AWS Datenzuordnung
Der AWS Connected Assets and Risk -Connector synchronisiert den Inhalt der AWS -Assetdatenbanken inkrementell mit den Daten, die vom Connected Assets and Risk -Service verwaltet werden.
Elastic Beanstalk
Die folgende Tabelle zeigt die Datenzuordnung zwischen Connected Assets and Risk -Connector und Elastic Beanstalk .
| CAR Vertex/Edge | CAR Feld | Elastic Beanstalk Feld |
|---|---|---|
| Anwendung | _key | App-Ressource -> Anwendungsname |
| Ihren Namen | App-Ressource -> Anwendungsname | |
| externe ID | App-Ressource -> ApplicationArn | |
| Vermögenswert | Ihren Namen | EC2 response-> Tags->EnvironmentId - > value |
| environment_ID | EC2 response-> Tags->EnvironmentId - > value | |
| externe ID | EC2 response-> ResourceId | |
| Asset_Anwendung | from_external_id | EC2 response-> ResourceId |
| to_external_id | App-Ressource -> ApplicationArn | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key | |
| Asset_hostname | from_external_id | EC2 Resource -> ResourceId |
| _to | Environment Resource -> CNAME | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key |
Elastic Compute Cloud (EC2)
Die folgende Tabelle zeigt die Datenzuordnung zwischen Connected Assets and Risk -Connector und EC2 .
| CAR Vertex/Edge | CAR Feld | EC2 Feld |
|---|---|---|
| Vermögenswert | Ihren Namen | EC2 resource -> Tags -> Name -> Value |
| externe ID | arn:aws:ec2: + EC2 resource -> AvailabilityZone + account\_id + InstanceId | |
| Hostname | _key(PrivateDns) | EC2 resource -> NetworkInterfaces -> PrivateDnsName |
| _key(PublicDns) | EC2 resource -> NetworkInterfaces -> PublicDnsName | |
| Asset_Hostname | from_external_id | arn:aws:ec2:+ EC2 resource -> AvailabilityZone + account_id + InstanceId |
| _to | EC2 resource -> NetworkInterfaces -> PrivateDnsName | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key | |
| Geoortung | externe ID | EC2 resource -> AvailabilityZone |
| Bereich | EC2 resource -> AvailabilityZone | |
| Asset_Geolocation | from_external_id | arn:aws:ec2:+ EC2 resource -> AvailabilityZone + account_id + InstanceId |
| _to | EC2 resource -> AvailabilityZone | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key |
Die folgende Tabelle zeigt die Datenzuordnung zwischen Connected Assets and Risk -Connector und EC2 -Netzprofil.
| CAR Vertex/Edge | CAR Feld | EC2 Netzwerkprofilfeld |
|---|---|---|
| IPAddress (Private) | _key | EC2 Resource -> NetworkInterfaces -> privateIPAddress |
| IPAddress (Public) | _key | EC2 Resource -> NetworkInterfaces -> PublicIpAddress |
| MacAddress | _key | EC2 Resource-> NetworkInterfaces -> MacAddress |
| IPAddress_MacAddress | _from | ipaddress/_key(ipaddress node) |
| _to | macaddress/_key(macaddress node) | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key | |
| Asset_IPAddress | from_external_id | external_id des Assets (basierend auf dem Ressourcentyp) |
| _to | ipaddress/_key(ipaddress node) | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key | |
| Asset_MacAddress | _from_external_id | external_id of the asset |
| _to | macaddress/_key(macaddress node) | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key |
Elastic Container Service (ECS)
Die folgende Tabelle zeigt die Zuordnung von Connected Assets and Risk -Connector zu ECS-Daten.
| CAR Vertex/Edge | CAR Feld | ECS Feld |
|---|---|---|
| Container | external_ID | container response -> task -> containers -> containerArn |
| Name | container response -> task -> containers -> name | |
| Abbildung | container response -> task -> containers -> image | |
| task_id | container response -> task -> containers -> taskArn | |
| cluster_id | container response -> task -> containers -> clusterArn | |
| Vermögenswert | Ihren Namen | EC2 response -> tags -> name |
| externe ID | EC2 response -> resourceId | |
| Asset_Container | from_external_id | EC2 response -> resourceId |
| to_external_id | container response -> task -> containers -> containerArn | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key | |
| Ipaddress_Container | in dem | container response -> task -> containers ->networkInterface ->privateIpv4Address |
| _to_external_id | container response -> task -> containers -> containerArn | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key |
Relational Database Service (RDS)
Die folgende Tabelle zeigt die Datenzuordnung zwischen dem Connected Assets and Risk -Connector und RDS .
| CAR Vertex/Edge | CAR Feld | RDS field |
|---|---|---|
| Vermögenswert | Ihren Namen | Database Instance -> DBInstanceIdentifier |
| externe ID | Database Instance -> DBInstanceArn | |
| Engine | Database Instance -> Engine | |
| db_resource_id | Database Instance -> DbiResourceId | |
| Hostname | _key(Address) | Database Instance -> Endpoint-> Address |
| Asset_Hostname | from_external_id | Database Instance -> DBInstanceArn |
| _to_external_id | Database Instance -> Endpoint-> Address | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key | |
| GeoLocation | externe ID | Database Instance -> AvailabilityZone |
| Bereich | Database Instance -> AvailabilityZone | |
| Asset_GeoLocation | from_external_id | Database Instance -> DBInstanceArn |
| _to_external_id | Database Instance -> AvailabilityZone | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key | |
| Benutzer | _key | Database Instance -> MasterUsername |
| Benutzername | Database Instance -> MasterUsername | |
| Rolle | TECHNISCHER EIGENTÜMER | |
| Asset_user | _from_external_id | Database Instance -> DBInstanceArn |
| _to | Database Instance -> MasterUsername | |
| melden | report -> _key | |
| Quelle | source -> _key | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Report_User | _from | report -> timestamp |
| _to | Database Instance -> MasterUsername | |
| melden | report -> _key | |
| Quelle | source -> _key | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| User_Database | _from | Database Instance -> MasterUsername |
| _to_external_id | Database Instance ->DbiResourceId | |
| melden | report -> _key | |
| Quelle | source -> _key | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Datenbank | Ihren Namen | Database Instance -> DBInstanceIdentifier |
| _key | Database Instance -> DBInstanceIdentifier | |
| db_instance_id | Database Instance -> DBInstanceArn | |
| scheduled_maintenance | Database Instance -> applyImmediately | |
| externe ID | Database Instance -> DbiResourceId | |
| Asset_Database | from_external_id | Database Instance -> DBInstanceArn |
| _to_external_id | Database Instance -> DbiResourceId | |
| aktiv | TRUE | |
| Zeitmarke | report -> timestamp | |
| Quelle | source -> _key | |
| melden | report -> _key |
Sicherheits-Hub
Die folgende Tabelle zeigt die Datenzuordnung zwischen Connected Assets and Risk -Connector und EC2/Security -Hub.
| CAR Vertex/Edge | CAR Feld | EC2/Security Hub-Netzprofilfeld |
|---|---|---|
| Vermögenswert | Ihren Namen | EC2 resource -> Tags -> Name -> Value |
| externe ID | arn:aws:ec2: + EC2 resource -> AvailabilityZone + account_id + InstanceId | |
| Sicherheitslücke | external_id | Securityhub log -> Id |
| Name | Securityhub log -> Title | |
| Beschreibung | Securityhub log -> Description | |
| disclosed_on | Securityhub log -> FirstObservedAt | |
| published_on | Securityhub log -> CreatedAt | |
| base_score | Securityhub log -> Severity -> Normalized | |
| Asset_Vulnerability | from_external_id | external_id des Assets (basierend auf dem Ressourcentyp) |
| to_external_id | Securityhub log -> Id | |
| aktiv | TRUE | |
| Zeitmarke | Securityhub log -> CreatedAt | |
| Quelle | source -> _key | |
| melden | report -> _key | |
| last_modified | Securityhub log -> UpdatedAt |