기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
샘플 노출 조사 결과
참고
Security Hub는 평가판 릴리스이며 변경될 수 있습니다.
Security Hub는 Open Cybersecurity Schema Framework(OCSF)의 노출 조사 결과를 정규화합니다.
샘플 OCSF 스키마
다음 샘플 OCSF 스키마에서 related_events 파라미터에는 결과 기여와 같은 노출 결과에 고유한 세부 정보가 포함되어 있습니다. 결과 기여는 노출 결과와 관련된 특성 및 신호입니다. 단일 기여 결과에는 하나 이상의 특성이 포함될 수 있습니다. observables 파라미터는 기여 조사 결과와 관련된 리소스를 식별합니다. 이는 노출 결과와 연결된 리소스를 식별하는 resources 파라미터와 다를 수 있습니다.
{ "activity_id": 1, "activity_name": "Create", "category_name": "Findings", "category_uid": 2, "class_name": "Detection Finding", "class_uid": 2004, "cloud": { "account": { "uid": "123456789012", "name": "production-application" }, "cloud_partition": "aws", "provider": "AWS", "region": "us-east-1" }, "finding_info": { "analytic": { "name": "Exposure", "type": "Rule", "type_id": 1, "uid": "0.0.1" }, "created_time_dt": "2024-11-15T21:39:26.337224100Z", "desc": "Publicly invocable Lambda function executed outside of VPC has vulnerability with known exploit that can be exploited from remote network", "finding.info.modified_time_dt": "2024-11-15T21:39:26.337224100Z", "related_events_count": 3, "related_events": [ { "tags": [ { "name": "Vulnerability", "values": [ "Attack Vector Network", "EPSS Level >= High", "EPSS Level >= Medium", "Exploit Available", "No Privileges Required", "No User Interaction Required", "Vulnerable" ] } ], "product": { "uid": "arn:aws:securityhub:us-east-1::productv2/aws/inspector" }, "observables": [ { "type": "Resource UID", "type_id": 10, "value": "arn:aws:lambda:us-east-1:123456789012:application-function" } ], "type": "Finding", "title": "CVE-2023-33246 - org.apache.rocketmq:rocketmq-controller", "uid": "arn:aws:inspector2:us-east-1:123456789012:finding/1234567890abcdef0" }, { "tags": [ { "name": "Reachability", "values": [ "Publicly Invocable" ] } ], "product": { "uid": "arn:aws:securityhub:us-east-1::productv2/aws/securityhub" }, "observables": [ { "type": "Resource UID", "type_id": 10, "value": "arn:aws:lambda:us-east-1:123456789012:application-function" } ], "type": "Finding", "title": "Lambda function policies should prohibit public access", "uid": "arn:aws:securityhub:us-east-1:123456789012:security-control/Lambda.1/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLEaaaaa" }, { "tags": [ { "name": "Misconfiguration", "values": [ "Deployed outside VPC" ] } ], "product": { "uid": "arn:aws:securityhub:us-east-1::productv2/aws/securityhub" }, "observables": [ { "type": "Resource UID", "type_id": 10, "value": "arn:aws:lambda:us-east-1:123456789012:application-function" } ], "type": "Finding", "title": "Lambda functions should be in a VPC", "uid": "arn:aws:securityhub:us-east-1:123456789012:security-control/Lambda.3/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" } ], "title": "Publicly invocable Lambda function executed outside of VPC has vulnerability with known exploit that can be exploited from remote network", "types": [ "Exposure/Potential Impact/Resource Hijacking" ], "uid": "arn:aws:securityhub:us-east-1:123456789012:risk:1234f781c7ae7507f01e2fb460f15ca8fe7f9c95e257698a092cb74a4ea84a42" }, "metadata": { "product": { "name": "Security Hub Exposure Analysis", "uid": "arn:aws:securityhub:us-east-1::productv2/aws/securityhub-risk", "vendor_name": "Amazon" }, "processed_time_dt": "2024-11-15T21:39:58.819Z", "profiles": [ "cloud", "datetime" ], "version": "1.4.0-dev" }, "resources": [ { "cloud_partition": "aws", "region": "us-east-1", "tags": [ { "name": "aws:cloudformation:stack-name", "value": "VeepLambdaRule3" }, { "name": "aws:cloudformation:stack-id", "value": "arn:aws:cloudformation:us-east-1:123456789012:stack/VeepLambdaRule3/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222" }, { "name": "aws:cloudformation:logical-id", "value": "lambdar3function94D10D40" } ], "type": "AwsLambdaFunction", "uid": "arn:aws:lambda:us-east-1:123456789012:application-function" } ], "severity": "Critical", "severity_id": 5, "status": "New", "status_id": 1, "time": 1731706766337, "time_dt": "2024-11-15T21:39:26.337224100Z", "type_name": "Detection Finding: Create", "type_uid": 200401, "vendor_attributes": { "severity_id": 5, "severity": "Critical" } }
