Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra.
Voici des exemples de syntaxe ASFF ( AWS Security Finding Format) pour les AwsRds ressources.
AWS Security Hub normalise les résultats provenant de diverses sources dans ASFF. Pour des informations générales sur ASFF, voirAWS Format de recherche de sécurité (ASFF).
AwsRdsDbCluster
L'AwsRdsDbClusterobjet fournit des informations sur un cluster de bases de données Amazon RDS.
L'exemple suivant montre le format ASFF ( AWS Security Finding Format) pour l'AwsRdsDbClusterobjet. Pour consulter les descriptions des AwsRdsDbCluster attributs, reportez-vous AwsRdsDbClusterDetailsà la référence de l'AWS Security Hub API.
Exemple
"AwsRdsDbCluster": {
"ActivityStreamStatus": "stopped",
"AllocatedStorage": 1,
"AssociatedRoles": [
{
"RoleArn": "arn:aws:iam::777788889999:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
"Status": "PENDING"
}
],
"AutoMinorVersionUpgrade": true,
"AvailabilityZones": [
"us-east-1a",
"us-east-1c",
"us-east-1e"
],
"BackupRetentionPeriod": 1,
"ClusterCreateTime": "2020-06-22T17:40:12.322Z",
"CopyTagsToSnapshot": true,
"CrossAccountClone": false,
"CustomEndpoints": [],
"DatabaseName": "Sample name",
"DbClusterIdentifier": "database-3",
"DbClusterMembers": [
{
"DbClusterParameterGroupStatus": "in-sync",
"DbInstanceIdentifier": "database-3-instance-1",
"IsClusterWriter": true,
"PromotionTier": 1,
}
],
"DbClusterOptionGroupMemberships": [],
"DbClusterParameterGroup": "cluster-parameter-group",
"DbClusterResourceId": "cluster-example",
"DbSubnetGroup": "subnet-group",
"DeletionProtection": false,
"DomainMemberships": [],
"Status": "modifying",
"EnabledCloudwatchLogsExports": [
"audit",
"error",
"general",
"slowquery"
],
"Endpoint": "database-3.cluster-example.us-east-1.rds.amazonaws.com",
"Engine": "aurora-mysql",
"EngineMode": "provisioned",
"EngineVersion": "5.7.mysql_aurora.2.03.4",
"HostedZoneId": "ZONE1",
"HttpEndpointEnabled": false,
"IamDatabaseAuthenticationEnabled": false,
"KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
"MasterUsername": "admin",
"MultiAz": false,
"Port": 3306,
"PreferredBackupWindow": "04:52-05:22",
"PreferredMaintenanceWindow": "sun:09:32-sun:10:02",
"ReaderEndpoint": "database-3.cluster-ro-example.us-east-1.rds.amazonaws.com",
"ReadReplicaIdentifiers": [],
"Status": "Modifying",
"StorageEncrypted": true,
"VpcSecurityGroups": [
{
"Status": "active",
"VpcSecurityGroupId": "sg-example-1"
}
],
}
AwsRdsDbClusterSnapshot
L'AwsRdsDbClusterSnapshotobjet contient des informations sur un instantané de cluster de base de données Amazon RDS.
L'exemple suivant montre le format ASFF ( AWS Security Finding Format) pour l'AwsRdsDbClusterSnapshotobjet. Pour consulter les descriptions des AwsRdsDbClusterSnapshot attributs, reportez-vous AwsRdsDbClusterSnapshotDetailsà la référence de l'AWS Security Hub API.
Exemple
"AwsRdsDbClusterSnaphot": {
"AllocatedStorage": 0,
"AvailabilityZones": [
"us-east-1a",
"us-east-1d",
"us-east-1e"
],
"ClusterCreateTime": "2020-06-12T13:23:15.577Z",
"DbClusterIdentifier": "database-2",
"DbClusterSnapshotAttributes": [{
"AttributeName": "restore",
"AttributeValues": ["123456789012"]
}],
"DbClusterSnapshotIdentifier": "rds:database-2-2020-06-23-03-52",
"Engine": "aurora",
"EngineVersion": "5.6.10a",
"IamDatabaseAuthenticationEnabled": false,
"KmsKeyId": "arn:aws:kms:us-east-1:777788889999:key/key1",
"LicenseModel": "aurora",
"MasterUsername": "admin",
"PercentProgress": 100,
"Port": 0,
"SnapshotCreateTime": "2020-06-22T17:40:12.322Z",
"SnapshotType": "automated",
"Status": "available",
"StorageEncrypted": true,
"VpcId": "vpc-faf7e380"
}
AwsRdsDbInstance
L'AwsRdsDbInstanceobjet fournit des détails sur une instance de base de données Amazon RDS.
L'exemple suivant montre le format ASFF ( AWS Security Finding Format) pour l'AwsRdsDbInstanceobjet. Pour consulter les descriptions des AwsRdsDbInstance attributs, reportez-vous AwsRdsDbInstanceDetailsà la référence de l'AWS Security Hub API.
Exemple
"AwsRdsDbInstance": {
"AllocatedStorage": 20,
"AssociatedRoles": [],
"AutoMinorVersionUpgrade": true,
"AvailabilityZone": "us-east-1d",
"BackupRetentionPeriod": 7,
"CaCertificateIdentifier": "certificate1",
"CharacterSetName": "",
"CopyTagsToSnapshot": true,
"DbClusterIdentifier": "",
"DbInstanceArn": "arn:aws:rds:us-east-1:111122223333:db:database-1",
"DbInstanceClass": "db.t2.micro",
"DbInstanceIdentifier": "database-1",
"DbInstancePort": 0,
"DbInstanceStatus": "available",
"DbiResourceId": "db-EXAMPLE123",
"DbName": "",
"DbParameterGroups": [
{
"DbParameterGroupName": "default.mysql5.7",
"ParameterApplyStatus": "in-sync"
}
],
"DbSecurityGroups": [],
"DbSubnetGroup": {
"DbSubnetGroupName": "my-group-123abc",
"DbSubnetGroupDescription": "My subnet group",
"VpcId": "vpc-example1",
"SubnetGroupStatus": "Complete",
"Subnets": [
{
"SubnetIdentifier": "subnet-123abc",
"SubnetAvailabilityZone": {
"Name": "us-east-1d"
},
"SubnetStatus": "Active"
},
{
"SubnetIdentifier": "subnet-456def",
"SubnetAvailabilityZone": {
"Name": "us-east-1c"
},
"SubnetStatus": "Active"
}
],
"DbSubnetGroupArn": ""
},
"DeletionProtection": false,
"DomainMemberships": [],
"EnabledCloudWatchLogsExports": [],
"Endpoint": {
"address": "database-1.example.us-east-1.rds.amazonaws.com",
"port": 3306,
"hostedZoneId": "ZONEID1"
},
"Engine": "mysql",
"EngineVersion": "5.7.22",
"EnhancedMonitoringResourceArn": "arn:aws:logs:us-east-1:111122223333:log-group:Example:log-stream:db-EXAMPLE1",
"IamDatabaseAuthenticationEnabled": false,
"InstanceCreateTime": "2020-06-22T17:40:12.322Z",
"Iops": "",
"KmsKeyId": "",
"LatestRestorableTime": "2020-06-24T05:50:00.000Z",
"LicenseModel": "general-public-license",
"ListenerEndpoint": "",
"MasterUsername": "admin",
"MaxAllocatedStorage": 1000,
"MonitoringInterval": 60,
"MonitoringRoleArn": "arn:aws:iam::111122223333:role/rds-monitoring-role",
"MultiAz": false,
"OptionGroupMemberships": [
{
"OptionGroupName": "default:mysql-5-7",
"Status": "in-sync"
}
],
"PreferredBackupWindow": "03:57-04:27",
"PreferredMaintenanceWindow": "thu:10:13-thu:10:43",
"PendingModifiedValues": {
"DbInstanceClass": "",
"AllocatedStorage": "",
"MasterUserPassword": "",
"Port": "",
"BackupRetentionPeriod": "",
"MultiAZ": "",
"EngineVersion": "",
"LicenseModel": "",
"Iops": "",
"DbInstanceIdentifier": "",
"StorageType": "",
"CaCertificateIdentifier": "",
"DbSubnetGroupName": "",
"PendingCloudWatchLogsExports": "",
"ProcessorFeatures": []
},
"PerformanceInsightsEnabled": false,
"PerformanceInsightsKmsKeyId": "",
"PerformanceInsightsRetentionPeriod": "",
"ProcessorFeatures": [],
"PromotionTier": "",
"PubliclyAccessible": false,
"ReadReplicaDBClusterIdentifiers": [],
"ReadReplicaDBInstanceIdentifiers": [],
"ReadReplicaSourceDBInstanceIdentifier": "",
"SecondaryAvailabilityZone": "",
"StatusInfos": [],
"StorageEncrypted": false,
"StorageType": "gp2",
"TdeCredentialArn": "",
"Timezone": "",
"VpcSecurityGroups": [
{
"VpcSecurityGroupId": "sg-example1",
"Status": "active"
}
]
}AwsRdsDbSecurityGroup
L'AwsRdsDbSecurityGroupobjet contient des informations sur un Amazon Relational Database Service
L'exemple suivant montre le format ASFF ( AWS Security Finding Format) pour l'AwsRdsDbSecurityGroupobjet. Pour consulter les descriptions des AwsRdsDbSecurityGroup attributs, reportez-vous AwsRdsDbSecurityGroupDetailsà la référence de l'AWS Security Hub API.
Exemple
"AwsRdsDbSecurityGroup": {
"DbSecurityGroupArn": "arn:aws:rds:us-west-1:111122223333:secgrp:default",
"DbSecurityGroupDescription": "default",
"DbSecurityGroupName": "mysecgroup",
"Ec2SecurityGroups": [
{
"Ec2SecurityGroupuId": "myec2group",
"Ec2SecurityGroupName": "default",
"Ec2SecurityGroupOwnerId": "987654321021",
"Status": "authorizing"
}
],
"IpRanges": [
{
"Cidrip": "0.0.0.0/0",
"Status": "authorizing"
}
],
"OwnerId": "123456789012",
"VpcId": "vpc-1234567f"
}AwsRdsDbSnapshot
L'AwsRdsDbSnapshotobjet contient des informations sur un instantané de cluster de base de données Amazon RDS.
L'exemple suivant montre le format ASFF ( AWS Security Finding Format) pour l'AwsRdsDbSnapshotobjet. Pour consulter les descriptions des AwsRdsDbSnapshot attributs, reportez-vous AwsRdsDbSnapshotDetailsà la référence de l'AWS Security Hub API.
Exemple
"AwsRdsDbSnapshot": {
"DbSnapshotIdentifier": "rds:database-1-2020-06-22-17-41",
"DbInstanceIdentifier": "database-1",
"SnapshotCreateTime": "2020-06-22T17:41:29.967Z",
"Engine": "mysql",
"AllocatedStorage": 20,
"Status": "available",
"Port": 3306,
"AvailabilityZone": "us-east-1d",
"VpcId": "vpc-example1",
"InstanceCreateTime": "2020-06-22T17:40:12.322Z",
"MasterUsername": "admin",
"EngineVersion": "5.7.22",
"LicenseModel": "general-public-license",
"SnapshotType": "automated",
"Iops": null,
"OptionGroupName": "default:mysql-5-7",
"PercentProgress": 100,
"SourceRegion": null,
"SourceDbSnapshotIdentifier": "",
"StorageType": "gp2",
"TdeCredentialArn": "",
"Encrypted": false,
"KmsKeyId": "",
"Timezone": "",
"IamDatabaseAuthenticationEnabled": false,
"ProcessorFeatures": [],
"DbiResourceId": "db-resourceexample1"
}AwsRdsEventSubscription
Le AwsRdsEventSubscription contient des informations sur un abonnement aux notifications d'événements RDS. L'abonnement permet à RDS de publier des événements sur un sujet SNS.
L'exemple suivant montre le format ASFF ( AWS Security Finding Format) pour l'AwsRdsEventSubscriptionobjet. Pour consulter les descriptions des AwsRdsEventSubscription attributs, reportez-vous AwsRdsEventSubscriptionDetailsà la référence de l'AWS Security Hub API.
Exemple
"AwsRdsEventSubscription": {
"CustSubscriptionId": "myawsuser-secgrp",
"CustomerAwsId": "111111111111",
"Enabled": true,
"EventCategoriesList": [
"configuration change",
"failure"
],
"EventSubscriptionArn": "arn:aws:rds:us-east-1:111111111111:es:my-instance-events",
"SnsTopicArn": "arn:aws:sns:us-east-1:111111111111:myawsuser-RDS",
"SourceIdsList": [
"si-sample",
"mysqldb-rr"
],
"SourceType": "db-security-group",
"Status": "creating",
"SubscriptionCreationTime": "2021-06-27T01:38:01.090Z"
}