本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用 Amazon 訂閱 Security Hub 公告 SNS
本節提供使用 Amazon Simple Notification Service (Amazon SNS) 訂閱 AWS Security Hub 公告的資訊,以接收有關 Security Hub 的通知。
訂閱後,您將收到下列事件的通知 (請注意每個事件AnnouncementType對應的 ):
-
GENERAL– 有關 Security Hub 服務的一般通知。 -
UPCOMING_STANDARDS_CONTROLS– 指定的 Security Hub 控制項或標準即將發佈。這種類型的公告可協助您在發佈之前準備回應和修復工作流程。 -
NEW_REGIONS– Security Hub 的支援可在新的 中使用 AWS 區域。 -
NEW_STANDARDS_CONTROLS– 已新增 Security Hub 控制項或標準。 -
UPDATED_STANDARDS_CONTROLS– 已更新現有的 Security Hub 控制項或標準。 -
RETIRED_STANDARDS_CONTROLS– 現有的 Security Hub 控制項或標準已淘汰。 -
UPDATED_ASFF– 已更新 AWS 安全調查結果格式 (ASFF) 語法、欄位或值。 -
NEW_INTEGRATION– 已推出與其他 AWS 服務或第三方產品的新整合。 -
NEW_FEATURE– 有新的 Security Hub 功能可用。 -
UPDATED_FEATURE– 已更新現有的 Security Hub 功能。
通知提供 Amazon SNS支援的所有格式。您可以在 Security Hub AWS 區域 提供的所有 中訂閱 Security Hub 公告。
使用者必須具有訂閱 Amazon SNS主題的Subscribe許可。您可以使用 Amazon SNS政策、IAM政策或兩者來達成此目標。如需詳細資訊,請參閱《IAMAmazon Simple Notification Service 開發人員指南》中的 和 Amazon SNS政策。
注意
Security Hub 會將有關 Security Hub 服務更新的 Amazon SNS公告傳送至任何訂閱的 AWS 帳戶。若要接收有關 Security Hub 調查結果的通知,請參閱 在 Security Hub 中檢閱問題清單詳細資訊和問題清單歷史記錄。
您可以訂閱 Amazon SNS主題的 Amazon Simple Queue Service (Amazon SQS) 佇列,但必須使用位於相同區域的 Amazon SNS主題 Amazon Resource Name (ARN)。如需詳細資訊,請參閱《Amazon Simple SQSQueue Service 開發人員指南》中的教學課程:訂閱 Amazon 佇列至 Amazon SNS主題。
您也可以使用 AWS Lambda 函數,在接收通知時叫用事件。如需詳細資訊,包括範例函數程式碼,請參閱《 AWS Lambda 開發人員指南》中的教學課程: AWS Lambda 搭配 Amazon Simple Notification Service 使用。
ARNs 每個區域的 Amazon SNS主題如下所示。
| AWS 區域 | Amazon SNS主題 ARN |
|---|---|
| 美國東部 (俄亥俄) | arn:aws:sns:us-east-2:291342846459:SecurityHubAnnouncements |
| 美國東部 (維吉尼亞北部) | arn:aws:sns:us-east-1:088139225913:SecurityHubAnnouncements |
| 美國西部 (加利佛尼亞北部) | arn:aws:sns:us-west-1:137690824926:SecurityHubAnnouncements |
| 美國西部 (奧勒岡) | arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements |
| 非洲 (開普敦) | arn:aws:sns:af-south-1:463142546776:SecurityHubAnnouncements |
| 亞太區域 (香港) | arn:aws:sns:ap-east-1:464812404305:SecurityHubAnnouncements |
| 亞太區域 (海德拉巴) | arn:aws:sns:ap-south-2:849907286123:SecurityHubAnnouncements |
| 亞太區域 (雅加達) | arn:aws:sns:ap-southeast-3:627843640627:SecurityHubAnnouncements |
| 亞太區域 (孟買) | arn:aws:sns:ap-south-1:707356269775:SecurityHubAnnouncements |
| 亞太區域 (大阪) | arn:aws:sns:ap-northeast-3:633550238216:SecurityHubAnnouncements |
| 亞太區域 (首爾) | arn:aws:sns:ap-northeast-2:374299265323:SecurityHubAnnouncements |
| 亞太區域 (新加坡) | arn:aws:sns:ap-southeast-1:512267288502:SecurityHubAnnouncements |
| 亞太區域 (雪梨) | arn:aws:sns:ap-southeast-2:475730049140:SecurityHubAnnouncements |
| 亞太區域 (東京) | arn:aws:sns:ap-northeast-1:592469075483:SecurityHubAnnouncements |
| 加拿大 (中部) | arn:aws:sns:ca-central-1:137749997395:SecurityHubAnnouncements |
| 中國 (北京) | arn:aws-cn:sns:cn-north-1:672341567257:SecurityHubAnnouncements |
| 中國 (寧夏) | arn:aws-cn:sns:cn-northwest-1:672534482217:SecurityHubAnnouncements |
| 歐洲 (法蘭克福) | arn:aws:sns:eu-central-1:871975303681:SecurityHubAnnouncements |
| 歐洲 (愛爾蘭) | arn:aws:sns:eu-west-1:705756202095:SecurityHubAnnouncements |
| 歐洲 (倫敦) | arn:aws:sns:eu-west-2:883600840440:SecurityHubAnnouncements |
| 歐洲 (米蘭) | arn:aws:sns:eu-south-1:151363035580:SecurityHubAnnouncements |
| Europe (Paris) | arn:aws:sns:eu-west-3:313420042571:SecurityHubAnnouncements |
| 歐洲 (西班牙) | arn:aws:sns:eu-south-2:777487947751:SecurityHubAnnouncements |
| 歐洲 (斯德哥爾摩) | arn:aws:sns:eu-north-1:191971010772:SecurityHubAnnouncements |
| 歐洲 (蘇黎世) | arn:aws:sns:eu-central-2:704347005078:SecurityHubAnnouncements |
| 以色列 (特拉維夫) | arn:aws:sns:il-central-1:726652212146:SecurityHubAnnouncements |
| Middle East (Bahrain) | arn:aws:sns:me-south-1:585146626860:SecurityHubAnnouncements |
| 中東 (UAE) | arn:aws:sns:me-central-1:431548502100:SecurityHubAnnouncements |
| 南美洲 (聖保羅) | arn:aws:sns:sa-east-1:359811883282:SecurityHubAnnouncements |
| AWS GovCloud (美國東部) | arn:aws-us-gov:sns:us-gov-east-1:239368469855:SecurityHubAnnouncements |
| AWS GovCloud (美國西部) | arn:aws-us-gov:sns:us-gov-west-1:239334163374:SecurityHubAnnouncements |
訊息在分割區內的區域之間通常相同,因此您可以訂閱每個分割區中的一個區域,以接收影響該分割區中所有區域的公告。與成員帳戶相關聯的公告不會在管理員帳戶中複寫。因此,每個帳戶,包括管理員帳戶,每個公告只會有一個副本。您可以決定要使用哪個帳戶來訂閱 Security Hub 公告。
如需訂閱 Security Hub 公告的成本資訊,請參閱 Amazon SNS定價
訂閱 Security Hub 公告 (主控台)
在 https://console.aws.amazon.com/sns/v3/home
開啟 Amazon SNS主控台。 -
在區域清單中,選擇您要訂閱 Security Hub 公告的區域。此範例使用
us-west-2區域。 -
在導覽窗格中選擇 Subscriptions (訂閱),然後選擇 Create subscription (建立訂閱)。
-
在主題方塊中輸入ARN主題ARN。例如:
arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements。 -
針對通訊協定,選擇您希望接收 Security Hub 公告的方式。如果您選擇電子郵件,請在端點輸入您要用來接收公告的電子郵件地址。
-
選擇 Create subscription (建立訂閱)。
-
確認訂閱。例如,如果您選擇電子郵件通訊協定,Amazon SNS會將訂閱確認訊息傳送至您提供的電子郵件。
訂閱 Security Hub 公告 (AWS CLI)
-
執行以下命令:
aws sns --regionus-west-2subscribe --topic-arnarn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements--protocolemail--notification-endpointyour_email@your_domain.com -
確認訂閱。例如,如果您選擇電子郵件通訊協定,Amazon SNS會將訂閱確認訊息傳送至您提供的電子郵件。
Amazon SNS 訊息格式
下列範例顯示 Amazon 發佈的 Security Hub 公告,SNS說明新安全控制項的推出。訊息內容會根據公告類型而有所不同,但所有公告類型的格式都相同。或者,可能會包含提供公告詳細資訊Link的欄位。
範例:新控制項的 Security Hub 公告 (電子郵件通訊協定)
{ "AnnouncementType":"NEW_STANDARDS_CONTROLS", "Title":"[New Controls] 36 new Security Hub controls added to the AWS Foundational Security Best Practices standard", "Description":"We have added 36 new controls to the AWS Foundational Security Best Practices standard. These include controls for Amazon Auto Scaling (AutoScaling.3, AutoScaling.4, AutoScaling.6), AWS CloudFormation (CloudFormation.1), Amazon CloudFront (CloudFront.10), Amazon Elastic Compute Cloud (Amazon EC2) (EC2.23, EC2.24, EC2.27), Amazon Elastic Container Registry (Amazon ECR) (ECR.1, ECR.2), Amazon Elastic Container Service (Amazon ECS) (ECS.3, ECS.4, ECS.5, ECS.8, ECS.10, ECS.12), Amazon Elastic File System (Amazon EFS) (EFS.3, EFS.4), Amazon Elastic Kubernetes Service (Amazon EKS) (EKS.2), Elastic Load Balancing (ELB.12, ELB.13, ELB.14), Amazon Kinesis (Kinesis.1), AWS Network Firewall (NetworkFirewall.3, NetworkFirewall.4, NetworkFirewall.5), Amazon OpenSearch Service (OpenSearch.7), Amazon Redshift (Redshift.9), Amazon Simple Storage Service (Amazon S3) (S3.13), Amazon Simple Notification Service (SNS.2), AWS WAF (WAF.2, WAF.3, WAF.4, WAF.6, WAF.7, WAF.8). If you enabled the AWS Foundational Security Best Practices standard in an account and configured Security Hub to automatically enable new controls, these controls are enabled by default. Availability of controls can vary by Region. " }
範例:新控制項的 Security Hub JSON公告 (電子郵件通訊協定)
{ "Type" : "Notification", "MessageId" : "d124c9cf-326a-5931-9263-92a92e7af49f", "TopicArn" : "arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements", "Message" : "{\"AnnouncementType\":\"NEW_STANDARDS_CONTROLS\",\"Title\":\"[New Controls] 36 new Security Hub controls added to the AWS Foundational Security Best Practices standard\",\"Description\":\"We have added 36 new controls to the AWS Foundational Security Best Practices standard. These include controls for Amazon Auto Scaling (AutoScaling.3, AutoScaling.4, AutoScaling.6), AWS CloudFormation (CloudFormation.1), Amazon CloudFront (CloudFront.10), Amazon Elastic Compute Cloud (Amazon EC2) (EC2.23, EC2.24, EC2.27), Amazon Elastic Container Registry (Amazon ECR) (ECR.1, ECR.2), Amazon Elastic Container Service (Amazon ECS) (ECS.3, ECS.4, ECS.5, ECS.8, ECS.10, ECS.12), Amazon Elastic File System (Amazon EFS) (EFS.3, EFS.4), Amazon Elastic Kubernetes Service (Amazon EKS) (EKS.2), Elastic Load Balancing (ELB.12, ELB.13, ELB.14), Amazon Kinesis (Kinesis.1), AWS Network Firewall (NetworkFirewall.3, NetworkFirewall.4, NetworkFirewall.5), Amazon OpenSearch Service (OpenSearch.7), Amazon Redshift (Redshift.9), Amazon Simple Storage Service (Amazon S3) (S3.13), Amazon Simple Notification Service (SNS.2), AWS WAF (WAF.2, WAF.3, WAF.4, WAF.6, WAF.7, WAF.8). If you enabled the AWS Foundational Security Best Practices standard in an account and configured SSecurity Hub to automatically enable new controls, these controls are enabled by default. Availability of controls can vary by Region. \"}", "Timestamp" : "2022-08-04T19:11:12.652Z", "SignatureVersion" : "1", "Signature" : "HTHgNFRYMetCvisulgLM4CVySvK9qCXFPHQDxYl9tuCFQuIrd7YO4m4YFR28XKMgzqrF20YP+EilipUm2SOTpEEtOTekU5bn74+YmNZfwr4aPFx0vUuQCVOshmHl37hjkiLjhCg/t53QQiLfP7MH+MTXIUPR37k5SuFCXvjpRQ8ynV532AH3Wpv0HmojDLMg+eg51V1fUsOG8yiJVCBEJhJ1yS+gkwJdhRk2UQab9RcAmE6COK3hRWcjDwqTXz5nR6Ywv1ZqZfLIl7gYKslt+jsyd/k+7kOqGmOJRDr7qhE7H+7vaGRLOptsQnbW8VmeYnDbahEO8FV+Mp1rpV+7Qg==", "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-56e67fcb41f6fec09b0196692625d385.pem", "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:393883065485:SecurityHubAnnouncements:9d0230d7-d582-451d-9f15-0c32818bf61f" }
