本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
Amazon Inspector 与 AWS Security Hub CSPM
Security Hub CSPM 提供了您的安全状态的全面视图。 AWS这将帮助您根据安全行业标准和最佳实践来检查您的环境。Security Hub CSPM 从 AWS 账户、服务和支持产品收集安全数据。您可以使用此信息来分析安全趋势并确定安全问题。当你激活 Amazon Inspector 与 Security Hub CSPM 的集成时,Amazon Inspector 可以将调查结果发送到 Security Hub CSPM,而 Security Hub CSPM 可以将这些发现作为安全态势的一部分进行分析。
Security Hub CSPM 将安全问题作为发现结果进行跟踪。有些发现可能是由于在其他 AWS 服务或第三方产品中检测到的安全问题所致。Security Hub CSPM 使用一组规则来检测安全问题并生成调查结果,并提供工具,以便您可以管理发现。Amazon Inspector 的调查结果结束后,Security Hub CSPM 将存档亚马逊检查员的调查结果。您还可以查看调查发现历史记录和调查发现详细信息,以及跟踪针对调查发现的调查状态。
Security Hub CSPM 以AWS 安全调查结果格式 (ASFF) 处理调查结果。此格式包括唯一标识符、严重性级别、受影响资源、修复指导、工作流状态以及上下文信息等详细内容。
注意
Amazon Inspector 代码安全性生成的安全调查发现不适用于此集成。但是,您可以在 Amazon Inspector 控制台中和通过 Amazon Inspector API 访问这些特定调查发现。
主题
在中查看亚马逊 Inspector 的调查结果 AWS Security Hub CSPM
你可以在 Security Hub CSPM 中查看 Amazon Inspector Classic 和亚马逊 Inspector 的调查结果。
注意
要仅筛选 Amazon Inspector 调查发现,请将 "aws/inspector/ProductVersion": "2" 添加到筛选栏中。此筛选条件排除 Security Hub CSPM 控制面板中的 Amazon Inspector Classic 调查结果。
Amazon Inspector 调查发现示例
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:inspector2:us-east-1:123456789012:finding/FINDING_ID", "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector", "ProductName": "Inspector", "CompanyName": "Amazon", "Region": "us-east-1", "GeneratorId": "AWSInspector", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ], "FirstObservedAt": "2023-01-31T20:25:38Z", "LastObservedAt": "2023-05-04T18:18:43Z", "CreatedAt": "2023-01-31T20:25:38Z", "UpdatedAt": "2023-05-04T18:18:43Z", "Severity": { "Label": "HIGH", "Normalized": 70 }, "Title": "CVE-2022-34918 - kernel", "Description": "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.", "Remediation": { "Recommendation": { "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above. For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." } }, "ProductFields": { "aws/inspector/FindingStatus": "ACTIVE", "aws/inspector/inspectorScore": "7.8", "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2", "aws/inspector/ProductVersion": "2", "aws/inspector/instanceId": "i-0f1ed287081bdf0fb", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/arn:aws:inspector2:us-east-1:123456789012:finding/FINDING_ID", "aws/securityhub/ProductName": "Inspector", "aws/securityhub/CompanyName": "Amazon" }, "Resources": [ { "Type": "AwsEc2Instance", "Id": "arn:aws:ec2:us-east-1:123456789012:i-0f1ed287081bdf0fb", "Partition": "aws", "Region": "us-east-1", "Tags": { "Patch Group": "SSM", "Name": "High-SEv-Test" }, "Details": { "AwsEc2Instance": { "Type": "t2.micro", "ImageId": "ami-0cff7528ff583bf9a", "IpV4Addresses": [ "52.87.229.97", "172.31.57.162" ], "KeyName": "ACloudGuru", "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AmazonSSMRoleForInstancesQuickSetup", "VpcId": "vpc-a0c2d7c7", "SubnetId": "subnet-9c934cb1", "LaunchedAt": "2022-07-26T21:49:46Z" } } } ], "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "Vulnerabilities": [ { "Id": "CVE-2022-34918", "VulnerablePackages": [ { "Name": "kernel", "Version": "5.10.118", "Epoch": "0", "Release": "111.515.amzn2", "Architecture": "X86_64", "PackageManager": "OS", "FixedInVersion": "0:5.10.130-118.517.amzn2", "Remediation": "yum update kernel" } ], "Cvss": [ { "Version": "2.0", "BaseScore": 7.2, "BaseVector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "Source": "NVD" }, { "Version": "3.1", "BaseScore": 7.8, "BaseVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Source": "NVD" }, { "Version": "3.1", "BaseScore": 7.8, "BaseVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Source": "NVD", "Adjustments": [] } ], "Vendor": { "Name": "NVD", "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34918", "VendorSeverity": "HIGH", "VendorCreatedAt": "2022-07-04T21:15:00Z", "VendorUpdatedAt": "2022-10-26T17:05:00Z" }, "ReferenceUrls": [ "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6", "https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/", "https://www.debian.org/security/2022/dsa-5191" ], "FixAvailable": "YES" } ], "FindingProviderFields": { "Severity": { "Label": "HIGH" }, "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ] }, "ProcessedAt": "2023-05-05T20:28:38.822Z" }
激活和配置 Amazon Inspector 与 Security Hub CSPM 的集成
您可以通过启用 Security Hub CSPM AWS Security Hub CSPM 来激活 Amazon Inspector 与的集成。启用 Security Hub CSPM 后,Amazon Inspector 与 AWS Security Hub CSPM 的集成将自动激活,Amazon Inspector 开始使用安全调查格式 (ASFF) 将其所有发现结果发送到 Sec AWS ur ity Hub CSPM。
使用组织策略从 Security Hub CSPM 激活 Amazon Inspector
您可以直接从 Security Hub CSPM 控制台使用组织策略管理整个 AWS 组织的 Amazon Inspector 激活。这种集中式方法允许您通过组织级别的策略管理同时启用 Amazon Inspector 扫描多个账户。
有关使用组织策略管理通过 Security Hub CSPM 激活 Amazon Inspector 的详细说明,请参阅用户指南中的管理 Security Hub CSPM 的委托管理员账户。AWS Security Hub CSPM
禁用来自集成的调查发现流
要阻止 Amazon Inspector 向 Security Hub CSPM 发送调查结果,你可以使用 Security Hub CSPM 控制台或 API 然后... AWS CLI
在 Security Hub CSPM 中查看亚马逊 Inspector 的安全控制
Security Hub CSPM 会分析受支持产品 AWS 和第三方产品的发现,并根据规则进行自动和持续的安全检查,以生成自己的调查结果。这些规则以安全控件表示,可帮助您确定是否满足标准中的要求。
Amazon Inspector 使用安全控件来检查是否启用或应该启用 Amazon Inspector 的特征。这些功能如下所示:
-
亚马逊 EC2 扫描
-
Amazon ECR 扫描
-
Lambda 标准扫描
-
Lambda 代码扫描
有关更多信息,请参阅《AWS Security Hub CSPM 用户指南》中的 Amazon Inspector 控件。
