Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Berlangganan pengumuman Amazon GuardDuty SNS
Bagian ini menyediakan informasi tentang berlangganan Amazon SNS (Simple Notification Service) GuardDuty untuk pengumuman untuk menerima notifikasi tipe temuan yang baru dirilis, pembaruan untuk tipe temuan yang ada, dan perubahan fungsionalitas lainnya. Notifikasi tersedia dalam semua format yang didukung Amazon SNS.
GuardDuty SNS mengirimkan pengumuman tentang pembaruan ke GuardDuty layanan di seluruh AWS akun berlangganan apa pun. Untuk menerima notifikasi tentang temuan dalam akun Anda, lihatMemproses GuardDuty temuan dengan Amazon EventBridge.
catatan
Pengguna IAM Anda harus memiliki sns::subscribe izin untuk berlangganan SNS.
Anda dapat berlangganan antrean Amazon SQS untuk topik notifikasi ini, tetapi Anda harus menggunakan ARN topik yang berada di Wilayah yang sama. Untuk informasi selengkapnya, lihat Tutorial: Berlangganan antrean Amazon SQS ke topik Amazon SNS dalam panduan pengembang Amazon Simple Queue Service.
Anda juga dapat menggunakan AWS Lambda fungsi untuk memicu peristiwa ketika notifikasi diterima. Untuk informasi selengkapnya, lihat Memanggil fungsi Lambda menggunakan notifikasi Amazon SNS dalam panduan developer Amazon Simple Queue Service.
Topik Amazon SNS ARNs untuk setiap Wilayah ditunjukkan di bawah ini.
| Wilayah AWS | ARN topik Amazon SNS |
|---|---|
US East (N. Virginia) - us-east-1 |
arn:aws:sns:us-east-1:242987662583:GuardDutyAnnouncements |
AS Timur (Ohio) - us-east-2 |
arn:aws:sns:us-east-2:118283430703:GuardDutyAnnouncements |
AS Barat (California U.) - us-west-1 |
arn:aws:sns:us-west-1:144182107116:GuardDutyAnnouncements |
US West (Oregon) - us-west-2 |
arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements |
Kanada (Tengah) - ca-central-1 |
arn:aws:sns:ca-central-1:107430051933:GuardDutyAnnouncements |
Kanada Barat (Calgary) - ca-west-1 |
arn:aws:sns:ca-west-1:440427180217:GuardDutyAnnouncements |
Eropa (Stockholm) - eu-north-1 |
arn:aws:sns:eu-north-1:973841112453:GuardDutyAnnouncements |
Eropa (Irlandia) - eu-west-1 |
arn:aws:sns:eu-west-1:965013871422:GuardDutyAnnouncements |
Eropa (London) - eu-west-2 |
arn:aws:sns:eu-west-2:506403581195:GuardDutyAnnouncements |
Eropa (Paris) - eu-west-3 |
arn:aws:sns:eu-west-3:436163563069:GuardDutyAnnouncements |
Eropa (Frankfurt am Main) - eu-central-1 |
arn:aws:sns:eu-central-1:378365507264:GuardDutyAnnouncements |
Eropa (Zurich) - eu-central-2 |
arn:aws:sns:eu-central-2:383009515534:GuardDutyAnnouncements |
Asia Pasifik (Hong Kong) - ap-east-1 |
arn:aws:sns:ap-east-1:646602203151:GuardDutyAnnouncements |
Asia Pacific (Tokyo) - ap-northeast-1 |
arn:aws:sns:ap-northeast-1:741172661024:GuardDutyAnnouncements |
Asia Pasifik (Seoul) - ap-northeast-2 |
arn:aws:sns:ap-northeast-2:464168911255:GuardDutyAnnouncements |
Asia Pacific (Singapura) — ap-southeast-1 |
arn:aws:sns:ap-southeast-1:476419727788:GuardDutyAnnouncements |
Asia Pasifik (Sydney) - ap-southeast-2 |
arn:aws:sns:ap-southeast-2:457615622431:GuardDutyAnnouncements |
Asia Pasifik (Mumbai) - ap-south-1 |
arn:aws:sns:ap-south-1:926826061926:GuardDutyAnnouncements |
Amerika Selatan (Sao Paulo) - sa-east-1 |
arn:aws:sns:sa-east-1:955633302743:GuardDutyAnnouncements |
AWS GovCloud (AS-Barat) - us-gov-west-1 |
arn:aws-us-gov:sns:us-gov-west-1:430639793359:GuardDutyAnnouncements |
Tiongkok (Beijing) - cn-north-1 |
arn:aws-cn:sns:cn-north-1:002991280229:GuardDutyAnnouncements |
Tiongkok (Ningxia) - cn-northwest-1 |
arn:aws-cn:sns:cn-northwest-1:003033775354:GuardDutyAnnouncements |
Middle East (Bahrain) — me-south-1 |
arn:aws:sns:me-south-1:552740612889:GuardDutyAnnouncements |
Middle East (UAE) - me-central-1 |
arn:aws:sns:me-central-1:030935290150:GuardDutyAnnouncements |
Eropa (Milan) - eu-south-1 |
arn:aws:sns:eu-south-1:188461706213:GuardDutyAnnouncements |
Eropa (Spanyol) - eu-south-2 |
arn:aws:sns:eu-south-2:445632894446:GuardDutyAnnouncements |
AWS GovCloud (AS-Timur) - us-gov-east-1 |
arn:aws:sns:us-gov-east-1:143972945659:GuardDutyAnnouncements |
Asia Pasifik (Osaka) - ap-northeast-3 |
arn:aws:sns:ap-northeast-3:129086577509:GuardDutyAnnouncements |
Asia Pasifik (Jakarta) - ap-southeast-3 |
arn:aws:sns:ap-southeast-3:225965583551:GuardDutyAnnouncements |
Asia Pasifik (Hyderabad) - ap-south-2 |
arn:aws:sns:ap-south-2:595653072700:GuardDutyAnnouncements |
Asia Pasifik (Melbourne) - ap-southeast-4 |
arn:aws:sns:ap-southeast-4:529900636122:GuardDutyAnnouncements |
Asia Pasifik (Malaysia) - ap-southeast-5 |
arn:aws:sns:ap-southeast-5:343218181797:GuardDutyAnnouncements |
Israel (Tel Aviv) - il-central-1 |
arn:aws:sns:il-central-1:847886274986:GuardDutyAnnouncements |
Asia Pasifik (Thailand) - ap-southeast-7 |
arn:aws:sns:ap-southeast-7:863518448376:GuardDutyAnnouncements |
Meksiko (Tengah) - mx-central-1 |
arn:aws:sns:mx-central-1:060795916546:GuardDutyAnnouncements |
Untuk berlangganan email notifikasi GuardDuty pembaruan di AWS Management Console
Buka konsol Amazon SNS di https://console.aws.amazon.com/sns/ v3/home.
-
Dalam daftar Wilayah, pilih Wilayah yang sama dengan ARN topik yang akan dijadikan langganan. Contoh ini menggunakan Wilayah
us-west-2. -
Di sebelah kiri panel navigasi, pilih Berlangganan, Buat berlangganan.
-
Pada kotak dialog Buat Langganan, untuk ARN Topik, tempel ARN topik:
arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements. -
Untuk Protokol, pilih Email. Untuk Titik Akhir, ketik alamat email yang bisa Anda gunakan untuk menerima notifikasi.
-
Pilih Buat langganan.
-
Di aplikasi email Anda, buka pesan dari AWS Notifikasi dan buka tautan untuk mengonfirmasi berlangganan Anda.
Browser web Anda menampilkan respons konfirmasi dari Amazon SNS.
Untuk berlangganan email notifikasi GuardDuty pembaruan dengan AWS CLI
-
Jalankan perintah berikut dengan AWS CLI:
aws sns --regionus-west-2subscribe --topic-arn arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements --protocolemail--notification-endpointyour_email@your_domain.com -
Di aplikasi email Anda, buka pesan dari AWS Notifikasi dan buka tautan untuk mengonfirmasi berlangganan Anda.
Browser web Anda menampilkan respons konfirmasi dari Amazon SNS.
Format pesan Amazon SNS
Contoh pesan pemberitahuan GuardDuty umum:
{ "Type" : "Notification", "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc", "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements", "Message" : "{\"version\":\"1\",\"type\":\"GENERAL\",\"message\":[{\"title\":\"Updated AmazonGuardDutyFullAccess policy\",\"body\":\"Added permission that allows you to pass an IAM role to GuardDuty when you enable Malware Protection for S3.\",\"links\":[\"https://docs.aws.amazon.com//guardduty/latest/ug/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess\"]}]}", "Timestamp" : "2018-03-09T00:25:43.483Z", "SignatureVersion" : "1", "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==", "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem", "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4" }
Nilai Pesan yang diuraikan (dengan tanda kutip yang lolos dihapus) ditunjukkan di bawah ini:
{ "version": "1", "type": "GENERAL", "message": [ { "title": "Updated AmazonGuardDutyFullAccess policy", "body": "Added permission that allows you to pass an IAM role to GuardDuty when you enable Malware Protection for S3.", "links": [ "https://docs.aws.amazon.com//guardduty/latest/ug/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess" ] } ] }
Contoh pesan notifikasi GuardDuty pembaruan tentang temuan baru ditunjukkan di bawah ini:
{ "Type" : "Notification", "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc", "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements", "Message" : "{\"version\":\"1\",\"type\":\"NEW_FINDINGS\",\"findingDetails\":[{\"link\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html\",\"findingType\":\"UnauthorizedAccess:EC2/TorClient\",\"findingDescription\":\"This finding informs you that an EC2 instance in your AWS environment is making connections to a Tor Guard or an Authority node. Tor is software for enabling anonymous communication. Tor Guards and Authority nodes act as initial gateways into a Tor network. This traffic can indicate that this EC2 instance is acting as a client on a Tor network. A common use for a Tor client is to circumvent network monitoring and filter for access to unauthorized or illicit content. Tor clients can also generate nefarious Internet traffic, including attacking SSH servers. This activity can indicate that your EC2 instance is compromised.\"}]}", "Timestamp" : "2018-03-09T00:25:43.483Z", "SignatureVersion" : "1", "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==", "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem", "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4" }
Nilai Pesan yang diuraikan (dengan tanda kutip yang lolos dihapus) ditunjukkan di bawah ini:
{ "version": "1", "type": "NEW_FINDINGS", "findingDetails": [{ "link": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html", "findingType": "UnauthorizedAccess:EC2/TorClient", "findingDescription": "This finding informs you that an EC2 instance in your AWS environment is making connections to a Tor Guard or an Authority node. Tor is software for enabling anonymous communication. Tor Guards and Authority nodes act as initial gateways into a Tor network. This traffic can indicate that this EC2 instance is acting as a client on a Tor network. A common use for a Tor client is to circumvent network monitoring and filter for access to unauthorized or illicit content. Tor clients can also generate nefarious Internet traffic, including attacking SSH servers. This activity can indicate that your EC2 instance is compromised." }] }
Contoh pesan notifikasi GuardDuty pembaruan tentang pembaruan GuardDuty fungsionalitas ditunjukkan di bawah ini:
{ "Type" : "Notification", "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc", "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements", "Message" : "{\"version\":\"1\",\"type\":\"NEW_FEATURES\",\"featureDetails\":[{\"featureDescription\":\"Customers with high-volumes of global CloudTrail events should see a net positive impact on their GuardDuty costs.\",\"featureLink\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_data-sources.html#guardduty_controlplane\"}]}", "Timestamp" : "2018-03-09T00:25:43.483Z", "SignatureVersion" : "1", "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==", "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem", "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4" }
Nilai Pesan yang diuraikan (dengan tanda kutip yang lolos dihapus) ditunjukkan di bawah ini:
{ "version": "1", "type": "NEW_FEATURES", "featureDetails": [{ "featureDescription": "Customers with high-volumes of global CloudTrail events should see a net positive impact on their GuardDuty costs.", "featureLink": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_data-sources.html#guardduty_controlplane" }] }
Contoh pesan notifikasi GuardDuty pembaruan tentang temuan terbaru ditunjukkan di bawah ini:
{ "Type": "Notification", "MessageId": "9101dc6b-726f-4df0-8646-ec2f94e674bc", "TopicArn": "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements", "Message": "{\"version\":\"1\",\"type\":\"UPDATED_FINDINGS\",\"findingDetails\":[{\"link\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html\",\"findingType\":\"UnauthorizedAccess:EC2/TorClient\",\"description\":\"Increased severity value from 5 to 8.\"}]}", "Timestamp": "2018-03-09T00:25:43.483Z", "SignatureVersion": "1", "Signature": "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==", "SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem", "UnsubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4" }
Nilai Pesan yang diuraikan (dengan tanda kutip yang lolos dihapus) ditunjukkan di bawah ini:
{ "version": "1", "type": "UPDATED_FINDINGS", "findingDetails": [{ "link": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html", "findingType": "UnauthorizedAccess:EC2/TorClient", "description": "Increased severity value from 5 to 8." }] }
