总览
项目中共有 14 个类实现了 IUpwindResource 接口。
Bucket 方法支持情况汇总
| 实现类 | isAwsS3Bucket() | isGcpStorageBucket() | 检查的属性/方法 |
|---|---|---|---|
| GraphAsset | ✅ 支持 | ✅ 支持 | getType() |
| WorkloadTreeStorage | ✅ 支持(委托给 Endpoint) | ❌ 不支持 | isLeaf() + getSomeEndpoint()?.isAwsS3Bucket() |
| Endpoint | ✅ 支持 | ✅ 支持 | attributes.subType |
| Resource | ✅ 支持 | ❌ 不支持 | attributes.resourceType |
| DetectionResource | ✅ 支持 | ❌ 不支持 | getKind() 或 getSubType() |
| FindingResource | ✅ 支持 | ✅ 支持 | attributes.type |
| VulnerableResource | ❌ 不支持 | ❌ 不支持 | - |
| EndpointSearch | ❌ 不支持 | ❌ 不支持 | - |
| DetectionEndpointDetails | ❌ 不支持 | ❌ 不支持 | - |
| MonitoredResource | ✅ 支持 | ❌ 不支持 | attributes.asset_type |
| InventoryStorageAsset | ✅ 支持 | ✅ 支持 | attributes.kind |
| InventoryNetworkAsset | ✅ 支持 | ✅ 支持 | attributes.kind |
| InventoryComputeAsset | ✅ 支持 | ✅ 支持 | attributes.kind |
| AssetSearchKeyObject | ✅ 支持 | ✅ 支持 | attributes.type |
1. GraphAsset
基本信息
文件位置: packages/console/src/DataModel/Objects/GraphAsset.ts
API 接口:
v1/organizations/{orgId}/inventory-api/search(POST) - Graph 数据库查询,使用getQueryBuilderRequests构建复杂查询
获取方式:
useGraphAssetByIdOrRefIdhookgetGraphAssetByRefId函数
用途:
- Graph 数据库查询返回的资源
- 代表云资源、配置资源等在 Graph 中的资产
存储位置:
- 组件级
useState - 或
DataStorage<GraphAsset>
使用场景:
AssetsAndTechnologiesTable中的表格行数据AssetDetailsSidePane中的资源详情RelatedGraphAssetsTable中的相关资源
现实世界例子:
- AWS S3 Bucket:
my-company-data-bucket- 存储公司数据的 S3 存储桶 - EC2 Instance:
i-1234567890abcdef0- 运行 Web 服务器的 EC2 实例 - Kubernetes Cluster:
production-cluster- 生产环境的 K8s 集群 - Security Group:
sg-0123456789abcdef0- 控制网络访问的安全组
Sample Data (静态配置信息):
{
"id": "asset-ec2-123",
"label": "aws_ec2_instance",
"name": "web-server-instance",
"arn": "arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",
"refId": "i-1234567890abcdef0",
"cloudProvider": "AWS",
"cloudAccountId": "123456789012",
"region": "us-east-1",
"endpointId": "endpoint-456",
"tags": [
{ "key": "Environment", "value": "Production" },
{ "key": "Team", "value": "Backend" },
{ "key": "Name", "value": "web-server-instance" }
],
"attributes": {
"instanceType": "t3.medium",
"imageId": "ami-12345678",
"launchTime": 1705762800000,
"state": "running",
"privateIp": "10.0.1.100",
"publicIp": "54.123.45.67"
}
}
2. WorkloadTreeStorage
基本信息
文件位置: packages/console/src/DataModel/WorkloadTreeStorage.ts
API 接口:
v1/organizations/{orgId}/clusters/workloadViewNew(POST) - 获取整个 workload 视图,需要时间范围参数{from, to}v1/organizations/{orgId}/clusters/flowsViewPerEndpoint(POST) - 根据 endpoint 获取 flows 视图,需要{from, to, endpointRefId}v1/organizations/{orgId}/clusters/flowsViewPerResource(POST) - 根据 resource 获取 flows 视图,需要{from, to, resourceId, resourceType}
为什么有多个接口? 不同的查询场景需要不同的查询维度(按 endpoint、按 resource、或整体视图),因此需要不同的 API 端点。
获取方式:
useAssetTreeStoragehookfetchWorkloadByEndpointId,fetchWorkloadByClusterId,fetchWorkloadByRefId,fetchWorkloadByResource
用途:
- Workload 树结构中的节点
- 代表 Cluster、Namespace、Endpoint、Resource 等层级结构
存储位置:
WorkloadDataModel.unfilteredTreeStorage
使用场景:
AssetDetailsSidePane中的资源详情(与GraphAsset并列)- Workload Map 视图中的树形结构
现实世界例子:
- Kubernetes Cluster 节点:
production-cluster- 包含多个 Namespace 的集群 - Namespace 节点:
default- 包含多个 Pod 的命名空间 - Resource 节点:
my-app-deployment- 包含多个 Pod 的 Deployment
Sample Data (运行时拓扑信息 - Namespace 节点,包含多个 Endpoint):
{
"id": "namespace-default",
"name": "default",
"type": "kubernetes_namespace",
"parent": {
"id": "cluster-prod",
"name": "production-cluster",
"type": "aws_eks_cluster"
},
"childNodes": [
{
"id": "deployment-my-app",
"name": "my-app",
"type": "kubernetes_deployment",
"endpointIndex": {
"endpoint-pod-abc123": {
"id": "endpoint-pod-abc123",
"type": "InternalCluster",
"subType": "K8SWorkload",
"entity": {
"name": "my-app-pod-abc123",
"type": "Pod",
"namespace": "default",
"clusterId": "cluster-prod",
"privateIp": "10.244.1.5"
},
"lastConnectionsData": {
"ingressCount": 5,
"egressCount": 12,
"lastConnectionTime": 1705849200000
}
},
"endpoint-pod-def456": {
"id": "endpoint-pod-def456",
"type": "InternalCluster",
"subType": "K8SWorkload",
"entity": {
"name": "my-app-pod-def456",
"type": "Pod",
"namespace": "default",
"clusterId": "cluster-prod",
"privateIp": "10.244.1.6"
},
"lastConnectionsData": {
"ingressCount": 3,
"egressCount": 8,
"lastConnectionTime": 1705849150000
}
}
}
}
],
"endpointIndex": {},
"versionNumber": 2
}
3. Endpoint
基本信息
文件位置: packages/console/src/DataModel/Objects/Endpoint/Endpoint.ts
API 接口:
- 同 Workload API(作为 WorkloadTreeStorage 的一部分返回)
获取方式:
- 通过
parseMVPWorkloadResponse解析 Workload API 响应 - 存储在
WorkloadDataModel.unfilteredEndpointsStorage
用途:
- Workload 中的端点(Endpoint)
- 代表运行中的工作负载实例
存储位置:
WorkloadDataModel.unfilteredEndpointsStorage
使用场景:
- Workload Map 中的端点节点
- 连接图(Connection Graph)中的端点
现实世界例子:
- Kubernetes Pod:
my-app-pod-abc123- 运行在 K8s 集群中的 Pod - EC2 Instance Endpoint:
i-1234567890abcdef0- EC2 实例的运行时端点 - AWS Internal VPC Service:
com.amazonaws.s3- VPC 内部的 S3 服务端点(VPC Endpoint) - Lambda Function:
my-lambda-function- 运行的 Lambda 函数实例 - ECS Task:
ecs-task-123- ECS 中运行的任务
Sample Data (K8S Pod - 运行时端点信息):
{
"id": "endpoint-pod-abc123",
"type": "InternalCluster",
"subType": "K8SWorkload",
"cloudProvider": "AWS",
"cloudAccountId": "123456789012",
"endpointTags": [
{ "key": "app", "value": "my-app" },
{ "key": "version", "value": "v1.2.3" }
],
"entity": {
"name": "my-app-pod-abc123",
"type": "Pod",
"namespace": "default",
"clusterId": "cluster-prod",
"privateIp": "10.244.1.5",
"containers": [
{
"name": "app-container",
"image": "my-registry/my-app:v1.2.3",
"securityContext": {
"privileged": false,
"runAsNonRoot": true
}
}
]
},
"resourceId": "pod-abc123",
"lastConnectionsData": {
"ingressCount": 5,
"egressCount": 12,
"lastConnectionTime": 1705849200000,
"lastTimeBeingAccessedFromInternet": 1705849100000
},
"riskOverview": {
"detectionsCount": { "CRITICAL": 0, "HIGH": 2, "MEDIUM": 5 },
"vulnerabilitiesCount": { "CRITICAL": 1, "HIGH": 3, "MEDIUM": 10 }
}
}
Sample Data (EC2 Instance Endpoint - 运行时端点信息):
{
"id": "endpoint-ec2-123",
"type": "InternalVPC",
"subType": "AwsInstance",
"cloudProvider": "AWS",
"cloudAccountId": "123456789012",
"endpointTags": [
{ "key": "Environment", "value": "Production" },
{ "key": "Team", "value": "Backend" }
],
"entity": {
"name": "web-server-01",
"instanceId": "i-1234567890abcdef0",
"privateIp": "10.0.1.100",
"publicIp": "54.123.45.67",
"region": "us-east-1"
},
"resourceId": "i-1234567890abcdef0",
"lastConnectionsData": {
"ingressCount": 25,
"egressCount": 50,
"lastConnectionTime": 1705849200000,
"lastTimeBeingAccessedFromInternet": 1705849100000,
"lastTimeCommunicatingWithInternet": 1705849000000
},
"riskOverview": {
"detectionsCount": { "CRITICAL": 1, "HIGH": 3 },
"vulnerabilitiesCount": { "CRITICAL": 2, "HIGH": 5 },
"ingressCount": 25,
"egressCount": 50
}
}
4. Resource
基本信息
文件位置: packages/console/src/DataModel/Objects/Resource.ts
API 接口:
v1/organizations/{orgId}/detections(通过新检测系统)
解析函数:
parseNewDetectionsResponse→new Resource(...)
用途:
- 新检测系统中的资源
- 通用资源表示
存储位置:
- 组件级
useState - 或
DataStorage<Resource>
使用场景:
- 新检测系统的资源展示
- 检测相关的资源详情
现实世界例子:
- 检测到的 EC2 实例: 检测系统发现的一个有异常行为的 EC2 实例
- 检测到的 Lambda 函数: 检测到可疑活动的 Lambda 函数
Sample Data (检测到的 EC2 实例):
{
"id": "resource-detection-123",
"resourceName": "suspicious-ec2-instance",
"resourceType": "AwsInstance",
"cloudProvider": "AWS",
"cloudAccountId": "123456789012",
"region": "us-east-1",
"refId": "i-1234567890abcdef0",
"endpointId": "endpoint-456",
"arn": "arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",
"imageAssetId": "ami-12345678",
"tags": [
{ "key": "Environment", "value": "Production" },
{ "key": "Team", "value": "Backend" }
],
"endpointTags": [
{ "key": "app", "value": "web-server" }
],
"isActive": true,
"platform": "linux",
"riskOverview": {
"detectionsCount": { "CRITICAL": 1, "HIGH": 3, "MEDIUM": 5 },
"vulnerabilitiesCount": { "CRITICAL": 2, "HIGH": 5 }
}
}
5. DetectionResource
基本信息
文件位置: packages/console/src/DataModel/Objects/DetectionResource/DetectionResource.ts
API 接口:
v1/organizations/{orgId}/detections(GET)
解析函数:
parseDetectionsResponse→new DetectionResource(...)
用途:
- 检测/威胁相关的资源
- 代表存在检测事件的资源
存储位置:
DetectionStorage
使用场景:
- Threats 页面的检测资源列表
- 检测详情侧边栏
现实世界例子:
- 有威胁的 EC2 实例: 检测到恶意网络活动的 EC2 实例
- 可疑的 Lambda 函数: 检测到异常 API 调用的 Lambda 函数
Sample Data (有威胁的 EC2 实例):
{
"id": "detection-resource-123",
"name": "compromised-ec2-instance",
"type": "AwsInstance",
"kind": "AwsInstance",
"subType": "AwsInstance",
"cloudProvider": "AWS",
"cloudAccountId": "123456789012",
"cloudAccountName": "Production Account",
"region": "us-east-1",
"refId": "i-1234567890abcdef0",
"resourceId": "i-1234567890abcdef0",
"arn": "arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",
"tags": [
{ "key": "Environment", "value": "Production" }
],
"lastConnectionsData": {
"ingressCount": 100,
"egressCount": 200,
"lastConnectionTime": 1705849200000,
"lastTimeBeingAccessedFromInternet": 1705849100000
},
"riskOverview": {
"detectionsCount": { "CRITICAL": 2, "HIGH": 5, "MEDIUM": 10 },
"vulnerabilitiesCount": { "CRITICAL": 1, "HIGH": 3 }
}
}
6. FindingResource
基本信息
文件位置: packages/console/src/DataModel/Objects/FindingResource/FindingResource.ts
API 接口:
v1/organizations/{orgId}/posture/findings/by-check(POST) - 根据 check/rule 查询 findings,需要{checkId, filters, ...}v1/organizations/{orgId}/posture/findings/by-resource(POST) - 根据 resource 查询 findings,需要{resourceId, filters, ...}
为什么有多个接口? 不同的查询维度(按 check 查询 vs 按 resource 查询)需要不同的 API 端点。
解析函数:
parseCheckResourcesResponse→new FindingResource(...)parseFindingsByResourceResponse→new FindingResource(...)
用途:
- Posture Findings 中的资源
- 代表存在配置问题的资源
存储位置:
FindingStorage
使用场景:
- Posture 页面的 Findings 列表
- Finding 详情侧边栏
UseGetFindingResourceWithContexthook
现实世界例子:
- 有配置问题的 S3 Bucket: S3 Bucket 公开访问,违反了安全策略
- 有配置问题的 Security Group: Security Group 允许从 0.0.0.0/0 访问,存在安全风险
- 有配置问题的 EC2 实例: EC2 实例未加密,不符合合规要求
Sample Data (有配置问题的 S3 Bucket):
{
"id": "finding-s3-123",
"type": "AwsS3Bucket",
"name": "public-data-bucket",
"cloudProvider": "AWS",
"cloudAccountId": "123456789012",
"region": "us-east-1",
"status": "failed",
"endpointId": "endpoint-456",
"endpointRefId": "s3://public-data-bucket",
"arn": "arn:aws:s3:::public-data-bucket",
"tags": [
{ "key": "Environment", "value": "Production" }
],
"endpointTags": [],
"detectionsData": {
"severityCount": { "CRITICAL": 1, "HIGH": 0 }
},
"networkData": {
"internetExposureType": "PUBLIC",
"connectionsData": {
"ingressCount": 0,
"egressCount": 0
}
}
}
7. VulnerableResource
基本信息
文件位置: packages/console/src/DataModel/Objects/VulnerabilitiesFindings/VulnerableResource.ts
API 接口:
v1/organizations/{orgId}/vulnerabilities/by-resource/search(POST)
获取方式:
getVulnerabilitiesFindingsByResourceData
用途:
- 漏洞相关的资源
- 代表存在漏洞的资源
存储位置:
BasicVulnerabilitiesStorage
使用场景:
- Vulnerabilities 页面的资源列表
- 漏洞详情侧边栏
现实世界例子:
- 有漏洞的 Docker 镜像: 运行包含 CVE-2023-12345 漏洞的容器镜像的 Pod
- 有漏洞的 EC2 实例: 运行有已知漏洞的软件版本的 EC2 实例
Sample Data (有漏洞的 Pod):
{
"id": "vulnerable-resource-123",
"name": "web-server-pod",
"cloudProvider": "AWS",
"cloudAccountId": "123456789012",
"region": "us-east-1",
"resourceType": "K8SWorkload",
"endpointId": "endpoint-456",
"clusterId": "cluster-prod",
"namespace": "default",
"packageFindingsCount": 15,
"vulnerabilitiesSummary": {
"criticalCount": 2,
"highCount": 5,
"mediumCount": 10,
"lowCount": 3,
"totalCount": 20
},
"slaCount": 2,
"earliestBreachedSla": {
"cveId": "CVE-2023-12345",
"breachedAt": 1705849200000
}
}
8. EndpointSearch
基本信息
文件位置: packages/console/src/DataModel/Objects/EndpointSearch/EndpointSearch.ts
API 接口:
v1/organizations/{orgId}/inventory/secrets(GET) - 获取 secrets 列表v1/organizations/{orgId}/inventory/images/sensitive-data/endpoint/{endpointId}(GET) - 根据 endpoint ID 获取敏感数据v1/organizations/{orgId}/inventory/images/sensitive-data/by-ref-id(GET) - 根据 ref ID 获取敏感数据v1/organizations/{orgId}/api-security/routes/vulnerabilities(GET) - 获取 API Security 路由漏洞
为什么有多个接口? 不同的数据源和查询场景(secrets、sensitive-data、api-security)需要不同的 API 端点。
解析函数:
parseSecretsResponse→new EndpointSearch(...)parseApiRouteVulnerabilitiesResponse→new EndpointSearch(...)
用途:
- Secrets/Sensitive Data 相关的端点搜索
- API Security 中的端点表示
存储位置:
- 组件级
useState - 或
DataStorage<EndpointSearch>
使用场景:
- Secrets 页面的端点列表
- API Security 路由漏洞中的端点
- Cloud Scanners 扫描的资源(临时创建)
现实世界例子:
- 暴露敏感数据的 Pod: 在代码中硬编码了 AWS 凭证的 Pod
- API Security 端点: 有 SQL 注入漏洞的 API 端点
Sample Data (暴露敏感数据的 Pod):
{
"id": "endpoint-search-123",
"name": "api-server-pod",
"refId": "pod-abc123",
"cloudProvider": "AWS",
"cloudAccountId": "123456789012",
"accountName": "Production Account",
"type": "K8SWorkload",
"subType": "K8SWorkload",
"clusterId": "cluster-prod",
"clusterName": "production-cluster",
"namespace": "default",
"region": "us-east-1",
"resourceTags": [
{ "key": "app", "value": "api-server" },
{ "key": "Environment", "value": "Production" }
],
"endpointTags": [
{ "key": "version", "value": "v1.2.3" }
],
"lastConnectionsData": {
"ingressCount": 50,
"egressCount": 100,
"lastConnectionTime": 1705849200000
},
"riskOverview": {
"detectionsCount": { "CRITICAL": 1, "HIGH": 2 }
}
}
9. DetectionEndpointDetails
基本信息
文件位置: packages/console/src/DataModel/DetectionGraphModel/Objects/DetectionEndpointDetails.ts
API 接口:
- 检测相关的端点详情 API
用途:
- 检测端点详情
- 用于检测图模型
存储位置:
- 组件级
useState - 或
DataStorage<DetectionEndpointDetails>
使用场景:
- 检测图(Detection Graph)中的端点详情
现实世界例子:
- 攻击链中的端点: 在检测图中,作为攻击路径一部分的端点
Sample Data (攻击链中的端点):
{
"id": "detection-endpoint-123",
"name": "compromised-endpoint",
"type": "AwsInstance",
"cloudProvider": "AWS",
"cloudAccountId": "123456789012",
"region": "us-east-1",
"refId": "i-1234567890abcdef0"
}
10. MonitoredResource
基本信息
文件位置: packages/console/src/DataModel/OrganizationModel/AgentManagementModel/Objects/MonitoredResource.ts
API 接口:
v1/organizations/{orgId}/agent-management/monitored-agent-components(GET)
解析函数:
parseMonitoredAgentComponents→new MonitoredResource(...)
用途:
- 监控的 Agent 资源
- 代表安装了 Agent 的监控资源(VM、Scaling Group 等)
存储位置:
AgentManagementModel.storages.monitoredResources
使用场景:
- Settings 页面的 Monitored VMs 表格
- Settings 页面的 Monitored Scaling Groups 表格
- Agent Management 相关的资源展示
现实世界例子:
- 安装了 Agent 的 EC2 实例:
i-1234567890abcdef0- 运行 Upwind Agent 的 EC2 实例 - 安装了 Agent 的 Auto Scaling Group:
my-asg- 包含多个安装了 Agent 的实例的 ASG
Sample Data (安装了 Agent 的 EC2 实例):
{
"id": "monitored-resource-123",
"name": "web-server-instance",
"type": "AwsInstance",
"cloud_provider": "AWS",
"cloud_account_id": "123456789012",
"region": "us-east-1",
"status": "ACTIVE",
"asset_type": "AwsInstance",
"endpoint_id": "endpoint-456",
"instance_type": "t3.medium",
"installed_components": [
{
"type": "AGENT",
"version": "1.2.3",
"update_available": false,
"auto_update_enabled": true,
"status": "ACTIVE"
}
],
"last_activity": 1705849200000,
"state": "active"
}
11. InventoryStorageAsset
基本信息
文件位置: packages/console/src/DataModel/Objects/InventoryStorageAsset.ts
API 接口:
v1/organizations/{orgId}/inventory/assets/storage(GET)
解析函数:
parseAssetsStorageResponse→new InventoryStorageAsset(...)
用途:
- 库存存储资产
- 代表 S3 Bucket、GCS Bucket 等存储资源
存储位置:
InventoryModel.storages.storageAssets
使用场景:
- Inventory 页面的存储资产列表
- 存储资产详情
现实世界例子:
- AWS S3 Bucket:
my-company-data-bucket- 存储公司数据的 S3 存储桶 - GCP Cloud Storage Bucket:
my-gcs-bucket- 存储数据的 GCS 存储桶 - Azure Blob Storage:
my-blob-storage- Azure 的 Blob 存储
Sample Data:
{
"id": "inventory-storage-123",
"name": "my-company-data-bucket",
"kind": "aws_s3_bucket",
"location": "us-east-1",
"cloudProvider": "AWS",
"cloudAccountId": "123456789012",
"encryptionEnabled": true,
"encryptionMode": "AES256",
"sizeInBytes": 1073741824,
"usedSizeInBytes": 536870912
}
12. InventoryNetworkAsset
基本信息
文件位置: packages/console/src/DataModel/Objects/InventoryNetworkAsset.ts
API 接口:
v1/organizations/{orgId}/inventory/assets/network(GET)
解析函数:
parseNetworkAssetsResponse→new InventoryNetworkAsset(...)
用途:
- 库存网络资产
- 代表 Security Groups、Firewall Rules、Network ACLs 等网络资源
存储位置:
InventoryModel.storages.networkAssets
使用场景:
- Inventory 页面的网络资产列表
- 网络资产详情
现实世界例子:
- AWS Security Group:
sg-0123456789abcdef0- 控制网络访问的安全组 - AWS Network ACL:
acl-0123456789abcdef0- 网络访问控制列表 - GCP Firewall Rule:
allow-http- GCP 防火墙规则
Sample Data:
{
"id": "inventory-network-123",
"name": "web-server-sg",
"kind": "aws_security_group",
"location": "us-east-1",
"cloudProvider": "AWS",
"cloudAccountId": "123456789012",
"vpcId": "vpc-12345678"
}
13. InventoryComputeAsset
基本信息
文件位置: packages/console/src/DataModel/Objects/InventoryComputeAssset/InventoryComputeAsset.ts
API 接口:
v1/organizations/{orgId}/inventory/assets/compute(GET)
解析函数:
parseComputeAssetsResponse→new InventoryComputeAsset(...)
用途:
- 库存计算资产
- 代表 EC2 Instances、VMs、Compute Instances 等计算资源
存储位置:
InventoryModel.storages.computeAssets
使用场景:
- Inventory 页面的计算资产列表
- 计算资产详情
现实世界例子:
- EC2 Instance:
i-1234567890abcdef0- 运行 Web 服务器的 EC2 实例 - GCP Compute Instance:
my-gcp-vm- GCP 的虚拟机实例 - Azure Virtual Machine:
my-azure-vm- Azure 的虚拟机
Sample Data:
{
"id": "inventory-compute-123",
"kind": "aws_ec2_instance",
"family": "t3.medium",
"status": "running",
"state": "active",
"details": {
"name": "web-server-01",
"region": "us-east-1",
"cloudAccountId": "123456789012",
"cloudProvider": "AWS",
"instanceId": "i-1234567890abcdef0",
"privateIp": "10.0.1.100",
"publicIp": "54.123.45.67"
},
"privateIp": "10.0.1.100",
"publicIp": "54.123.45.67"
}
14. AssetSearchKeyObject
基本信息
文件位置: packages/console/src/DataModel/Objects/AssetSearchKeyObject/AssetSearchKeyObject.ts
API 接口:
- 无(不是从 API 获取)
用途:
- 资产搜索键的序列化对象
- 用于在 URL 或存储中传递 Asset Search Key
存储位置:
- 不存储,仅用于传递和序列化
使用场景:
- 资源详情侧边栏的 ID 解析
- Asset Search Key 的序列化/反序列化
现实世界例子:
- 序列化的 Asset Search Key: 用于在 URL 中传递资源标识符,例如
s3://my-bucket或arn:aws:ec2:us-east-1:123456789012:instance/i-123
Sample Data (S3 Bucket Search Key):
{
"id": "search-key-s3-123",
"type": "CloudAsset",
"cloudProvider": "AWS",
"refId": "s3://my-company-data-bucket",
"fallbackType": "AwsS3Bucket"
}
Sample Data (EC2 Instance Search Key):
{
"id": "search-key-ec2-123",
"type": "CloudAsset",
"cloudProvider": "AWS",
"refId": "arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",
"fallbackType": "AwsInstance"
}
按功能模块分类
核心资源类型(两种主要表示方式)
- GraphAsset - Graph 数据库中的资源
- WorkloadTreeStorage - Workload 拓扑中的资源
- Endpoint - Workload 端点
安全相关
- DetectionResource - 检测/威胁资源
- Resource - 新检测系统资源
- FindingResource - Posture Findings 资源
- VulnerableResource - 漏洞资源
- EndpointSearch - Secrets/API Security 端点
- DetectionEndpointDetails - 检测端点详情
库存管理
- InventoryStorageAsset - 存储资产
- InventoryNetworkAsset - 网络资产
- InventoryComputeAsset - 计算资产
系统管理
- MonitoredResource - Agent 监控资源
工具类
- AssetSearchKeyObject - 搜索键序列化对象
