Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
AwsNetworkFirewallsumber daya di ASFF
Berikut ini adalah contoh sintaks AWS Security Finding Format (ASFF) untuk AwsNetworkFirewall sumber daya.
AWS Security Hub CSPM menormalkan temuan dari berbagai sumber menjadi ASFF. Untuk informasi latar belakang tentang ASFF, lihatAWS Format Pencarian Keamanan (ASFF).
AwsNetworkFirewallFirewall
AwsNetworkFirewallFirewallObjek berisi rincian tentang AWS Network Firewall firewall.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsNetworkFirewallFirewall objek. Untuk melihat deskripsi AwsNetworkFirewallFirewall atribut, lihat AwsNetworkFirewallFirewallDetailsdi Referensi AWS Security Hub CSPM API.
Contoh
"AwsNetworkFirewallFirewall": { "DeleteProtection": false, "FirewallArn": "arn:aws:network-firewall:us-east-1:024665936331:firewall/testfirewall", "FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall", "FirewallId": "dea7d8e9-ae38-4a8a-b022-672a830a99fa", "FirewallName": "testfirewall", "FirewallPolicyChangeProtection": false, "SubnetChangeProtection": false, "SubnetMappings": [ { "SubnetId": "subnet-0183481095e588cdc" }, { "SubnetId": "subnet-01f518fad1b1c90b0" } ], "VpcId": "vpc-40e83c38" }
AwsNetworkFirewallFirewallPolicy
AwsNetworkFirewallFirewallPolicyObjek memberikan rincian tentang kebijakan firewall. Kebijakan firewall mendefinisikan perilaku firewall jaringan.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsNetworkFirewallFirewallPolicy objek. Untuk melihat deskripsi AwsNetworkFirewallFirewallPolicy atribut, lihat AwsNetworkFirewallFirewallPolicyDetailsdi Referensi AWS Security Hub CSPM API.
Contoh
"AwsNetworkFirewallFirewallPolicy": { "FirewallPolicy": { "StatefulRuleGroupReferences": [ { "ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/PatchesOnly" } ], "StatelessDefaultActions": [ "aws:forward_to_sfe" ], "StatelessFragmentDefaultActions": [ "aws:forward_to_sfe" ], "StatelessRuleGroupReferences": [ { "Priority": 1, "ResourceArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1" } ] }, "FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:444455556666:firewall-policy/InitialFirewall", "FirewallPolicyId": "9ceeda22-6050-4048-a0ca-50ce47f0cc65", "FirewallPolicyName": "InitialFirewall", "Description": "Initial firewall" }
AwsNetworkFirewallRuleGroup
AwsNetworkFirewallRuleGroupObjek memberikan rincian tentang kelompok AWS Network Firewall aturan. Kelompok aturan digunakan untuk memeriksa dan mengontrol lalu lintas jaringan. Kelompok aturan stateless berlaku untuk paket individu. Kelompok aturan stateful berlaku untuk paket dalam konteks arus lalu lintas mereka.
Grup aturan direferensikan dalam kebijakan firewall.
Contoh berikut menunjukkan AWS Security Finding Format (ASFF) untuk AwsNetworkFirewallRuleGroup objek. Untuk melihat deskripsi AwsNetworkFirewallRuleGroup atribut, lihat AwsNetworkFirewallRuleGroupDetailsdi Referensi AWS Security Hub CSPM API.
Contoh - kelompok aturan tanpa kewarganegaraan
"AwsNetworkFirewallRuleGroup": { "Capacity": 600, "RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateless-rulegroup/Stateless-1", "RuleGroupId": "fb13c4df-b6da-4c1e-91ec-84b7a5487493", "RuleGroupName": "Stateless-1" "Description": "Example of a stateless rule group", "Type": "STATELESS", "RuleGroup": { "RulesSource": { "StatelessRulesAndCustomActions": { "CustomActions": [], "StatelessRules": [ { "Priority": 1, "RuleDefinition": { "Actions": [ "aws:pass" ], "MatchAttributes": { "DestinationPorts": [ { "FromPort": 443, "ToPort": 443 } ], "Destinations": [ { "AddressDefinition": "192.0.2.0/24" } ], "Protocols": [ 6 ], "SourcePorts": [ { "FromPort": 0, "ToPort": 65535 } ], "Sources": [ { "AddressDefinition": "198.51.100.0/24" } ] } } } ] } } } }
Contoh - kelompok aturan stateful
"AwsNetworkFirewallRuleGroup": { "Capacity": 100, "RuleGroupArn": "arn:aws:network-firewall:us-east-1:444455556666:stateful-rulegroup/tupletest", "RuleGroupId": "38b71c12-da80-4643-a6c5-03337f8933e0", "RuleGroupName": "ExampleRuleGroup", "Description": "Example of a stateful rule group", "Type": "STATEFUL", "RuleGroup": { "RuleSource": { "StatefulRules": [ { "Action": "PASS", "Header": { "Destination": "Any", "DestinationPort": "443", "Direction": "ANY", "Protocol": "TCP", "Source": "Any", "SourcePort": "Any" }, "RuleOptions": [ { "Keyword": "sid:1" } ] } ] } } }
Berikut ini adalah daftar contoh nilai yang valid untuk AwsNetworkFirewallRuleGroup atribut:
-
ActionNilai yang valid:
PASS|DROP|ALERT -
ProtocolNilai yang valid:
IPTCP|UDP|ICMP|HTTP|FTP|TLSSMB|DNS|DCERPC|SSH|SMTP|IMAP|MSN|KRB5|IKEV2|TFTP|NTP|DHCP -
FlagsNilai yang valid:
FINSYN|RST|PSH|ACK|URG|ECE|CWR -
MasksNilai yang valid:
FINSYN|RST|PSH|ACK|URG|ECE|CWR
