本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 使用 Amazon EventBridge 監控 S3 物件掃描
*Amazon EventBridge* 為無伺服器事件匯流排服務,可讓您輕鬆將應用程式與來自各種來源的資料互相連線。EventBridge 會從您自己的應用程式、Software-as-a-Service(SaaS) 應用程式 AWS 和服務提供即時資料串流,並將該資料路由到 Lambda 等目標。這可讓您監控在服務中發生的事件,並建置事件導向的架構。如需詳細資訊,請參閱 [Amazon EventBridge 使用者指南](https://docs.aws.amazon.com/eventbridge/latest/userguide/)。
GuardDuty 是受惡意軟體防護保護之 S33 儲存貯體的擁有者帳戶,會在下列情況下將 EventBridge 通知發佈至預設事件匯流排:
+ 任何受保護儲存貯體的**惡意軟體防護計劃資源狀態**變更。如需各種狀態的資訊,請參閱 [檢視和了解受保護的儲存貯體狀態](malware-protection-s3-bucket-status-gdu.md)。
如需設定資源狀態的 Amazon EventBridge (EventBridge) 規則,請參閱 [惡意軟體防護計劃資源狀態](#resource-status-malware-protection-s3-ev)。
+ **S3 物件掃描結果**會發佈至您的預設 EventBridge 事件匯流排。
`s3Throttled` 欄位指出從 Amazon S3 上傳或擷取儲存是否有延遲。值`true`表示有延遲,而 `false` 表示沒有延遲。
如果 `s3Throttled` `true`適用於您的掃描結果,則 Amazon S3 建議以協助您減少每個字首每秒交易數 (TPS) 的方式設定字首。如需詳細資訊,請參閱《[Amazon S3 使用者指南》中的最佳實務設計模式:最佳化 Amazon S3 效能](https://docs.aws.amazon.com/AmazonS3/latest/userguide/optimizing-performance.html)。 *Amazon S3 *
如需設定 S3 物件掃描結果的 Amazon EventBridge (EventBridge) 規則,請參閱 [S3 物件掃描結果](#s3-object-scan-status-malware-protection-s3-ev)。
+ 有**掃描後標籤失敗事件**,原因如下:
+ 您的 IAM 角色缺少標記物件的許可。
[新增 IAM 政策許可](malware-protection-s3-iam-policy-prerequisite.md#attach-iam-policy-s3-malware-protection) 範本包含 GuardDuty 標記物件的許可。
+ IAM 角色中指定的儲存貯體資源或物件不再存在。
+ 關聯的 S3 物件已達到標籤上限。如需標籤限制的詳細資訊,請參閱《*Amazon S3 使用者指南*》中的[使用標籤將儲存體分類](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html)。
如需設定掃描後標籤失敗事件的 Amazon EventBridge (EventBridge) 規則,請參閱 [掃描後標籤失敗事件](#post-tag-failure-malware-protection-s3-ev)。
## 設定 EventBridge 規則
您可以在帳戶中設定 EventBridge 規則,將資源狀態、掃描後標籤失敗事件或 S3 物件掃描結果傳送至另一個 AWS 服務。身為委派的 GuardDuty 管理員帳戶,當狀態發生變更時,您將會收到惡意軟體防護計劃資源狀態通知。
標準 EventBridge 定價將適用。如需詳細資訊,請參閱 [Amazon EventBridge 定價](https://aws.amazon.com/eventbridge/pricing/)。
以{{紅色}}顯示的所有值都是範例的預留位置。這些值會根據您帳戶中的值,以及是否偵測到惡意軟體而變更。
**Topics**
+ [惡意軟體防護計劃資源狀態](#resource-status-malware-protection-s3-ev)
+ [S3 物件掃描結果](#s3-object-scan-status-malware-protection-s3-ev)
+ [掃描後標籤失敗事件](#post-tag-failure-malware-protection-s3-ev)
### 惡意軟體防護計劃資源狀態
您可以根據下列案例建立 EventBridge 事件模式:
**潛在`detail-type`值**
+ `"GuardDuty Malware Protection Resource Status Active"`
+ `"GuardDuty Malware Protection Resource Status Warning"`
+ `"GuardDuty Malware Protection Resource Status Error"`
**事件模式**
```
{
"detail-type": ["potential detail-type"],
"source": ["aws.guardduty"]
}
```
**的通知結構描述範例`GuardDuty Malware Protection Resource Status Active`**:
```
{
"version": "0",
"id": "{{6a7e8feb-b491-4cf7-a9f1-bf3703467718}}",
"detail-type": "GuardDuty Malware Protection Resource Status Active",
"source": "aws.guardduty",
"account": "{{111122223333}}",
"time": "{{2017-12-22T18:43:48Z}}",
"region": "{{us-east-1}}",
"resources": ["{{arn:aws:guardduty:{{us-east-1}}:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE}}"],
"detail": {
"schemaVersion": "1.0",
"eventTime": "{{2024-02-28T01:01:01Z}}",
"s3BucketDetails": {
"bucketName": "{{amzn-s3-demo-bucket}}"
},
"resourceStatus": "ACTIVE"
}
}
```
**的通知結構描述範例`GuardDuty Malware Protection Resource Status Warning`**:
```
{
"version": "0",
"id": "{{6a7e8feb-b491-4cf7-a9f1-bf3703467718}}",
"detail-type": "GuardDuty Malware Protection Resource Status warning",
"source": "aws.guardduty",
"account": "{{111122223333}}",
"time": "{{2017-12-22T18:43:48Z}}",
"region": "{{us-east-1}}",
"resources": ["{{arn:aws:guardduty:{{us-east-1}}:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE}}"],
"detail": {
"schemaVersion": "1.0",
"eventTime": "{{2024-02-28T01:01:01Z}}",
"s3BucketDetails": {
"bucketName": "{{amzn-s3-demo-bucket}}"
},
"resourceStatus": "WARNING",
"statusReasons": [
{
"code": "INSUFFICIENT_TEST_OBJECT_PERMISSIONS"
}
]
}
}
```
**的通知結構描述範例`GuardDuty Malware Protection Resource Status Error`**:
```
{
"version": "0",
"id": "{{fc7a35b7-83bd-3c1f-ecfa-1b8de9e7f7d2}}",
"detail-type": "GuardDuty Malware Protection Resource Status {{Error}}",
"source": "aws.guardduty",
"account": "{{111122223333}}",
"time": "{{2017-12-22T18:43:48Z}}",
"region": "{{us-east-1}}",
"resources": ["{{arn:aws:guardduty:{{us-east-1}}:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE}}"],
"detail": {
"schemaVersion": "1.0",
"eventTime": "{{2024-02-28T01:01:01Z}}",
"s3BucketDetails": {
"bucketName": "{{amzn-s3-demo-bucket}}"
},
"resourceStatus": "{{ERROR}}",
"statusReasons": [
{
"code": "{{EVENTBRIDGE_MANAGED_EVENTS_DELIVERY_DISABLED}}"
}
]
}
}
```
根據 `resourceStatus` 背後的原因`ERROR`,將會填入 `statusReasons`值。
如需下列警告和錯誤的疑難排解步驟資訊,請參閱 [針對惡意軟體防護計劃狀態進行故障診斷](troubleshoot-s3-malware-protection-status-errors.md)。
### S3 物件掃描結果
```
{
"detail-type": ["GuardDuty Malware Protection Object Scan Result"],
"source": ["aws.guardduty"]
}
```
當 `scanStatus`為 時`SKIPPED`, `scanResultDetails`會包含 `statusReasons` 欄位,提供略過掃描的特定原因。如需可能值的資訊,請參閱 [S3 物件潛在掃描狀態和結果狀態](monitoring-malware-protection-s3-scans-gdu.md#s3-object-scan-result-value-malware-protection)。
**的通知結構描述範例`NO_THREATS_FOUND`**:
```
{
"version": "0",
"id": "{{72c7d362-737a-6dce-fc78-9e27a0171419}}",
"detail-type": "GuardDuty Malware Protection Object Scan Result",
"source": "aws.guardduty",
"account": "{{111122223333}}",
"time": "{{2024-02-28T01:01:01Z}}",
"region": "{{us-east-1}}",
"resources": ["{{arn:aws:guardduty:{{us-east-1}}:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE}}"],
"detail": {
"schemaVersion": "1.0",
"scanStatus": "COMPLETED",
"resourceType": "S3_OBJECT",
"s3ObjectDetails": {
"bucketName": "{{amzn-s3-demo-bucket}}",
"objectKey": "{{APKAEIBAERJR2EXAMPLE}}",
"eTag": "{{ASIAI44QH8DHBEXAMPLE}}",
"versionId" : "{{d41d8cd98f00b204e9800998eEXAMPLE}}",
"s3Throttled": {{false}}
},
"scanResultDetails": {
"scanResultStatus": "NO_THREATS_FOUND",
"threats": null,
"statusReasons": null
}
}
}
```
**的通知結構描述範例`THREATS_FOUND`**:
```
{
"version": "0",
"id": "{{72c7d362-737a-6dce-fc78-9e27a0171419}}",
"detail-type": "GuardDuty Malware Protection Object Scan Result",
"source": "aws.guardduty",
"account": "{{111122223333}}",
"time": "{{2024-02-28T01:01:01Z}}",
"region": "{{us-east-1}}",
"resources": ["{{arn:aws:guardduty:{{us-east-1}}:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE}}"],
"detail": {
"schemaVersion": "1.0",
"scanStatus": "COMPLETED",
"resourceType": "S3_OBJECT",
"s3ObjectDetails": {
"bucketName": "{{amzn-s3-demo-bucket}}",
"objectKey": "{{APKAEIBAERJR2EXAMPLE}}",
"eTag": "{{ASIAI44QH8DHBEXAMPLE}}",
"versionId" : "{{d41d8cd98f00b204e9800998eEXAMPLE}}",
"s3Throttled": {{false}}
},
"scanResultDetails": {
"scanResultStatus": "THREATS_FOUND",
"threats": [
{
"name": "{{EICAR-Test-File (not a virus)}}"
}
],
"statusReasons": null
}
}
}
```
**注意**
`scanResultDetails.Threats` 欄位只包含一個威脅。根據預設,惡意軟體防護 S3 掃描會報告第一個偵測到的威脅。之後, `scanStatus`會設定為 `COMPLETED`。
**掃描結果狀態的通知結構描述範例 `UNSUPPORTED`(略過)**:
```
{
"version": "0",
"id": "{{72c7d362-737a-6dce-fc78-9e27a0EXAMPLE}}",
"detail-type": "GuardDuty Malware Protection Object Scan Result",
"source": "aws.guardduty",
"account": "{{111122223333}}",
"time": "{{2024-02-28T01:01:01Z}}",
"region": "{{us-east-1}}",
"resources": ["{{arn:aws:guardduty:{{us-east-1}}:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE}}"],
"detail": {
"schemaVersion": "1.0",
"scanStatus": "SKIPPED",
"resourceType": "S3_OBJECT",
"s3ObjectDetails": {
"bucketName": "{{amzn-s3-demo-bucket}}",
"objectKey": "{{APKAEIBAERJR2EXAMPLE}}",
"eTag": "{{ASIAI44QH8DHBEXAMPLE}}",
"versionId" : "{{d41d8cd98f00b204e9800998eEXAMPLE}}",
"s3Throttled": {{false}}
},
"scanResultDetails": {
"scanResultStatus": "UNSUPPORTED",
"threats": null,
"statusReasons": ["{{PASSWORD_PROTECTED}}"]
}
}
}
```
**掃描結果狀態的通知結構描述範例 `ACCESS_DENIED`(略過)**:
```
{
"version": "0",
"id": "{{72c7d362-737a-6dce-fc78-9e27a0EXAMPLE}}",
"detail-type": "GuardDuty Malware Protection Object Scan Result",
"source": "aws.guardduty",
"account": "{{111122223333}}",
"time": "{{2024-02-28T01:01:01Z}}",
"region": "{{us-east-1}}",
"resources": ["{{arn:aws:guardduty:{{us-east-1}}:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE}}"],
"detail": {
"schemaVersion": "1.0",
"scanStatus": "SKIPPED",
"resourceType": "S3_OBJECT",
"s3ObjectDetails": {
"bucketName": "{{amzn-s3-demo-bucket}}",
"objectKey": "{{APKAEIBAERJR2EXAMPLE}}",
"eTag": "{{ASIAI44QH8DHBEXAMPLE}}",
"versionId" : "{{d41d8cd98f00b204e9800998eEXAMPLE}}",
"s3Throttled": {{false}}
},
"scanResultDetails": {
"scanResultStatus": "ACCESS_DENIED",
"threats": null,
"statusReasons": ["{{SSE_C_ENCRYPTED_OBJECT}}"]
}
}
}
```
**掃描結果狀態的通知結構描述範例`FAILED`**:
```
{
"version": "0",
"id": "{{72c7d362-737a-6dce-fc78-9e27a0EXAMPLE}}",
"detail-type": "GuardDuty Malware Protection Object Scan Result",
"source": "aws.guardduty",
"account": "{{111122223333}}",
"time": "{{2024-02-28T01:01:01Z}}",
"region": "{{us-east-1}}",
"resources": ["{{arn:aws:guardduty:{{us-east-1}}:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE}}"],
"detail": {
"schemaVersion": "1.0",
"scanStatus": "FAILED",
"resourceType": "S3_OBJECT",
"s3ObjectDetails": {
"bucketName": "{{amzn-s3-demo-bucket}}",
"objectKey": "{{APKAEIBAERJR2EXAMPLE}}",
"eTag": "{{ASIAI44QH8DHBEXAMPLE}}",
"versionId" : "{{d41d8cd98f00b204e9800998eEXAMPLE}}",
"s3Throttled": {{false}}
},
"scanResultDetails": {
"scanResultStatus": "FAILED",
"threats": null,
"statusReasons": null
}
}
}
```
### 掃描後標籤失敗事件
**事件模式**:
```
{
"detail-type": "GuardDuty Malware Protection Post Scan Action Failed",
"source": "aws.guardduty"
}
```
**的通知結構描述範例`ACCESS_DENIED`**:
```
{
"version": "0",
"id": "{{746acd83-d75c-5b84-91d2-dad5f13ba0d7}}",
"detail-type": "GuardDuty Malware Protection Post Scan Action Failed",
"source": "aws.guardduty",
"account": "{{111122223333}}",
"time": "{{2024-06-10T16:16:08Z}}",
"region": "{{us-east-1}}",
"resources": ["{{arn:aws:guardduty:{{us-east-1}}:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE}}"],
"detail": {
"schemaVersion": "1.0",
"eventTime": "{{2024-06-10T16:16:08Z}}",
"s3ObjectDetails": {
"bucketName": "{{amzn-s3-demo-bucket}}",
"objectKey": "{{2024-03-10-16-16-00-7D723DE8DBE9Y2E0}}",
"eTag": "{{0e9eeec810ad8b61d69112c15c2a5hb6}}",
"versionId" : "{{d41d8cd98f00b204e9800998eEXAMPLE}}",
"s3Throttled": {{false}}
},
"postScanActions": [{
"actionType": "TAGGING",
"failureReason": "{{ACCESS_DENIED}}"
}]
}
}
```
**的通知結構描述範例`MAX_TAG_LIMIT_EXCEEDED`**:
```
{
"version": "0",
"id": "{{746acd83-d75c-5b84-91d2-dad5f13ba0d7}}",
"detail-type": "GuardDuty Malware Protection Post Scan Action Failed",
"source": "aws.guardduty",
"account": "{{111122223333}}",
"time": "{{2024-06-10T16:16:08Z}}",
"region": "{{us-east-1}}",
"resources": ["{{arn:aws:guardduty:{{us-east-1}}:111122223333:malware-protection-plan/b4c7f464ab3a4EXAMPLE}}"],
"detail": {
"schemaVersion": "1.0",
"eventTime": "{{2024-06-10T16:16:08Z}}",
"s3ObjectDetails": {
"bucketName": "{{amzn-s3-demo-bucket}}",
"objectKey": "{{2024-03-10-16-16-00-7D723DE8DBE9Y2E0}}",
"eTag": "{{0e9eeec810ad8b61d69112c15c2a5hb6}}",
"versionId" : "{{d41d8cd98f00b204e9800998eEXAMPLE}}",
"s3Throttled": {{false}}
},
"postScanActions": [{
"actionType": "TAGGING",
"failureReason": "{{MAX_TAG_LIMIT_EXCEEDED}}"
}]
}
}
```
若要疑難排解這些故障原因,請參閱 [對 S3 物件掃描後標籤失敗進行故障診斷](troubleshoot-s3-post-scan-tag-failures.md)。