Amazon AWS Security Hub サンプル・イベント・メッセージ

このサンプル・イベント・メッセージは、 IBM QRadarとの統合が正常に行われたことを確認するために使用します。

重要: フォーマットの問題のため、メッセージ・フォーマットをテキスト・エディターに貼り付けてから、復帰文字または改行文字を削除してください。

Amazon Web Services プロトコルを使用する場合の Amazon AWS Security Hub サンプル・メッセージ

{LogStreamName: SecurityHubLogStream,Timestamp:1568035216780,Message: {"version":"0","id":"2b91a1e3-38d5-0160-7d19-8b21b5359b4c","detail-type":"Security Hub Findings - Imported","source":"aws.securityhub","account":"111111111111","time":"2019-09-09T13:20:16Z","region":"useast-1","resources":["..."],"detail":{"findings":[{"SchemaVersion":"2018-10-08","Id":"...","ProductArn":"arn:aws:securityhub:useast-1::product/aws/guardduty","GeneratorId":"...","AwsAccountId":"111111111111","Types":["TTPs/UnauthorizedAccess:IAMUser-MaliciousIPCaller.Custom"],"FirstObservedAt":"2019-04-22T18:52:24.444Z","LastObservedAt":"...","CreatedAt":"...","UpdatedAt":"...","Severity":{"Product":5,"Normalized":50},"Title":"API GeneratedFindingAPIName was invoked from an IP address on a customthreat list.","Description":"API was invoked from an IP address on the custom threat list.","ProductFields":{},"Resources":[{"Type":"AwsIamAccessKey","Id":"AWS::IAM::AccessKey:GeneratedFindingAccessKeyId","Partition":"aws","Region":"us-east-1","Details":{"AwsIamAccessKey":{"UserName":"GeneratedFindingAWSService"}}}],"RecordState":"ACTIVE","WorkflowState":"NEW","approximateArrivalTimestamp":1568035214.555}]}},IngestionTime: 1568035216790,EventId: 34968353831733509797102082883407915803695330140453142528}