本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
Amazon Inspector 與 整合 AWS Security Hub
Security Hub 提供安全狀態的完整檢視 AWS。這可協助您根據安全產業標準和最佳實務來檢查環境。Security Hub 會從 AWS 帳戶、服務和支援的產品收集安全資料。您可以使用此資訊來分析安全趨勢並識別安全問題。當您啟用與 Security Hub 的 Amazon Inspector 整合時,Amazon Inspector 可以將問題清單傳送至 Security Hub,而 Security Hub 可以分析這些問題清單作為安全狀態的一部分。
Security Hub 會將安全問題作為問題清單進行追蹤。有些問題清單可能是由於在 AWS 其他服務或第三方產品中偵測到安全問題所致。Security Hub 使用一組規則來偵測安全問題,並產生問題清單並提供工具,讓您可以管理問題清單。問題清單在 Amazon Inspector 中關閉後,Security Hub 會封存 Amazon Inspector 問題清單。您也可以檢視問題清單和問題清單詳細資訊的歷史記錄,以及追蹤問題清單調查的狀態。
Security Hub 會處理 AWS Security Finding Format (ASFF) 中的問題清單。此格式包含詳細資訊,例如唯一識別符、嚴重性等級、受影響的資源、修補指引、工作流程狀態和內容資訊。
注意
Amazon Inspector Code Security 產生的安全調查結果不適用於此整合。不過,您可以在 Amazon Inspector 主控台和透過 Amazon Inspector API 存取這些特定問題清單。
主題
在 中檢視 Amazon Inspector 問題清單 AWS Security Hub
您可以在 Security Hub 中檢視 Amazon Inspector Classic 和 Amazon Inspector 調查結果。
注意
若要僅根據 Amazon Inspector 調查結果進行篩選,請將 "aws/inspector/ProductVersion": "2"新增至篩選條件列。此篩選條件會從 Security Hub 儀表板排除 Amazon Inspector Classic 調查結果。
來自 Amazon Inspector 的問題清單範例
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:inspector2:us-east-1:123456789012:finding/FINDING_ID", "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector", "ProductName": "Inspector", "CompanyName": "Amazon", "Region": "us-east-1", "GeneratorId": "AWSInspector", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ], "FirstObservedAt": "2023-01-31T20:25:38Z", "LastObservedAt": "2023-05-04T18:18:43Z", "CreatedAt": "2023-01-31T20:25:38Z", "UpdatedAt": "2023-05-04T18:18:43Z", "Severity": { "Label": "HIGH", "Normalized": 70 }, "Title": "CVE-2022-34918 - kernel", "Description": "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.", "Remediation": { "Recommendation": { "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above. For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." } }, "ProductFields": { "aws/inspector/FindingStatus": "ACTIVE", "aws/inspector/inspectorScore": "7.8", "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2", "aws/inspector/ProductVersion": "2", "aws/inspector/instanceId": "i-0f1ed287081bdf0fb", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/arn:aws:inspector2:us-east-1:123456789012:finding/FINDING_ID", "aws/securityhub/ProductName": "Inspector", "aws/securityhub/CompanyName": "Amazon" }, "Resources": [ { "Type": "AwsEc2Instance", "Id": "arn:aws:ec2:us-east-1:123456789012:i-0f1ed287081bdf0fb", "Partition": "aws", "Region": "us-east-1", "Tags": { "Patch Group": "SSM", "Name": "High-SEv-Test" }, "Details": { "AwsEc2Instance": { "Type": "t2.micro", "ImageId": "ami-0cff7528ff583bf9a", "IpV4Addresses": [ "52.87.229.97", "172.31.57.162" ], "KeyName": "ACloudGuru", "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AmazonSSMRoleForInstancesQuickSetup", "VpcId": "vpc-a0c2d7c7", "SubnetId": "subnet-9c934cb1", "LaunchedAt": "2022-07-26T21:49:46Z" } } } ], "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "Vulnerabilities": [ { "Id": "CVE-2022-34918", "VulnerablePackages": [ { "Name": "kernel", "Version": "5.10.118", "Epoch": "0", "Release": "111.515.amzn2", "Architecture": "X86_64", "PackageManager": "OS", "FixedInVersion": "0:5.10.130-118.517.amzn2", "Remediation": "yum update kernel" } ], "Cvss": [ { "Version": "2.0", "BaseScore": 7.2, "BaseVector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "Source": "NVD" }, { "Version": "3.1", "BaseScore": 7.8, "BaseVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Source": "NVD" }, { "Version": "3.1", "BaseScore": 7.8, "BaseVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Source": "NVD", "Adjustments": [] } ], "Vendor": { "Name": "NVD", "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34918", "VendorSeverity": "HIGH", "VendorCreatedAt": "2022-07-04T21:15:00Z", "VendorUpdatedAt": "2022-10-26T17:05:00Z" }, "ReferenceUrls": [ "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6", "https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/", "https://www.debian.org/security/2022/dsa-5191" ], "FixAvailable": "YES" } ], "FindingProviderFields": { "Severity": { "Label": "HIGH" }, "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ] }, "ProcessedAt": "2023-05-05T20:28:38.822Z" }
啟用和設定 Amazon Inspector 與 Security Hub 的整合
您可以啟用 Security Hub AWS Security Hub 來啟用與 的 Amazon Inspector 整合。啟用 Security Hub 後, AWS Security Hub 會自動啟用與 的 Amazon Inspector 整合,Amazon Inspector 會使用安全調查結果AWS 格式 (ASFF) 將其所有調查結果傳送至 Security Hub。
從整合停用問題清單的流程
若要停止 Amazon Inspector 傳送問題清單至 Security Hub,您可以使用 Security Hub 主控台或 API 和 AWS CLI 。
在 Security Hub 中檢視 Amazon Inspector 的安全控制
Security Hub 會分析支援 AWS 和第三方產品的問題清單,並根據規則執行自動化和持續的安全檢查,以產生自己的問題清單。這些規則由安全控制表示,可協助您判斷是否符合標準中的要求。
Amazon Inspector 使用安全控制來檢查是否已啟用或應該啟用 Amazon Inspector 功能。重要功能如下所示:
-
Amazon EC2 掃描
-
Amazon ECR 掃描
-
Lambda 標準掃描
-
Lambda 程式碼掃描
如需詳細資訊,請參閱《 使用者指南》中的 Amazon Inspector 控制項。 AWS Security Hub
