Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
AwsEc2sumber daya di ASFF
Berikut ini adalah contoh sintaks AWS Security Finding Format (ASFF) untuk AwsEc2 sumber daya.
AWS Security Hub CSPM menormalkan temuan dari berbagai sumber menjadi ASFF. Untuk informasi latar belakang tentang ASFF, lihatAWS Format Pencarian Keamanan (ASFF).
AwsEc2ClientVpnEndpoint
AwsEc2ClientVpnEndpointObjek memberikan informasi tentang AWS Client VPN titik akhir. Titik akhir Client VPN adalah sumber daya yang Anda buat dan konfigurasikan untuk mengaktifkan dan mengelola sesi VPN klien. Ini adalah titik terminasi untuk semua sesi VPN klien.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2ClientVpnEndpoint objek. Untuk melihat deskripsi AwsEc2ClientVpnEndpoint atribut, lihat AwsEc2 ClientVpnEndpointDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2ClientVpnEndpoint": { "AuthenticationOptions": [ { "MutualAuthentication": { "ClientRootCertificateChainArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" }, "Type": "certificate-authentication" } ], "ClientCidrBlock": "10.0.0.0/22", "ClientConnectOptions": { "Enabled": false }, "ClientLoginBannerOptions": { "Enabled": false }, "ClientVpnEndpointId": "cvpn-endpoint-00c5d11fc4729f2a5", "ConnectionLogOptions": { "Enabled": false }, "Description": "test", "DnsServer": ["10.0.0.0"], "ServerCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "SecurityGroupIdSet": [ "sg-0f7a177b82b443691" ], "SelfServicePortalUrl": "https://self-service.clientvpn.amazonaws.com/endpoints/cvpn-endpoint-00c5d11fc4729f2a5", "SessionTimeoutHours": 24, "SplitTunnel": false, "TransportProtocol": "udp", "VpcId": "vpc-1a2b3c4d5e6f1a2b3", "VpnPort": 443 }
AwsEc2Eip
AwsEc2EipObjek memberikan informasi tentang alamat IP Elastis.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2Eip objek. Untuk melihat deskripsi AwsEc2Eip atribut, lihat AwsEc2 EipDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2Eip": { "InstanceId": "instance1", "PublicIp": "192.0.2.04", "AllocationId": "eipalloc-example-id-1", "AssociationId": "eipassoc-example-id-1", "Domain": "vpc", "PublicIpv4Pool": "anycompany", "NetworkBorderGroup": "eu-central-1", "NetworkInterfaceId": "eni-example-id-1", "NetworkInterfaceOwnerId": "777788889999", "PrivateIpAddress": "192.0.2.03" }
AwsEc2Instance
AwsEc2InstanceObjek memberikan rincian tentang EC2 instance Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2Instance objek. Untuk melihat deskripsi AwsEc2Instance atribut, lihat AwsEc2 InstanceDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2Instance": { "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AdminRole", "ImageId": "ami-1234", "IpV4Addresses": [ "1.1.1.1" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "LaunchedAt": "2018-05-08T16:46:19.000Z", "MetadataOptions": { "HttpEndpoint": "enabled", "HttpProtocolIpv6": "enabled", "HttpPutResponseHopLimit": 1, "HttpTokens": "optional", "InstanceMetadataTags": "disabled", }, "Monitoring": { "State": "disabled" }, "NetworkInterfaces": [ { "NetworkInterfaceId": "eni-e5aa89a3" } ], "SubnetId": "subnet-123", "Type": "i3.xlarge", "VpcId": "vpc-123" }
AwsEc2LaunchTemplate
AwsEc2LaunchTemplateObjek berisi detail tentang template peluncuran Amazon Elastic Compute Cloud yang menentukan informasi konfigurasi instance.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2LaunchTemplate objek. Untuk melihat deskripsi AwsEc2LaunchTemplate atribut, lihat AwsEc2 LaunchTemplateDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2LaunchTemplate": { "DefaultVersionNumber": "1", "ElasticGpuSpecifications": ["string"], "ElasticInferenceAccelerators": ["string"], "Id": "lt-0a16e9802800bdd85", "ImageId": "ami-0d5eff06f840b45e9", "LatestVersionNumber": "1", "LaunchTemplateData": { "BlockDeviceMappings": [{ "DeviceName": "/dev/xvda", "Ebs": { "DeleteonTermination": true, "Encrypted": true, "SnapshotId": "snap-01047646ec075f543", "VolumeSize": 8, "VolumeType:" "gp2" } }], "MetadataOptions": { "HttpTokens": "enabled", "HttpPutResponseHopLimit" : 1 }, "Monitoring": { "Enabled": true, "NetworkInterfaces": [{ "AssociatePublicIpAddress" : true, }], "LaunchTemplateName": "string", "LicenseSpecifications": ["string"], "SecurityGroupIds": ["sg-01fce87ad6e019725"], "SecurityGroups": ["string"], "TagSpecifications": ["string"] }
AwsEc2NetworkAcl
AwsEc2NetworkAclObjek berisi rincian tentang daftar kontrol akses EC2 jaringan Amazon (ACL).
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2NetworkAcl objek. Untuk melihat deskripsi AwsEc2NetworkAcl atribut, lihat AwsEc2 NetworkAclDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2NetworkAcl": { "IsDefault": false, "NetworkAclId": "acl-1234567890abcdef0", "OwnerId": "123456789012", "VpcId": "vpc-1234abcd", "Associations": [{ "NetworkAclAssociationId": "aclassoc-abcd1234", "NetworkAclId": "acl-021345abcdef6789", "SubnetId": "subnet-abcd1234" }], "Entries": [{ "CidrBlock": "10.24.34.0/23", "Egress": true, "IcmpTypeCode": { "Code": 10, "Type": 30 }, "Ipv6CidrBlock": "2001:DB8::/32", "PortRange": { "From": 20, "To": 40 }, "Protocol": "tcp", "RuleAction": "allow", "RuleNumber": 100 }] }
AwsEc2NetworkInterface
AwsEc2NetworkInterfaceObjek menyediakan informasi tentang antarmuka EC2 jaringan Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2NetworkInterface objek. Untuk melihat deskripsi AwsEc2NetworkInterface atribut, lihat AwsEc2 NetworkInterfaceDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2NetworkInterface": { "Attachment": { "AttachTime": "2019-01-01T03:03:21Z", "AttachmentId": "eni-attach-43348162", "DeleteOnTermination": true, "DeviceIndex": 123, "InstanceId": "i-1234567890abcdef0", "InstanceOwnerId": "123456789012", "Status": 'ATTACHED' }, "SecurityGroups": [ { "GroupName": "my-security-group", "GroupId": "sg-903004f8" }, ], "NetworkInterfaceId": 'eni-686ea200', "SourceDestCheck": false }
AwsEc2RouteTable
AwsEc2RouteTableObjek memberikan informasi tentang tabel EC2 rute Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2RouteTable objek. Untuk melihat deskripsi AwsEc2RouteTable atribut, lihat AwsEc2 RouteTableDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2RouteTable": { "AssociationSet": [{ "AssociationSet": { "State": "associated" }, "Main": true, "RouteTableAssociationId": "rtbassoc-08e706c45de9f7512", "RouteTableId": "rtb-0a59bde9cf2548e34", }], "PropogatingVgwSet": [], "RouteTableId": "rtb-0a59bde9cf2548e34", "RouteSet": [ { "DestinationCidrBlock": "10.24.34.0/23", "GatewayId": "local", "Origin": "CreateRouteTable", "State": "active" }, { "DestinationCidrBlock": "10.24.34.0/24", "GatewayId": "igw-0242c2d7d513fc5d3", "Origin": "CreateRoute", "State": "active" } ], "VpcId": "vpc-0c250a5c33f51d456" }
AwsEc2SecurityGroup
AwsEc2SecurityGroupObjek tersebut menggambarkan grup EC2 keamanan Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2SecurityGroup objek. Untuk melihat deskripsi AwsEc2SecurityGroup atribut, lihat AwsEc2 SecurityGroupDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2SecurityGroup": { "GroupName": "MySecurityGroup", "GroupId": "sg-903004f8", "OwnerId": "123456789012", "VpcId": "vpc-1a2b3c4d", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "UserIdGroupPairs": [ { "UserId": "123456789012", "GroupId": "sg-903004f8" } ], "PrefixListIds": [ {"PrefixListId": "pl-63a5400a"} ] }, { "PrefixListIds": [], "FromPort": 22, "IpRanges": [ { "CidrIp": "203.0.113.0/24" } ], "ToPort": 22, "IpProtocol": "tcp", "UserIdGroupPairs": [] } ] }
AwsEc2Subnet
AwsEc2SubnetObjek memberikan informasi tentang subnet di Amazon EC2.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2Subnet objek. Untuk melihat deskripsi AwsEc2Subnet atribut, lihat AwsEc2 SubnetDetails di Referensi AWS Security Hub CSPM API.
Contoh
AwsEc2Subnet: { "AssignIpv6AddressOnCreation": false, "AvailabilityZone": "us-west-2c", "AvailabilityZoneId": "usw2-az3", "AvailableIpAddressCount": 8185, "CidrBlock": "10.0.0.0/24", "DefaultForAz": false, "MapPublicIpOnLaunch": false, "OwnerId": "123456789012", "State": "available", "SubnetArn": "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-d5436c93", "SubnetId": "subnet-d5436c93", "VpcId": "vpc-153ade70", "Ipv6CidrBlockAssociationSet": [{ "AssociationId": "subnet-cidr-assoc-EXAMPLE", "Ipv6CidrBlock": "2001:DB8::/32", "CidrBlockState": "associated" }] }
AwsEc2TransitGateway
AwsEc2TransitGatewayObjek ini memberikan detail tentang gateway EC2 transit Amazon yang menghubungkan cloud pribadi virtual (VPCs) dan jaringan lokal Anda.
Berikut ini adalah contoh AwsEc2TransitGateway temuan dalam AWS Security Finding Format (ASFF). Untuk melihat deskripsi AwsEc2TransitGateway atribut, lihat AwsEc2 TransitGatewayDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2TransitGateway": { "AmazonSideAsn": 65000, "AssociationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "AutoAcceptSharedAttachments": "disable", "DefaultRouteTableAssociation": "enable", "DefaultRouteTablePropagation": "enable", "Description": "sample transit gateway", "DnsSupport": "enable", "Id": "tgw-042ae6bf7a5c126c3", "MulticastSupport": "disable", "PropagationDefaultRouteTableId": "tgw-rtb-099ba47cbbea837cc", "TransitGatewayCidrBlocks": ["10.0.0.0/16"], "VpnEcmpSupport": "enable" }
AwsEc2Volume
AwsEc2VolumeObjek tersebut memberikan detail tentang EC2 volume Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2Volume objek. Untuk melihat deskripsi AwsEc2Volume atribut, lihat AwsEc2 VolumeDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2Volume": { "Attachments": [ { "AttachTime": "2017-10-17T14:47:11Z", "DeleteOnTermination": true, "InstanceId": "i-123abc456def789g", "Status": "attached" } ], "CreateTime": "2020-02-24T15:54:30Z", "Encrypted": true, "KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Size": 80, "SnapshotId": "", "Status": "available" }
AwsEc2Vpc
AwsEc2VpcObjek tersebut memberikan detail tentang EC2 VPC Amazon.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2Vpc objek. Untuk melihat deskripsi AwsEc2Vpc atribut, lihat AwsEc2 VpcDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlock": "192.0.2.0/24", "CidrBlockState": "associated" } ], "DhcpOptionsId": "dopt-4e42ce28", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlockState": "associated", "Ipv6CidrBlock": "192.0.2.0/24" } ], "State": "available" }
AwsEc2VpcEndpointService
AwsEc2VpcEndpointServiceObjek berisi rincian tentang konfigurasi layanan untuk layanan titik akhir VPC.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2VpcEndpointService objek. Untuk melihat deskripsi AwsEc2VpcEndpointService atribut, lihat AwsEc2 VpcEndpointServiceDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2VpcEndpointService": { "ServiceType": [ { "ServiceType": "Interface" } ], "ServiceId": "vpce-svc-example1", "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1", "ServiceState": "Available", "AvailabilityZones": [ "us-east-1" ], "AcceptanceRequired": true, "ManagesVpcEndpoints": false, "NetworkLoadBalancerArns": [ "arn:aws:elasticloadbalancing:us-east-1:444455556666:loadbalancer/net/my-network-load-balancer/example1" ], "GatewayLoadBalancerArns": [], "BaseEndpointDnsNames": [ "vpce-svc-04eec859668b51c34.us-east-1.vpce.amazonaws.com" ], "PrivateDnsName": "my-private-dns" }
AwsEc2VpcPeeringConnection
AwsEc2VpcPeeringConnectionObjek memberikan rincian tentang koneksi jaringan antara dua VPCs.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsEc2VpcPeeringConnection objek. Untuk melihat deskripsi AwsEc2VpcPeeringConnection atribut, lihat AwsEc2 VpcPeeringConnectionDetails di Referensi AWS Security Hub CSPM API.
Contoh
"AwsEc2VpcPeeringConnection": { "AccepterVpcInfo": { "CidrBlock": "10.0.0.0/28", "CidrBlockSet": [{ "CidrBlock": "10.0.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "ExpirationTime": "2022-02-18T15:31:53.161Z", "RequesterVpcInfo": { "CidrBlock": "192.168.0.0/28", "CidrBlockSet": [{ "CidrBlock": "192.168.0.0/28" }], "Ipv6CidrBlockSet": [{ "Ipv6CidrBlock": "2002::1234:abcd:ffff:c0a8:101/64" }], "OwnerId": "012345678910", "PeeringOptions": { "AllowDnsResolutionFromRemoteVpc": true, "AllowEgressFromLocalClassicLinkToRemoteVpc": false, "AllowEgressFromLocalVpcToRemoteClassicLink": true }, "Region": "us-west-2", "VpcId": "vpc-i123456" }, "Status": { "Code": "initiating-request", "Message": "Active" }, "VpcPeeringConnectionId": "pcx-1a2b3c4d" }
