|
主な機能
|
-
actiontrail:DescribeTrails
-
adb:DescribeDBClusters
-
gpdb:DescribeDBInstances
-
apigateway:DescribeInstances
-
apigateway:DescribeApiGroups
-
apigateway:DescribeApis
-
cr:ListInstance
-
cr:ListInstanceEndpoint
-
cr:ListRepository cr:ListNamespace
-
cr:ListRepositoryTag ram:ListUsers
-
ram:DeleteOIDCProvider
-
ram:DeletePolicy
-
ram:DeletePolicyVersion
-
ram:DeleteRole
-
ram:DetachPolicyFromRole
-
ram:DetachPolicyFromUser
-
ram:ListEntitiesForPolicy
-
ram:ListPolicies
-
ram:ListRoles
-
ram:ListPoliciesForRole
-
ram:ListPolicyVersions
-
ram:ListTagResources
-
ram:GetOIDCProvider
-
ram:GetRole
-
ram:GetPolicy
-
ram:UpdateRole
-
ram:GetUserMFAInfo
-
ram:GetLoginProfile
-
ram:ListPoliciesForUser
-
ram:ListAccessKeys
-
ram:GetPolicy ram:ListPolicies
-
ram:GetPasswordPolicy
-
ram:ListVirtualMFADevices
-
ram:ListGroups ram:ListRoles
-
ram:GetRole oss:ListBuckets
-
oss:GetBucketInfo
-
oss:GetBucketPolicy
-
oss:GetBucketTagging
-
oss:GetBucketLogging
-
ots:ListInstance
-
ots:ListTable
-
ots:DescribeTable
-
rds:DescribeDBInstances
-
rds:DescribeSQLCollectorPolicy
-
rds:DescribeDBInstanceIPArrayList
-
rds:DescribeDBInstanceSSL
-
rds:DescribeDBInstanceTDE
-
rds:DescribeSQLCollectorRetention
-
rds:DescribeTags
-
cs:DescribeClusterNodePools
-
cs:ListClusterChecks
-
cs:GetClusters
-
cs:DescribeClusters
-
yundun-sas:ListUninstallAegisMachines
-
yundun-sas:DescribeVulConfig
-
yundun-sas:DescribeVersionConfig
-
yundun-sas:DescribeConcernNecessity
-
yundun-aegis:DescribeNoticeConfig
-
yundun-waf:DescribeInstance
-
ecs:DescribeInstances
-
ecs:DescribeDisks
-
ess:DescribeScalingGroups
-
vpc:DescribeVpcs
-
vpc:DescribeNatGateways
-
vpc:DescribeVpnGateways
-
vpc:DescribeEipAddresses
-
fc:ListFunctions fc:GetResourceTags
-
fc:ListLayers
-
fc:ListTagResources
-
ecs:DescribeDedicatedHosts
-
kms:ListKeys
-
kms:DescribeKey
-
kms:ListAliasesByKeyId
-
kms:ListResourceTags
-
kms:GetKeyPolicy
-
kvstore:DescribeInstances
-
alb:ListLoadBalancers
-
alb:ListLoadBalancers
-
nlb:ListLoadBalancers
-
nas:DescribeFileSystems
-
ehpc:ListClusters
-
ehpc:ListTagResources
-
slb:DescribeLoadBalancers
-
cen:DescribeCens
-
elasticsearch:ListInstance
-
dds:DescribeDBInstances
-
eci:DescribeContainerGroups
-
fnf:ListFlows eiam:ListInstances
-
eiam:GetInstance
-
privatelink:ListVpcEndpoints
|
これらの権限はAlibaba CloudアカウントをTrend Vision Oneに接続するために必要です。
|
| Server & Workload Protection |
-
ram:GetAccountAlias
ecs:DescribeInstances
-
ecs:DescribeInstanceAttribute
-
ecs:DescribeInstanceStatus
-
ecs:DescribeInstancesFullStatus
-
ecs:DescribeSecurityGroupAttribute
-
ecs:DescribeSecurityGroups
-
ecs:DescribeManagedInstances
-
ecs:DescribeTags
-
vpc:DescribeVSwitches
-
vpc:DescribeVSwitchAttributes
-
vpc:DescribeVpcs
-
vpc:DescribeVpcAttribute
|
|
|
Cloud Security Posture
|
-
actiontrail:DescribeTrails
-
adb:DescribeDBClusters
-
gpdb:DescribeDBInstances
-
apigateway:DescribeInstances
-
apigateway:DescribeApiGroups
-
apigateway:DescribeApis
-
cr:ListInstance
-
cr:ListInstanceEndpoint
-
cr:ListRepository
-
cr:ListNamespace
-
cr:ListRepositoryTag
-
ram:ListUsers
-
ram:GetUserMFAInfo
-
ram:GetLoginProfile
-
ram:ListPoliciesForUser
-
ram:ListAccessKeys
-
ram:GetPolicy
-
ram:ListPolicies
-
ram:GetPasswordPolicy
-
ram:ListVirtualMFADevices
-
ram:ListGroups
-
ram:ListRoles
-
ram:GetRole
-
oss:ListBuckets
-
oss:GetBucketInfo
-
oss:GetBucketPolicy
-
oss:GetBucketTagging
-
oss:GetBucketLogging
-
ots:ListInstance
-
ots:ListTable
-
ots:DescribeTable
-
rds:DescribeDBInstances
-
rds:DescribeSQLCollectorPolicy
-
rds:DescribeDBInstanceIPArrayList
-
rds:DescribeDBInstanceSSL
-
rds:DescribeParameters
-
rds:DescribeDBInstanceTDE
-
rds:DescribeSQLCollectorRetention
-
rds:DescribeTags
-
cs:DescribeClusterNodePools
-
cs:ListClusterChecks
-
cs:GetClusters
-
cs:DescribeClusters
-
yundun-sas:ListUninstallAegisMachines
-
yundun-sas:DescribeVulConfig
-
yundun-sas:DescribeVersionConfig
-
yundun-sas:DescribeConcernNecessity
-
yundun-aegis:DescribeNoticeConfig
-
yundun-waf:DescribeInstance
-
ecs:DescribeInstances
-
ecs:DescribeDisks
-
ess:DescribeScalingGroups
-
vpc:DescribeVpcs
-
vpc:DescribeNatGateways
-
vpc:DescribeVpnGateways
-
vpc:DescribeEipAddresses
-
fc:ListFunctions
-
fc:GetResourceTags
-
fc:ListLayers
-
fc:ListTagResources
-
ecs:DescribeDedicatedHosts
-
kms:ListKeys
-
kms:DescribeKey
-
kms:ListAliasesByKeyId
-
kms:ListResourceTags
-
kms:GetKeyPolicy
-
kvstore:DescribeInstances
-
alb:ListLoadBalancers
-
nlb:ListLoadBalancers
-
nas:DescribeFileSystems
-
ehpc:ListClusters
-
ehpc:ListTagResources
-
slb:DescribeLoadBalancers
-
cen:DescribeCens
-
elasticsearch:ListInstance
-
dds:DescribeDBInstances
-
eci:DescribeContainerGroups
-
fnf:ListFlows
-
eiam:ListInstances
-
eiam:GetInstance
-
privatelink:ListVpcEndpoints
|
|
|
エージェントレスによる脆弱性と脅威の検出
|
Event Bridgeの権限:
-
eventbridge:CheckServiceLinkedRoleForProduct
-
eventbridge:DisableRule
-
eventbridge:EnableRule
-
eventbridge:GetEventBridgeStatus
-
eventbridge:GetEventBus
-
eventbridge:GetEventSource
-
eventbridge:GetRule
-
eventbridge:ListEventBuses
-
eventbridge:ListEventSources
-
eventbridge:ListRules
-
eventbridge:ListTagResources
-
eventbridge:ListTargets
-
eventbridge:ListTargetsByRule
-
eventbridge:ListTargetTypes
-
eventbridge:ListUserDefinedEventSources
-
eventbridge:PutEventSource
-
eventbridge:PutRule
-
eventbridge:PutTargets
-
eventbridge:TagResources
-
eventbridge:UntagResources
-
eventbridge:UpdateEventBus
-
eventbridge:UpdateEventSource
-
Alibaba Cloud定義済みポリシー:
-
AliyunEventBridgeResourceCreatePolicy
-
AliyunEventBridgeResourceDeletePolicy
-
AliyunEventBridgeResourceUpdatePolicy
-
AliyunEventBridgePutEventsPolicy
ECSの権限:
-
ecs:CreateSecurityGroup
-
ecs:DeleteInstance
-
ecs:DeleteInstances
-
ecs:DeleteKeyPairs
-
ecs:DeleteSecurityGroup
-
ecs:DeleteSnapshot
-
ecs:DeleteSnapshotGroup
-
ecs:DeleteVolume
-
ecs:DescribeDisks
-
ecs:DescribeImages
-
ecs:DescribeInstanceStatus
-
ecs:DescribeInstanceTypeResource
-
ecs:DescribeInstances
-
ecs:DescribeSecurityGroupAttribute
-
ecs:DescribeSecurityGroups
-
ecs:DescribeVolumes
-
ecs:DetachVolume
Function Computeの権限:
-
fc:CreateFunction
-
fc:CreateService
-
fc:CreateTrigger
-
fc:DeleteConcurrencyConfig
-
fc:DeleteFunction
-
fc:DeleteFunctionAsyncInvokeConfig
-
fc:DeleteService
-
fc:DeleteTrigger
-
fc:DeleteTriggerWithEventSource
-
fc:GetConcurrencyConfig
-
fc:GetFunction
-
fc:GetFunctionAsyncInvokeConfig
-
fc:GetService
-
fc:GetTrigger
-
fc:InvokeFunction
-
fc:InvokeFunctionAsync
-
fc:ListFunctions
-
fc:ListServices
-
fc:ListServiceVersions
-
fc:ListTriggers
-
fc:ListTriggersWithEventSource
-
fc:PutConcurrencyConfig
-
fc:PutFunctionAsyncInvokeConfig
-
fc:TagResource
-
fc:TagResources
-
fc:UnTagResource
-
fc:UpdateFunction
-
fc:UpdateService
-
fc:UpdateTrigger
キー管理サービスの権限:
-
kms:CreateSecret
-
kms:DeleteSecret
-
kms:DescribeSecret
-
kms:GetSecretValue
-
kms:PutSecretValue
-
kms:UpdateSecret
Simple Log Serviceの権限:
Simple Message Queueの権限 (以前はMNS):
-
mns:CreateQueue
-
mns:DeleteQueue
-
mns:GetQueueAttributes
-
mns:ListQueue
-
mns:ListTagResources
CloudOpsオーケストレーションサービスの権限:
-
oos:CreateSecretParameter
-
oos:DeleteParameter
-
oos:DeleteSecretParameter
-
oos:GetSecretParameter
-
oos:ListParameters
-
oos:ListSecretParameters
-
oos:ListTagResources
-
oos:UpdateSecretParameter
オブジェクトストレージサービスの権限:
-
oss:AppendObject
-
oss:CleanRestoredObject
-
oss:DeleteAccessPoint
-
oss:DeleteAccessPointForObjectProcess
-
oss:DeleteAccessPointPolicy
-
oss:DeleteAccessPointPolicyForObjectProcess
-
oss:DeleteAccessPointPublicAccessBlock
-
oss:DeleteBucket
-
oss:DeleteBucketCallbackPolicy
-
oss:DeleteBucketCommonHeader
-
oss:DeleteBucketCors
-
oss:DeleteBucketDataRedundancyTransition
-
oss:DeleteBucketEncryption
-
oss:DeleteBucketEventNotification
-
oss:DeleteBucketImage
-
oss:DeleteBucketInventory
-
oss:DeleteBucketLifecycle
-
oss:DeleteBucketLogging
-
oss:DeleteBucketNotification
-
oss:DeleteBucketPolicy
-
oss:DeleteBucketPublicAccessBlock
-
oss:DeleteBucketQoSInfo
-
oss:DeleteBucketReplication
-
oss:DeleteBucketRequesterQoSInfo
-
oss:DeleteBucketResponseHeader
-
oss:DeleteBucketTagging
-
oss:DeleteBucketWebsite
-
oss:DeleteCache
-
oss:DeleteObject
-
oss:DeleteObjectTagging
-
oss:DeleteObjectVersion
-
oss:DeletePublicAccessBlock
-
oss:DescribeRegions
-
oss:GetAccessPoint
-
oss:GetAccessPointConfigForObjectProcess
-
oss:GetAccessPointForObjectProcess
-
oss:GetAccessPointPolicy
-
oss:GetAccessPointPolicyForObjectProcess
-
oss:GetAccessPointPublicAccessBlock
-
oss:GetAsyncFetchTask
-
oss:GetBucketAccessMonitor
-
oss:GetBucketAcl
-
oss:GetBucketArchiveDirectRead
-
oss:GetBucketCallbackPolicy
-
oss:GetBucketCommonHeader
-
oss:GetBucketCors
-
oss:GetBucketEncryption
-
oss:GetBucketEventNotification
-
oss:GetBucketHash
-
oss:GetBucketHttpsConfig
-
oss:GetBucketImage
-
oss:GetBucketInfo
-
oss:GetBucketInventory
-
oss:GetBucketLifecycle
-
oss:GetBucketLocation
-
oss:GetBucketLogging
-
oss:GetBucketNotification
-
oss:GetBucketPolicy
-
oss:GetBucketPolicyStatus
-
oss:GetBucketPublicAccessBlock
-
oss:GetBucketQoSInfo
-
oss:GetBucketReferer
-
oss:GetBucketResourceGroup
-
oss:GetBucketResponseHeader
-
oss:GetBucketStat
-
oss:GetBucketTagging
-
oss:GetBucketTransferAcceleration
-
oss:GetBucketVersioning
-
oss:GetBucketWebsite
-
oss:GetCache
-
oss:GetObject
-
oss:GetObjectAcl
-
oss:GetObjectTagging
-
oss:GetPublicAccessBlock
-
oss:GetReservedCapacity
-
oss:GetStatusList
-
oss:ListBuckets
-
oss:ListObjectVersions
-
oss:ListObjects
-
oss:ListOssBucket
-
oss:PutBucket
-
oss:PutBucketAccessMonitor
-
oss:PutBucketAcl
-
oss:PutBucketEncryption
-
oss:PutBucketLifeCycle
-
oss:PutBucketLifecycle
-
oss:PutBucketLogging
-
oss:PutBucketPublicAccessBlock
-
oss:PutBucketTagging
-
oss:PutObject
-
oss:PutObjectAcl
-
oss:PutObjectTagging
-
oss:PutPublicAccessBlock
テーブルストアの権限:
ONSメッセージキューの権限:
-
mq:CreateInstance
-
mq:DeleteInstance
-
mq:TagResources
-
mq:UpdateInstance
リソースアクセス管理の権限:
リソースグループの権限に関するリソースマネージャ:
-
resourcemanager:CreateResourceAccount
-
resourcemanager:CreateResourceGroup
-
resourcemanager:GetAccount
-
resourcemanager:ListAccounts
-
resourcemanager:ListTagResources
-
resourcemanager:MoveResourceGroup
-
resourcemanager:TagResources
-
resourcemanager:UntagResources
タグの権限:
-
tag:CreatePolicy
-
tag:CreateTags
-
tag:DeletePolicy
-
tag:DeleteTag
-
tag:DetachPolicy
-
tag:ListTagValues
VPCの権限:
|
|
