Exemple de message d'événement Amazon AWS Security Hub

Utilisez cet exemple de message d'événement pour vérifier la réussite d'une intégration à IBM QRadar.

Important: En raison de problèmes de formatage, collez le format de message dans un éditeur de texte, puis supprimez les caractères de retour chariot ou de saut de ligne.

Exemple de message Amazon AWS Security Hub lorsque vous utilisez le protocole Amazon Web Services

{LogStreamName: SecurityHubLogStream,Timestamp:1568035216780,Message: {"version":"0","id":"2b91a1e3-38d5-0160-7d19-8b21b5359b4c","detail-type":"Security Hub Findings - Imported","source":"aws.securityhub","account":"111111111111","time":"2019-09-09T13:20:16Z","region":"useast-1","resources":["..."],"detail":{"findings":[{"SchemaVersion":"2018-10-08","Id":"...","ProductArn":"arn:aws:securityhub:useast-1::product/aws/guardduty","GeneratorId":"...","AwsAccountId":"111111111111","Types":["TTPs/UnauthorizedAccess:IAMUser-MaliciousIPCaller.Custom"],"FirstObservedAt":"2019-04-22T18:52:24.444Z","LastObservedAt":"...","CreatedAt":"...","UpdatedAt":"...","Severity":{"Product":5,"Normalized":50},"Title":"API GeneratedFindingAPIName was invoked from an IP address on a customthreat list.","Description":"API was invoked from an IP address on the custom threat list.","ProductFields":{},"Resources":[{"Type":"AwsIamAccessKey","Id":"AWS::IAM::AccessKey:GeneratedFindingAccessKeyId","Partition":"aws","Region":"us-east-1","Details":{"AwsIamAccessKey":{"UserName":"GeneratedFindingAWSService"}}}],"RecordState":"ACTIVE","WorkflowState":"NEW","approximateArrivalTimestamp":1568035214.555}]}},IngestionTime: 1568035216790,EventId: 34968353831733509797102082883407915803695330140453142528}