亚马逊 SNS 集成 JSON 负载
12522
Created On 09/26/18 13:45 PM - Last Modified 06/09/23 07:45 AM
Resolution
下面是亚马逊 SNS 集成通知 JSON 的一个示例负载模式。 该模式是在2/6/18 上 采取的。 请注意, 格式自那以后可能改变了。
{
"数据": {
"id": 1,
"类型": "警报",
"属性": {
"created_at": "2018-02-06T20:45:46.000Z",
"状态": "失败 | 警告 | 错误 | 传递 | 信息",
"risk_level": "低中高",
"资源": "resource-1",
"ended_reason": "from_api | new_alert | from_scan | not_present_after_scan | signature_deleted | custom_signature_deleted | suppression_created | suppression_deactivated | custom_risk_level_created | custom_risk_level_deleted", # 可以为空
"replaced_by_id": 1, # 可以为 null
"replaced_by_status": "失败 | 警告 | 错误 | 传递 | 信息", # 可以为 null
"updated_at": "2018-02-06T20:45:46.000Z",
"started_at": "2018-02-06T20:45:46.000Z",
"ended_at": "2018-02-06T20:45:46.000Z" # 可以为 null
},
"关系": {
"external_account": {
"数据": {
"id": "1",
"类型": "external_accounts"
},
"链接": {
"相关": "https://esp.evident.io/api/v2/external_accounts/1.json"
}
},
"区域": {
"数据": {
"id": "8",
"类型": "区域"
},
"链接": {
"相关": "https://esp.evident.io/api/v2/regions/8.json"
}
},
"签名": {
"数据": {# 此或自定义签名为空
"id": "34",
"类型": "签名"
},
"链接": {
"相关": "https://esp.evident.io/api/v2/signatures/34.json" # 可以为 null
}
},
"custom_signature": {
"数据": {# 此或签名为空
"id": "34",
"类型": "签名"
},
"链接": {
"相关": "https://esp.evident.io/api/v2/custom_signatures/34.json # 可以为 null
}
},
"抑制": {
"数据": {# 可能不存在
"id": "1",
"类型": "镇压"
},
"链接": {
"相关": "https://api.evident.io/api/v2/suppressions/12.json" # 可以为 null
}
},
"元数据": {
"数据": {
"id": "1",
"类型": "元数据"
},
"链接": {
"相关": "https://esp.evident.io/api/v2/alerts/1/metadata.json"
}
},
"归属": {
"数据": null,
"链接": {
"相关": "https://esp.evident.io/api/v2/alerts/1/attribution.json"
}
},
"cloud_trail_events": {
"数据": [],
"链接": {
"相关": "https://esp.evident.io/api/v2/alerts/1/cloud_trail_events.json"
}
},
"标签": {
"数据": [],
"链接": {
"相关": "https://esp.evident.io/api/v2/alerts/1/tags.json"
}
},
"compliance_controls": {
"链接": {
"相关": "https://esp.evident.io/api/v2/alerts/1/compliance_controls.json"
}
},
"custom_compliance_controls": {
"链接": {
"相关": "https://esp.evident.io/api/v2/alerts/1/custom_compliance_controls.json"
}
}
}
},
"包括": [
{
"id": "1",
"类型": "external_accounts",
"属性": {
"created_at": "2017-12-15T23:17:45.000Z",
"名称": "支持",
"updated_at": "2018-02-06T20:39:34.000Z",
"提供商": "亚马逊",
"阿恩": "arn:aws:iam::123456789012:role/Evident-Service-Role",
"帐户": "660003967022",
"external_id": "11111111-1111-1111-1111-111111111111",
"cloudtrail_name": "EvidentAttribution"
},
"关系": {
"组织": {
"链接": {
"相关": "https://esp.evident.io/api/v2/organizations/1.json"
}
},
"sub_organization": {
"链接": {
"相关": "https://esp.evident.io/api/v2/sub_organizations/1.json"
}
},
"团队": {
"链接": {
"相关": "https://esp.evident.io/api/v2/teams/1.json"
}
},
"scan_intervals": {
"链接": {
"相关": "https://esp.evident.io/api/v2/external_accounts/1/scan_intervals.json"
}
},
"disabled_signatures": {
"链接": {
"相关": "https://esp.evident.io/api/v2/external_accounts/1/disabled_signatures.json"
}
},
"凭据": {
"链接": {
"相关": "https://esp.evident.io/api/v2/external_accounts/1/amazon.json"
}
}
}
},
{
"id": "8",
"类型": "区域",
"属性": {
"代码": "us_west_2",
"名称": null,
"created_at": "2014-06-05T23:42:37.000Z",
"updated_at": "2014-06-05T23:42:37.000Z",
"提供商": "亚马逊"
}
},
{
"id": "34",
"类型": "签名",
"属性": {
"created_at": "2014-06-05T23:43:30.000Z",
"说明": 在安全组中不应允许访问已知服务的全局权限 TCP 端口 22 (SSH)。
"标识符": "AWS:EC2-002",
"名称": "全局管理端口访问-SSH (TCP 端口 22) 检测到",
"解决方案": "减少允许在 TCP 端口22上与目标主机通信的允许 IP 地址或范围. \n 我们建议使用您的员工的静态办公室或家庭 IP 地址作为允许的主机, 或部署具有2的堡垒主机-如果这是不可行的, 则进行因子验证。此堡垒主机成为唯一允许的 IP 与您的帐户内的任何其他节点进行通信. 如果您必须允许对 TCP 端口 22 (SSH) 进行全局访问, 则可以取消此警报。 \n 有关端口的更多信息, 请参见 [AWS: 端口]。(http://文档. 亚马逊. com/工作区/最新/adminguide/client_ports. html) \n ",
"risk_level": "高",
"updated_at": "2017-12-06T19:20:27.000Z"
},
"关系": {
"服务": {
"链接": {
"相关": "https://esp.evident.io/api/v2/services/1.json"
}
},
"disabled_external_accounts": {
"链接": {
"相关": "https://esp.evident.io/api/v2/signatures/34/disabled_external_accounts.json"
}
}
}
},
{
"id": "1",
"类型": "元数据",
"属性": {
"数据": {
"详细信息": {
"留言": "警报消息",
"标签": []
# 可以包含各种其他字段
}
}
}
}
]
}