终止支持通知：2026年5月20日， AWS 将终止对Amazon Inspector Classic的支持。2026 年 5 月 20 日之后，您将无法再访问亚马逊 Inspector Classic 控制台或亚马逊 Inspector Classic 资源。Amazon Inspector Classic 不再适用于新账户和在过去 6 个月内未完成评估的账户。对于所有其他账户，访问权限将在 2026 年 5 月 20 日之前有效，之后您将无法再访问亚马逊 Inspector Classic 控制台或 Amazon Inspector Classic 资源。有关更多信息，请参阅 [Amazon Inspector Classic 终止支持](https://docs.aws.amazon.com/inspector/v1/userguide/inspector-migration.html)。

本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# 与集成 AWS Security Hub CSPM
<a name="securityhub-integration"></a>

[AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html)为您提供安全状态的全面视图， AWS 并帮助您根据安全行业标准和最佳实践检查您的环境。Security Hub CSPM 从 AWS 账户、服务和支持的第三方合作伙伴产品中收集安全数据，并帮助您分析安全趋势并确定优先级最高的安全问题。

Amazon Inspector 与 Security Hub CSPM 的集成使您可以将亚马逊检查员的调查结果发送到 Security Hub CSPM。然后，Security Hub CSPM 可以将这些发现纳入其对您的安全态势的分析中。

**Contents**
+ [Amazon Inspector 如何向 Security Hub CSPM 发送调查结果](#securityhub-integration-sending-findings)
  + [Amazon Inspector 发送的结果类型](#securityhub-integration-finding-types)
  + [发送调查发现的延迟](#securityhub-integration-finding-latency)
  + [Security Hub CSPM 不可用时重试](#securityhub-integration-retry-send)
  + [更新 Security Hub CSPM 中的现有调查发现](#securityhub-integration-finding-updates)
+ [来自 Amazon Inspector 的典型结果](#securityhub-integration-finding-example)
+ [启用和配置集成](#securityhub-integration-enable)
+ [如何停止发送调查发现](#securityhub-integration-disable)

## Amazon Inspector 如何向 Security Hub CSPM 发送调查结果
<a name="securityhub-integration-sending-findings"></a>

在 Security Hub CSPM 中，安全问题按调查发现进行跟踪。一些发现来自其他 AWS 服务或第三方合作伙伴检测到的问题。Security Hub CSPM 还有一套用于检测安全问题和生成调查发现的规则。

Security Hub CSPM 提供了用于管理来自所有这些来源的调查发现的工具。您可以查看和筛选调查发现列表，并查看调查发现的详细信息。请参阅 *AWS Security Hub 用户指南*中的[查看结果](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-viewing.html)。您还可以跟踪调查发现的调查状态。请参阅 *AWS Security Hub 用户指南*中的[对调查发现采取措施](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-taking-action.html)。

Security Hub CSPM 中的所有发现都使用一种称为 AWS 安全调查结果格式 (ASFF) 的标准 JSON 格式。ASFF 包含有关问题根源、受影响资源以及调查发现当前状态的详细信息。请参阅 *AWS Security Hub 用户指南*中的 [AWS Security Finding 格式 (ASFF）](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.htm)。

Amazon Inspector 是向 Security Hub CSPM 发送调查结果的 AWS 服务之一。

### Amazon Inspector 发送的结果类型
<a name="securityhub-integration-finding-types"></a>

Amazon Inspector 将其生成的所有调查结果发送给 Security Hub CSPM。

Amazon Inspector 使用安全调查结果[格式 (ASFF) 将调查结果发送给 Sec AWS urity](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) Hub CSPM。在 ASFF 中，`Types` 字段提供调查发现类型。来自 Amazon Inspector 的结果可能具有 `Types`的以下值。
+ 软件和配置 Checks/Vulnerabilities/CVE 
+ 软件和配置 Checks/AWS 安全性最佳 Practices/Network 可达性
+ 软件和配置 Checks/Industry 以及监管 Standards/CIS 主机强化基准

### 发送调查发现的延迟
<a name="securityhub-integration-finding-latency"></a>

当 Amazon Inspector 创建新发现时，通常会在五分钟内将其发送到 Security Hub CSPM。

### Security Hub CSPM 不可用时重试
<a name="securityhub-integration-retry-send"></a>

如果 Security Hub CSPM 不可用，Amazon Inspector 会重试发送调查结果，直到收到调查结果。

### 更新 Security Hub CSPM 中的现有调查发现
<a name="securityhub-integration-finding-updates"></a>

在向 Security Hub CSPM 发送调查结果后，Amazon Inspector 会更新调查结果以反映对发现活动的其他观察结果。这将导致亚马逊检查员在 Security Hub CSPM 中发现的次数少于在 Amazon Inspector 中发现的内容。

## 来自 Amazon Inspector 的典型结果
<a name="securityhub-integration-finding-example"></a>

Amazon Inspector 使用安全调查结果[格式 (ASFF) 将调查结果发送给 Sec AWS urity](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) Hub CSPM。

下面是 Amazon Inspector 典型结果的示例。

```
{
  "SchemaVersion": "2018-10-08",
  "Id": "inspector/us-east-1/111122223333/629ff13fbbb44c872f7bba3e7f79f60cb6d443d8",
  "ProductArn": "arn:aws:securityhub:us-east-1::product/aws/inspector",
  "GeneratorId": "arn:aws:inspector:us-east-1:316112463485:rulespackage/0-PmNV0Tcd",
  "AwsAccountId": "111122223333",
  "Types": [
    "Software and Configuration Checks/AWS Security Best Practices/Network Reachability - Recognized port reachable from internet"
  ],
  "CreatedAt": "2020-08-19T17:36:22.169Z",
  "UpdatedAt": "2020-11-04T16:36:06.064Z",
  "Severity": {
    "Label": "MEDIUM",
    "Normalized": 40,
    "Original": "6.0"
  },
  "Confidence": 10,
  "Title": "On instance i-0c10c2c7863d1a356, TCP port 22 which is associated with 'SSH' is reachable from the internet",
  "Description": "On this instance, TCP port 22, which is associated with SSH, is reachable from the internet. You can install the Inspector agent on this instance and re-run the assessment to check for any process listening on this port. The instance i-0c10c2c7863d1a356 is located in VPC vpc-a0c2d7c7 and has an attached ENI eni-078eac9d6ad9b20d1 which uses network ACL acl-154b8273. The port is reachable from the internet through Security Group sg-0af64c8a5eb30ca75 and IGW igw-e209d785",
  "Remediation": {
    "Recommendation": {
      "Text": "You can edit the Security Group sg-0af64c8a5eb30ca75 to remove access from the internet on port 22"
    }
  },
  "ProductFields": {
    "attributes/VPC": "vpc-a0c2d7c7",
    "aws/inspector/id": "Recognized port reachable from internet",
    "serviceAttributes/schemaVersion": "1",
    "aws/inspector/arn": "arn:aws:inspector:us-east-1:111122223333:target/0-8zh1cWkg/template/0-rqtRV0u0/run/0-Ck2F6tY9/finding/0-B458MQWe",
    "attributes/ACL": "acl-154b8273",
    "serviceAttributes/assessmentRunArn": "arn:aws:inspector:us-east-1:111122223333:target/0-8zh1cWkg/template/0-rqtRV0u0/run/0-Ck2F6tY9",
    "attributes/PROTOCOL": "TCP",
    "attributes/RULE_TYPE": "RecognizedPortNoAgent",
    "aws/inspector/RulesPackageName": "Network Reachability",
    "attributes/INSTANCE_ID": "i-0c10c2c7863d1a356",
    "attributes/PORT_GROUP_NAME": "SSH",
    "attributes/IGW": "igw-e209d785",
    "serviceAttributes/rulesPackageArn": "arn:aws:inspector:us-east-1:111122223333:rulespackage/0-PmNV0Tcd",
    "attributes/SECURITY_GROUP": "sg-0af64c8a5eb30ca75",
    "attributes/ENI": "eni-078eac9d6ad9b20d1",
    "attributes/REACHABILITY_TYPE": "Internet",
    "attributes/PORT": "22",
    "aws/securityhub/FindingId": "arn:aws:securityhub:us-east-1::product/aws/inspector/inspector/us-east-1/111122223333/629ff13fbbb44c872f7bba3e7f79f60cb6d443d8",
    "aws/securityhub/ProductName": "Inspector",
    "aws/securityhub/CompanyName": "Amazon"
  },
  "Resources": [
    {
      "Type": "AwsEc2Instance",
      "Id": "arn:aws:ec2:us-east-1:193043430472:instance/i-0c10c2c7863d1a356",
      "Partition": "aws",
      "Region": "us-east-1",
      "Tags": {
        "Name": "kubectl"
      },
      "Details": {
        "AwsEc2Instance": {
          "ImageId": "ami-02354e95b39ca8dec",
          "IpV4Addresses": [
            "172.31.43.6"
          ],
          "VpcId": "vpc-a0c2d7c7",
          "SubnetId": "subnet-4975b475"
        }
      }
    }
  ],
  "WorkflowState": "NEW",
  "Workflow": {
    "Status": "NEW"
  },
  "RecordState": "ACTIVE"
}
```

## 启用和配置集成
<a name="securityhub-integration-enable"></a>

若要使用与 Security Hub CSPM 的集成，您必须启用 Security Hub CSPM。有关如何启用 Security Hub CSPM 的信息，请参阅《AWS Security Hub User Guide》**中的 [Setting up Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html)。

当你同时启用 Amazon Inspector 和 Security Hub CSPM 时，集成将自动启用。Amazon Inspector 开始向 Security Hub CSPM 发送调查结果。

## 如何停止发送调查发现
<a name="securityhub-integration-disable"></a>

要停止向 Security Hub CSPM 发送调查发现，您可以使用 Security Hub CSPM 控制台或 API。

请参阅用户指南中*AWS Security Hub *的[禁用和启用来自集成的结果流（控制台）](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-integrations-managing.html#securityhub-integration-findings-flow-console) 或禁用来自集成的结果流（Security Hub API、AWS CLI）。