Amazon SNS GuardDuty 공지 구독 - Amazon GuardDuty
Amazon SNS 메시지 형식

기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.

Amazon SNS GuardDuty 공지 구독

이 섹션에서는 Amazon Simple Notification Service(SNS)에서 GuardDuty 공지를 구독하여 새로 공개된 결과 유형, 기존 결과 유형에 대한 업데이트 및 기타 기능 변경에 대한 알림을 받는 방법을 설명합니다. 알림은 Amazon SNS에서 지원하는 모든 형식으로 사용할 수 있습니다.

GuardDuty SNS는의 GuardDuty 서비스 업데이트에 대한 공지 AWS 를 구독한 모든 계정으로 보냅니다. 계정 내 결과에 대한 알림을 받으려면 Amazon EventBridge를 사용하여 GuardDuty 조사 결과 처리 섹션을 참조하세요.

참고

IAM 사용자에 sns::subscribe 권한이 있어야 SNS 구독이 가능합니다.

알림 주제에 대해 Amazon SQS 대기열을 구독할 수 있지만 동일한 리전에 있는 주제 ARN을 사용해야 합니다. 자세한 내용은 Amazon Simple Queue Service 개발자 안내서에서 자습서: Subscribing an Amazon SQS queue to an Amazon SNS topic 섹션을 참조하세요.

또한 AWS Lambda 함수를 사용하여 알림을 수신할 때 이벤트를 트리거할 수 있습니다. 자세한 내용은 Amazon Simple Queue Service 개발자 안내서에서 Invoking Lambda functions using Amazon SNS notifications 섹션을 참조하세요.

각 리전에 대한 Amazon SNS 주제 ARN은 다음과 같습니다.

AWS 리전 Amazon SNS 주제 ARN
미국 동부(버지니아 북부) - us-east-1 arn:aws:sns:us-east-1:242987662583:GuardDutyAnnouncements
미국 동부(오하이오) - us-east-2 arn:aws:sns:us-east-2:118283430703:GuardDutyAnnouncements
미국 서부(캘리포니아 북부) - us-west-1 arn:aws:sns:us-west-1:144182107116:GuardDutyAnnouncements
미국 서부(오레곤) - us-west-2 arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements
캐나다(중부) - ca-central-1 arn:aws:sns:ca-central-1:107430051933:GuardDutyAnnouncements
캐나다 서부(캘거리) - ca-west-1 arn:aws:sns:ca-west-1:440427180217:GuardDutyAnnouncements
유럽(스톡홀름) - eu-north-1 arn:aws:sns:eu-north-1:973841112453:GuardDutyAnnouncements
유럽(아일랜드) - eu-west-1 arn:aws:sns:eu-west-1:965013871422:GuardDutyAnnouncements
유럽(런던) - eu-west-2 arn:aws:sns:eu-west-2:506403581195:GuardDutyAnnouncements
유럽(파리) - eu-west-3 arn:aws:sns:eu-west-3:436163563069:GuardDutyAnnouncements
유럽(프랑크푸르트) - eu-central-1 arn:aws:sns:eu-central-1:378365507264:GuardDutyAnnouncements
유럽(취리히) - eu-central-2 arn:aws:sns:eu-central-2:383009515534:GuardDutyAnnouncements
아시아 태평양(홍콩) - ap-east-1 arn:aws:sns:ap-east-1:646602203151:GuardDutyAnnouncements
아시아 태평양(도쿄) - ap-northeast-1 arn:aws:sns:ap-northeast-1:741172661024:GuardDutyAnnouncements
아시아 태평양(서울) - ap-northeast-2 arn:aws:sns:ap-northeast-2:464168911255:GuardDutyAnnouncements
아시아 태평양(싱가포르) - ap-southeast-1 arn:aws:sns:ap-southeast-1:476419727788:GuardDutyAnnouncements
아시아 태평양(시드니) - ap-southeast-2 arn:aws:sns:ap-southeast-2:457615622431:GuardDutyAnnouncements
아시아 태평양(뭄바이) - ap-south-1 arn:aws:sns:ap-south-1:926826061926:GuardDutyAnnouncements
남아메리카(상파울루) - sa-east-1 arn:aws:sns:sa-east-1:955633302743:GuardDutyAnnouncements
AWS GovCloud(미국 서부) - us-gov-west-1 arn:aws-us-gov:sns:us-gov-west-1:430639793359:GuardDutyAnnouncements
중국(베이징) - cn-north-1 arn:aws-cn:sns:cn-north-1:002991280229:GuardDutyAnnouncements
중국(닝샤) - cn-northwest-1 arn:aws-cn:sns:cn-northwest-1:003033775354:GuardDutyAnnouncements
중동(바레인) - me-south-1 arn:aws:sns:me-south-1:552740612889:GuardDutyAnnouncements
중동(UAE) - me-central-1 arn:aws:sns:me-central-1:030935290150:GuardDutyAnnouncements
유럽(밀라노) - eu-south-1 arn:aws:sns:eu-south-1:188461706213:GuardDutyAnnouncements
유럽(스페인) - eu-south-2 arn:aws:sns:eu-south-2:445632894446:GuardDutyAnnouncements
AWS GovCloud(미국 동부) - us-gov-east-1 arn:aws:sns:us-gov-east-1:143972945659:GuardDutyAnnouncements
아시아 태평양(오사카) - ap-northeast-3 arn:aws:sns:ap-northeast-3:129086577509:GuardDutyAnnouncements
아시아 태평양(자카르타) - ap-southeast-3 arn:aws:sns:ap-southeast-3:225965583551:GuardDutyAnnouncements
아시아 태평양(하이데라바드) - ap-south-2 arn:aws:sns:ap-south-2:595653072700:GuardDutyAnnouncements
아시아 태평양(멜버른) - ap-southeast-4 arn:aws:sns:ap-southeast-4:529900636122:GuardDutyAnnouncements
아시아 태평양(말레이시아) - ap-southeast-5 arn:aws:sns:ap-southeast-5:343218181797:GuardDutyAnnouncements
이스라엘(텔아비브) - il-central-1 arn:aws:sns:il-central-1:847886274986:GuardDutyAnnouncements
아시아 태평양(태국) - ap-southeast-7 arn:aws:sns:ap-southeast-7:863518448376:GuardDutyAnnouncements
멕시코(중부) - mx-central-1 arn:aws:sns:mx-central-1:060795916546:GuardDutyAnnouncements
에서 GuardDuty 업데이트 알림 이메일을 구독하려면 AWS Management Console

  1. https://console.aws.amazon.com/sns/v3/home에서 Amazon SNS 콘솔을 엽니다.

  2. 리전 목록에서 구독할 주제 ARN과 동일한 리전을 선택합니다. 이 예제에서는 us-west-2 리전을 사용합니다.

  3. 왼쪽 탐색 창에서 구독구독 생성을 선택합니다.

  4. 구독 생성 대화 상자의 주제 ARN에 업데이트 주제 ARN: arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements를 붙여 넣습니다.

  5. 프로토콜에서 이메일을 선택합니다. 엔드포인트에서 알림을 받는 데 사용할 수 있는 이메일 주소를 입력합니다.

  6. 구독 생성을 선택합니다.

  7. 이메일 애플리케이션에서 AWS 알림의 메시지를 열고 링크를 열어 구독을 확인합니다.

    웹 브라우저에 Amazon SNS의 확인 응답이 표시됩니다.

를 사용하여 GuardDuty 업데이트 알림 이메일을 구독하려면 AWS CLI

  1. AWS CLI와 함께 다음 명령을 실행합니다.

     aws  sns --region us-west-2 subscribe --topic-arn arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements --protocol email --notification-endpoint your_email@your_domain.com

  2. 이메일 애플리케이션에서 AWS 알림의 메시지를 열고 링크를 열어 구독을 확인합니다.

    웹 브라우저에 Amazon SNS의 확인 응답이 표시됩니다.

Amazon SNS 메시지 형식

GuardDuty 일반 알림 메시지의 예.

{
    "Type" : "Notification",
    "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc",
    "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements",
    "Message" : "{\"version\":\"1\",\"type\":\"GENERAL\",\"message\":[{\"title\":\"Updated AmazonGuardDutyFullAccess policy\",\"body\":\"Added permission that allows you to pass an IAM role to GuardDuty when you enable Malware Protection for S3.\",\"links\":[\"https://docs.aws.amazon.com//guardduty/latest/ug/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess\"]}]}",
    "Timestamp" : "2018-03-09T00:25:43.483Z",
    "SignatureVersion" : "1",
    "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==",
    "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem",
    "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4"
}

구문 분석 메시지 값(이스케이프된 따옴표 제거)은 다음과 같습니다.

{
        "version": "1",
        "type": "GENERAL",
        "message": [
            {
                "title": "Updated AmazonGuardDutyFullAccess policy",
                "body": "Added permission that allows you to pass an IAM role to GuardDuty when you enable Malware Protection for S3.",
                "links": [
                    "https://docs.aws.amazon.com//guardduty/latest/ug/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonGuardDutyFullAccess"
                ]
             }
        ]
}

다음은 새로운 결과에 대한 GuardDuty 업데이트 알림 메시지의 예시입니다.

{
    "Type" : "Notification",
    "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc",
    "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements",
    "Message" : "{\"version\":\"1\",\"type\":\"NEW_FINDINGS\",\"findingDetails\":[{\"link\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html\",\"findingType\":\"UnauthorizedAccess:EC2/TorClient\",\"findingDescription\":\"This finding informs you that an EC2 instance in your AWS environment is making connections to a Tor Guard or an Authority node. Tor is software for enabling anonymous communication. Tor Guards and Authority nodes act as initial gateways into a Tor network. This traffic can indicate that this EC2 instance is acting as a client on a Tor network. A common use for a Tor client is to circumvent network monitoring and filter for access to unauthorized or illicit content. Tor clients can also generate nefarious Internet traffic, including attacking SSH servers. This activity can indicate that your EC2 instance is compromised.\"}]}",
    "Timestamp" : "2018-03-09T00:25:43.483Z",
    "SignatureVersion" : "1",
    "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==",
    "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem",
    "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4"
}

구문 분석 메시지 값(이스케이프된 따옴표 제거)은 다음과 같습니다.

{
    "version": "1",
    "type": "NEW_FINDINGS",
    "findingDetails": [{
        "link": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html",
        "findingType": "UnauthorizedAccess:EC2/TorClient",
        "findingDescription": "This finding informs you that an EC2 instance in your AWS environment is making connections to a Tor Guard or an Authority node. Tor is software for enabling anonymous communication. Tor Guards and Authority nodes act as initial gateways into a Tor network. This traffic can indicate that this EC2 instance is acting as a client on a Tor network. A common use for a Tor client is to circumvent network monitoring and filter for access to unauthorized or illicit content. Tor clients can also generate nefarious Internet traffic, including attacking SSH servers. This activity can indicate that your EC2 instance is compromised."
    }]
}

다음은 GuardDuty 기능 업데이트에 대한 GuardDuty 업데이트 알림 메시지의 예시입니다.

{
    "Type" : "Notification",
    "MessageId" : "9101dc6b-726f-4df0-8646-ec2f94e674bc",
    "TopicArn" : "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements",
    "Message" : "{\"version\":\"1\",\"type\":\"NEW_FEATURES\",\"featureDetails\":[{\"featureDescription\":\"Customers with high-volumes of global CloudTrail events should see a net positive impact on their GuardDuty costs.\",\"featureLink\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_data-sources.html#guardduty_controlplane\"}]}",
    "Timestamp" : "2018-03-09T00:25:43.483Z",
    "SignatureVersion" : "1",
    "Signature" : "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==",
    "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem",
    "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4"
}

구문 분석 메시지 값(이스케이프된 따옴표 제거)은 다음과 같습니다.

{
    "version": "1",
    "type": "NEW_FEATURES",
    "featureDetails": [{
        "featureDescription": "Customers with high-volumes of global CloudTrail events should see a net positive impact on their GuardDuty costs.",
        "featureLink": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_data-sources.html#guardduty_controlplane"
    }]
}

다음은 업데이트된 결과에 대한 GuardDuty 업데이트 알림 메시지의 예시입니다.

{
    "Type": "Notification",
    "MessageId": "9101dc6b-726f-4df0-8646-ec2f94e674bc",
    "TopicArn": "arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements",
    "Message": "{\"version\":\"1\",\"type\":\"UPDATED_FINDINGS\",\"findingDetails\":[{\"link\":\"https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html\",\"findingType\":\"UnauthorizedAccess:EC2/TorClient\",\"description\":\"Increased severity value from 5 to 8.\"}]}",
    "Timestamp": "2018-03-09T00:25:43.483Z",
    "SignatureVersion": "1",
    "Signature": "XWox8GDGLRiCgDOXlo/fG9Lu/88P8S0FL6M6oQYOmUFzkucuhoblsdea3BjqdCHcWR7qdhMPQnLpN7y9iBrWVUqdAGJrukAI8athvAS+4AQD/V/QjrhsEnlj+GaiW+ozAu006X6GopOzFGnCtPMROjCMrMonjz7Hpv/8KRuMZR3pyQYm5d4wWB7xBPYhUMuLoZ1V8YFs55FMtgQV/YLhSYuEu0BP1GMtLQauxDkscOtPP/vjhGQLFx1Q9LTadcQiRHtNIBxWL87PSI+BVvkin6AL7PhksvdQ7FAgHfXsit+6p8GyOvKCqaeBG7HZhR1AbpyVka7JSNRO/6ssyrlj1g==",
    "SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-433026a4050d206028891664da859041.pem",
    "UnsubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:934957504740:GuardDutyAnnouncements:9225ed2b-7228-4665-8a01-c8a5db6859f4"
}

구문 분석 메시지 값(이스케이프된 따옴표 제거)은 다음과 같습니다.

{
    "version": "1",
    "type": "UPDATED_FINDINGS",
    "findingDetails": [{
        "link": "https://docs.aws.amazon.com//guardduty/latest/ug/guardduty_unauthorized.html",
        "findingType": "UnauthorizedAccess:EC2/TorClient",
        "description": "Increased severity value from 5 to 8."
    }]
}