name: multi-cloud-security-posture description: 跨AWS、Azure和GCP的统一云安全态势管理,提供标准化指标和CIS基准比较 allowed-tools:
- Bash
- Read
- Write
- Glob
- Grep
- WebFetch
多云安全态势技能
目的
跨AWS、Azure和GCP的统一云安全态势管理(CSPM),用于聚合发现结果、标准化安全指标、与CIS基准进行比较,并提供多云安全的统一视图。
能力
跨云发现结果聚合
- 从AWS、Azure和GCP收集发现结果
- 聚合云原生安全工具的结果
- 从第三方CSPM工具导入发现结果
- 跨环境去重发现结果
- 跨云关联相关问题
指标标准化
- 跨云标准化严重性评级
- 标准化发现类别
- 创建统一的合规指标
- 计算聚合风险评分
- 生成可比较的安全评级
CIS基准比较
- 在所有云上应用CIS基准
- 与基准比较安全态势
- 跟踪基准合规性随时间变化
- 识别基准漂移
- 生成基准合规报告
修复状态跟踪
- 跟踪所有云的修复情况
- 监控修复验证状态
- 计算平均修复时间(MTTR)
- 生成修复进度报告
- 优先处理跨云修复工作
统一报告
- 生成高管仪表板
- 创建技术细节报告
- 生成合规比较矩阵
- 构建趋势分析报告
- 导出数据供外部工具使用
漂移检测与告警
- 监控配置漂移
- 安全态势恶化告警
- 检测新的不合规资源
- 跟踪策略违规
- 发送实时通知
标准化类别
| 类别 | AWS | Azure | GCP |
|---|---|---|---|
| 身份 | IAM | Azure AD | Cloud IAM |
| 计算 | EC2, Lambda | 虚拟机, 函数 | 计算, 函数 |
| 存储 | S3, EBS | 存储账户 | Cloud Storage |
| 网络 | VPC, 安全组 | 虚拟网络, 网络安全组 | VPC, 防火墙 |
| 数据库 | RDS, DynamoDB | SQL, Cosmos | Cloud SQL, Spanner |
| 加密 | KMS | Key Vault | Cloud KMS |
| 日志 | CloudTrail | 活动日志 | 审计日志 |
合规框架
- CIS基准(AWS、Azure、GCP)
- SOC 2 Type II
- PCI DSS v4.0
- HIPAA安全规则
- ISO 27001
- NIST 800-53
- FedRAMP
集成
- 云提供商API:AWS、Azure、GCP原生工具
- Wiz:云安全平台
- Orca Security:无代理云安全
- Prisma Cloud:多云CSPM
- Lacework:云安全与合规
- Cloud Custodian:代码化云治理
目标流程
- 云安全架构审查
- 持续合规监控
- 多云治理
- 安全态势报告
输入模式
{
"type": "object",
"properties": {
"cloudProviders": {
"type": "array",
"items": {
"type": "string",
"enum": ["AWS", "Azure", "GCP"]
},
"description": "要包含的云提供商"
},
"awsAccounts": {
"type": "array",
"items": { "type": "string" }
},
"azureSubscriptions": {
"type": "array",
"items": { "type": "string" }
},
"gcpProjects": {
"type": "array",
"items": { "type": "string" }
},
"complianceFrameworks": {
"type": "array",
"items": {
"type": "string",
"enum": ["CIS", "SOC2", "PCI-DSS", "HIPAA", "ISO27001", "NIST", "FedRAMP"]
}
},
"reportingPeriod": {
"type": "object",
"properties": {
"startDate": { "type": "string", "format": "date" },
"endDate": { "type": "string", "format": "date" }
}
},
"severityThreshold": {
"type": "string",
"enum": ["critical", "high", "medium", "low"]
},
"includeRemediationStatus": {
"type": "boolean"
}
},
"required": ["cloudProviders"]
}
输出模式
{
"type": "object",
"properties": {
"reportId": {
"type": "string"
},
"reportTimestamp": {
"type": "string",
"format": "date-time"
},
"cloudsCovered": {
"type": "array"
},
"overallPosture": {
"type": "object",
"properties": {
"aggregateScore": { "type": "number" },
"riskLevel": { "type": "string" },
"trend": { "type": "string", "enum": ["improving", "stable", "degrading"] }
}
},
"postureByCloud": {
"type": "object",
"properties": {
"AWS": {
"type": "object",
"properties": {
"score": { "type": "number" },
"findings": { "type": "integer" },
"criticalFindings": { "type": "integer" }
}
},
"Azure": { "type": "object" },
"GCP": { "type": "object" }
}
},
"findingsByCategory": {
"type": "object",
"properties": {
"identity": { "type": "integer" },
"compute": { "type": "integer" },
"storage": { "type": "integer" },
"network": { "type": "integer" },
"encryption": { "type": "integer" },
"logging": { "type": "integer" }
}
},
"complianceStatus": {
"type": "object"
},
"topFindings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"cloud": { "type": "string" },
"category": { "type": "string" },
"severity": { "type": "string" },
"count": { "type": "integer" },
"description": { "type": "string" }
}
}
},
"remediationProgress": {
"type": "object",
"properties": {
"totalFindings": { "type": "integer" },
"remediated": { "type": "integer" },
"inProgress": { "type": "integer" },
"pending": { "type": "integer" },
"mttr": { "type": "string" }
}
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
}
}
}
使用示例
skill: {
name: 'multi-cloud-security-posture',
context: {
cloudProviders: ['AWS', 'Azure', 'GCP'],
awsAccounts: ['123456789012'],
azureSubscriptions: ['sub-id-1'],
gcpProjects: ['my-project'],
complianceFrameworks: ['CIS', 'SOC2'],
includeRemediationStatus: true
}
}