你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
基础 CSPM 中多云支持的资源类型
此页面列出了 Defender for Cloud 基础云安全态势管理 (CSPM) 层中 Amazon Web Services (AWS) 和 Google Cloud Platform (GCP) 支持的资源和服务类型。
AWS 支持的资源类型
| 提供程序命名空间 | 资源类型名称 |
|---|---|
| AccessAnalyzer | AnalyzerSummary |
| ApiGateway | 阶段 |
| AppSync | GraphqlApi |
| ApplicationAutoScaling | ScalableTarget |
| AutoScaling | AutoScalingGroup |
| AWS | 帐户 |
| AWS | AccountInRegion |
| CertificateManager | CertificateTags |
| CertificateManager | CertificateDetail |
| CertificateManager | CertificateSummary |
| CloudFormation | StackSummary |
| CloudFormation | StackTemplate |
| CloudFormation | StackInstanceSummary |
| CloudFormation | Stack |
| CloudFormation | StackResourceSummary |
| CloudFront | DistributionConfig |
| CloudFront | DistributionSummary |
| CloudFront | DistributionTags |
| CloudTrail | EventSelector |
| CloudTrail | Trail |
| CloudTrail | TrailStatus |
| CloudTrail | TrailTags |
| CloudWatch | MetricAlarm |
| CloudWatch | MetricAlarmTags |
| CloudWatchLogs | LogGroup |
| CloudWatchLogs | MetricFilter |
| CodeBuild | 项目 |
| CodeBuild | ProjectName |
| CodeBuild | SourceCredentialsInfo |
| ConfigService | ConfigurationRecorder |
| ConfigService | ConfigurationRecorderStatus |
| ConfigService | DeliveryChannel |
| DAX | 群集 |
| DAX | ClusterTags |
| DatabaseMigrationService | ReplicationInstance |
| DynamoDB | ContinuousBackupsDescription |
| DynamoDB | TableDescription |
| DynamoDB | TableTags |
| DynamoDB | TableName |
| EC2 | 快照 |
| EC2 | 子网 |
| EC2 | 体积 |
| EC2 | VPC |
| EC2 | VpcEndpoint |
| EC2 | VpcPeeringConnection |
| EC2 | 实例 |
| EC2 | AccountAttribute |
| EC2 | Address |
| EC2 | CreateVolumePermission |
| EC2 | EbsEncryptionByDefault |
| EC2 | FlowLog |
| EC2 | 映像 |
| EC2 | InstanceStatus |
| EC2 | InstanceTypeInfo |
| EC2 | NetworkAcl |
| EC2 | NetworkInterface |
| EC2 | 区域 |
| EC2 | 预留 |
| EC2 | RouteTable |
| EC2 | SecurityGroup |
| ECR | 映像 |
| ECR | 存储库 |
| ECR | RepositoryPolicy |
| ECS | TaskDefinition |
| ECS | ServiceArn |
| ECS | 服务 |
| ECS | ClusterArn |
| ECS | TaskDefinitionTags |
| ECS | TaskDefinitionArn |
| EFS | FileSystemDescription |
| EFS | MountTargetDescription |
| EKS | 群集 |
| EKS | Nodegroup |
| EKS | NodegroupName |
| EKS | ClusterName |
| EMR | 群集 |
| ElasticBeanstalk | ConfigurationSettingsDescription |
| ElasticBeanstalk | EnvironmentDescription |
| ElasticLoadBalancing | LoadBalancerTags |
| ElasticLoadBalancing | LoadBalancer |
| ElasticLoadBalancing | LoadBalancerAttributes |
| ElasticLoadBalancing | LoadBalancerPolicy |
| ElasticLoadBalancingV2 | LoadBalancerTags |
| ElasticLoadBalancingV2 | 规则 |
| ElasticLoadBalancingV2 | TargetGroup |
| ElasticLoadBalancingV2 | TargetHealthDescription |
| ElasticLoadBalancingV2 | LoadBalancer |
| ElasticLoadBalancingV2 | 侦听器 |
| ElasticLoadBalancingV2 | LoadBalancerAttribute |
| Elasticsearch | DomainInfo |
| Elasticsearch | DomainStatus |
| Elasticsearch | DomainTags |
| GuardDuty | DetectorId |
| Iam | AccountAlias |
| Iam | AttachedPolicyType |
| Iam | CredentialReport |
| Iam | 组 |
| Iam | InstanceProfile |
| Iam | MFADevice |
| Iam | PasswordPolicy |
| Iam | ServerCertificateMetadata |
| Iam | SummaryMap |
| Iam | 用户 |
| Iam | UserPolicies |
| Iam | VirtualMFADevice |
| Iam | ManagedPolicy |
| Iam | ManagedPolicy |
| Iam | AccessKeyLastUsed |
| Iam | AccessKeyMetadata |
| Iam | PolicyVersion |
| Iam | PolicyVersion |
| 内部 | Iam_EntitiesForPolicy |
| 内部 | Iam_EntitiesForPolicy |
| 内部 | AwsSecurityConnector |
| KMS | KeyPolicyName |
| KMS | KeyRotationStatus |
| KMS | KeyTags |
| KMS | KeyPolicy |
| KMS | KeyMetadata |
| KMS | KeyListEntry |
| KMS | AliasListEntry |
| Lambda | FunctionCodeLocation |
| Lambda | FunctionConfiguration |
| Lambda | FunctionPolicy |
| Lambda | FunctionTags |
| Macie2 | JobSummary |
| Macie2 | MacieStatus |
| NetworkFirewall | 防火墙 |
| NetworkFirewall | FirewallMetadata |
| NetworkFirewall | FirewallPolicy |
| NetworkFirewall | FirewallPolicyMetadata |
| NetworkFirewall | RuleGroup |
| NetworkFirewall | RuleGroupMetadata |
| RDS | ExportTask |
| RDS | DBClusterSnapshot |
| RDS | DBSnapshot |
| RDS | DBSnapshotAttributesResult |
| RDS | EventSubscription |
| RDS | DBCluster |
| RDS | DBInstance |
| RDS | DBClusterSnapshotAttributesResult |
| RedShift | LoggingStatus |
| RedShift | 参数 |
| Redshift | 群集 |
| Route53 | HostedZone |
| Route53 | ResourceRecordSet |
| Route53Domains | DomainSummary |
| S3 | S3Region |
| S3 | S3BucketTags |
| S3 | S3Bucket |
| S3 | BucketPolicy |
| S3 | BucketEncryption |
| S3 | BucketPublicAccessBlockConfiguration |
| S3 | BucketVersioning |
| S3 | LifecycleConfiguration |
| S3 | PolicyStatus |
| S3 | ReplicationConfiguration |
| S3 | S3AccessControlList |
| S3 | S3BucketLoggingConfig |
| S3Control | PublicAccessBlockConfiguration |
| SNS | 订阅 |
| SNS | 主题 |
| SNS | TopicAttributes |
| SNS | TopicTags |
| SQS | 队列 |
| SQS | QueueAttributes |
| SQS | QueueTags |
| SageMaker | NotebookInstanceSummary |
| SageMaker | DescribeNotebookInstanceTags |
| SageMaker | DescribeNotebookInstanceResponse |
| SecretsManager | SecretResourcePolicy |
| SecretsManager | SecretListEntry |
| SecretsManager | DescribeSecretResponse |
| SimpleSystemsManagement | ParameterMetadata |
| SimpleSystemsManagement | ParameterTags |
| SimpleSystemsManagement | ResourceComplianceSummary |
| SimpleSystemsManagement | InstanceInformation |
| WAF | LoggingConfiguration |
| WAF | WebACL |
| WAF | WebACLSummary |
| WAFV2 | ApplicationLoadBalancerForWebACL |
| WAFV2 | WebACLSummary |
GCP 支持的资源类型
| 提供程序命名空间 | 资源类型名称 |
|---|---|
| ApiKeys | 密钥 |
| ArtifactRegistry | 映像 |
| ArtifactRegistry | 存储库 |
| ArtifactRegistry | RepositoryPolicy |
| Bigquery | 数据集 |
| Bigquery | DatasetData |
| Bigquery | 表 |
| Bigquery | TablePolicy |
| Bigquery | TablesData |
| CloudKMS | CryptoKey |
| CloudKMS | CryptoKeyPolicy |
| CloudKMS | KeyRing |
| CloudKMS | KeyRingPolicy |
| CloudResourceManager | 项目 |
| CloudResourceManager | Ancestor |
| CloudResourceManager | AncestorPolicy |
| CloudResourceManager | EffectiveOrgPolicy |
| CloudResourceManager | Folder |
| CloudResourceManager | FolderPolicy |
| CloudResourceManager | 组织 |
| CloudResourceManager | 组织策略 |
| CloudResourceManager | 策略 |
| 计算 | 实例 |
| 计算 | BackendService |
| 计算 | BackendService |
| 计算 | 磁盘 |
| 计算 | EffectiveFirewalls |
| 计算 | 防火墙 |
| 计算 | ForwardingRule |
| 计算 | GlobalForwardingRule |
| 计算 | InstanceGroup |
| 计算 | InstanceGroupInstance |
| 计算 | InstanceGroupManager |
| 计算 | InstanceGroupManager |
| 计算 | InstanceTemplate |
| 计算 | MachineType |
| 计算 | ManagedInstance |
| 计算 | ManagedInstance |
| 计算 | 网络 |
| 计算 | NetworkEffectiveFirewalls |
| 计算 | 项目 |
| 计算 | SslPolicy |
| 计算 | Subnetwork |
| 计算 | TargetHttpProxy |
| 计算 | TargetHttpsProxy |
| 计算 | TargetPool |
| 计算 | TargetSslProxy |
| 计算 | TargetTcpProxy |
| 计算 | UrlMap |
| 容器 | 群集 |
| Dns | ManagedZone |
| Dns | 策略 |
| IAM | OrganizationRole |
| IAM | ProjectRole |
| IAM | 角色 |
| IAM | ServiceAccount |
| IAM | ServiceAccountKey |
| 内部 | GcpSecurityConnector |
| 日志记录 | AncestorLogSink |
| 日志记录 | LogEntry |
| 日志记录 | LogMetric |
| 日志记录 | LogSink |
| 监视 | AlertPolicy |
| OsConfig | OSPolicyAssignment |
| OsConfig | OSPolicyAssignmentReport |
| SQLAdmin | DatabaseInstance |
| SecretManager | 机密 |
| SecretManager | SecretPolicy |
| 存储 | Bucket |
| 存储 | BucketPolicy |
了解详细信息
- 有关商业和国家云覆盖范围的信息,请参阅 Azure 云环境支持的功能。
- 观看 Predict future security incidents!Cloud Security Posture Management with Microsoft Defender(预测未来的安全事件!使用 Microsoft Defender 进行云安全态势管理)。
- 了解安全标准和建议。
- 了解安全分数。