本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
Amazon Inspector 與 整合 AWS Security Hub CSPM
Security Hub CSPM 提供安全狀態的完整檢視 AWS。這可協助您根據安全產業標準和最佳實務檢查環境。Security Hub CSPM 會從 AWS 帳戶、服務和支援的產品收集安全資料。您可以使用此資訊來分析安全趨勢並識別安全問題。當您啟用與 Security Hub CSPM 的 Amazon Inspector 整合時,Amazon Inspector 可以將問題清單傳送到 Security Hub CSPM,而 Security Hub CSPM 可以分析這些問題清單作為安全狀態的一部分。
Security Hub CSPM 會追蹤安全問題做為調查結果。有些問題清單可能是在 AWS 其他服務或第三方產品中偵測到安全問題的結果。Security Hub CSPM 使用一組規則來偵測安全問題,並產生問題清單並提供工具,讓您可以管理問題清單。問題清單在 Amazon Inspector 中關閉後,Security Hub CSPM 會封存 Amazon Inspector 問題清單。您也可以檢視問題清單和問題清單詳細資訊的歷史記錄,以及追蹤問題清單調查的狀態。
Security Hub CSPM 會處理 AWS Security Finding Format (ASFF) 中的問題清單。此格式包含詳細資訊,例如唯一識別符、嚴重性等級、受影響的資源、修補指引、工作流程狀態和內容資訊。
注意
Amazon Inspector Code Security 產生的安全調查結果不適用於此整合。不過,您可以在 Amazon Inspector 主控台和透過 Amazon Inspector API 存取這些特定問題清單。
主題
在 中檢視 Amazon Inspector 調查結果 AWS Security Hub CSPM
您可以在 Security Hub CSPM 中檢視 Amazon Inspector Classic 和 Amazon Inspector 調查結果。
注意
若要僅根據 Amazon Inspector 調查結果進行篩選,請將 "aws/inspector/ProductVersion": "2"新增至篩選條件列。此篩選條件會從 Security Hub CSPM 儀表板排除 Amazon Inspector Classic 調查結果。
Amazon Inspector 中的問題清單範例
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:inspector2:us-east-1:123456789012:finding/FINDING_ID", "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector", "ProductName": "Inspector", "CompanyName": "Amazon", "Region": "us-east-1", "GeneratorId": "AWSInspector", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ], "FirstObservedAt": "2023-01-31T20:25:38Z", "LastObservedAt": "2023-05-04T18:18:43Z", "CreatedAt": "2023-01-31T20:25:38Z", "UpdatedAt": "2023-05-04T18:18:43Z", "Severity": { "Label": "HIGH", "Normalized": 70 }, "Title": "CVE-2022-34918 - kernel", "Description": "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.", "Remediation": { "Recommendation": { "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above. For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." } }, "ProductFields": { "aws/inspector/FindingStatus": "ACTIVE", "aws/inspector/inspectorScore": "7.8", "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2", "aws/inspector/ProductVersion": "2", "aws/inspector/instanceId": "i-0f1ed287081bdf0fb", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/arn:aws:inspector2:us-east-1:123456789012:finding/FINDING_ID", "aws/securityhub/ProductName": "Inspector", "aws/securityhub/CompanyName": "Amazon" }, "Resources": [ { "Type": "AwsEc2Instance", "Id": "arn:aws:ec2:us-east-1:123456789012:i-0f1ed287081bdf0fb", "Partition": "aws", "Region": "us-east-1", "Tags": { "Patch Group": "SSM", "Name": "High-SEv-Test" }, "Details": { "AwsEc2Instance": { "Type": "t2.micro", "ImageId": "ami-0cff7528ff583bf9a", "IpV4Addresses": [ "52.87.229.97", "172.31.57.162" ], "KeyName": "ACloudGuru", "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AmazonSSMRoleForInstancesQuickSetup", "VpcId": "vpc-a0c2d7c7", "SubnetId": "subnet-9c934cb1", "LaunchedAt": "2022-07-26T21:49:46Z" } } } ], "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "Vulnerabilities": [ { "Id": "CVE-2022-34918", "VulnerablePackages": [ { "Name": "kernel", "Version": "5.10.118", "Epoch": "0", "Release": "111.515.amzn2", "Architecture": "X86_64", "PackageManager": "OS", "FixedInVersion": "0:5.10.130-118.517.amzn2", "Remediation": "yum update kernel" } ], "Cvss": [ { "Version": "2.0", "BaseScore": 7.2, "BaseVector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "Source": "NVD" }, { "Version": "3.1", "BaseScore": 7.8, "BaseVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Source": "NVD" }, { "Version": "3.1", "BaseScore": 7.8, "BaseVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Source": "NVD", "Adjustments": [] } ], "Vendor": { "Name": "NVD", "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34918", "VendorSeverity": "HIGH", "VendorCreatedAt": "2022-07-04T21:15:00Z", "VendorUpdatedAt": "2022-10-26T17:05:00Z" }, "ReferenceUrls": [ "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6", "https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/", "https://www.debian.org/security/2022/dsa-5191" ], "FixAvailable": "YES" } ], "FindingProviderFields": { "Severity": { "Label": "HIGH" }, "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ] }, "ProcessedAt": "2023-05-05T20:28:38.822Z" }
啟用和設定 Amazon Inspector 與 Security Hub CSPM 的整合
您可以透過啟用 Security Hub CSPM AWS Security Hub CSPM 來啟用與 的 Amazon Inspector 整合。 https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html啟用 Security Hub CSPM 後, AWS Security Hub CSPM 會自動啟用與 的 Amazon Inspector 整合,Amazon Inspector 會使用安全調查結果AWS 格式 (ASFF) 將其所有調查結果傳送至 Security Hub CSPM。
使用組織政策從 Security Hub CSPM 啟用 Amazon Inspector
您可以直接從 Security Hub CSPM 主控台使用 AWS Organizations 政策來管理整個組織的 Amazon Inspector 啟用。這種集中式方法可讓您透過組織層級政策管理,同時啟用多個帳戶的 Amazon Inspector 掃描。
如需使用組織政策透過 Security Hub CSPM 管理 Amazon Inspector 啟用的詳細說明,請參閱AWS Security Hub CSPM 《 使用者指南》中的管理 Security Hub CSPM 的委派管理員帳戶。
從整合停用問題清單的流程
若要停止 Amazon Inspector 將問題清單傳送至 Security Hub CSPM,您可以使用 Security Hub CSPM 主控台或 API 和 AWS CLI 。
在 Security Hub CSPM 中檢視 Amazon Inspector 的安全控制
Security Hub CSPM 會分析支援 AWS 和第三方產品的問題清單,並根據規則執行自動化和持續安全檢查,以產生自己的問題清單。這些規則由安全控制表示,可協助您判斷是否符合標準中的要求。
Amazon Inspector 使用安全控制來檢查是否已啟用或應該啟用 Amazon Inspector 功能。重要功能如下所示:
-
Amazon EC2 掃描
-
Amazon ECR 掃描
-
Lambda 標準掃描
-
Lambda 程式碼掃描
如需詳細資訊,請參閱《 使用者指南》中的 Amazon Inspector 控制項。 AWS Security Hub CSPM
