本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
Amazon Inspector 集成 AWS Security Hub
AWS Security Hub 提供中安全性狀態的全面檢視, AWS 並協助您根據安全性產業標準和最佳實務來檢查您的環境。Security Hub 會從 AWS 帳戶、服務和支援的產品收集安全性資料。您可以使用 Security Hub 提供的資訊來分析您的安全性趨勢,並找出最優先順序的安全性問題。當您啟用整合時,您可以將發現項目從 Amazon Inspector 傳送到 Security Hub,而 Security Hub 可以將這些發現項目納入其對您的安全狀態的分析中。
Security Hub 會將安全問題作為問題清單進行追蹤。其中一些發現結果可能是由其他 AWS 服務或協力廠商產品偵測到的問題所導致。Security Hub 使用一組規則來偵測安全性問題並產生發現項目。Security Hub 提供可協助您管理發現項目的工具。一旦發現在 Amazon Inspector 中關閉,Security Hub 就會存檔 Amazon Inspector 的發現。您也可以檢視發現項目的歷史記錄和尋找詳細資料,以及追蹤發現項目的調查狀態。
Security Hub 發現項目使用稱為AWS 安全性發現格式 (ASFF) 的標準JSON格式。其中ASFF包含有關問題來源、受影響資源以及發現項目目前狀態的詳細資訊。
主題
查看亞馬遜檢查器發現 AWS Security Hub
您可以在 Security Hub 中查看 Amazon Inspector 馬遜檢查器經典和亞馬遜檢查器發現。
注意
若只要篩選 Amazon Inspector 發現項目,"aws/inspector/ProductVersion": "2"請新增至篩選列。此篩選器會從安全中心儀表板中排除 Amazon Inspector 經典發現項目。
從 Amazon Inspector 發現示例
{ "SchemaVersion": "2018-10-08", "Id": "arn:aws:inspector2:us-east-1:123456789012:finding/FINDING_ID", "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector", "ProductName": "Inspector", "CompanyName": "Amazon", "Region": "us-east-1", "GeneratorId": "AWSInspector", "AwsAccountId": "123456789012", "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ], "FirstObservedAt": "2023-01-31T20:25:38Z", "LastObservedAt": "2023-05-04T18:18:43Z", "CreatedAt": "2023-01-31T20:25:38Z", "UpdatedAt": "2023-05-04T18:18:43Z", "Severity": { "Label": "HIGH", "Normalized": 70 }, "Title": "CVE-2022-34918 - kernel", "Description": "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.", "Remediation": { "Recommendation": { "Text": "Remediation is available. Please refer to the Fixed version in the vulnerability details section above. For detailed remediation guidance for each of the affected packages, refer to the vulnerabilities section of the detailed finding JSON." } }, "ProductFields": { "aws/inspector/FindingStatus": "ACTIVE", "aws/inspector/inspectorScore": "7.8", "aws/inspector/resources/1/resourceDetails/awsEc2InstanceDetails/platform": "AMAZON_LINUX_2", "aws/inspector/ProductVersion": "2", "aws/inspector/instanceId": "i-0f1ed287081bdf0fb", "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/arn:aws:inspector2:us-east-1:123456789012:finding/FINDING_ID", "aws/securityhub/ProductName": "Inspector", "aws/securityhub/CompanyName": "Amazon" }, "Resources": [ { "Type": "AwsEc2Instance", "Id": "arn:aws:ec2:us-east-1:123456789012:i-0f1ed287081bdf0fb", "Partition": "aws", "Region": "us-east-1", "Tags": { "Patch Group": "SSM", "Name": "High-SEv-Test" }, "Details": { "AwsEc2Instance": { "Type": "t2.micro", "ImageId": "ami-0cff7528ff583bf9a", "IpV4Addresses": [ "52.87.229.97", "172.31.57.162" ], "KeyName": "ACloudGuru", "IamInstanceProfileArn": "arn:aws:iam::123456789012:instance-profile/AmazonSSMRoleForInstancesQuickSetup", "VpcId": "vpc-a0c2d7c7", "SubnetId": "subnet-9c934cb1", "LaunchedAt": "2022-07-26T21:49:46Z" } } } ], "WorkflowState": "NEW", "Workflow": { "Status": "NEW" }, "RecordState": "ACTIVE", "Vulnerabilities": [ { "Id": "CVE-2022-34918", "VulnerablePackages": [ { "Name": "kernel", "Version": "5.10.118", "Epoch": "0", "Release": "111.515.amzn2", "Architecture": "X86_64", "PackageManager": "OS", "FixedInVersion": "0:5.10.130-118.517.amzn2", "Remediation": "yum update kernel" } ], "Cvss": [ { "Version": "2.0", "BaseScore": 7.2, "BaseVector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "Source": "NVD" }, { "Version": "3.1", "BaseScore": 7.8, "BaseVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Source": "NVD" }, { "Version": "3.1", "BaseScore": 7.8, "BaseVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "Source": "NVD", "Adjustments": [] } ], "Vendor": { "Name": "NVD", "Url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34918", "VendorSeverity": "HIGH", "VendorCreatedAt": "2022-07-04T21:15:00Z", "VendorUpdatedAt": "2022-10-26T17:05:00Z" }, "ReferenceUrls": [ "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6", "https://lore.kernel.org/netfilter-devel/cd9428b6-7ffb-dd22-d949-d86f4869f452@randorisec.fr/T/", "https://www.debian.org/security/2022/dsa-5191" ], "FixAvailable": "YES" } ], "FindingProviderFields": { "Severity": { "Label": "HIGH" }, "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ] }, "ProcessedAt": "2023-05-05T20:28:38.822Z" }
啟用和設定 Amazon Inspector 與 Security Hub 的整合
您可以啟用 Security Hub AWS Security Hub 來啟用 Amazon Inspector 整合。啟用 Security Hub 之後,系統會自動啟用 AWS Security Hub Amazon Inspector 整合,而 Amazon Inspector 會開始使用安全尋找格式 (ASFF) 將其所有發現項目傳送至AWS 安全中心。
停用整合中發現項目的流程
若要阻止 Amazon Inspector 將發現項目傳送到 Security Hub,您可以使用 Security Hub 主控台或API和 AWS CLI。
在安全中心中檢視 Amazon Inspector 的安全控制
Security Hub 會分析支援 AWS 和協力廠商產品的發現項目,並針對規則執行自動且持續的安全性檢查,以產生自己的發現項目。這些規則由安全性控制代表,可協助您判斷是否符合標準中的需求。
Amazon Inspector 使用安全控制來檢查是否已啟用或應該啟用 Amazon Inspector 功能。重要功能如下所示:
-
Amazon EC2 掃描
-
Amazon ECR 掃描
-
Lambda 準掃描
-
Lambda 程式碼掃描
如需詳細資訊,請參閱AWS Security Hub 使用者指南中的 Amazon Inspector 控制項。
