Docs Home
We recommend new projects start with resources from the AWS provider.
aws-native.guardduty.getFilter
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
Resource Type definition for AWS::GuardDuty::Filter
Using getFilter
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getFilter(args: GetFilterArgs, opts?: InvokeOptions): Promise<GetFilterResult>
function getFilterOutput(args: GetFilterOutputArgs, opts?: InvokeOptions): Output<GetFilterResult>def get_filter(detector_id: Optional[str] = None,
name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetFilterResult
def get_filter_output(detector_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetFilterResult]func LookupFilter(ctx *Context, args *LookupFilterArgs, opts ...InvokeOption) (*LookupFilterResult, error)
func LookupFilterOutput(ctx *Context, args *LookupFilterOutputArgs, opts ...InvokeOption) LookupFilterResultOutput> Note: This function is named LookupFilter in the Go SDK.
public static class GetFilter
{
public static Task<GetFilterResult> InvokeAsync(GetFilterArgs args, InvokeOptions? opts = null)
public static Output<GetFilterResult> Invoke(GetFilterInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetFilterResult> getFilter(GetFilterArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: aws-native:guardduty:getFilter
arguments:
# arguments dictionaryThe following arguments are supported:
- Detector
Id string The detector ID associated with the GuardDuty account for which you want to create a filter.
To find the
detectorIdin the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.- Name string
- The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
- Detector
Id string The detector ID associated with the GuardDuty account for which you want to create a filter.
To find the
detectorIdin the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.- Name string
- The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
- detector
Id String The detector ID associated with the GuardDuty account for which you want to create a filter.
To find the
detectorIdin the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.- name String
- The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
- detector
Id string The detector ID associated with the GuardDuty account for which you want to create a filter.
To find the
detectorIdin the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.- name string
- The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
- detector_
id str The detector ID associated with the GuardDuty account for which you want to create a filter.
To find the
detectorIdin the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.- name str
- The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
- detector
Id String The detector ID associated with the GuardDuty account for which you want to create a filter.
To find the
detectorIdin the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.- name String
- The name of the filter. Valid characters include period (.), underscore (_), dash (-), and alphanumeric characters. A whitespace is considered to be an invalid character.
getFilter Result
The following output properties are available:
- Action string
- Specifies the action that is to be applied to the findings that match the filter.
- Description string
- The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses (
{ },[ ], and( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace. - Finding
Criteria Pulumi.Aws Native. Guard Duty. Outputs. Filter Finding Criteria - Represents the criteria to be used in the filter for querying findings.
- Rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. The minimum value for this property is 1 and the maximum is 100.
By default, filters may not be created in the same order as they are ranked. To ensure that the filters are created in the expected order, you can use an optional attribute, DependsOn , with the following syntax:
"DependsOn":[ "ObjectName" ].-
List<Pulumi.
Aws Native. Outputs. Tag> The tags to be added to a new filter resource. Each tag consists of a key and an optional value, both of which you define.
For more information, see Tag .
- Action string
- Specifies the action that is to be applied to the findings that match the filter.
- Description string
- The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses (
{ },[ ], and( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace. - Finding
Criteria FilterFinding Criteria - Represents the criteria to be used in the filter for querying findings.
- Rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. The minimum value for this property is 1 and the maximum is 100.
By default, filters may not be created in the same order as they are ranked. To ensure that the filters are created in the expected order, you can use an optional attribute, DependsOn , with the following syntax:
"DependsOn":[ "ObjectName" ].- Tag
The tags to be added to a new filter resource. Each tag consists of a key and an optional value, both of which you define.
For more information, see Tag .
- action String
- Specifies the action that is to be applied to the findings that match the filter.
- description String
- The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses (
{ },[ ], and( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace. - finding
Criteria FilterFinding Criteria - Represents the criteria to be used in the filter for querying findings.
- rank Integer
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. The minimum value for this property is 1 and the maximum is 100.
By default, filters may not be created in the same order as they are ranked. To ensure that the filters are created in the expected order, you can use an optional attribute, DependsOn , with the following syntax:
"DependsOn":[ "ObjectName" ].- List<Tag>
The tags to be added to a new filter resource. Each tag consists of a key and an optional value, both of which you define.
For more information, see Tag .
- action string
- Specifies the action that is to be applied to the findings that match the filter.
- description string
- The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses (
{ },[ ], and( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace. - finding
Criteria FilterFinding Criteria - Represents the criteria to be used in the filter for querying findings.
- rank number
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. The minimum value for this property is 1 and the maximum is 100.
By default, filters may not be created in the same order as they are ranked. To ensure that the filters are created in the expected order, you can use an optional attribute, DependsOn , with the following syntax:
"DependsOn":[ "ObjectName" ].- Tag[]
The tags to be added to a new filter resource. Each tag consists of a key and an optional value, both of which you define.
For more information, see Tag .
- action str
- Specifies the action that is to be applied to the findings that match the filter.
- description str
- The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses (
{ },[ ], and( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace. - finding_
criteria FilterFinding Criteria - Represents the criteria to be used in the filter for querying findings.
- rank int
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. The minimum value for this property is 1 and the maximum is 100.
By default, filters may not be created in the same order as they are ranked. To ensure that the filters are created in the expected order, you can use an optional attribute, DependsOn , with the following syntax:
"DependsOn":[ "ObjectName" ].- Sequence[root_Tag]
The tags to be added to a new filter resource. Each tag consists of a key and an optional value, both of which you define.
For more information, see Tag .
- action String
- Specifies the action that is to be applied to the findings that match the filter.
- description String
- The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses (
{ },[ ], and( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace. - finding
Criteria Property Map - Represents the criteria to be used in the filter for querying findings.
- rank Number
Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings. The minimum value for this property is 1 and the maximum is 100.
By default, filters may not be created in the same order as they are ranked. To ensure that the filters are created in the expected order, you can use an optional attribute, DependsOn , with the following syntax:
"DependsOn":[ "ObjectName" ].- List<Property Map>
The tags to be added to a new filter resource. Each tag consists of a key and an optional value, both of which you define.
For more information, see Tag .
Supporting Types
FilterCondition
- Eq List<string>
- Equals List<string>
- Greater
Than int - Greater
Than intOr Equal - Gt int
- Gte int
- Less
Than int - Less
Than intOr Equal - Lt int
- Lte int
- Neq List<string>
- Not
Equals List<string>
- Eq []string
- Equals []string
- Greater
Than int - Greater
Than intOr Equal - Gt int
- Gte int
- Less
Than int - Less
Than intOr Equal - Lt int
- Lte int
- Neq []string
- Not
Equals []string
- eq List<String>
- equals_ List<String>
- greater
Than Integer - greater
Than IntegerOr Equal - gt Integer
- gte Integer
- less
Than Integer - less
Than IntegerOr Equal - lt Integer
- lte Integer
- neq List<String>
- not
Equals List<String>
- eq string[]
- equals string[]
- greater
Than number - greater
Than numberOr Equal - gt number
- gte number
- less
Than number - less
Than numberOr Equal - lt number
- lte number
- neq string[]
- not
Equals string[]
- eq Sequence[str]
- equals Sequence[str]
- greater_
than int - greater_
than_ intor_ equal - gt int
- gte int
- less_
than int - less_
than_ intor_ equal - lt int
- lte int
- neq Sequence[str]
- not_
equals Sequence[str]
- eq List<String>
- equals List<String>
- greater
Than Number - greater
Than NumberOr Equal - gt Number
- gte Number
- less
Than Number - less
Than NumberOr Equal - lt Number
- lte Number
- neq List<String>
- not
Equals List<String>
FilterFindingCriteria
- Criterion
Dictionary<string, Pulumi.
Aws Native. Guard Duty. Inputs. Filter Condition> Represents a map of finding properties that match specified conditions and values when querying findings.
For information about JSON criterion mapping to their console equivalent, see Finding criteria . The following are the available criterion:
- accountId
- id
- region
- severity
To filter on the basis of severity, the API and AWS CLI use the following input list for the
FindingCriteriacondition:- Low :
["1", "2", "3"] - Medium :
["4", "5", "6"] - High :
["7", "8", "9"]
For more information, see Severity levels for GuardDuty findings in the Amazon GuardDuty User Guide .
- type
- updatedAt
Type: ISO 8601 string format:
YYYY-MM-DDTHH:MM:SS.SSSZorYYYY-MM-DDTHH:MM:SSZdepending on whether the value contains milliseconds.- resource.accessKeyDetails.accessKeyId
- resource.accessKeyDetails.principalId
- resource.accessKeyDetails.userName
- resource.accessKeyDetails.userType
- resource.instanceDetails.iamInstanceProfile.id
- resource.instanceDetails.imageId
- resource.instanceDetails.instanceId
- resource.instanceDetails.tags.key
- resource.instanceDetails.tags.value
- resource.instanceDetails.networkInterfaces.ipv6Addresses
- resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
- resource.instanceDetails.networkInterfaces.publicDnsName
- resource.instanceDetails.networkInterfaces.publicIp
- resource.instanceDetails.networkInterfaces.securityGroups.groupId
- resource.instanceDetails.networkInterfaces.securityGroups.groupName
- resource.instanceDetails.networkInterfaces.subnetId
- resource.instanceDetails.networkInterfaces.vpcId
- resource.instanceDetails.outpostArn
- resource.resourceType
- resource.s3BucketDetails.publicAccess.effectivePermissions
- resource.s3BucketDetails.name
- resource.s3BucketDetails.tags.key
- resource.s3BucketDetails.tags.value
- resource.s3BucketDetails.type
- service.action.actionType
- service.action.awsApiCallAction.api
- service.action.awsApiCallAction.callerType
- service.action.awsApiCallAction.errorCode
- service.action.awsApiCallAction.remoteIpDetails.city.cityName
- service.action.awsApiCallAction.remoteIpDetails.country.countryName
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
- service.action.awsApiCallAction.remoteIpDetails.organization.asn
- service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
- service.action.awsApiCallAction.serviceName
- service.action.dnsRequestAction.domain
- service.action.dnsRequestAction.domainWithSuffix
- service.action.networkConnectionAction.blocked
- service.action.networkConnectionAction.connectionDirection
- service.action.networkConnectionAction.localPortDetails.port
- service.action.networkConnectionAction.protocol
- service.action.networkConnectionAction.remoteIpDetails.city.cityName
- service.action.networkConnectionAction.remoteIpDetails.country.countryName
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
- service.action.networkConnectionAction.remoteIpDetails.organization.asn
- service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
- service.action.networkConnectionAction.remotePortDetails.port
- service.action.awsApiCallAction.remoteAccountDetails.affiliated
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
- service.action.kubernetesApiCallAction.namespace
- service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
- service.action.kubernetesApiCallAction.requestUri
- service.action.kubernetesApiCallAction.statusCode
- service.action.networkConnectionAction.localIpDetails.ipAddressV4
- service.action.networkConnectionAction.localIpDetails.ipAddressV6
- service.action.networkConnectionAction.protocol
- service.action.awsApiCallAction.serviceName
- service.action.awsApiCallAction.remoteAccountDetails.accountId
- service.additionalInfo.threatListName
- service.resourceRole
- resource.eksClusterDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.namespace
- resource.kubernetesDetails.kubernetesUserDetails.username
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix
- service.ebsVolumeScanDetails.scanId
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash
- service.malwareScanDetails.threats.name
- resource.ecsClusterDetails.name
- resource.ecsClusterDetails.taskDetails.containers.image
- resource.ecsClusterDetails.taskDetails.definitionArn
- resource.containerDetails.image
- resource.rdsDbInstanceDetails.dbInstanceIdentifier
- resource.rdsDbInstanceDetails.dbClusterIdentifier
- resource.rdsDbInstanceDetails.engine
- resource.rdsDbUserDetails.user
- resource.rdsDbInstanceDetails.tags.key
- resource.rdsDbInstanceDetails.tags.value
- service.runtimeDetails.process.executableSha256
- service.runtimeDetails.process.name
- service.runtimeDetails.process.name
- resource.lambdaDetails.functionName
- resource.lambdaDetails.functionArn
- resource.lambdaDetails.tags.key
- resource.lambdaDetails.tags.value
- Criterion
map[string]Filter
Condition Represents a map of finding properties that match specified conditions and values when querying findings.
For information about JSON criterion mapping to their console equivalent, see Finding criteria . The following are the available criterion:
- accountId
- id
- region
- severity
To filter on the basis of severity, the API and AWS CLI use the following input list for the
FindingCriteriacondition:- Low :
["1", "2", "3"] - Medium :
["4", "5", "6"] - High :
["7", "8", "9"]
For more information, see Severity levels for GuardDuty findings in the Amazon GuardDuty User Guide .
- type
- updatedAt
Type: ISO 8601 string format:
YYYY-MM-DDTHH:MM:SS.SSSZorYYYY-MM-DDTHH:MM:SSZdepending on whether the value contains milliseconds.- resource.accessKeyDetails.accessKeyId
- resource.accessKeyDetails.principalId
- resource.accessKeyDetails.userName
- resource.accessKeyDetails.userType
- resource.instanceDetails.iamInstanceProfile.id
- resource.instanceDetails.imageId
- resource.instanceDetails.instanceId
- resource.instanceDetails.tags.key
- resource.instanceDetails.tags.value
- resource.instanceDetails.networkInterfaces.ipv6Addresses
- resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
- resource.instanceDetails.networkInterfaces.publicDnsName
- resource.instanceDetails.networkInterfaces.publicIp
- resource.instanceDetails.networkInterfaces.securityGroups.groupId
- resource.instanceDetails.networkInterfaces.securityGroups.groupName
- resource.instanceDetails.networkInterfaces.subnetId
- resource.instanceDetails.networkInterfaces.vpcId
- resource.instanceDetails.outpostArn
- resource.resourceType
- resource.s3BucketDetails.publicAccess.effectivePermissions
- resource.s3BucketDetails.name
- resource.s3BucketDetails.tags.key
- resource.s3BucketDetails.tags.value
- resource.s3BucketDetails.type
- service.action.actionType
- service.action.awsApiCallAction.api
- service.action.awsApiCallAction.callerType
- service.action.awsApiCallAction.errorCode
- service.action.awsApiCallAction.remoteIpDetails.city.cityName
- service.action.awsApiCallAction.remoteIpDetails.country.countryName
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
- service.action.awsApiCallAction.remoteIpDetails.organization.asn
- service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
- service.action.awsApiCallAction.serviceName
- service.action.dnsRequestAction.domain
- service.action.dnsRequestAction.domainWithSuffix
- service.action.networkConnectionAction.blocked
- service.action.networkConnectionAction.connectionDirection
- service.action.networkConnectionAction.localPortDetails.port
- service.action.networkConnectionAction.protocol
- service.action.networkConnectionAction.remoteIpDetails.city.cityName
- service.action.networkConnectionAction.remoteIpDetails.country.countryName
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
- service.action.networkConnectionAction.remoteIpDetails.organization.asn
- service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
- service.action.networkConnectionAction.remotePortDetails.port
- service.action.awsApiCallAction.remoteAccountDetails.affiliated
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
- service.action.kubernetesApiCallAction.namespace
- service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
- service.action.kubernetesApiCallAction.requestUri
- service.action.kubernetesApiCallAction.statusCode
- service.action.networkConnectionAction.localIpDetails.ipAddressV4
- service.action.networkConnectionAction.localIpDetails.ipAddressV6
- service.action.networkConnectionAction.protocol
- service.action.awsApiCallAction.serviceName
- service.action.awsApiCallAction.remoteAccountDetails.accountId
- service.additionalInfo.threatListName
- service.resourceRole
- resource.eksClusterDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.namespace
- resource.kubernetesDetails.kubernetesUserDetails.username
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix
- service.ebsVolumeScanDetails.scanId
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash
- service.malwareScanDetails.threats.name
- resource.ecsClusterDetails.name
- resource.ecsClusterDetails.taskDetails.containers.image
- resource.ecsClusterDetails.taskDetails.definitionArn
- resource.containerDetails.image
- resource.rdsDbInstanceDetails.dbInstanceIdentifier
- resource.rdsDbInstanceDetails.dbClusterIdentifier
- resource.rdsDbInstanceDetails.engine
- resource.rdsDbUserDetails.user
- resource.rdsDbInstanceDetails.tags.key
- resource.rdsDbInstanceDetails.tags.value
- service.runtimeDetails.process.executableSha256
- service.runtimeDetails.process.name
- service.runtimeDetails.process.name
- resource.lambdaDetails.functionName
- resource.lambdaDetails.functionArn
- resource.lambdaDetails.tags.key
- resource.lambdaDetails.tags.value
- criterion
Map<String,Filter
Condition> Represents a map of finding properties that match specified conditions and values when querying findings.
For information about JSON criterion mapping to their console equivalent, see Finding criteria . The following are the available criterion:
- accountId
- id
- region
- severity
To filter on the basis of severity, the API and AWS CLI use the following input list for the
FindingCriteriacondition:- Low :
["1", "2", "3"] - Medium :
["4", "5", "6"] - High :
["7", "8", "9"]
For more information, see Severity levels for GuardDuty findings in the Amazon GuardDuty User Guide .
- type
- updatedAt
Type: ISO 8601 string format:
YYYY-MM-DDTHH:MM:SS.SSSZorYYYY-MM-DDTHH:MM:SSZdepending on whether the value contains milliseconds.- resource.accessKeyDetails.accessKeyId
- resource.accessKeyDetails.principalId
- resource.accessKeyDetails.userName
- resource.accessKeyDetails.userType
- resource.instanceDetails.iamInstanceProfile.id
- resource.instanceDetails.imageId
- resource.instanceDetails.instanceId
- resource.instanceDetails.tags.key
- resource.instanceDetails.tags.value
- resource.instanceDetails.networkInterfaces.ipv6Addresses
- resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
- resource.instanceDetails.networkInterfaces.publicDnsName
- resource.instanceDetails.networkInterfaces.publicIp
- resource.instanceDetails.networkInterfaces.securityGroups.groupId
- resource.instanceDetails.networkInterfaces.securityGroups.groupName
- resource.instanceDetails.networkInterfaces.subnetId
- resource.instanceDetails.networkInterfaces.vpcId
- resource.instanceDetails.outpostArn
- resource.resourceType
- resource.s3BucketDetails.publicAccess.effectivePermissions
- resource.s3BucketDetails.name
- resource.s3BucketDetails.tags.key
- resource.s3BucketDetails.tags.value
- resource.s3BucketDetails.type
- service.action.actionType
- service.action.awsApiCallAction.api
- service.action.awsApiCallAction.callerType
- service.action.awsApiCallAction.errorCode
- service.action.awsApiCallAction.remoteIpDetails.city.cityName
- service.action.awsApiCallAction.remoteIpDetails.country.countryName
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
- service.action.awsApiCallAction.remoteIpDetails.organization.asn
- service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
- service.action.awsApiCallAction.serviceName
- service.action.dnsRequestAction.domain
- service.action.dnsRequestAction.domainWithSuffix
- service.action.networkConnectionAction.blocked
- service.action.networkConnectionAction.connectionDirection
- service.action.networkConnectionAction.localPortDetails.port
- service.action.networkConnectionAction.protocol
- service.action.networkConnectionAction.remoteIpDetails.city.cityName
- service.action.networkConnectionAction.remoteIpDetails.country.countryName
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
- service.action.networkConnectionAction.remoteIpDetails.organization.asn
- service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
- service.action.networkConnectionAction.remotePortDetails.port
- service.action.awsApiCallAction.remoteAccountDetails.affiliated
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
- service.action.kubernetesApiCallAction.namespace
- service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
- service.action.kubernetesApiCallAction.requestUri
- service.action.kubernetesApiCallAction.statusCode
- service.action.networkConnectionAction.localIpDetails.ipAddressV4
- service.action.networkConnectionAction.localIpDetails.ipAddressV6
- service.action.networkConnectionAction.protocol
- service.action.awsApiCallAction.serviceName
- service.action.awsApiCallAction.remoteAccountDetails.accountId
- service.additionalInfo.threatListName
- service.resourceRole
- resource.eksClusterDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.namespace
- resource.kubernetesDetails.kubernetesUserDetails.username
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix
- service.ebsVolumeScanDetails.scanId
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash
- service.malwareScanDetails.threats.name
- resource.ecsClusterDetails.name
- resource.ecsClusterDetails.taskDetails.containers.image
- resource.ecsClusterDetails.taskDetails.definitionArn
- resource.containerDetails.image
- resource.rdsDbInstanceDetails.dbInstanceIdentifier
- resource.rdsDbInstanceDetails.dbClusterIdentifier
- resource.rdsDbInstanceDetails.engine
- resource.rdsDbUserDetails.user
- resource.rdsDbInstanceDetails.tags.key
- resource.rdsDbInstanceDetails.tags.value
- service.runtimeDetails.process.executableSha256
- service.runtimeDetails.process.name
- service.runtimeDetails.process.name
- resource.lambdaDetails.functionName
- resource.lambdaDetails.functionArn
- resource.lambdaDetails.tags.key
- resource.lambdaDetails.tags.value
- criterion
{[key: string]: Filter
Condition} Represents a map of finding properties that match specified conditions and values when querying findings.
For information about JSON criterion mapping to their console equivalent, see Finding criteria . The following are the available criterion:
- accountId
- id
- region
- severity
To filter on the basis of severity, the API and AWS CLI use the following input list for the
FindingCriteriacondition:- Low :
["1", "2", "3"] - Medium :
["4", "5", "6"] - High :
["7", "8", "9"]
For more information, see Severity levels for GuardDuty findings in the Amazon GuardDuty User Guide .
- type
- updatedAt
Type: ISO 8601 string format:
YYYY-MM-DDTHH:MM:SS.SSSZorYYYY-MM-DDTHH:MM:SSZdepending on whether the value contains milliseconds.- resource.accessKeyDetails.accessKeyId
- resource.accessKeyDetails.principalId
- resource.accessKeyDetails.userName
- resource.accessKeyDetails.userType
- resource.instanceDetails.iamInstanceProfile.id
- resource.instanceDetails.imageId
- resource.instanceDetails.instanceId
- resource.instanceDetails.tags.key
- resource.instanceDetails.tags.value
- resource.instanceDetails.networkInterfaces.ipv6Addresses
- resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
- resource.instanceDetails.networkInterfaces.publicDnsName
- resource.instanceDetails.networkInterfaces.publicIp
- resource.instanceDetails.networkInterfaces.securityGroups.groupId
- resource.instanceDetails.networkInterfaces.securityGroups.groupName
- resource.instanceDetails.networkInterfaces.subnetId
- resource.instanceDetails.networkInterfaces.vpcId
- resource.instanceDetails.outpostArn
- resource.resourceType
- resource.s3BucketDetails.publicAccess.effectivePermissions
- resource.s3BucketDetails.name
- resource.s3BucketDetails.tags.key
- resource.s3BucketDetails.tags.value
- resource.s3BucketDetails.type
- service.action.actionType
- service.action.awsApiCallAction.api
- service.action.awsApiCallAction.callerType
- service.action.awsApiCallAction.errorCode
- service.action.awsApiCallAction.remoteIpDetails.city.cityName
- service.action.awsApiCallAction.remoteIpDetails.country.countryName
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
- service.action.awsApiCallAction.remoteIpDetails.organization.asn
- service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
- service.action.awsApiCallAction.serviceName
- service.action.dnsRequestAction.domain
- service.action.dnsRequestAction.domainWithSuffix
- service.action.networkConnectionAction.blocked
- service.action.networkConnectionAction.connectionDirection
- service.action.networkConnectionAction.localPortDetails.port
- service.action.networkConnectionAction.protocol
- service.action.networkConnectionAction.remoteIpDetails.city.cityName
- service.action.networkConnectionAction.remoteIpDetails.country.countryName
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
- service.action.networkConnectionAction.remoteIpDetails.organization.asn
- service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
- service.action.networkConnectionAction.remotePortDetails.port
- service.action.awsApiCallAction.remoteAccountDetails.affiliated
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
- service.action.kubernetesApiCallAction.namespace
- service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
- service.action.kubernetesApiCallAction.requestUri
- service.action.kubernetesApiCallAction.statusCode
- service.action.networkConnectionAction.localIpDetails.ipAddressV4
- service.action.networkConnectionAction.localIpDetails.ipAddressV6
- service.action.networkConnectionAction.protocol
- service.action.awsApiCallAction.serviceName
- service.action.awsApiCallAction.remoteAccountDetails.accountId
- service.additionalInfo.threatListName
- service.resourceRole
- resource.eksClusterDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.namespace
- resource.kubernetesDetails.kubernetesUserDetails.username
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix
- service.ebsVolumeScanDetails.scanId
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash
- service.malwareScanDetails.threats.name
- resource.ecsClusterDetails.name
- resource.ecsClusterDetails.taskDetails.containers.image
- resource.ecsClusterDetails.taskDetails.definitionArn
- resource.containerDetails.image
- resource.rdsDbInstanceDetails.dbInstanceIdentifier
- resource.rdsDbInstanceDetails.dbClusterIdentifier
- resource.rdsDbInstanceDetails.engine
- resource.rdsDbUserDetails.user
- resource.rdsDbInstanceDetails.tags.key
- resource.rdsDbInstanceDetails.tags.value
- service.runtimeDetails.process.executableSha256
- service.runtimeDetails.process.name
- service.runtimeDetails.process.name
- resource.lambdaDetails.functionName
- resource.lambdaDetails.functionArn
- resource.lambdaDetails.tags.key
- resource.lambdaDetails.tags.value
- criterion
Mapping[str, Filter
Condition] Represents a map of finding properties that match specified conditions and values when querying findings.
For information about JSON criterion mapping to their console equivalent, see Finding criteria . The following are the available criterion:
- accountId
- id
- region
- severity
To filter on the basis of severity, the API and AWS CLI use the following input list for the
FindingCriteriacondition:- Low :
["1", "2", "3"] - Medium :
["4", "5", "6"] - High :
["7", "8", "9"]
For more information, see Severity levels for GuardDuty findings in the Amazon GuardDuty User Guide .
- type
- updatedAt
Type: ISO 8601 string format:
YYYY-MM-DDTHH:MM:SS.SSSZorYYYY-MM-DDTHH:MM:SSZdepending on whether the value contains milliseconds.- resource.accessKeyDetails.accessKeyId
- resource.accessKeyDetails.principalId
- resource.accessKeyDetails.userName
- resource.accessKeyDetails.userType
- resource.instanceDetails.iamInstanceProfile.id
- resource.instanceDetails.imageId
- resource.instanceDetails.instanceId
- resource.instanceDetails.tags.key
- resource.instanceDetails.tags.value
- resource.instanceDetails.networkInterfaces.ipv6Addresses
- resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
- resource.instanceDetails.networkInterfaces.publicDnsName
- resource.instanceDetails.networkInterfaces.publicIp
- resource.instanceDetails.networkInterfaces.securityGroups.groupId
- resource.instanceDetails.networkInterfaces.securityGroups.groupName
- resource.instanceDetails.networkInterfaces.subnetId
- resource.instanceDetails.networkInterfaces.vpcId
- resource.instanceDetails.outpostArn
- resource.resourceType
- resource.s3BucketDetails.publicAccess.effectivePermissions
- resource.s3BucketDetails.name
- resource.s3BucketDetails.tags.key
- resource.s3BucketDetails.tags.value
- resource.s3BucketDetails.type
- service.action.actionType
- service.action.awsApiCallAction.api
- service.action.awsApiCallAction.callerType
- service.action.awsApiCallAction.errorCode
- service.action.awsApiCallAction.remoteIpDetails.city.cityName
- service.action.awsApiCallAction.remoteIpDetails.country.countryName
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
- service.action.awsApiCallAction.remoteIpDetails.organization.asn
- service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
- service.action.awsApiCallAction.serviceName
- service.action.dnsRequestAction.domain
- service.action.dnsRequestAction.domainWithSuffix
- service.action.networkConnectionAction.blocked
- service.action.networkConnectionAction.connectionDirection
- service.action.networkConnectionAction.localPortDetails.port
- service.action.networkConnectionAction.protocol
- service.action.networkConnectionAction.remoteIpDetails.city.cityName
- service.action.networkConnectionAction.remoteIpDetails.country.countryName
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
- service.action.networkConnectionAction.remoteIpDetails.organization.asn
- service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
- service.action.networkConnectionAction.remotePortDetails.port
- service.action.awsApiCallAction.remoteAccountDetails.affiliated
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
- service.action.kubernetesApiCallAction.namespace
- service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
- service.action.kubernetesApiCallAction.requestUri
- service.action.kubernetesApiCallAction.statusCode
- service.action.networkConnectionAction.localIpDetails.ipAddressV4
- service.action.networkConnectionAction.localIpDetails.ipAddressV6
- service.action.networkConnectionAction.protocol
- service.action.awsApiCallAction.serviceName
- service.action.awsApiCallAction.remoteAccountDetails.accountId
- service.additionalInfo.threatListName
- service.resourceRole
- resource.eksClusterDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.namespace
- resource.kubernetesDetails.kubernetesUserDetails.username
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix
- service.ebsVolumeScanDetails.scanId
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash
- service.malwareScanDetails.threats.name
- resource.ecsClusterDetails.name
- resource.ecsClusterDetails.taskDetails.containers.image
- resource.ecsClusterDetails.taskDetails.definitionArn
- resource.containerDetails.image
- resource.rdsDbInstanceDetails.dbInstanceIdentifier
- resource.rdsDbInstanceDetails.dbClusterIdentifier
- resource.rdsDbInstanceDetails.engine
- resource.rdsDbUserDetails.user
- resource.rdsDbInstanceDetails.tags.key
- resource.rdsDbInstanceDetails.tags.value
- service.runtimeDetails.process.executableSha256
- service.runtimeDetails.process.name
- service.runtimeDetails.process.name
- resource.lambdaDetails.functionName
- resource.lambdaDetails.functionArn
- resource.lambdaDetails.tags.key
- resource.lambdaDetails.tags.value
- criterion Map<Property Map>
Represents a map of finding properties that match specified conditions and values when querying findings.
For information about JSON criterion mapping to their console equivalent, see Finding criteria . The following are the available criterion:
- accountId
- id
- region
- severity
To filter on the basis of severity, the API and AWS CLI use the following input list for the
FindingCriteriacondition:- Low :
["1", "2", "3"] - Medium :
["4", "5", "6"] - High :
["7", "8", "9"]
For more information, see Severity levels for GuardDuty findings in the Amazon GuardDuty User Guide .
- type
- updatedAt
Type: ISO 8601 string format:
YYYY-MM-DDTHH:MM:SS.SSSZorYYYY-MM-DDTHH:MM:SSZdepending on whether the value contains milliseconds.- resource.accessKeyDetails.accessKeyId
- resource.accessKeyDetails.principalId
- resource.accessKeyDetails.userName
- resource.accessKeyDetails.userType
- resource.instanceDetails.iamInstanceProfile.id
- resource.instanceDetails.imageId
- resource.instanceDetails.instanceId
- resource.instanceDetails.tags.key
- resource.instanceDetails.tags.value
- resource.instanceDetails.networkInterfaces.ipv6Addresses
- resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
- resource.instanceDetails.networkInterfaces.publicDnsName
- resource.instanceDetails.networkInterfaces.publicIp
- resource.instanceDetails.networkInterfaces.securityGroups.groupId
- resource.instanceDetails.networkInterfaces.securityGroups.groupName
- resource.instanceDetails.networkInterfaces.subnetId
- resource.instanceDetails.networkInterfaces.vpcId
- resource.instanceDetails.outpostArn
- resource.resourceType
- resource.s3BucketDetails.publicAccess.effectivePermissions
- resource.s3BucketDetails.name
- resource.s3BucketDetails.tags.key
- resource.s3BucketDetails.tags.value
- resource.s3BucketDetails.type
- service.action.actionType
- service.action.awsApiCallAction.api
- service.action.awsApiCallAction.callerType
- service.action.awsApiCallAction.errorCode
- service.action.awsApiCallAction.remoteIpDetails.city.cityName
- service.action.awsApiCallAction.remoteIpDetails.country.countryName
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
- service.action.awsApiCallAction.remoteIpDetails.ipAddressV6
- service.action.awsApiCallAction.remoteIpDetails.organization.asn
- service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
- service.action.awsApiCallAction.serviceName
- service.action.dnsRequestAction.domain
- service.action.dnsRequestAction.domainWithSuffix
- service.action.networkConnectionAction.blocked
- service.action.networkConnectionAction.connectionDirection
- service.action.networkConnectionAction.localPortDetails.port
- service.action.networkConnectionAction.protocol
- service.action.networkConnectionAction.remoteIpDetails.city.cityName
- service.action.networkConnectionAction.remoteIpDetails.country.countryName
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
- service.action.networkConnectionAction.remoteIpDetails.ipAddressV6
- service.action.networkConnectionAction.remoteIpDetails.organization.asn
- service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
- service.action.networkConnectionAction.remotePortDetails.port
- service.action.awsApiCallAction.remoteAccountDetails.affiliated
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV4
- service.action.kubernetesApiCallAction.remoteIpDetails.ipAddressV6
- service.action.kubernetesApiCallAction.namespace
- service.action.kubernetesApiCallAction.remoteIpDetails.organization.asn
- service.action.kubernetesApiCallAction.requestUri
- service.action.kubernetesApiCallAction.statusCode
- service.action.networkConnectionAction.localIpDetails.ipAddressV4
- service.action.networkConnectionAction.localIpDetails.ipAddressV6
- service.action.networkConnectionAction.protocol
- service.action.awsApiCallAction.serviceName
- service.action.awsApiCallAction.remoteAccountDetails.accountId
- service.additionalInfo.threatListName
- service.resourceRole
- resource.eksClusterDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.name
- resource.kubernetesDetails.kubernetesWorkloadDetails.namespace
- resource.kubernetesDetails.kubernetesUserDetails.username
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.image
- resource.kubernetesDetails.kubernetesWorkloadDetails.containers.imagePrefix
- service.ebsVolumeScanDetails.scanId
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.name
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.severity
- service.ebsVolumeScanDetails.scanDetections.threatDetectedByName.threatNames.filePaths.hash
- service.malwareScanDetails.threats.name
- resource.ecsClusterDetails.name
- resource.ecsClusterDetails.taskDetails.containers.image
- resource.ecsClusterDetails.taskDetails.definitionArn
- resource.containerDetails.image
- resource.rdsDbInstanceDetails.dbInstanceIdentifier
- resource.rdsDbInstanceDetails.dbClusterIdentifier
- resource.rdsDbInstanceDetails.engine
- resource.rdsDbUserDetails.user
- resource.rdsDbInstanceDetails.tags.key
- resource.rdsDbInstanceDetails.tags.value
- service.runtimeDetails.process.executableSha256
- service.runtimeDetails.process.name
- service.runtimeDetails.process.name
- resource.lambdaDetails.functionName
- resource.lambdaDetails.functionArn
- resource.lambdaDetails.tags.key
- resource.lambdaDetails.tags.value
Tag
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.