기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
샘플 노출 조사 결과
AWS Security Hub는 Open Cybersecurity Schema Framework(OCSF)의 노출 조사 결과를 정규화합니다.
샘플 노출 조사 결과
다음 샘플 노출 조사 결과에서 related_events 파라미터에는 기여 조사 결과와 같은 노출 조사 결과에 고유한 세부 정보가 포함되어 있습니다. 기여 조사 결과는 노출 조사 결과와 연결된 특성 및 신호입니다. 단일 기여 결과에 하나 이상의 특성이 포함될 수 있습니다. observables 파라미터는 기여 조사 결과와 연결된 리소스를 식별합니다. 이는 노출 조사 결과와 연결된 리소스를 식별하는 resources 파라미터와 다를 수 있습니다.
{ "activity_id": 1, "activity_name": "Create", "category_name": "Findings", "category_uid": 2, "class_name": "Detection Finding", "class_uid": 2004, "cloud": { "account": { "uid": "123456789012", "name": "production-application" }, "cloud_partition": "aws", "provider": "AWS", "region": "us-east-1" }, "finding_info": { "analytic": { "name": "Exposure", "type": "Rule", "type_id": 1, "uid": "0.0.1" }, "created_time_dt": "2024-11-15T21:39:26.337224100Z", "desc": "Publicly invocable Lambda function executed outside of VPC has vulnerability with known exploit that can be exploited from remote network", "finding.info.modified_time_dt": "2024-11-15T21:39:26.337224100Z", "related_events_count": 3, "related_events": [ { "tags": [ { "name": "Vulnerability", "values": [ "Attack Vector Network", "EPSS Level >= High", "EPSS Level >= Medium", "Exploit Available", "No Privileges Required", "No User Interaction Required", "Vulnerable" ] } ], "product": { "uid": "arn:aws:securityhub:us-east-1::productv2/aws/inspector" }, "observables": [ { "type": "Resource UID", "type_id": 10, "value": "arn:aws:lambda:us-east-1:123456789012:application-function" } ], "type": "Finding", "title": "CVE-2023-33246 - org.apache.rocketmq:rocketmq-controller", "uid": "arn:aws:inspector2:us-east-1:123456789012:finding/1234567890abcdef0" }, { "tags": [ { "name": "Reachability", "values": [ "Publicly Invocable" ] } ], "product": { "uid": "arn:aws:securityhub:us-east-1::productv2/aws/securityhub" }, "observables": [ { "type": "Resource UID", "type_id": 10, "value": "arn:aws:lambda:us-east-1:123456789012:application-function" } ], "type": "Finding", "title": "Lambda function policies should prohibit public access", "uid": "arn:aws:securityhub:us-east-1:123456789012:security-control/Lambda.1/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLEaaaaa" }, { "tags": [ { "name": "Misconfiguration", "values": [ "Deployed outside VPC" ] } ], "product": { "uid": "arn:aws:securityhub:us-east-1::productv2/aws/securityhub" }, "observables": [ { "type": "Resource UID", "type_id": 10, "value": "arn:aws:lambda:us-east-1:123456789012:application-function" } ], "type": "Finding", "title": "Lambda functions should be in a VPC", "uid": "arn:aws:securityhub:us-east-1:123456789012:security-control/Lambda.3/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" } ], "title": "Publicly invocable Lambda function executed outside of VPC has vulnerability with known exploit that can be exploited from remote network", "types": [ "Exposure/Potential Impact/Resource Hijacking" ], "uid": "arn:aws:securityhub:us-east-1:123456789012:risk:1234f781c7ae7507f01e2fb460f15ca8fe7f9c95e257698a092cb74a4ea84a42" }, "metadata": { "product": { "name": "Security Hub Exposure Analysis", "uid": "arn:aws:securityhub:us-east-1::productv2/aws/securityhub-risk", "vendor_name": "Amazon" }, "processed_time_dt": "2024-11-15T21:39:58.819Z", "profiles": [ "cloud", "datetime" ], "version": "1.4.0-dev" }, "resources": [ { "cloud_partition": "aws", "region": "us-east-1", "tags": [ { "name": "aws:cloudformation:stack-name", "value": "LambdaProdStack" }, { "name": "aws:cloudformation:stack-id", "value": "arn:aws:cloudformation:us-east-1:123456789012:stack/LambdaProdStack/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222" }, { "name": "aws:cloudformation:logical-id", "value": "lambdar3function94D10D40" } ], "type": "AwsLambdaFunction", "uid": "arn:aws:lambda:us-east-1:123456789012:application-function" } ], "severity": "Critical", "severity_id": 5, "status": "New", "status_id": 1, "time": 1731706766337, "time_dt": "2024-11-15T21:39:26.337224100Z", "type_name": "Detection Finding: Create", "type_uid": 200401, "vendor_attributes": { "severity_id": 5, "severity": "Critical" } }
