翻訳は機械翻訳により提供されています。提供された翻訳内容と英語版の間で齟齬、不一致または矛盾がある場合、英語版が優先します。
Amazon Inspector EventBridge イベントの Amazon イベントスキーマ Amazon Inspector
Amazon EventBridge は、アプリケーションやその他の から、 AWS Lambda 関数、Amazon Simple Notification Service トピック、Amazon Kinesis Data Streams のデータストリームなどの AWS のサービス ターゲットにリアルタイムデータのストリームを配信します。他のアプリケーション、サービス、システムとの統合をサポートするために、Amazon Inspector は検出結果をイベント EventBridge として に自動的に発行します。Amazon Inspector を使用して、検出結果、カバレッジ、スキャンのイベントを発行できます。このセクションでは、 EventBridge イベントのスキーマの例を示します。
トピック
Amazon Inspector の Amazon EventBridge ベーススキーマ
Amazon Inspector の EventBridge イベントの基本スキーマの例を次に示します。イベントの詳細は、イベントのタイプによって異なります。
{ "version": "0", "id": "Event ID", "detail-type": "Inspector2 *event type*", "source": "aws.inspector2", "account": "AWS アカウント ID (string)", "time": "event timestamp (string)", "region": "AWS リージョン (string)", "resources": [ *IDs or ARNs of the resources involved in the event* ], "detail": { *Details of an Amazon Inspector event type* } }
Amazon Inspector 検出結果イベントスキーマの例
Amazon Inspector の検出結果の EventBridge イベントのスキーマの例を次に示します。検出結果イベントは、Amazon Inspector がリソースの 1 つでソフトウェアの脆弱性またはネットワークの問題を特定したときに作成されます。このタイプのイベントに対して通知を作成するガイドについては、「Amazon Inspector の検出結果へのカスタムレスポンスを Amazon で作成する EventBridge」を参照してください。
以下のフィールドは検出結果イベントを識別します。
detail-typeフィールドはInspector2 Findingに設定されます。detailオブジェクトは検出結果を記述します。
オプションを選択すると、さまざまなリソースのイベントスキーマの検出結果と検出結果タイプが表示されます。
- Amazon EC2 package vulnerability finding
{ "version": "0", "id": "66a7a279-5f92-971c-6d3e-c92da0950992", "detail-type": "Inspector2 Finding", "source": "aws.inspector2", "account": "111122223333", "time": "2023-01-19T22:46:15Z", "region": "us-east-1", "resources": ["i-0c2a343f1948d5205"], "detail": { "awsAccountId": "111122223333", "description": "\n It was discovered that the sound subsystem in the Linux kernel contained a\n race condition in some situations. A local attacker could use this to cause\n a denial of service (system crash).", "exploitAvailable": "YES", "exploitabilityDetails": { "lastKnownExploitAt": "Oct 24, 2022, 11:08:59 PM" }, "findingArn": "arn:aws:inspector2:us-east-1:111122223333:finding/FINDING_ID", "firstObservedAt": "Jan 19, 2023, 10:46:15 PM", "fixAvailable": "YES", "lastObservedAt": "Jan 19, 2023, 10:46:15 PM", "packageVulnerabilityDetails": { "cvss": [{ "baseScore": 4.7, "scoringVector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "source": "NVD", "version": "3.1" }], "referenceUrls": ["https://lore.kernel.org/all/CAFcO6XN7JDM4xSXGhtusQfS2mSBcx50VJKwQpCq=WeLt57aaZA@mail.gmail.com/", "https://ubuntu.com/security/notices/USN-5792-1", "https://ubuntu.com/security/notices/USN-5791-2", "https://ubuntu.com/security/notices/USN-5791-1", "https://ubuntu.com/security/notices/USN-5793-2", "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8423f0b6d513b259fdab9c9bf4aaa6188d054c2d", "https://ubuntu.com/security/notices/USN-5793-1", "https://ubuntu.com/security/notices/USN-5792-2", "https://ubuntu.com/security/notices/USN-5791-3", "https://ubuntu.com/security/notices/USN-5793-4", "https://ubuntu.com/security/notices/USN-5793-3", "https://git.kernel.org/linus/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d(6.0-rc5)", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3303"], "relatedVulnerabilities": [], "source": "UBUNTU_CVE", "sourceUrl": "https://people.canonical.com/~ubuntu-security/cve/2022/CVE-2022-3303.html", "vendorCreatedAt": "Sep 27, 2022, 11:15:00 PM", "vendorSeverity": "medium", "vulnerabilityId": "CVE-2022-3303", "vulnerablePackages": [{ "arch": "X86_64", "epoch": 0, "fixedInVersion": "0:5.15.0.1027.31~20.04.16", "name": "linux-image-aws", "packageManager": "OS", "remediation": "apt update && apt install --only-upgrade linux-image-aws", "version": "5.15.0.1026.30~20.04.16" }] }, "remediation": { "recommendation": { "text": "None Provided" } }, "resources": [{ "details": { "awsEc2Instance": { "iamInstanceProfileArn": "arn:aws:iam::111122223333:instance-profile/AmazonSSMRoleForInstancesQuickSetup", "imageId": "ami-0b7ff1a8d69f1bb35", "ipV4Addresses": ["172.31.85.212", "44.203.45.27"], "ipV6Addresses": [], "launchedAt": "Jan 19, 2023, 7:53:14 PM", "platform": "UBUNTU_20_04", "subnetId": "subnet-8213f2a3", "type": "t2.micro", "vpcId": "vpc-ab6650d1" } }, "id": "i-0c2a343f1948d5205", "partition": "aws", "region": "us-east-1", "type": "AWS_EC2_INSTANCE" }], "severity": "MEDIUM", "status": "ACTIVE", "title": "CVE-2022-3303 - linux-image-aws", "type": "PACKAGE_VULNERABILITY", "updatedAt": "Jan 19, 2023, 10:46:15 PM" } }- Amazon EC2 network reachability finding
-
{ "version": "0", "id": "d0384f63-1621-1b75-d014-a5e45628ef3e", "detail-type": "Inspector2 Finding", "source": "aws.inspector2", "account": "111122223333", "time": "2023-01-20T09:17:57Z", "region": "us-east-1", "resources": ["i-0a96278c2206a8e4b"], "detail": { "awsAccountId": "111122223333", "description": "On the instance i-0a96278c2206a8e4b, the port range 22-22 is reachable from the InternetGateway igw-72069c09 from an attached ENI eni-0976efe678170408f.", "findingArn": "arn:aws:inspector2:us-east-1:111122223333:finding/FINDING_ID", "firstObservedAt": "Jan 20, 2023, 9:17:57 AM", "lastObservedAt": "Jan 20, 2023, 9:17:57 AM", "networkReachabilityDetails": { "networkPath": { "steps": [{ "componentId": "igw-72069c09", "componentType": "AWS::EC2::InternetGateway" }, { "componentId": "acl-91d74eec", "componentType": "AWS::EC2::NetworkAcl" }, { "componentId": "sg-0aaed0af450bd0165", "componentType": "AWS::EC2::SecurityGroup" }, { "componentId": "eni-0976efe678170408f", "componentType": "AWS::EC2::NetworkInterface" }, { "componentId": "i-0a96278c2206a8e4b", "componentType": "AWS::EC2::Instance" }] }, "openPortRange": { "begin": 22, "end": 22 }, "protocol": "TCP" }, "remediation": { "recommendation": { "text": "You can restrict access to your instance by modifying the Security Groups or ACLs in the network path." } }, "resources": [{ "details": { "awsEc2Instance": { "iamInstanceProfileArn": "arn:aws:iam::111122223333:instance-profile/AmazonSSMRoleForInstancesQuickSetup", "imageId": "ami-0b5eea76982371e91", "ipV4Addresses": ["3.89.90.19", "172.31.93.57"], "ipV6Addresses": [], "keyName": "example-inspector-test", "launchedAt": "Jan 19, 2023, 7:25:02 PM", "platform": "AMAZON_LINUX_2", "subnetId": "subnet-8213f2a3", "type": "t2.micro", "vpcId": "vpc-ab6650d1" } }, "id": "i-0a96278c2206a8e4b", "partition": "aws", "region": "us-east-1", "type": "AWS_EC2_INSTANCE" }], "severity": "MEDIUM", "status": "ACTIVE", "title": "Port 22 is reachable from an Internet Gateway", "type": "NETWORK_REACHABILITY", "updatedAt": "Jan 20, 2023, 9:17:57 AM" } } - Amazon ECR package vulnerability finding
{ "version": "0", "id": "5b52952e-26df-3a51-6d14-4dbe737e58ec", "detail-type": "Inspector2 Finding", "source": "aws.inspector2", "account": "111122223333", "time": "2023-01-19T21:59:00Z", "region": "us-east-1", "resources": [ "arn:aws:ecr:us-east-1:111122223333:repository/inspector2/sha256:98f0304b3a3b7c12ce641177a99d1f3be56f532473a528fda38d53d519cafb13" ], "detail": { "awsAccountId": "111122223333", "description": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", "exploitAvailable": "NO", "findingArn": "arn:aws:inspector2:us-east-1:111122223333:finding/FINDING_ID", "firstObservedAt": "Jan 19, 2023, 9:59:00 PM", "fixAvailable": "YES", "inspectorScore": 7.5, "inspectorScoreDetails": { "adjustedCvss": { "adjustments": [], "cvssSource": "NVD", "score": 7.5, "scoreSource": "NVD", "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, "lastObservedAt": "Jan 19, 2023, 9:59:00 PM", "packageVulnerabilityDetails": { "cvss": [ { "baseScore": 5, "scoringVector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "source": "NVD", "version": "2.0" }, { "baseScore": 7.5, "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "source": "NVD", "version": "3.1" } ], "referenceUrls": [ "https://hackerone.com/reports/1555796", "https://security.gentoo.org/glsa/202212-01", "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", "https://www.debian.org/security/2022/dsa-5197" ], "relatedVulnerabilities": [], "source": "NVD", "sourceUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782", "vendorCreatedAt": "Jun 2, 2022, 2:15:00 PM", "vendorSeverity": "HIGH", "vendorUpdatedAt": "Jan 5, 2023, 5:51:00 PM", "vulnerabilityId": "CVE-2022-27782", "vulnerablePackages": [ { "arch": "X86_64", "epoch": 0, "fixedInVersion": "0:7.61.1-22.el8_6.3", "name": "libcurl", "packageManager": "OS", "release": "22.el8", "remediation": "yum update libcurl", "sourceLayerHash": "sha256:38a980f2cc8accf69c23deae6743d42a87eb34a54f02396f3fcfd7c2d06e2c5b", "version": "7.61.1" }, { "arch": "X86_64", "epoch": 0, "fixedInVersion": "0:7.61.1-22.el8_6.3", "name": "curl", "packageManager": "OS", "release": "22.el8", "remediation": "yum update curl", "sourceLayerHash": "sha256:38a980f2cc8accf69c23deae6743d42a87eb34a54f02396f3fcfd7c2d06e2c5b", "version": "7.61.1" } ] }, "remediation": { "recommendation": { "text": "None Provided" } }, "resources": [ { "details": { "awsEcrContainerImage": { "architecture": "amd64", "imageHash": "sha256:98f0304b3a3b7c12ce641177a99d1f3be56f532473a528fda38d53d519cafb13", "imageTags": [ "o3" ], "platform": "ORACLE_LINUX_8", "pushedAt": "Jan 19, 2023, 7:38:39 PM", "registry": "111122223333", "repositoryName": "inspector2" } }, "id": "arn:aws:ecr:us-east-1:111122223333:repository/inspector2/sha256:98f0304b3a3b7c12ce641177a99d1f3be56f532473a528fda38d53d519cafb13", "partition": "aws", "region": "us-east-1", "type": "AWS_ECR_CONTAINER_IMAGE" } ], "severity": "HIGH", "status": "ACTIVE", "title": "CVE-2022-27782 - libcurl, curl", "type": "PACKAGE_VULNERABILITY", "updatedAt": "Jan 19, 2023, 9:59:00 PM" } }- Lambda package vulnerability finding
-
{ "version": "0", "id": "040bb590-3a12-353f-ecb1-05e54b0fbea7", "detail-type": "Inspector2 Finding", "source": "aws.inspector2", "account": "111122223333", "time": "2023-01-19T19:20:25Z", "region": "us-east-1", "resources": [ "arn:aws:lambda:us-east-1:111122223333:function:ExampleFunction:$LATEST" ], "detail": { "awsAccountId": "111122223333", "description": "Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.", "exploitAvailable": "NO", "findingArn": "arn:aws:inspector2:us-east-1:111122223333:finding/FINDING_ID", "firstObservedAt": "Jan 19, 2023, 7:20:25 PM", "fixAvailable": "YES", "inspectorScore": 7.5, "inspectorScoreDetails": { "adjustedCvss": { "cvssSource": "NVD", "score": 7.5, "scoreSource": "NVD", "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "lastObservedAt": "Jan 19, 2023, 7:20:25 PM", "packageVulnerabilityDetails": { "cvss": [ { "baseScore": 7.5, "scoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "source": "NVD", "version": "3.1" } ], "referenceUrls": [ "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47434" ], "relatedVulnerabilities": [], "source": "NVD", "sourceUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-40152", "vendorCreatedAt": "Sep 16, 2022, 10:15:00 AM", "vendorSeverity": "HIGH", "vendorUpdatedAt": "Nov 25, 2022, 11:15:00 AM", "vulnerabilityId": "CVE-2022-40152", "vulnerablePackages": [ { "epoch": 0, "filePath": "lib/woodstox-core-6.2.7.jar", "fixedInVersion": "6.4.0", "name": "com.fasterxml.woodstox:woodstox-core", "packageManager": "JAR", "remediation": "Update woodstox-core to 6.4.0", "version": "6.2.7" } ] }, "remediation": { "recommendation": { "text": "None Provided" } }, "resources": [ { "details": { "awsLambdaFunction": { "architectures": [ "X86_64" ], "codeSha256": "+EwrOrht2um4fdVCD73gj+O7HJIAUvUxi8AD0eKHSkc=", "executionRoleArn": "arn:aws:iam::111122223333:role/ExampleFunction-ExecutionRole", "functionName": "Example-function", "lastModifiedAt": "Nov 7, 2022, 8:29:27 PM", "packageType": "ZIP", "runtime": "JAVA_11", "version": "$LATEST" } }, "id": "arn:aws:lambda:us-east-1:111122223333:function:ExampleFunction:$LATEST", "partition": "aws", "region": "us-east-1", "tags": { "TargetAlias": "DeploymentStack", "SoftwareType": "Infrastructure" }, "type": "AWS_LAMBDA_FUNCTION" } ], "severity": "HIGH", "status": "ACTIVE", "title": "CVE-2022-40152 - com.fasterxml.woodstox:woodstox-core", "type": "PACKAGE_VULNERABILITY", "updatedAt": "Jan 19, 2023, 7:20:25 PM" } } - Lambda code vulnerability finding
{ "version":"0", "id":"9df01cb1-df24-bc46-5650-085a4087e7aa", "detail-type":"Inspector2 Finding", "source":"aws.inspector2", "account":"111122223333", "time":"2023-12-07T22:14:45Z", "region":"us-east-1", "resources":[ "arn:aws:lambda:us-east-1:111122223333:function:code-finding:$LATEST" ], "detail":{ "awsAccountId":"111122223333", "codeVulnerabilityDetails":{ "detectorId":"python/lambda-override-reserved@v1.0", "detectorName":"Override of reserved variable names in a Lambda function", "detectorTags":[ "availability", "aws-python-sdk", "aws-lambda", "data-integrity", "maintainability", "security", "security-context", "python" ], "filePath":{ "endLine":6, "fileName":"lambda_function.py", "filePath":"lambda_function.py", "startLine":6 }, "ruleId":"Rule-434311" }, "description":"Overriding environment variables that are reserved by AWS Lambda might lead to unexpected behavior or failure of the Lambda function.", "findingArn":"arn:aws:inspector2:us-east-1:111122223333:finding/FINDING_ID", "firstObservedAt":"Aug 8, 2023, 7:33:58 PM", "lastObservedAt":"Dec 7, 2023, 10:14:45 PM", "remediation":{ "recommendation":{ "text":"Your code attempts to override an environment variable that is reserved by the Lambda runtime environment. This can lead to unexpected behavior and might break the execution of your Lambda function.\n\n[Learn more](https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-runtime)" } }, "resources":[ { "details":{ "awsLambdaFunction":{ "architectures":[ "X86_64" ], "codeSha256":"2mtfH+CgubesG6NYpb2zEqBja5WN6FfbH4AAYDuF8RE=", "executionRoleArn":"arn:aws:iam::193043430472:role/service-role/code-finding-role-7jgg3wan", "functionName":"code-finding", "lastModifiedAt":"Dec 7, 2023, 10:12:48 PM", "packageType":"ZIP", "runtime":"PYTHON_3_7", "version":"$LATEST" } }, "id":"arn:aws:lambda:us-east-1:193043430472:function:code-finding:$LATEST", "partition":"aws", "region":"us-east-1", "type":"AWS_LAMBDA_FUNCTION" } ], "severity":"HIGH", "status":"ACTIVE", "title":"Overriding environment variables that are reserved by AWS Lambda might lead to unexpected behavior.", "type":"CODE_VULNERABILITY", "updatedAt":"Dec 7, 2023, 10:14:45 PM" } }
注記
詳細値は、1 つの検出結果JSONの詳細をオブジェクトとして返します。配列内の複数の検出結果をサポートする検出結果レスポンスの構文全体は返されません。
Amazon Inspector の初回スキャン完了イベントスキーマの例
以下は、初期スキャンを完了するための Amazon Inspector EventBridge イベントのイベントスキーマの例です。このイベントは、Amazon Inspector がリソースの 1 つの初回スキャンを完了したときに作成されます。
以下のフィールドは初回スキャン完了イベントを識別します。
detail-typeフィールドはInspector2 Scanに設定されます。この
detailオブジェクトには、CRITICAL、HIGH、およびMEDIUMなど、該当する重要度カテゴリの検出結果の数を詳細に示すfinding-severity-countsオブジェクトが含まれています。
オプションから選択すると、リソースタイプごとに異なる初回スキャンイベントスキーマが表示されます。
- Amazon EC2 instance initial scan
-
{ "version": "0", "id": "28a46762-6ac8-6cc4-4f55-bc9ab99af928", "detail-type": "Inspector2 Scan", "source": "aws.inspector2", "account": "111122223333", "time": "2023-01-20T22:52:35Z", "region": "us-east-1", "resources": [ "i-087d63509b8c97098" ], "detail": { "scan-status": "INITIAL_SCAN_COMPLETE", "finding-severity-counts": { "CRITICAL": 0, "HIGH": 0, "MEDIUM": 0, "TOTAL": 0 }, "instance-id": "i-087d63509b8c97098", "version": "1.0" } } - Amazon ECR image initial scan
-
{ "version": "0", "id": "fdaa751a-984c-a709-44f9-9a9da9cd3606", "detail-type": "Inspector2 Scan", "source": "aws.inspector2", "account": "111122223333", "time": "2023-01-20T23:15:18Z", "region": "us-east-1", "resources": [ "arn:aws:ecr:us-east-1:111122223333:repository/inspector2" ], "detail": { "scan-status": "INITIAL_SCAN_COMPLETE", "repository-name": "arn:aws:ecr:us-east-1:111122223333:repository/inspector2", "finding-severity-counts": { "CRITICAL": 0, "HIGH": 0, "MEDIUM": 0, "TOTAL": 0 }, "image-digest": "sha256:965fbcae990b0467ed5657caceaec165018ef44a4d2d46c7cdea80a9dff0d1ea", "image-tags": [ "ubuntu22" ], "version": "1.0" } } - Lambda function initial scan
-
{ "version": "0", "id": "4f290a7c-361b-c442-03c8-a629f6f20d6c", "detail-type": "Inspector2 Scan", "source": "aws.inspector2", "account": "111122223333", "time": "2023-02-23T18:06:03Z", "region": "us-west-2", "resources": [ "arn:aws:lambda:us-west-2:111122223333:function:lambda-example:$LATEST" ], "detail": { "scan-status": "INITIAL_SCAN_COMPLETE", "finding-severity-counts": { "CRITICAL": 0, "HIGH": 0, "MEDIUM": 0, "TOTAL": 0 }, "version": "1.0" } }
Amazon Inspector カバレッジイベントスキーマの例
以下は、Amazon Inspector EventBridge イベントのイベントスキーマのカバレッジの例です。このイベントは、リソースの Amazon Inspector スキャンカバレッジが変更されたときに作成されます。以下のフィールドはカバレッジイベントを識別します。
detail-typeフィールドはInspector2 Coverageに設定されます。この
detailオブジェクトには、リソースの新しいスキャンステータスを示すscanStatusオブジェクトが含まれています。
{ "version": "0", "id": "000adda5-0fbf-913e-bc0e-10f0376412aa", "detail-type": "Inspector2 Coverage", "source": "aws.inspector2", "account": "111122223333", "time": "2023-01-20T22:51:39Z", "region": "us-east-1", "resources": [ "i-087d63509b8c97098" ], "detail": { "scanStatus": { "reason": "UNMANAGED_EC2_INSTANCE", "statusCodeValue": "INACTIVE" }, "scanType": "PACKAGE", "eventTimestamp": "2023-01-20T22:51:35.665501Z", "version": "1.0" } }
脆弱性データベースの検索
CI/CD の統合