We recommend new projects start with resources from the AWS provider.
aws-native.securityhub.AutomationRule
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
The AWS::SecurityHub::AutomationRule
resource specifies an automation rule based on input parameters. For more information, see Automation rules in the User Guide.
Example Usage
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var ruleWithCriteriaActionsTags = new AwsNative.SecurityHub.AutomationRule("ruleWithCriteriaActionsTags", new()
{
RuleName = "Example rule name",
RuleOrder = 5,
Description = "Example rule description.",
IsTerminal = false,
RuleStatus = AwsNative.SecurityHub.AutomationRuleRuleStatus.Enabled,
Criteria = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFiltersArgs
{
ProductName = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "GuardDuty",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "SecurityHub",
},
},
CompanyName = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "AWS",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "Private",
},
},
ProductArn = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "arn:aws:securityhub:us-west-2:123456789012:product/aws",
},
},
AwsAccountId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "123456789012",
},
},
Id = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-finding-id",
},
},
GeneratorId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-generator-id",
},
},
Type = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "type-1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "type-2",
},
},
Description = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "description1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "description2",
},
},
SourceUrl = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "https",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "ftp",
},
},
Title = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "title-1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "title-2",
},
},
SeverityLabel = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "LOW",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "HIGH",
},
},
ResourceType = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "AwsEc2Instance",
},
},
ResourcePartition = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "aws",
},
},
ResourceId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "i-1234567890",
},
},
ResourceRegion = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "us-west",
},
},
ComplianceStatus = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "FAILED",
},
},
ComplianceSecurityControlId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "EC2.3",
},
},
ComplianceAssociatedStandardsId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
},
},
VerificationState = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "BENIGN_POSITIVE",
},
},
RecordState = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "ACTIVE",
},
},
RelatedFindingsProductArn = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
},
},
RelatedFindingsId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-finding-id-2",
},
},
NoteText = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-note-text",
},
},
NoteUpdatedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
NoteUpdatedBy = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "sechub",
},
},
WorkflowStatus = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "NEW",
},
},
FirstObservedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
LastObservedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
CreatedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
UpdatedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
Start = "2023-04-25T17:05:54.832Z",
End = "2023-05-25T17:05:54.832Z",
},
},
ResourceTags = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "department",
Value = "security",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "department",
Value = "operations",
},
},
UserDefinedFields = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
Key = "key1",
Value = "security",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
Key = "key2",
Value = "operations",
},
},
ResourceDetailsOther = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "area",
Value = "na",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "department",
Value = "sales",
},
},
Confidence = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
{
Gte = 50,
Lte = 95,
},
},
Criticality = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
{
Gte = 50,
Lte = 95,
},
},
},
Actions = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRulesActionArgs
{
Type = AwsNative.SecurityHub.AutomationRulesActionType.FindingFieldsUpdate,
FindingFieldsUpdate = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFieldsUpdateArgs
{
Severity = new AwsNative.SecurityHub.Inputs.AutomationRuleSeverityUpdateArgs
{
Product = 50,
Label = AwsNative.SecurityHub.AutomationRuleSeverityUpdateLabel.Medium,
Normalized = 60,
},
Types = new[]
{
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
"Industry Compliance",
},
Confidence = 98,
Criticality = 95,
UserDefinedFields =
{
{ "key1", "value1" },
{ "key2", "value2" },
},
RelatedFindings = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
{
ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
Id = "sample-finding-id-1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
{
ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
Id = "sample-finding-id-2",
},
},
Note = new AwsNative.SecurityHub.Inputs.AutomationRuleNoteUpdateArgs
{
Text = "sample-note-text",
UpdatedBy = "sechub",
},
VerificationState = AwsNative.SecurityHub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
Workflow = new AwsNative.SecurityHub.Inputs.AutomationRuleWorkflowUpdateArgs
{
Status = AwsNative.SecurityHub.AutomationRuleWorkflowUpdateStatus.Notified,
},
},
},
},
Tags =
{
{ "sampleTag", "sampleValue" },
{ "organizationUnit", "pnw" },
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityhub.NewAutomationRule(ctx, "ruleWithCriteriaActionsTags", &securityhub.AutomationRuleArgs{
RuleName: pulumi.String("Example rule name"),
RuleOrder: pulumi.Int(5),
Description: pulumi.String("Example rule description."),
IsTerminal: pulumi.Bool(false),
RuleStatus: securityhub.AutomationRuleRuleStatusEnabled,
Criteria: &securityhub.AutomationRulesFindingFiltersArgs{
ProductName: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("GuardDuty"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("SecurityHub"),
},
},
CompanyName: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("AWS"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("Private"),
},
},
ProductArn: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/aws"),
},
},
AwsAccountId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("123456789012"),
},
},
Id: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-finding-id"),
},
},
GeneratorId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-generator-id"),
},
},
Type: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("type-1"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("type-2"),
},
},
Description: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("description1"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("description2"),
},
},
SourceUrl: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("https"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("ftp"),
},
},
Title: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("title-1"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("title-2"),
},
},
SeverityLabel: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("LOW"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("HIGH"),
},
},
ResourceType: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("AwsEc2Instance"),
},
},
ResourcePartition: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("aws"),
},
},
ResourceId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("i-1234567890"),
},
},
ResourceRegion: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("us-west"),
},
},
ComplianceStatus: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("FAILED"),
},
},
ComplianceSecurityControlId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("EC2.3"),
},
},
ComplianceAssociatedStandardsId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
},
},
VerificationState: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("BENIGN_POSITIVE"),
},
},
RecordState: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("ACTIVE"),
},
},
RelatedFindingsProductArn: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("arn:aws:securityhub:eu-central-1::product/aws/securityhub"),
},
},
RelatedFindingsId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-finding-id-2"),
},
},
NoteText: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-note-text"),
},
},
NoteUpdatedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
NoteUpdatedBy: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("sechub"),
},
},
WorkflowStatus: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("NEW"),
},
},
FirstObservedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
LastObservedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
CreatedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
UpdatedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
Start: pulumi.String("2023-04-25T17:05:54.832Z"),
End: pulumi.String("2023-05-25T17:05:54.832Z"),
},
},
ResourceTags: securityhub.AutomationRuleMapFilterArray{
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("department"),
Value: pulumi.String("security"),
},
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("department"),
Value: pulumi.String("operations"),
},
},
UserDefinedFields: securityhub.AutomationRuleMapFilterArray{
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
Key: pulumi.String("key1"),
Value: pulumi.String("security"),
},
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
Key: pulumi.String("key2"),
Value: pulumi.String("operations"),
},
},
ResourceDetailsOther: securityhub.AutomationRuleMapFilterArray{
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("area"),
Value: pulumi.String("na"),
},
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("department"),
Value: pulumi.String("sales"),
},
},
Confidence: securityhub.AutomationRuleNumberFilterArray{
&securityhub.AutomationRuleNumberFilterArgs{
Gte: pulumi.Float64(50),
Lte: pulumi.Float64(95),
},
},
Criticality: securityhub.AutomationRuleNumberFilterArray{
&securityhub.AutomationRuleNumberFilterArgs{
Gte: pulumi.Float64(50),
Lte: pulumi.Float64(95),
},
},
},
Actions: securityhub.AutomationRulesActionArray{
&securityhub.AutomationRulesActionArgs{
Type: securityhub.AutomationRulesActionTypeFindingFieldsUpdate,
FindingFieldsUpdate: &securityhub.AutomationRulesFindingFieldsUpdateArgs{
Severity: &securityhub.AutomationRuleSeverityUpdateArgs{
Product: pulumi.Float64(50),
Label: securityhub.AutomationRuleSeverityUpdateLabelMedium,
Normalized: pulumi.Int(60),
},
Types: pulumi.StringArray{
pulumi.String("Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"),
pulumi.String("Industry Compliance"),
},
Confidence: pulumi.Int(98),
Criticality: pulumi.Int(95),
UserDefinedFields: pulumi.StringMap{
"key1": pulumi.String("value1"),
"key2": pulumi.String("value2"),
},
RelatedFindings: securityhub.AutomationRuleRelatedFindingArray{
&securityhub.AutomationRuleRelatedFindingArgs{
ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
Id: pulumi.String("sample-finding-id-1"),
},
&securityhub.AutomationRuleRelatedFindingArgs{
ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
Id: pulumi.String("sample-finding-id-2"),
},
},
Note: &securityhub.AutomationRuleNoteUpdateArgs{
Text: pulumi.String("sample-note-text"),
UpdatedBy: pulumi.String("sechub"),
},
VerificationState: securityhub.AutomationRulesFindingFieldsUpdateVerificationStateTruePositive,
Workflow: &securityhub.AutomationRuleWorkflowUpdateArgs{
Status: securityhub.AutomationRuleWorkflowUpdateStatusNotified,
},
},
},
},
Tags: pulumi.StringMap{
"sampleTag": pulumi.String("sampleValue"),
"organizationUnit": pulumi.String("pnw"),
},
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_native as aws_native
rule_with_criteria_actions_tags = aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags",
rule_name="Example rule name",
rule_order=5,
description="Example rule description.",
is_terminal=False,
rule_status=aws_native.securityhub.AutomationRuleRuleStatus.ENABLED,
criteria={
"product_name": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "GuardDuty",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "SecurityHub",
},
],
"company_name": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "AWS",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "Private",
},
],
"product_arn": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "arn:aws:securityhub:us-west-2:123456789012:product/aws",
},
],
"aws_account_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "123456789012",
}],
"id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-finding-id",
}],
"generator_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-generator-id",
}],
"type": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "type-1",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "type-2",
},
],
"description": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "description1",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "description2",
},
],
"source_url": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "https",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "ftp",
},
],
"title": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "title-1",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "title-2",
},
],
"severity_label": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "LOW",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "HIGH",
},
],
"resource_type": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "AwsEc2Instance",
}],
"resource_partition": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "aws",
}],
"resource_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "i-1234567890",
}],
"resource_region": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "us-west",
}],
"compliance_status": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "FAILED",
}],
"compliance_security_control_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "EC2.3",
}],
"compliance_associated_standards_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
}],
"verification_state": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "BENIGN_POSITIVE",
}],
"record_state": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "ACTIVE",
}],
"related_findings_product_arn": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
}],
"related_findings_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-finding-id-2",
}],
"note_text": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-note-text",
}],
"note_updated_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"note_updated_by": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "sechub",
}],
"workflow_status": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "NEW",
}],
"first_observed_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"last_observed_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"created_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"updated_at": [{
"start": "2023-04-25T17:05:54.832Z",
"end": "2023-05-25T17:05:54.832Z",
}],
"resource_tags": [
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "department",
"value": "security",
},
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "department",
"value": "operations",
},
],
"user_defined_fields": [
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
"key": "key1",
"value": "security",
},
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
"key": "key2",
"value": "operations",
},
],
"resource_details_other": [
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "area",
"value": "na",
},
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "department",
"value": "sales",
},
],
"confidence": [{
"gte": 50,
"lte": 95,
}],
"criticality": [{
"gte": 50,
"lte": 95,
}],
},
actions=[{
"type": aws_native.securityhub.AutomationRulesActionType.FINDING_FIELDS_UPDATE,
"finding_fields_update": {
"severity": {
"product": 50,
"label": aws_native.securityhub.AutomationRuleSeverityUpdateLabel.MEDIUM,
"normalized": 60,
},
"types": [
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
"Industry Compliance",
],
"confidence": 98,
"criticality": 95,
"user_defined_fields": {
"key1": "value1",
"key2": "value2",
},
"related_findings": [
{
"product_arn": "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
"id": "sample-finding-id-1",
},
{
"product_arn": "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
"id": "sample-finding-id-2",
},
],
"note": {
"text": "sample-note-text",
"updated_by": "sechub",
},
"verification_state": aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TRUE_POSITIVE,
"workflow": {
"status": aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.NOTIFIED,
},
},
}],
tags={
"sampleTag": "sampleValue",
"organizationUnit": "pnw",
})
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const ruleWithCriteriaActionsTags = new aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags", {
ruleName: "Example rule name",
ruleOrder: 5,
description: "Example rule description.",
isTerminal: false,
ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled,
criteria: {
productName: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "GuardDuty",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "SecurityHub",
},
],
companyName: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "AWS",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "Private",
},
],
productArn: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "arn:aws:securityhub:us-west-2:123456789012:product/aws",
},
],
awsAccountId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "123456789012",
}],
id: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-finding-id",
}],
generatorId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-generator-id",
}],
type: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "type-1",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "type-2",
},
],
description: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "description1",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "description2",
},
],
sourceUrl: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "https",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "ftp",
},
],
title: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "title-1",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "title-2",
},
],
severityLabel: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "LOW",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "HIGH",
},
],
resourceType: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "AwsEc2Instance",
}],
resourcePartition: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "aws",
}],
resourceId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "i-1234567890",
}],
resourceRegion: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "us-west",
}],
complianceStatus: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "FAILED",
}],
complianceSecurityControlId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "EC2.3",
}],
complianceAssociatedStandardsId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
}],
verificationState: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "BENIGN_POSITIVE",
}],
recordState: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "ACTIVE",
}],
relatedFindingsProductArn: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
}],
relatedFindingsId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-finding-id-2",
}],
noteText: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-note-text",
}],
noteUpdatedAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
noteUpdatedBy: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "sechub",
}],
workflowStatus: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "NEW",
}],
firstObservedAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
lastObservedAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
createdAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
updatedAt: [{
start: "2023-04-25T17:05:54.832Z",
end: "2023-05-25T17:05:54.832Z",
}],
resourceTags: [
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "department",
value: "security",
},
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "department",
value: "operations",
},
],
userDefinedFields: [
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
key: "key1",
value: "security",
},
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
key: "key2",
value: "operations",
},
],
resourceDetailsOther: [
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "area",
value: "na",
},
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "department",
value: "sales",
},
],
confidence: [{
gte: 50,
lte: 95,
}],
criticality: [{
gte: 50,
lte: 95,
}],
},
actions: [{
type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate,
findingFieldsUpdate: {
severity: {
product: 50,
label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Medium,
normalized: 60,
},
types: [
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
"Industry Compliance",
],
confidence: 98,
criticality: 95,
userDefinedFields: {
key1: "value1",
key2: "value2",
},
relatedFindings: [
{
productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
id: "sample-finding-id-1",
},
{
productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
id: "sample-finding-id-2",
},
],
note: {
text: "sample-note-text",
updatedBy: "sechub",
},
verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
workflow: {
status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.Notified,
},
},
}],
tags: {
sampleTag: "sampleValue",
organizationUnit: "pnw",
},
});
Coming soon!
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var ruleWithCriteriaActionsTags = new AwsNative.SecurityHub.AutomationRule("ruleWithCriteriaActionsTags", new()
{
RuleName = "Example rule name",
RuleOrder = 5,
Description = "Example rule description.",
IsTerminal = false,
RuleStatus = AwsNative.SecurityHub.AutomationRuleRuleStatus.Enabled,
Criteria = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFiltersArgs
{
ProductName = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "GuardDuty",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "SecurityHub",
},
},
CompanyName = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "AWS",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "Private",
},
},
ProductArn = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "arn:aws:securityhub:us-west-2:123456789012:product/aws",
},
},
AwsAccountId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "123456789012",
},
},
Id = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-finding-id",
},
},
GeneratorId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-generator-id",
},
},
Type = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "type-1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "type-2",
},
},
Description = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "description1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "description2",
},
},
SourceUrl = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "https",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "ftp",
},
},
Title = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "title-1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "title-2",
},
},
SeverityLabel = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "LOW",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "HIGH",
},
},
ResourceType = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "AwsEc2Instance",
},
},
ResourcePartition = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "aws",
},
},
ResourceId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "i-1234567890",
},
},
ResourceRegion = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "us-west",
},
},
ComplianceStatus = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "FAILED",
},
},
ComplianceSecurityControlId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "EC2.3",
},
},
ComplianceAssociatedStandardsId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
},
},
VerificationState = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "BENIGN_POSITIVE",
},
},
RecordState = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "ACTIVE",
},
},
RelatedFindingsProductArn = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
},
},
RelatedFindingsId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-finding-id-2",
},
},
NoteText = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-note-text",
},
},
NoteUpdatedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
NoteUpdatedBy = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "sechub",
},
},
WorkflowStatus = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "NEW",
},
},
FirstObservedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
LastObservedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
CreatedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
UpdatedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
Start = "2023-04-25T17:05:54.832Z",
End = "2023-05-25T17:05:54.832Z",
},
},
ResourceTags = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "department",
Value = "security",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "department",
Value = "operations",
},
},
UserDefinedFields = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
Key = "key1",
Value = "security",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
Key = "key2",
Value = "operations",
},
},
ResourceDetailsOther = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "area",
Value = "na",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "department",
Value = "sales",
},
},
Confidence = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
{
Gte = 50,
Lte = 95,
},
},
Criticality = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
{
Gte = 50,
Lte = 95,
},
},
},
Actions = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRulesActionArgs
{
Type = AwsNative.SecurityHub.AutomationRulesActionType.FindingFieldsUpdate,
FindingFieldsUpdate = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFieldsUpdateArgs
{
Severity = new AwsNative.SecurityHub.Inputs.AutomationRuleSeverityUpdateArgs
{
Product = 50,
Label = AwsNative.SecurityHub.AutomationRuleSeverityUpdateLabel.Medium,
Normalized = 60,
},
Types = new[]
{
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
"Industry Compliance",
},
Confidence = 98,
Criticality = 95,
UserDefinedFields =
{
{ "key1", "value1" },
{ "key2", "value2" },
},
RelatedFindings = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
{
ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
Id = "sample-finding-id-1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
{
ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
Id = "sample-finding-id-2",
},
},
Note = new AwsNative.SecurityHub.Inputs.AutomationRuleNoteUpdateArgs
{
Text = "sample-note-text",
UpdatedBy = "sechub",
},
VerificationState = AwsNative.SecurityHub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
Workflow = new AwsNative.SecurityHub.Inputs.AutomationRuleWorkflowUpdateArgs
{
Status = AwsNative.SecurityHub.AutomationRuleWorkflowUpdateStatus.Notified,
},
},
},
},
Tags =
{
{ "sampleTag", "sampleValue" },
{ "organizationUnit", "pnw" },
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityhub.NewAutomationRule(ctx, "ruleWithCriteriaActionsTags", &securityhub.AutomationRuleArgs{
RuleName: pulumi.String("Example rule name"),
RuleOrder: pulumi.Int(5),
Description: pulumi.String("Example rule description."),
IsTerminal: pulumi.Bool(false),
RuleStatus: securityhub.AutomationRuleRuleStatusEnabled,
Criteria: &securityhub.AutomationRulesFindingFiltersArgs{
ProductName: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("GuardDuty"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("SecurityHub"),
},
},
CompanyName: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("AWS"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("Private"),
},
},
ProductArn: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/aws"),
},
},
AwsAccountId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("123456789012"),
},
},
Id: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-finding-id"),
},
},
GeneratorId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-generator-id"),
},
},
Type: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("type-1"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("type-2"),
},
},
Description: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("description1"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("description2"),
},
},
SourceUrl: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("https"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("ftp"),
},
},
Title: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("title-1"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("title-2"),
},
},
SeverityLabel: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("LOW"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("HIGH"),
},
},
ResourceType: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("AwsEc2Instance"),
},
},
ResourcePartition: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("aws"),
},
},
ResourceId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("i-1234567890"),
},
},
ResourceRegion: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("us-west"),
},
},
ComplianceStatus: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("FAILED"),
},
},
ComplianceSecurityControlId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("EC2.3"),
},
},
ComplianceAssociatedStandardsId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
},
},
VerificationState: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("BENIGN_POSITIVE"),
},
},
RecordState: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("ACTIVE"),
},
},
RelatedFindingsProductArn: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("arn:aws:securityhub:eu-central-1::product/aws/securityhub"),
},
},
RelatedFindingsId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-finding-id-2"),
},
},
NoteText: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-note-text"),
},
},
NoteUpdatedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
NoteUpdatedBy: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("sechub"),
},
},
WorkflowStatus: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("NEW"),
},
},
FirstObservedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
LastObservedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
CreatedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
UpdatedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
Start: pulumi.String("2023-04-25T17:05:54.832Z"),
End: pulumi.String("2023-05-25T17:05:54.832Z"),
},
},
ResourceTags: securityhub.AutomationRuleMapFilterArray{
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("department"),
Value: pulumi.String("security"),
},
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("department"),
Value: pulumi.String("operations"),
},
},
UserDefinedFields: securityhub.AutomationRuleMapFilterArray{
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
Key: pulumi.String("key1"),
Value: pulumi.String("security"),
},
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
Key: pulumi.String("key2"),
Value: pulumi.String("operations"),
},
},
ResourceDetailsOther: securityhub.AutomationRuleMapFilterArray{
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("area"),
Value: pulumi.String("na"),
},
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("department"),
Value: pulumi.String("sales"),
},
},
Confidence: securityhub.AutomationRuleNumberFilterArray{
&securityhub.AutomationRuleNumberFilterArgs{
Gte: pulumi.Float64(50),
Lte: pulumi.Float64(95),
},
},
Criticality: securityhub.AutomationRuleNumberFilterArray{
&securityhub.AutomationRuleNumberFilterArgs{
Gte: pulumi.Float64(50),
Lte: pulumi.Float64(95),
},
},
},
Actions: securityhub.AutomationRulesActionArray{
&securityhub.AutomationRulesActionArgs{
Type: securityhub.AutomationRulesActionTypeFindingFieldsUpdate,
FindingFieldsUpdate: &securityhub.AutomationRulesFindingFieldsUpdateArgs{
Severity: &securityhub.AutomationRuleSeverityUpdateArgs{
Product: pulumi.Float64(50),
Label: securityhub.AutomationRuleSeverityUpdateLabelMedium,
Normalized: pulumi.Int(60),
},
Types: pulumi.StringArray{
pulumi.String("Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"),
pulumi.String("Industry Compliance"),
},
Confidence: pulumi.Int(98),
Criticality: pulumi.Int(95),
UserDefinedFields: pulumi.StringMap{
"key1": pulumi.String("value1"),
"key2": pulumi.String("value2"),
},
RelatedFindings: securityhub.AutomationRuleRelatedFindingArray{
&securityhub.AutomationRuleRelatedFindingArgs{
ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
Id: pulumi.String("sample-finding-id-1"),
},
&securityhub.AutomationRuleRelatedFindingArgs{
ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
Id: pulumi.String("sample-finding-id-2"),
},
},
Note: &securityhub.AutomationRuleNoteUpdateArgs{
Text: pulumi.String("sample-note-text"),
UpdatedBy: pulumi.String("sechub"),
},
VerificationState: securityhub.AutomationRulesFindingFieldsUpdateVerificationStateTruePositive,
Workflow: &securityhub.AutomationRuleWorkflowUpdateArgs{
Status: securityhub.AutomationRuleWorkflowUpdateStatusNotified,
},
},
},
},
Tags: pulumi.StringMap{
"sampleTag": pulumi.String("sampleValue"),
"organizationUnit": pulumi.String("pnw"),
},
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_native as aws_native
rule_with_criteria_actions_tags = aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags",
rule_name="Example rule name",
rule_order=5,
description="Example rule description.",
is_terminal=False,
rule_status=aws_native.securityhub.AutomationRuleRuleStatus.ENABLED,
criteria={
"product_name": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "GuardDuty",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "SecurityHub",
},
],
"company_name": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "AWS",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "Private",
},
],
"product_arn": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "arn:aws:securityhub:us-west-2:123456789012:product/aws",
},
],
"aws_account_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "123456789012",
}],
"id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-finding-id",
}],
"generator_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-generator-id",
}],
"type": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "type-1",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "type-2",
},
],
"description": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "description1",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "description2",
},
],
"source_url": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "https",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "ftp",
},
],
"title": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "title-1",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "title-2",
},
],
"severity_label": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "LOW",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "HIGH",
},
],
"resource_type": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "AwsEc2Instance",
}],
"resource_partition": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "aws",
}],
"resource_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "i-1234567890",
}],
"resource_region": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "us-west",
}],
"compliance_status": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "FAILED",
}],
"compliance_security_control_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "EC2.3",
}],
"compliance_associated_standards_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
}],
"verification_state": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "BENIGN_POSITIVE",
}],
"record_state": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "ACTIVE",
}],
"related_findings_product_arn": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
}],
"related_findings_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-finding-id-2",
}],
"note_text": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-note-text",
}],
"note_updated_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"note_updated_by": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "sechub",
}],
"workflow_status": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "NEW",
}],
"first_observed_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"last_observed_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"created_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"updated_at": [{
"start": "2023-04-25T17:05:54.832Z",
"end": "2023-05-25T17:05:54.832Z",
}],
"resource_tags": [
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "department",
"value": "security",
},
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "department",
"value": "operations",
},
],
"user_defined_fields": [
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
"key": "key1",
"value": "security",
},
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
"key": "key2",
"value": "operations",
},
],
"resource_details_other": [
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "area",
"value": "na",
},
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "department",
"value": "sales",
},
],
"confidence": [{
"gte": 50,
"lte": 95,
}],
"criticality": [{
"gte": 50,
"lte": 95,
}],
},
actions=[{
"type": aws_native.securityhub.AutomationRulesActionType.FINDING_FIELDS_UPDATE,
"finding_fields_update": {
"severity": {
"product": 50,
"label": aws_native.securityhub.AutomationRuleSeverityUpdateLabel.MEDIUM,
"normalized": 60,
},
"types": [
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
"Industry Compliance",
],
"confidence": 98,
"criticality": 95,
"user_defined_fields": {
"key1": "value1",
"key2": "value2",
},
"related_findings": [
{
"product_arn": "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
"id": "sample-finding-id-1",
},
{
"product_arn": "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
"id": "sample-finding-id-2",
},
],
"note": {
"text": "sample-note-text",
"updated_by": "sechub",
},
"verification_state": aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TRUE_POSITIVE,
"workflow": {
"status": aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.NOTIFIED,
},
},
}],
tags={
"sampleTag": "sampleValue",
"organizationUnit": "pnw",
})
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const ruleWithCriteriaActionsTags = new aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags", {
ruleName: "Example rule name",
ruleOrder: 5,
description: "Example rule description.",
isTerminal: false,
ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled,
criteria: {
productName: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "GuardDuty",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "SecurityHub",
},
],
companyName: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "AWS",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "Private",
},
],
productArn: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "arn:aws:securityhub:us-west-2:123456789012:product/aws",
},
],
awsAccountId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "123456789012",
}],
id: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-finding-id",
}],
generatorId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-generator-id",
}],
type: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "type-1",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "type-2",
},
],
description: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "description1",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "description2",
},
],
sourceUrl: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "https",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "ftp",
},
],
title: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "title-1",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "title-2",
},
],
severityLabel: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "LOW",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "HIGH",
},
],
resourceType: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "AwsEc2Instance",
}],
resourcePartition: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "aws",
}],
resourceId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "i-1234567890",
}],
resourceRegion: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "us-west",
}],
complianceStatus: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "FAILED",
}],
complianceSecurityControlId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "EC2.3",
}],
complianceAssociatedStandardsId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
}],
verificationState: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "BENIGN_POSITIVE",
}],
recordState: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "ACTIVE",
}],
relatedFindingsProductArn: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
}],
relatedFindingsId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-finding-id-2",
}],
noteText: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-note-text",
}],
noteUpdatedAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
noteUpdatedBy: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "sechub",
}],
workflowStatus: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "NEW",
}],
firstObservedAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
lastObservedAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
createdAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
updatedAt: [{
start: "2023-04-25T17:05:54.832Z",
end: "2023-05-25T17:05:54.832Z",
}],
resourceTags: [
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "department",
value: "security",
},
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "department",
value: "operations",
},
],
userDefinedFields: [
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
key: "key1",
value: "security",
},
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
key: "key2",
value: "operations",
},
],
resourceDetailsOther: [
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "area",
value: "na",
},
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "department",
value: "sales",
},
],
confidence: [{
gte: 50,
lte: 95,
}],
criticality: [{
gte: 50,
lte: 95,
}],
},
actions: [{
type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate,
findingFieldsUpdate: {
severity: {
product: 50,
label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Medium,
normalized: 60,
},
types: [
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
"Industry Compliance",
],
confidence: 98,
criticality: 95,
userDefinedFields: {
key1: "value1",
key2: "value2",
},
relatedFindings: [
{
productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
id: "sample-finding-id-1",
},
{
productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
id: "sample-finding-id-2",
},
],
note: {
text: "sample-note-text",
updatedBy: "sechub",
},
verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
workflow: {
status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.Notified,
},
},
}],
tags: {
sampleTag: "sampleValue",
organizationUnit: "pnw",
},
});
Coming soon!
Create AutomationRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);
@overload
def AutomationRule(resource_name: str,
args: AutomationRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AutomationRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[AutomationRulesActionArgs]] = None,
criteria: Optional[AutomationRulesFindingFiltersArgs] = None,
description: Optional[str] = None,
rule_order: Optional[int] = None,
is_terminal: Optional[bool] = None,
rule_name: Optional[str] = None,
rule_status: Optional[AutomationRuleRuleStatus] = None,
tags: Optional[Mapping[str, str]] = None)
func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)
public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)
public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
type: aws-native:securityhub:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AutomationRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AutomationRule resource accepts the following input properties:
- Actions
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rules Action> - One or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. - Criteria
Pulumi.
Aws Native. Security Hub. Inputs. Automation Rules Finding Filters - A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- Description string
- A description of the rule.
- Rule
Order int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- Is
Terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- Rule
Name string - The name of the rule.
- Rule
Status Pulumi.Aws Native. Security Hub. Automation Rule Rule Status - Whether the rule is active after it is created. If this parameter is equal to
ENABLED
, ASH applies the rule to findings and finding updates after the rule is created. - Dictionary<string, string>
- User-defined tags associated with an automation rule.
- Actions
[]Automation
Rules Action Args - One or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. - Criteria
Automation
Rules Finding Filters Args - A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- Description string
- A description of the rule.
- Rule
Order int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- Is
Terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- Rule
Name string - The name of the rule.
- Rule
Status AutomationRule Rule Status - Whether the rule is active after it is created. If this parameter is equal to
ENABLED
, ASH applies the rule to findings and finding updates after the rule is created. - map[string]string
- User-defined tags associated with an automation rule.
- actions
List<Automation
Rules Action> - One or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. - criteria
Automation
Rules Finding Filters - A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- description String
- A description of the rule.
- rule
Order Integer - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- is
Terminal Boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- rule
Name String - The name of the rule.
- rule
Status AutomationRule Rule Status - Whether the rule is active after it is created. If this parameter is equal to
ENABLED
, ASH applies the rule to findings and finding updates after the rule is created. - Map<String,String>
- User-defined tags associated with an automation rule.
- actions
Automation
Rules Action[] - One or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. - criteria
Automation
Rules Finding Filters - A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- description string
- A description of the rule.
- rule
Order number - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- is
Terminal boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- rule
Name string - The name of the rule.
- rule
Status AutomationRule Rule Status - Whether the rule is active after it is created. If this parameter is equal to
ENABLED
, ASH applies the rule to findings and finding updates after the rule is created. - {[key: string]: string}
- User-defined tags associated with an automation rule.
- actions
Sequence[Automation
Rules Action Args] - One or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. - criteria
Automation
Rules Finding Filters Args - A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- description str
- A description of the rule.
- rule_
order int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- is_
terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- rule_
name str - The name of the rule.
- rule_
status AutomationRule Rule Status - Whether the rule is active after it is created. If this parameter is equal to
ENABLED
, ASH applies the rule to findings and finding updates after the rule is created. - Mapping[str, str]
- User-defined tags associated with an automation rule.
- actions List<Property Map>
- One or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. - criteria Property Map
- A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- description String
- A description of the rule.
- rule
Order Number - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- is
Terminal Boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- rule
Name String - The name of the rule.
- rule
Status "ENABLED" | "DISABLED" - Whether the rule is active after it is created. If this parameter is equal to
ENABLED
, ASH applies the rule to findings and finding updates after the rule is created. - Map<String>
- User-defined tags associated with an automation rule.
Outputs
All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:
- Created
At string A timestamp that indicates when the rule was created.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.- Created
By string - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe
. - Id string
- The provider-assigned unique ID for this managed resource.
- Rule
Arn string - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
. - Updated
At string A timestamp that indicates when the rule was most recently updated.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.
- Created
At string A timestamp that indicates when the rule was created.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.- Created
By string - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe
. - Id string
- The provider-assigned unique ID for this managed resource.
- Rule
Arn string - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
. - Updated
At string A timestamp that indicates when the rule was most recently updated.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.
- created
At String A timestamp that indicates when the rule was created.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.- created
By String - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe
. - id String
- The provider-assigned unique ID for this managed resource.
- rule
Arn String - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
. - updated
At String A timestamp that indicates when the rule was most recently updated.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.
- created
At string A timestamp that indicates when the rule was created.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.- created
By string - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe
. - id string
- The provider-assigned unique ID for this managed resource.
- rule
Arn string - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
. - updated
At string A timestamp that indicates when the rule was most recently updated.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.
- created_
at str A timestamp that indicates when the rule was created.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.- created_
by str - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe
. - id str
- The provider-assigned unique ID for this managed resource.
- rule_
arn str - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
. - updated_
at str A timestamp that indicates when the rule was most recently updated.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.
- created
At String A timestamp that indicates when the rule was created.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.- created
By String - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe
. - id String
- The provider-assigned unique ID for this managed resource.
- rule
Arn String - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
. - updated
At String A timestamp that indicates when the rule was most recently updated.
Uses the
date-time
format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z
.
Supporting Types
AutomationRuleDateFilter, AutomationRuleDateFilterArgs
- Date
Range Pulumi.Aws Native. Security Hub. Inputs. Automation Rule Date Range - A date range for the date filter.
- End string
- A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- Start string
- A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- Date
Range AutomationRule Date Range - A date range for the date filter.
- End string
- A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- Start string
- A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date
Range AutomationRule Date Range - A date range for the date filter.
- end String
- A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start String
- A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date
Range AutomationRule Date Range - A date range for the date filter.
- end string
- A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start string
- A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date_
range AutomationRule Date Range - A date range for the date filter.
- end str
- A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start str
- A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date
Range Property Map - A date range for the date filter.
- end String
- A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start String
- A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
AutomationRuleDateRange, AutomationRuleDateRangeArgs
- Unit
Pulumi.
Aws Native. Security Hub. Automation Rule Date Range Unit - A date range unit for the date filter.
- Value double
- A date range value for the date filter.
- Unit
Automation
Rule Date Range Unit - A date range unit for the date filter.
- Value float64
- A date range value for the date filter.
- unit
Automation
Rule Date Range Unit - A date range unit for the date filter.
- value Double
- A date range value for the date filter.
- unit
Automation
Rule Date Range Unit - A date range unit for the date filter.
- value number
- A date range value for the date filter.
- unit
Automation
Rule Date Range Unit - A date range unit for the date filter.
- value float
- A date range value for the date filter.
AutomationRuleDateRangeUnit, AutomationRuleDateRangeUnitArgs
- Days
- DAYS
- Automation
Rule Date Range Unit Days - DAYS
- Days
- DAYS
- Days
- DAYS
- DAYS
- DAYS
- "DAYS"
- DAYS
AutomationRuleMapFilter, AutomationRuleMapFilterArgs
- Comparison
Pulumi.
Aws Native. Security Hub. Automation Rule Map Filter Comparison The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, for theResourceTags
field, the filterDepartment CONTAINS Security
matches findings that include the valueSecurity
for theDepartment
tag. In the same example, a finding with a value ofSecurity team
for theDepartment
tag is a match. - To search for values that exactly match the filter value, use
EQUALS
. For example, for theResourceTags
field, the filterDepartment EQUALS Security
matches findings that have the valueSecurity
for theDepartment
tag.
CONTAINS
andEQUALS
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Finance
match a finding that includes eitherSecurity
,Finance
, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, for theResourceTags
field, the filterDepartment NOT_CONTAINS Finance
matches findings that exclude the valueFinance
for theDepartment
tag. - To search for values other than the filter value, use
NOT_EQUALS
. For example, for theResourceTags
field, the filterDepartment NOT_EQUALS Finance
matches findings that don’t have the valueFinance
for theDepartment
tag.
NOT_CONTAINS
andNOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Finance
match a finding that excludes both theSecurity
andFinance
values.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can’t have both anEQUALS
filter and aNOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- Key string
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - Value string
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- Comparison
Automation
Rule Map Filter Comparison The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, for theResourceTags
field, the filterDepartment CONTAINS Security
matches findings that include the valueSecurity
for theDepartment
tag. In the same example, a finding with a value ofSecurity team
for theDepartment
tag is a match. - To search for values that exactly match the filter value, use
EQUALS
. For example, for theResourceTags
field, the filterDepartment EQUALS Security
matches findings that have the valueSecurity
for theDepartment
tag.
CONTAINS
andEQUALS
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Finance
match a finding that includes eitherSecurity
,Finance
, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, for theResourceTags
field, the filterDepartment NOT_CONTAINS Finance
matches findings that exclude the valueFinance
for theDepartment
tag. - To search for values other than the filter value, use
NOT_EQUALS
. For example, for theResourceTags
field, the filterDepartment NOT_EQUALS Finance
matches findings that don’t have the valueFinance
for theDepartment
tag.
NOT_CONTAINS
andNOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Finance
match a finding that excludes both theSecurity
andFinance
values.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can’t have both anEQUALS
filter and aNOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- Key string
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - Value string
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison
Automation
Rule Map Filter Comparison The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, for theResourceTags
field, the filterDepartment CONTAINS Security
matches findings that include the valueSecurity
for theDepartment
tag. In the same example, a finding with a value ofSecurity team
for theDepartment
tag is a match. - To search for values that exactly match the filter value, use
EQUALS
. For example, for theResourceTags
field, the filterDepartment EQUALS Security
matches findings that have the valueSecurity
for theDepartment
tag.
CONTAINS
andEQUALS
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Finance
match a finding that includes eitherSecurity
,Finance
, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, for theResourceTags
field, the filterDepartment NOT_CONTAINS Finance
matches findings that exclude the valueFinance
for theDepartment
tag. - To search for values other than the filter value, use
NOT_EQUALS
. For example, for theResourceTags
field, the filterDepartment NOT_EQUALS Finance
matches findings that don’t have the valueFinance
for theDepartment
tag.
NOT_CONTAINS
andNOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Finance
match a finding that excludes both theSecurity
andFinance
values.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can’t have both anEQUALS
filter and aNOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- key String
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value String
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison
Automation
Rule Map Filter Comparison The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, for theResourceTags
field, the filterDepartment CONTAINS Security
matches findings that include the valueSecurity
for theDepartment
tag. In the same example, a finding with a value ofSecurity team
for theDepartment
tag is a match. - To search for values that exactly match the filter value, use
EQUALS
. For example, for theResourceTags
field, the filterDepartment EQUALS Security
matches findings that have the valueSecurity
for theDepartment
tag.
CONTAINS
andEQUALS
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Finance
match a finding that includes eitherSecurity
,Finance
, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, for theResourceTags
field, the filterDepartment NOT_CONTAINS Finance
matches findings that exclude the valueFinance
for theDepartment
tag. - To search for values other than the filter value, use
NOT_EQUALS
. For example, for theResourceTags
field, the filterDepartment NOT_EQUALS Finance
matches findings that don’t have the valueFinance
for theDepartment
tag.
NOT_CONTAINS
andNOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Finance
match a finding that excludes both theSecurity
andFinance
values.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can’t have both anEQUALS
filter and aNOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- key string
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value string
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison
Automation
Rule Map Filter Comparison The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, for theResourceTags
field, the filterDepartment CONTAINS Security
matches findings that include the valueSecurity
for theDepartment
tag. In the same example, a finding with a value ofSecurity team
for theDepartment
tag is a match. - To search for values that exactly match the filter value, use
EQUALS
. For example, for theResourceTags
field, the filterDepartment EQUALS Security
matches findings that have the valueSecurity
for theDepartment
tag.
CONTAINS
andEQUALS
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Finance
match a finding that includes eitherSecurity
,Finance
, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, for theResourceTags
field, the filterDepartment NOT_CONTAINS Finance
matches findings that exclude the valueFinance
for theDepartment
tag. - To search for values other than the filter value, use
NOT_EQUALS
. For example, for theResourceTags
field, the filterDepartment NOT_EQUALS Finance
matches findings that don’t have the valueFinance
for theDepartment
tag.
NOT_CONTAINS
andNOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Finance
match a finding that excludes both theSecurity
andFinance
values.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can’t have both anEQUALS
filter and aNOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- key str
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value str
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison "EQUALS" | "NOT_EQUALS" | "CONTAINS" | "NOT_CONTAINS"
The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, for theResourceTags
field, the filterDepartment CONTAINS Security
matches findings that include the valueSecurity
for theDepartment
tag. In the same example, a finding with a value ofSecurity team
for theDepartment
tag is a match. - To search for values that exactly match the filter value, use
EQUALS
. For example, for theResourceTags
field, the filterDepartment EQUALS Security
matches findings that have the valueSecurity
for theDepartment
tag.
CONTAINS
andEQUALS
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Finance
match a finding that includes eitherSecurity
,Finance
, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, for theResourceTags
field, the filterDepartment NOT_CONTAINS Finance
matches findings that exclude the valueFinance
for theDepartment
tag. - To search for values other than the filter value, use
NOT_EQUALS
. For example, for theResourceTags
field, the filterDepartment NOT_EQUALS Finance
matches findings that don’t have the valueFinance
for theDepartment
tag.
NOT_CONTAINS
andNOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Finance
match a finding that excludes both theSecurity
andFinance
values.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can’t have both anEQUALS
filter and aNOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- key String
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value String
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
AutomationRuleMapFilterComparison, AutomationRuleMapFilterComparisonArgs
- Equals
Value - EQUALS
- Not
Equals - NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- Automation
Rule Map Filter Comparison Equals - EQUALS
- Automation
Rule Map Filter Comparison Not Equals - NOT_EQUALS
- Automation
Rule Map Filter Comparison Contains - CONTAINS
- Automation
Rule Map Filter Comparison Not Contains - NOT_CONTAINS
- Equals
- EQUALS
- Not
Equals - NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- Equals
- EQUALS
- Not
Equals - NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- EQUALS
- EQUALS
- NOT_EQUALS
- NOT_EQUALS
- CONTAINS
- CONTAINS
- NOT_CONTAINS
- NOT_CONTAINS
- "EQUALS"
- EQUALS
- "NOT_EQUALS"
- NOT_EQUALS
- "CONTAINS"
- CONTAINS
- "NOT_CONTAINS"
- NOT_CONTAINS
AutomationRuleNoteUpdate, AutomationRuleNoteUpdateArgs
- text str
- The updated note text.
- updated_
by str - The principal that updated the note.
AutomationRuleNumberFilter, AutomationRuleNumberFilterArgs
AutomationRuleRelatedFinding, AutomationRuleRelatedFindingArgs
- Id string
- The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Arn string - The Amazon Resource Name (ARN) for the product that generated a related finding.
- Id string
- The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Arn string - The Amazon Resource Name (ARN) for the product that generated a related finding.
- id String
- The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn String - The Amazon Resource Name (ARN) for the product that generated a related finding.
- id string
- The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn string - The Amazon Resource Name (ARN) for the product that generated a related finding.
- id str
- The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product_
arn str - The Amazon Resource Name (ARN) for the product that generated a related finding.
- id String
- The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn String - The Amazon Resource Name (ARN) for the product that generated a related finding.
AutomationRuleRuleStatus, AutomationRuleRuleStatusArgs
- Enabled
- ENABLED
- Disabled
- DISABLED
- Automation
Rule Rule Status Enabled - ENABLED
- Automation
Rule Rule Status Disabled - DISABLED
- Enabled
- ENABLED
- Disabled
- DISABLED
- Enabled
- ENABLED
- Disabled
- DISABLED
- ENABLED
- ENABLED
- DISABLED
- DISABLED
- "ENABLED"
- ENABLED
- "DISABLED"
- DISABLED
AutomationRuleSeverityUpdate, AutomationRuleSeverityUpdateArgs
- Label
Pulumi.
Aws Native. Security Hub. Automation Rule Severity Update Label - The severity value of the finding. The allowed values are the following.
INFORMATIONAL
- No issue was found.LOW
- The issue does not require action on its own.MEDIUM
- The issue must be addressed but not urgently.HIGH
- The issue must be addressed as a priority.CRITICAL
- The issue must be remediated immediately to avoid it escalating.
- Normalized int
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label
. If you provideNormalized
and don't provideLabel
,Label
is set automatically as follows.- 0 -
INFORMATIONAL
- 1–39 -
LOW
- 40–69 -
MEDIUM
- 70–89 -
HIGH
- 90–100 -
CRITICAL
- 0 -
- Product double
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
- Label
Automation
Rule Severity Update Label - The severity value of the finding. The allowed values are the following.
INFORMATIONAL
- No issue was found.LOW
- The issue does not require action on its own.MEDIUM
- The issue must be addressed but not urgently.HIGH
- The issue must be addressed as a priority.CRITICAL
- The issue must be remediated immediately to avoid it escalating.
- Normalized int
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label
. If you provideNormalized
and don't provideLabel
,Label
is set automatically as follows.- 0 -
INFORMATIONAL
- 1–39 -
LOW
- 40–69 -
MEDIUM
- 70–89 -
HIGH
- 90–100 -
CRITICAL
- 0 -
- Product float64
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
- label
Automation
Rule Severity Update Label - The severity value of the finding. The allowed values are the following.
INFORMATIONAL
- No issue was found.LOW
- The issue does not require action on its own.MEDIUM
- The issue must be addressed but not urgently.HIGH
- The issue must be addressed as a priority.CRITICAL
- The issue must be remediated immediately to avoid it escalating.
- normalized Integer
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label
. If you provideNormalized
and don't provideLabel
,Label
is set automatically as follows.- 0 -
INFORMATIONAL
- 1–39 -
LOW
- 40–69 -
MEDIUM
- 70–89 -
HIGH
- 90–100 -
CRITICAL
- 0 -
- product Double
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
- label
Automation
Rule Severity Update Label - The severity value of the finding. The allowed values are the following.
INFORMATIONAL
- No issue was found.LOW
- The issue does not require action on its own.MEDIUM
- The issue must be addressed but not urgently.HIGH
- The issue must be addressed as a priority.CRITICAL
- The issue must be remediated immediately to avoid it escalating.
- normalized number
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label
. If you provideNormalized
and don't provideLabel
,Label
is set automatically as follows.- 0 -
INFORMATIONAL
- 1–39 -
LOW
- 40–69 -
MEDIUM
- 70–89 -
HIGH
- 90–100 -
CRITICAL
- 0 -
- product number
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
- label
Automation
Rule Severity Update Label - The severity value of the finding. The allowed values are the following.
INFORMATIONAL
- No issue was found.LOW
- The issue does not require action on its own.MEDIUM
- The issue must be addressed but not urgently.HIGH
- The issue must be addressed as a priority.CRITICAL
- The issue must be remediated immediately to avoid it escalating.
- normalized int
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label
. If you provideNormalized
and don't provideLabel
,Label
is set automatically as follows.- 0 -
INFORMATIONAL
- 1–39 -
LOW
- 40–69 -
MEDIUM
- 70–89 -
HIGH
- 90–100 -
CRITICAL
- 0 -
- product float
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
- label "INFORMATIONAL" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"
- The severity value of the finding. The allowed values are the following.
INFORMATIONAL
- No issue was found.LOW
- The issue does not require action on its own.MEDIUM
- The issue must be addressed but not urgently.HIGH
- The issue must be addressed as a priority.CRITICAL
- The issue must be remediated immediately to avoid it escalating.
- normalized Number
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label
. If you provideNormalized
and don't provideLabel
,Label
is set automatically as follows.- 0 -
INFORMATIONAL
- 1–39 -
LOW
- 40–69 -
MEDIUM
- 70–89 -
HIGH
- 90–100 -
CRITICAL
- 0 -
- product Number
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
AutomationRuleSeverityUpdateLabel, AutomationRuleSeverityUpdateLabelArgs
- Informational
- INFORMATIONAL
- Low
- LOW
- Medium
- MEDIUM
- High
- HIGH
- Critical
- CRITICAL
- Automation
Rule Severity Update Label Informational - INFORMATIONAL
- Automation
Rule Severity Update Label Low - LOW
- Automation
Rule Severity Update Label Medium - MEDIUM
- Automation
Rule Severity Update Label High - HIGH
- Automation
Rule Severity Update Label Critical - CRITICAL
- Informational
- INFORMATIONAL
- Low
- LOW
- Medium
- MEDIUM
- High
- HIGH
- Critical
- CRITICAL
- Informational
- INFORMATIONAL
- Low
- LOW
- Medium
- MEDIUM
- High
- HIGH
- Critical
- CRITICAL
- INFORMATIONAL
- INFORMATIONAL
- LOW
- LOW
- MEDIUM
- MEDIUM
- HIGH
- HIGH
- CRITICAL
- CRITICAL
- "INFORMATIONAL"
- INFORMATIONAL
- "LOW"
- LOW
- "MEDIUM"
- MEDIUM
- "HIGH"
- HIGH
- "CRITICAL"
- CRITICAL
AutomationRuleStringFilter, AutomationRuleStringFilterArgs
- Comparison
Pulumi.
Aws Native. Security Hub. Automation Rule String Filter Comparison The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can combinePREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- Value string
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- Comparison
Automation
Rule String Filter Comparison The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can combinePREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- Value string
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison
Automation
Rule String Filter Comparison The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can combinePREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- value String
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison
Automation
Rule String Filter Comparison The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can combinePREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- value string
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison
Automation
Rule String Filter Comparison The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can combinePREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- value str
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison "EQUALS" | "PREFIX" | "NOT_EQUALS" | "PREFIX_NOT_EQUALS" | "CONTAINS" | "NOT_CONTAINS"
The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title. You can’t have both aCONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters. You can combinePREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- value String
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
AutomationRuleStringFilterComparison, AutomationRuleStringFilterComparisonArgs
- Equals
Value - EQUALS
- Prefix
- PREFIX
- Not
Equals - NOT_EQUALS
- Prefix
Not Equals - PREFIX_NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- Automation
Rule String Filter Comparison Equals - EQUALS
- Automation
Rule String Filter Comparison Prefix - PREFIX
- Automation
Rule String Filter Comparison Not Equals - NOT_EQUALS
- Automation
Rule String Filter Comparison Prefix Not Equals - PREFIX_NOT_EQUALS
- Automation
Rule String Filter Comparison Contains - CONTAINS
- Automation
Rule String Filter Comparison Not Contains - NOT_CONTAINS
- Equals
- EQUALS
- Prefix
- PREFIX
- Not
Equals - NOT_EQUALS
- Prefix
Not Equals - PREFIX_NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- Equals
- EQUALS
- Prefix
- PREFIX
- Not
Equals - NOT_EQUALS
- Prefix
Not Equals - PREFIX_NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- EQUALS
- EQUALS
- PREFIX
- PREFIX
- NOT_EQUALS
- NOT_EQUALS
- PREFIX_NOT_EQUALS
- PREFIX_NOT_EQUALS
- CONTAINS
- CONTAINS
- NOT_CONTAINS
- NOT_CONTAINS
- "EQUALS"
- EQUALS
- "PREFIX"
- PREFIX
- "NOT_EQUALS"
- NOT_EQUALS
- "PREFIX_NOT_EQUALS"
- PREFIX_NOT_EQUALS
- "CONTAINS"
- CONTAINS
- "NOT_CONTAINS"
- NOT_CONTAINS
AutomationRuleWorkflowUpdate, AutomationRuleWorkflowUpdateArgs
- Status
Pulumi.
Aws Native. Security Hub. Automation Rule Workflow Update Status The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSED
orRESOLVED
does not prevent a new finding for the same issue. The allowed values are the following.NEW
- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatus
fromNOTIFIED
orRESOLVED
toNEW
in the following cases:The record state changes from
ARCHIVED
toACTIVE
.The compliance status changes from
PASSED
to eitherWARNING
,FAILED
, orNOT_AVAILABLE
.NOTIFIED
- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED
- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED
- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
- Status
Automation
Rule Workflow Update Status The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSED
orRESOLVED
does not prevent a new finding for the same issue. The allowed values are the following.NEW
- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatus
fromNOTIFIED
orRESOLVED
toNEW
in the following cases:The record state changes from
ARCHIVED
toACTIVE
.The compliance status changes from
PASSED
to eitherWARNING
,FAILED
, orNOT_AVAILABLE
.NOTIFIED
- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED
- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED
- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
- status
Automation
Rule Workflow Update Status The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSED
orRESOLVED
does not prevent a new finding for the same issue. The allowed values are the following.NEW
- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatus
fromNOTIFIED
orRESOLVED
toNEW
in the following cases:The record state changes from
ARCHIVED
toACTIVE
.The compliance status changes from
PASSED
to eitherWARNING
,FAILED
, orNOT_AVAILABLE
.NOTIFIED
- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED
- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED
- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
- status
Automation
Rule Workflow Update Status The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSED
orRESOLVED
does not prevent a new finding for the same issue. The allowed values are the following.NEW
- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatus
fromNOTIFIED
orRESOLVED
toNEW
in the following cases:The record state changes from
ARCHIVED
toACTIVE
.The compliance status changes from
PASSED
to eitherWARNING
,FAILED
, orNOT_AVAILABLE
.NOTIFIED
- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED
- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED
- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
- status
Automation
Rule Workflow Update Status The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSED
orRESOLVED
does not prevent a new finding for the same issue. The allowed values are the following.NEW
- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatus
fromNOTIFIED
orRESOLVED
toNEW
in the following cases:The record state changes from
ARCHIVED
toACTIVE
.The compliance status changes from
PASSED
to eitherWARNING
,FAILED
, orNOT_AVAILABLE
.NOTIFIED
- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED
- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED
- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
- status "NEW" | "NOTIFIED" | "RESOLVED" | "SUPPRESSED"
The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSED
orRESOLVED
does not prevent a new finding for the same issue. The allowed values are the following.NEW
- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatus
fromNOTIFIED
orRESOLVED
toNEW
in the following cases:The record state changes from
ARCHIVED
toACTIVE
.The compliance status changes from
PASSED
to eitherWARNING
,FAILED
, orNOT_AVAILABLE
.NOTIFIED
- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED
- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED
- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
AutomationRuleWorkflowUpdateStatus, AutomationRuleWorkflowUpdateStatusArgs
- New
- NEW
- Notified
- NOTIFIED
- Resolved
- RESOLVED
- Suppressed
- SUPPRESSED
- Automation
Rule Workflow Update Status New - NEW
- Automation
Rule Workflow Update Status Notified - NOTIFIED
- Automation
Rule Workflow Update Status Resolved - RESOLVED
- Automation
Rule Workflow Update Status Suppressed - SUPPRESSED
- New
- NEW
- Notified
- NOTIFIED
- Resolved
- RESOLVED
- Suppressed
- SUPPRESSED
- New
- NEW
- Notified
- NOTIFIED
- Resolved
- RESOLVED
- Suppressed
- SUPPRESSED
- NEW
- NEW
- NOTIFIED
- NOTIFIED
- RESOLVED
- RESOLVED
- SUPPRESSED
- SUPPRESSED
- "NEW"
- NEW
- "NOTIFIED"
- NOTIFIED
- "RESOLVED"
- RESOLVED
- "SUPPRESSED"
- SUPPRESSED
AutomationRulesAction, AutomationRulesActionArgs
- Finding
Fields Pulumi.Update Aws Native. Security Hub. Inputs. Automation Rules Finding Fields Update - Specifies that the automation rule action is an update to a finding field.
- Type
Pulumi.
Aws Native. Security Hub. Automation Rules Action Type - Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
- Finding
Fields AutomationUpdate Rules Finding Fields Update - Specifies that the automation rule action is an update to a finding field.
- Type
Automation
Rules Action Type - Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
- finding
Fields AutomationUpdate Rules Finding Fields Update - Specifies that the automation rule action is an update to a finding field.
- type
Automation
Rules Action Type - Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
- finding
Fields AutomationUpdate Rules Finding Fields Update - Specifies that the automation rule action is an update to a finding field.
- type
Automation
Rules Action Type - Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
- finding_
fields_ Automationupdate Rules Finding Fields Update - Specifies that the automation rule action is an update to a finding field.
- type
Automation
Rules Action Type - Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
- finding
Fields Property MapUpdate - Specifies that the automation rule action is an update to a finding field.
- type "FINDING_FIELDS_UPDATE"
- Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
AutomationRulesActionType, AutomationRulesActionTypeArgs
- Finding
Fields Update - FINDING_FIELDS_UPDATE
- Automation
Rules Action Type Finding Fields Update - FINDING_FIELDS_UPDATE
- Finding
Fields Update - FINDING_FIELDS_UPDATE
- Finding
Fields Update - FINDING_FIELDS_UPDATE
- FINDING_FIELDS_UPDATE
- FINDING_FIELDS_UPDATE
- "FINDING_FIELDS_UPDATE"
- FINDING_FIELDS_UPDATE
AutomationRulesFindingFieldsUpdate, AutomationRulesFindingFieldsUpdateArgs
- Confidence int
- The rule action updates the
Confidence
field of a finding. - Criticality int
- The rule action updates the
Criticality
field of a finding. - Note
Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Note Update - The rule action will update the
Note
field of a finding. - List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Related Finding> - The rule action will update the
RelatedFindings
field of a finding. - Severity
Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Severity Update - The rule action will update the
Severity
field of a finding. - Types List<string>
- The rule action updates the
Types
field of a finding. - User
Defined Dictionary<string, string>Fields - The rule action updates the
UserDefinedFields
field of a finding. - Verification
State Pulumi.Aws Native. Security Hub. Automation Rules Finding Fields Update Verification State - The rule action updates the
VerificationState
field of a finding. - Workflow
Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Workflow Update - The rule action will update the
Workflow
field of a finding.
- Confidence int
- The rule action updates the
Confidence
field of a finding. - Criticality int
- The rule action updates the
Criticality
field of a finding. - Note
Automation
Rule Note Update - The rule action will update the
Note
field of a finding. - []Automation
Rule Related Finding - The rule action will update the
RelatedFindings
field of a finding. - Severity
Automation
Rule Severity Update - The rule action will update the
Severity
field of a finding. - Types []string
- The rule action updates the
Types
field of a finding. - User
Defined map[string]stringFields - The rule action updates the
UserDefinedFields
field of a finding. - Verification
State AutomationRules Finding Fields Update Verification State - The rule action updates the
VerificationState
field of a finding. - Workflow
Automation
Rule Workflow Update - The rule action will update the
Workflow
field of a finding.
- confidence Integer
- The rule action updates the
Confidence
field of a finding. - criticality Integer
- The rule action updates the
Criticality
field of a finding. - note
Automation
Rule Note Update - The rule action will update the
Note
field of a finding. - List<Automation
Rule Related Finding> - The rule action will update the
RelatedFindings
field of a finding. - severity
Automation
Rule Severity Update - The rule action will update the
Severity
field of a finding. - types List<String>
- The rule action updates the
Types
field of a finding. - user
Defined Map<String,String>Fields - The rule action updates the
UserDefinedFields
field of a finding. - verification
State AutomationRules Finding Fields Update Verification State - The rule action updates the
VerificationState
field of a finding. - workflow
Automation
Rule Workflow Update - The rule action will update the
Workflow
field of a finding.
- confidence number
- The rule action updates the
Confidence
field of a finding. - criticality number
- The rule action updates the
Criticality
field of a finding. - note
Automation
Rule Note Update - The rule action will update the
Note
field of a finding. - Automation
Rule Related Finding[] - The rule action will update the
RelatedFindings
field of a finding. - severity
Automation
Rule Severity Update - The rule action will update the
Severity
field of a finding. - types string[]
- The rule action updates the
Types
field of a finding. - user
Defined {[key: string]: string}Fields - The rule action updates the
UserDefinedFields
field of a finding. - verification
State AutomationRules Finding Fields Update Verification State - The rule action updates the
VerificationState
field of a finding. - workflow
Automation
Rule Workflow Update - The rule action will update the
Workflow
field of a finding.
- confidence int
- The rule action updates the
Confidence
field of a finding. - criticality int
- The rule action updates the
Criticality
field of a finding. - note
Automation
Rule Note Update - The rule action will update the
Note
field of a finding. - Sequence[Automation
Rule Related Finding] - The rule action will update the
RelatedFindings
field of a finding. - severity
Automation
Rule Severity Update - The rule action will update the
Severity
field of a finding. - types Sequence[str]
- The rule action updates the
Types
field of a finding. - user_
defined_ Mapping[str, str]fields - The rule action updates the
UserDefinedFields
field of a finding. - verification_
state AutomationRules Finding Fields Update Verification State - The rule action updates the
VerificationState
field of a finding. - workflow
Automation
Rule Workflow Update - The rule action will update the
Workflow
field of a finding.
- confidence Number
- The rule action updates the
Confidence
field of a finding. - criticality Number
- The rule action updates the
Criticality
field of a finding. - note Property Map
- The rule action will update the
Note
field of a finding. - List<Property Map>
- The rule action will update the
RelatedFindings
field of a finding. - severity Property Map
- The rule action will update the
Severity
field of a finding. - types List<String>
- The rule action updates the
Types
field of a finding. - user
Defined Map<String>Fields - The rule action updates the
UserDefinedFields
field of a finding. - verification
State "UNKNOWN" | "TRUE_POSITIVE" | "FALSE_POSITIVE" | "BENIGN_POSITIVE" - The rule action updates the
VerificationState
field of a finding. - workflow Property Map
- The rule action will update the
Workflow
field of a finding.
AutomationRulesFindingFieldsUpdateVerificationState, AutomationRulesFindingFieldsUpdateVerificationStateArgs
- Unknown
- UNKNOWN
- True
Positive - TRUE_POSITIVE
- False
Positive - FALSE_POSITIVE
- Benign
Positive - BENIGN_POSITIVE
- Automation
Rules Finding Fields Update Verification State Unknown - UNKNOWN
- Automation
Rules Finding Fields Update Verification State True Positive - TRUE_POSITIVE
- Automation
Rules Finding Fields Update Verification State False Positive - FALSE_POSITIVE
- Automation
Rules Finding Fields Update Verification State Benign Positive - BENIGN_POSITIVE
- Unknown
- UNKNOWN
- True
Positive - TRUE_POSITIVE
- False
Positive - FALSE_POSITIVE
- Benign
Positive - BENIGN_POSITIVE
- Unknown
- UNKNOWN
- True
Positive - TRUE_POSITIVE
- False
Positive - FALSE_POSITIVE
- Benign
Positive - BENIGN_POSITIVE
- UNKNOWN
- UNKNOWN
- TRUE_POSITIVE
- TRUE_POSITIVE
- FALSE_POSITIVE
- FALSE_POSITIVE
- BENIGN_POSITIVE
- BENIGN_POSITIVE
- "UNKNOWN"
- UNKNOWN
- "TRUE_POSITIVE"
- TRUE_POSITIVE
- "FALSE_POSITIVE"
- FALSE_POSITIVE
- "BENIGN_POSITIVE"
- BENIGN_POSITIVE
AutomationRulesFindingFilters, AutomationRulesFindingFiltersArgs
- Aws
Account List<Pulumi.Id Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Company
Name List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Associated List<Pulumi.Standards Id Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Security List<Pulumi.Control Id Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Status List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Confidence
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Number Filter> - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - Created
At List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule Date Filter> A timestamp that indicates when this finding record was created. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Criticality
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Number Filter> - The level of importance that is assigned to the resources that are associated with a finding.
Criticality
is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0
means that the underlying resources have no criticality, and a score of100
is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - Description
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- First
Observed List<Pulumi.At Aws Native. Security Hub. Inputs. Automation Rule Date Filter> A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Generator
Id List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Id
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Last
Observed List<Pulumi.At Aws Native. Security Hub. Inputs. Automation Rule Date Filter> A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Text List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Updated List<Pulumi.At Aws Native. Security Hub. Inputs. Automation Rule Date Filter> The timestamp of when the note was updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Updated List<Pulumi.By Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Arn List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Name List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Record
State List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Details List<Pulumi.Other Aws Native. Security Hub. Inputs. Automation Rule Map Filter> - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Id List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Resource
Partition List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Region List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Map Filter> - A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Type List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Severity
Label List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Source
Url List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Title
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Type
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Updated
At List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule Date Filter> A timestamp that indicates when the finding record was most recently updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- User
Defined List<Pulumi.Fields Aws Native. Security Hub. Inputs. Automation Rule Map Filter> - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Verification
State List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Workflow
Status List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Aws
Account []AutomationId Rule String Filter - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Company
Name []AutomationRule String Filter - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Associated []AutomationStandards Id Rule String Filter - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Security []AutomationControl Id Rule String Filter - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Status []AutomationRule String Filter - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Confidence
[]Automation
Rule Number Filter - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - Created
At []AutomationRule Date Filter A timestamp that indicates when this finding record was created. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Criticality
[]Automation
Rule Number Filter - The level of importance that is assigned to the resources that are associated with a finding.
Criticality
is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0
means that the underlying resources have no criticality, and a score of100
is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - Description
[]Automation
Rule String Filter - A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- First
Observed []AutomationAt Rule Date Filter A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Generator
Id []AutomationRule String Filter - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Id
[]Automation
Rule String Filter - The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Last
Observed []AutomationAt Rule Date Filter A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Text []AutomationRule String Filter - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Updated []AutomationAt Rule Date Filter The timestamp of when the note was updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Updated []AutomationBy Rule String Filter - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Arn []AutomationRule String Filter - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Name []AutomationRule String Filter - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Record
State []AutomationRule String Filter - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- []Automation
Rule String Filter - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- []Automation
Rule String Filter - The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Details []AutomationOther Rule Map Filter - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Id []AutomationRule String Filter - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Resource
Partition []AutomationRule String Filter - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Region []AutomationRule String Filter - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- []Automation
Rule Map Filter - A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Type []AutomationRule String Filter - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Severity
Label []AutomationRule String Filter - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Source
Url []AutomationRule String Filter - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Title
[]Automation
Rule String Filter - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Type
[]Automation
Rule String Filter - One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Updated
At []AutomationRule Date Filter A timestamp that indicates when the finding record was most recently updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- User
Defined []AutomationFields Rule Map Filter - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Verification
State []AutomationRule String Filter - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Workflow
Status []AutomationRule String Filter - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- aws
Account List<AutomationId Rule String Filter> - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- company
Name List<AutomationRule String Filter> - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Associated List<AutomationStandards Id Rule String Filter> - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Security List<AutomationControl Id Rule String Filter> - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Status List<AutomationRule String Filter> - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- confidence
List<Automation
Rule Number Filter> - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - created
At List<AutomationRule Date Filter> A timestamp that indicates when this finding record was created. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- criticality
List<Automation
Rule Number Filter> - The level of importance that is assigned to the resources that are associated with a finding.
Criticality
is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0
means that the underlying resources have no criticality, and a score of100
is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - description
List<Automation
Rule String Filter> - A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- first
Observed List<AutomationAt Rule Date Filter> A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- generator
Id List<AutomationRule String Filter> - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- id
List<Automation
Rule String Filter> - The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- last
Observed List<AutomationAt Rule Date Filter> A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Text List<AutomationRule String Filter> - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated List<AutomationAt Rule Date Filter> The timestamp of when the note was updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated List<AutomationBy Rule String Filter> - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn List<AutomationRule String Filter> - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Name List<AutomationRule String Filter> - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- record
State List<AutomationRule String Filter> - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Automation
Rule String Filter> - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Automation
Rule String Filter> - The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Details List<AutomationOther Rule Map Filter> - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Id List<AutomationRule String Filter> - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- resource
Partition List<AutomationRule String Filter> - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Region List<AutomationRule String Filter> - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Automation
Rule Map Filter> - A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Type List<AutomationRule String Filter> - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- severity
Label List<AutomationRule String Filter> - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- source
Url List<AutomationRule String Filter> - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- title
List<Automation
Rule String Filter> - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- type
List<Automation
Rule String Filter> - One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- updated
At List<AutomationRule Date Filter> A timestamp that indicates when the finding record was most recently updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- user
Defined List<AutomationFields Rule Map Filter> - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- verification
State List<AutomationRule String Filter> - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- workflow
Status List<AutomationRule String Filter> - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- aws
Account AutomationId Rule String Filter[] - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- company
Name AutomationRule String Filter[] - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Associated AutomationStandards Id Rule String Filter[] - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Security AutomationControl Id Rule String Filter[] - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Status AutomationRule String Filter[] - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- confidence
Automation
Rule Number Filter[] - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - created
At AutomationRule Date Filter[] A timestamp that indicates when this finding record was created. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- criticality
Automation
Rule Number Filter[] - The level of importance that is assigned to the resources that are associated with a finding.
Criticality
is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0
means that the underlying resources have no criticality, and a score of100
is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - description
Automation
Rule String Filter[] - A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- first
Observed AutomationAt Rule Date Filter[] A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- generator
Id AutomationRule String Filter[] - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- id
Automation
Rule String Filter[] - The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- last
Observed AutomationAt Rule Date Filter[] A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Text AutomationRule String Filter[] - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated AutomationAt Rule Date Filter[] The timestamp of when the note was updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated AutomationBy Rule String Filter[] - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn AutomationRule String Filter[] - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Name AutomationRule String Filter[] - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- record
State AutomationRule String Filter[] - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Automation
Rule String Filter[] - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Automation
Rule String Filter[] - The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Details AutomationOther Rule Map Filter[] - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Id AutomationRule String Filter[] - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- resource
Partition AutomationRule String Filter[] - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Region AutomationRule String Filter[] - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Automation
Rule Map Filter[] - A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Type AutomationRule String Filter[] - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- severity
Label AutomationRule String Filter[] - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- source
Url AutomationRule String Filter[] - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- title
Automation
Rule String Filter[] - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- type
Automation
Rule String Filter[] - One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- updated
At AutomationRule Date Filter[] A timestamp that indicates when the finding record was most recently updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- user
Defined AutomationFields Rule Map Filter[] - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- verification
State AutomationRule String Filter[] - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- workflow
Status AutomationRule String Filter[] - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- aws_
account_ Sequence[Automationid Rule String Filter] - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- company_
name Sequence[AutomationRule String Filter] - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance_
associated_ Sequence[Automationstandards_ id Rule String Filter] - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance_
security_ Sequence[Automationcontrol_ id Rule String Filter] - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance_
status Sequence[AutomationRule String Filter] - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- confidence
Sequence[Automation
Rule Number Filter] - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - created_
at Sequence[AutomationRule Date Filter] A timestamp that indicates when this finding record was created. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- criticality
Sequence[Automation
Rule Number Filter] - The level of importance that is assigned to the resources that are associated with a finding.
Criticality
is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0
means that the underlying resources have no criticality, and a score of100
is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - description
Sequence[Automation
Rule String Filter] - A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- first_
observed_ Sequence[Automationat Rule Date Filter] A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- generator_
id Sequence[AutomationRule String Filter] - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- id
Sequence[Automation
Rule String Filter] - The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- last_
observed_ Sequence[Automationat Rule Date Filter] A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note_
text Sequence[AutomationRule String Filter] - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note_
updated_ Sequence[Automationat Rule Date Filter] The timestamp of when the note was updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note_
updated_ Sequence[Automationby Rule String Filter] - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product_
arn Sequence[AutomationRule String Filter] - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product_
name Sequence[AutomationRule String Filter] - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- record_
state Sequence[AutomationRule String Filter] - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Sequence[Automation
Rule String Filter] - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Sequence[Automation
Rule String Filter] - The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_
details_ Sequence[Automationother Rule Map Filter] - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_
id Sequence[AutomationRule String Filter] - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- resource_
partition Sequence[AutomationRule String Filter] - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_
region Sequence[AutomationRule String Filter] - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Sequence[Automation
Rule Map Filter] - A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_
type Sequence[AutomationRule String Filter] - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- severity_
label Sequence[AutomationRule String Filter] - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- source_
url Sequence[AutomationRule String Filter] - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- title
Sequence[Automation
Rule String Filter] - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- type
Sequence[Automation
Rule String Filter] - One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- updated_
at Sequence[AutomationRule Date Filter] A timestamp that indicates when the finding record was most recently updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- user_
defined_ Sequence[Automationfields Rule Map Filter] - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- verification_
state Sequence[AutomationRule String Filter] - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- workflow_
status Sequence[AutomationRule String Filter] - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- aws
Account List<Property Map>Id - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- company
Name List<Property Map> - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Associated List<Property Map>Standards Id - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Security List<Property Map>Control Id - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Status List<Property Map> - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- confidence List<Property Map>
- The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - created
At List<Property Map> A timestamp that indicates when this finding record was created. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- criticality List<Property Map>
- The level of importance that is assigned to the resources that are associated with a finding.
Criticality
is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0
means that the underlying resources have no criticality, and a score of100
is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - description List<Property Map>
- A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- first
Observed List<Property Map>At A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- generator
Id List<Property Map> - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- id List<Property Map>
- The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- last
Observed List<Property Map>At A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Text List<Property Map> - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated List<Property Map>At The timestamp of when the note was updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated List<Property Map>By - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn List<Property Map> - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Name List<Property Map> - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- record
State List<Property Map> - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Property Map>
- The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Property Map>
- The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Details List<Property Map>Other - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Id List<Property Map> - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- resource
Partition List<Property Map> - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Region List<Property Map> - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Property Map>
- A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Type List<Property Map> - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- severity
Label List<Property Map> - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- source
Url List<Property Map> - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- title List<Property Map>
- A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- type List<Property Map>
- One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- updated
At List<Property Map> A timestamp that indicates when the finding record was most recently updated. This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- user
Defined List<Property Map>Fields - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- verification
State List<Property Map> - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- workflow
Status List<Property Map> - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.