id": "1",
"src_endpoint": {
"ip": "172.28.57.68",
"port": "47220"
},
"start_time": "1668580207893",
"status_code": "000",
"status_details": "Unknown",
"status_id": "0",
"status": "Unknown",
"type_uid": "20800100",
"type_name": "AccessLogs: Unknown",
"unmapped": null
}
```
# Verified Access 的 OCSF 版本 1.0.0-rc.2 日志示例
以下是使用 OCSF 版本 1.0.0-rc.2 的示例日志。
**Topics**
+ [在包含信任上下文的情况下授予访问权限](#ocsfv1-with-trust)
+ [在忽略信任上下文的情况下授予访问权限](#ocsfv1-without-trust)
+ [使用网络 CIDR 端点分配权限](#ocsfv1-with-tcp)
## 在包含信任上下文的情况下授予访问权限
```
{
"activity_name": "Access Grant",
"activity_id": "1",
"actor": {
"authorizations": [{
"decision": "Allow",
"policy": {
"name": "inline"
}
}],
"idp": {
"name": "user",
"uid": "vatp-09bc4cbce2EXAMPLE"
},
"invoked_by": "",
"process": {},
"user": {
"email_addr": "johndoe@example.com",
"name": "Test User Display",
"uid": "johndoe@example.com",
"uuid": "00u6wj48lbxTAEXAMPLE"
},
"session": {}
},
"category_name": "Audit Activity",
"category_uid": "3",
"class_name": "Access Activity",
"class_uid": "3006",
"device": {
"ip": "10.2.7.68",
"type": "Unknown",
"type_id": 0
},
"duration": "0.004",
"end_time": "1668580194344",
"time": "1668580194344",
"http_request": {
"http_method": "GET",
"url": {
"hostname": "hello.app.example.com",
"path": "/",
"port": 443,
"scheme": "https",
"text": "https://hello.app.example.com:443/"
},
"user_agent": "python-requests/2.28.1",
"version": "HTTP/1.1"
},
"http_response": {
"code": 200
},
"message": "",
"metadata": {
"uid": "Root=1-63748362-6408d24241120b942EXAMPLE",
"logged_time": 1668580281337,
"version": "1.0.0-rc.2",
"product": {
"name": "Verified Access",
"vendor_name": "AWS"
}
},
"ref_time": "2022-11-16T06:29:54.344948Z",
"proxy": {
"ip": "192.168.34.167",
"port": 443,
"svc_name": "Verified Access",
"uid": "vai-002fa341aeEXAMPLE"
},
"severity": "Informational",
"severity_id": "1",
"src_endpoint": {
"ip": "172.24.57.68",
"port": "48234"
},
"start_time": "1668580194340",
"status_code": "100",
"status_detail": "Access Granted",
"status_id": "1",
"status": "Success",
"type_uid": "300601",
"type_name": "Access Activity: Access Grant",
"data": {
"context": {
"oidc": {
"family_name": "Last",
"zoneinfo": "America/Los_Angeles",
"exp": 1670631145,
"middle_name": "Middle",
"given_name": "First",
"email_verified": true,
"name": "Test User Display",
"updated_at": 1666305953,
"preferred_username": "johndoe-user@test.com",
"profile": "http://www.example.com",
"locale": "US",
"nickname": "Tester",
"email": "johndoe-user@test.com",
"additional_user_context": {
"aud": "xxx",
"exp": 1000000000,
"groups": [
"group-id-1",
"group-id-2"
],
"iat": 1000000000,
"iss": "https://oidc-tp.com/",
"sub": "xyzsubject",
"ver": "1.0"
}
},
"http_request": {
"x_forwarded_for": "1.1.1.1,2.2.2.2",
"http_method": "GET",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
"port": "80",
"hostname": "hostname.net"
}
}
}
}
```
## 在忽略信任上下文的情况下授予访问权限
```
{
"activity_name": "Access Grant",
"activity_id": "1",
"actor": {
"authorizations": [{
"decision": "Allow",
"policy": {
"name": "inline"
}
}],
"idp": {
"name": "user",
"uid": "vatp-09bc4cbce2EXAMPLE"
},
"invoked_by": "",
"process": {},
"user": {
"email_addr": "johndoe@example.com",
"name": "Test User Display",
"uid": "johndoe@example.com",
"uuid": "00u6wj48lbxTAEXAMPLE"
},
"session": {}
},
"category_name": "Audit Activity",
"category_uid": "3",
"class_name": "Access Activity",
"class_uid": "3006",
"device": {
"ip": "10.2.7.68",
"type": "Unknown",
"type_id": 0
},
"duration": "0.004",
"end_time": "1668580194344",
"time": "1668580194344",
"http_request": {
"http_method": "GET",
"url": {
"hostname": "hello.app.example.com",
"path": "/",
"port": 443,
"scheme": "https",
"text": "https://hello.app.example.com:443/"
},
"user_agent": "python-requests/2.28.1",
"version": "HTTP/1.1"
},
"http_response": {
"code": 200
},
"message": "",
"metadata": {
"uid": "Root=1-63748362-6408d24241120b942EXAMPLE",
"logged_time": 1668580281337,
"version": "1.0.0-rc.2",
"product": {
"name": "Verified Access",
"vendor_name": "AWS"
}
},
"ref_time": "2022-11-16T06:29:54.344948Z",
"proxy": {
"ip": "192.168.34.167",
"port": 443,
"svc_name": "Verified Access",
"uid": "vai-002fa341aeEXAMPLE"
},
"severity": "Informational",
"severity_id": "1",
"src_endpoint": {
"ip": "172.24.57.68",
"port": "48234"
},
"start_time": "1668580194340",
"status_code": "100",
"status_detail": "Access Granted",
"status_id": "1",
"status": "Success",
"type_uid": "300601",
"type_name": "Access Activity: Access Grant",
"data": null
}
```
## 使用网络 CIDR 端点分配权限
```
{
"activity_id": "1",
"activity_name": "Assign Privileges",
"category_name": "Audit Activity",
"category_uid": "3",
"class_name": "Authorization",
"class_uid": "3003",
"data": {
"endpoint_type": "cidr",
"protocol": "tcp",
"access_path": "public",
"idp": {
"name": "my-oidc-instance",
"uid": "vatp-09bc4cbce2EXAMPLE"
},
"authorizations": [{
"decision": "Allow",
"policy": {
"name": "inline"
}
}],
"context": {
"oidc": {
"family_name": "Last",
"zoneinfo": "America/Los_Angeles",
"exp": 1670631145,
"middle_name": "Middle",
"given_name": "First",
"email_verified": true,
"name": "Test User Display",
"updated_at": 1666305953,
"preferred_username": "johndoe-user@test.com",
"profile": "http://www.example.com",
"locale": "US",
"nickname": "Tester",
"email": "johndoe-user@test.com",
"additional_user_context": {
"aud": "xxx",
"exp": 1000000000,
"groups": [
"group-id-1",
"group-id-2"
],
"iat": 1000000000,
"iss": "https://oidc-tp.com/",
"sub": "xyzsubject",
"ver": "1.0"
}
},
"tcp_flow": {
"destination_ip": "10.0.0.1",
"destination_port": 22,
"client_ip": "10.2.7.68"
}
}
},
"device": {
"ip": "10.2.7.68",
"port": 1002,
"type": "Unknown",
"type_id": 0
},
"duration": "0.004",
"end_time": "1668580194344",
"time": "1668580194344",
"metadata": {
"uid": "",
"logged_time": 1668580281337,
"version": "1.0.0-rc.2",
"product": {
"name": "Verified Access",
"vendor_name": "AWS"
}
},
"severity": "Informational",
"severity_id": "1",
"start_time": "1668580194340",
"status_code": "200",
"status_id": "1",
"status": "Success",
"type_uid": "300301",
"type_name": "Authorization: Assign Privileges",
"count": 1,
"dst_endpoint": {
"ip": "107.22.231.155",
"port": 22
},
"privileges": [
"vae-12345cbce2EXAMPLE"
],
"user": {
"email_addr": "johndoe-user@test.com",
"uid": "johndoe-user",
"uuid": "9bcce02a-fc15-4091-a0b7-874d157c67b8"
}
}
```