我不太清楚,当 ECR 扫描返回发现任何级别的漏洞时,触发 EventBridge 规则所需的事件模式是什么。任何人都可以分享一个允许这样做的事件模式吗?
问问题
348 次
1 回答
0
您可以在https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-eventbridge.html#ecr-eventbridge-bus找到示例 ECR 扫描事件
{
"version": "0",
"id": "85fc3613-e913-7fc4-a80c-a3753e4aa9ae",
"detail-type": "ECR Image Scan",
"source": "aws.ecr",
"account": "123456789012",
"time": "2019-10-29T02:36:48Z",
"region": "us-east-1",
"resources": [
"arn:aws:ecr:us-east-1:123456789012:repository/my-repo"
],
"detail": {
"scan-status": "COMPLETE",
"repository-name": "my-repo",
"finding-severity-counts": {
"CRITICAL": 10,
"MEDIUM": 9
},
"image-digest": "sha256:7f5b2640fe6fb4f46592dfd3410c4a79dac4f89e4782432e0378abcd1234",
"image-tags": []
}
}
您可以创建一个规则来匹配finding-severity-counts. 您可能会发现这很有帮助https://docs.aws.amazon.com/eventbridge/latest/userguide/content-filtering-with-event-patterns.html#filtering-exists-matching
于 2020-12-31T20:26:16.713 回答