We recommend new projects start with resources from the AWS provider.
aws-native.securityhub.getInsight
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings.
Using getInsight
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getInsight(args: GetInsightArgs, opts?: InvokeOptions): Promise<GetInsightResult>
function getInsightOutput(args: GetInsightOutputArgs, opts?: InvokeOptions): Output<GetInsightResult>
def get_insight(insight_arn: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetInsightResult
def get_insight_output(insight_arn: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetInsightResult]
func LookupInsight(ctx *Context, args *LookupInsightArgs, opts ...InvokeOption) (*LookupInsightResult, error)
func LookupInsightOutput(ctx *Context, args *LookupInsightOutputArgs, opts ...InvokeOption) LookupInsightResultOutput
> Note: This function is named LookupInsight
in the Go SDK.
public static class GetInsight
{
public static Task<GetInsightResult> InvokeAsync(GetInsightArgs args, InvokeOptions? opts = null)
public static Output<GetInsightResult> Invoke(GetInsightInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetInsightResult> getInsight(GetInsightArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: aws-native:securityhub:getInsight
arguments:
# arguments dictionary
The following arguments are supported:
- Insight
Arn string - The ARN of a Security Hub insight
- Insight
Arn string - The ARN of a Security Hub insight
- insight
Arn String - The ARN of a Security Hub insight
- insight
Arn string - The ARN of a Security Hub insight
- insight_
arn str - The ARN of a Security Hub insight
- insight
Arn String - The ARN of a Security Hub insight
getInsight Result
The following output properties are available:
- Filters
Pulumi.
Aws Native. Security Hub. Outputs. Insight Aws Security Finding Filters - One or more attributes used to filter the findings included in the insight
- Group
By stringAttribute - The grouping attribute for the insight's findings
- Insight
Arn string - The ARN of a Security Hub insight
- Name string
- The name of a Security Hub insight
- Filters
Insight
Aws Security Finding Filters - One or more attributes used to filter the findings included in the insight
- Group
By stringAttribute - The grouping attribute for the insight's findings
- Insight
Arn string - The ARN of a Security Hub insight
- Name string
- The name of a Security Hub insight
- filters
Insight
Aws Security Finding Filters - One or more attributes used to filter the findings included in the insight
- group
By StringAttribute - The grouping attribute for the insight's findings
- insight
Arn String - The ARN of a Security Hub insight
- name String
- The name of a Security Hub insight
- filters
Insight
Aws Security Finding Filters - One or more attributes used to filter the findings included in the insight
- group
By stringAttribute - The grouping attribute for the insight's findings
- insight
Arn string - The ARN of a Security Hub insight
- name string
- The name of a Security Hub insight
- filters
Insight
Aws Security Finding Filters - One or more attributes used to filter the findings included in the insight
- group_
by_ strattribute - The grouping attribute for the insight's findings
- insight_
arn str - The ARN of a Security Hub insight
- name str
- The name of a Security Hub insight
- filters Property Map
- One or more attributes used to filter the findings included in the insight
- group
By StringAttribute - The grouping attribute for the insight's findings
- insight
Arn String - The ARN of a Security Hub insight
- name String
- The name of a Security Hub insight
Supporting Types
InsightAwsSecurityFindingFilters
- Aws
Account List<Pulumi.Id Aws Native. Security Hub. Inputs. Insight String Filter> - The AWS account ID in which a finding is generated.
- Aws
Account List<Pulumi.Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the AWS account in which a finding is generated.
- Company
Name List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the findings provider (company) that owns the solution (product) that generates findings.
- Compliance
Associated List<Pulumi.Standards Id Aws Native. Security Hub. Inputs. Insight String Filter> - The unique identifier of a standard in which a control is enabled.
- Compliance
Security List<Pulumi.Control Id Aws Native. Security Hub. Inputs. Insight String Filter> - The unique identifier of a control across standards.
- Compliance
Security List<Pulumi.Control Parameters Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of a security control parameter.
- Compliance
Security List<Pulumi.Control Parameters Value Aws Native. Security Hub. Inputs. Insight String Filter> - The current value of a security control parameter.
- Compliance
Status List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- Confidence
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight Number Filter> - A finding's confidence.
- Created
At List<Pulumi.Aws Native. Security Hub. Inputs. Insight Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- Criticality
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight Number Filter> - The level of importance assigned to the resources associated with the finding.
- Description
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - A finding's description.
- Finding
Provider List<Pulumi.Fields Confidence Aws Native. Security Hub. Inputs. Insight Number Filter> - The finding provider value for the finding confidence.
- Finding
Provider List<Pulumi.Fields Criticality Aws Native. Security Hub. Inputs. Insight Number Filter> - The finding provider value for the level of importance assigned to the resources associated with the findings.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The finding identifier of a related finding that is identified by the finding provider.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The ARN of the solution that generated a related finding that is identified by the finding provider.
- Finding
Provider List<Pulumi.Fields Severity Label Aws Native. Security Hub. Inputs. Insight String Filter> - The finding provider value for the severity label.
- Finding
Provider List<Pulumi.Fields Severity Original Aws Native. Security Hub. Inputs. Insight String Filter> - The finding provider's original value for the severity.
- Finding
Provider List<Pulumi.Fields Types Aws Native. Security Hub. Inputs. Insight String Filter> - One or more finding types that the finding provider assigned to the finding.
- First
Observed List<Pulumi.At Aws Native. Security Hub. Inputs. Insight Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- Generator
Id List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- Id
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The security findings provider-specific identifier for a finding.
- Keyword
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight Keyword Filter> - A keyword for a finding.
- Last
Observed List<Pulumi.At Aws Native. Security Hub. Inputs. Insight Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- Malware
Name List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the malware that was observed.
- Malware
Path List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The filesystem path of the malware that was observed.
- Malware
State List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The state of the malware that was observed.
- Malware
Type List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The type of the malware that was observed.
- Network
Destination List<Pulumi.Domain Aws Native. Security Hub. Inputs. Insight String Filter> - The destination domain of network-related information about a finding.
- Network
Destination List<Pulumi.Ip V4 Aws Native. Security Hub. Inputs. Insight Ip Filter> - The destination IPv4 address of network-related information about a finding.
- Network
Destination List<Pulumi.Ip V6 Aws Native. Security Hub. Inputs. Insight Ip Filter> - The destination IPv6 address of network-related information about a finding.
- Network
Destination List<Pulumi.Port Aws Native. Security Hub. Inputs. Insight Number Filter> - The destination port of network-related information about a finding.
- Network
Direction List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - Indicates the direction of network traffic associated with a finding.
- Network
Protocol List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The protocol of network-related information about a finding.
- Network
Source List<Pulumi.Domain Aws Native. Security Hub. Inputs. Insight String Filter> - The source domain of network-related information about a finding.
- Network
Source List<Pulumi.Ip V4 Aws Native. Security Hub. Inputs. Insight Ip Filter> - The source IPv4 address of network-related information about a finding.
- Network
Source List<Pulumi.Ip V6 Aws Native. Security Hub. Inputs. Insight Ip Filter> - The source IPv6 address of network-related information about a finding.
- Network
Source List<Pulumi.Mac Aws Native. Security Hub. Inputs. Insight String Filter> - The source media access control (MAC) address of network-related information about a finding.
- Network
Source List<Pulumi.Port Aws Native. Security Hub. Inputs. Insight Number Filter> - The source port of network-related information about a finding.
- Note
Text List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The text of a note.
- Note
Updated List<Pulumi.At Aws Native. Security Hub. Inputs. Insight Date Filter> - The timestamp of when the note was updated.
- Note
Updated List<Pulumi.By Aws Native. Security Hub. Inputs. Insight String Filter> - The principal that created a note.
- Process
Launched List<Pulumi.At Aws Native. Security Hub. Inputs. Insight Date Filter> - A timestamp that identifies when the process was launched.
- Process
Name List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the process.
- Process
Parent List<Pulumi.Pid Aws Native. Security Hub. Inputs. Insight Number Filter> - The parent process ID.
- Process
Path List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The path to the process executable.
- Process
Pid List<Pulumi.Aws Native. Security Hub. Inputs. Insight Number Filter> - The process ID.
- Process
Terminated List<Pulumi.At Aws Native. Security Hub. Inputs. Insight Date Filter> - A timestamp that identifies when the process was terminated.
- Product
Arn List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- Product
Fields List<Pulumi.Aws Native. Security Hub. Inputs. Insight Map Filter> - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- Product
Name List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the solution (product) that generates findings.
- Recommendation
Text List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The recommendation of what to do about the issue described in a finding.
- Record
State List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The updated record state for the finding.
- Region
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The Region from which the finding was generated.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The solution-generated identifier for a related finding.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The ARN of the solution that generated a related finding.
- Resource
Application List<Pulumi.Arn Aws Native. Security Hub. Inputs. Insight String Filter> - The ARN of the application that is related to a finding.
- Resource
Application List<Pulumi.Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the application that is related to a finding.
- Resource
Aws List<Pulumi.Ec2Instance Iam Instance Profile Arn Aws Native. Security Hub. Inputs. Insight String Filter> - The IAM profile ARN of the instance.
- Resource
Aws List<Pulumi.Ec2Instance Image Id Aws Native. Security Hub. Inputs. Insight String Filter> - The Amazon Machine Image (AMI) ID of the instance.
- Resource
Aws List<Pulumi.Ec2Instance Ip V4Addresses Aws Native. Security Hub. Inputs. Insight Ip Filter> - The IPv4 addresses associated with the instance.
- Resource
Aws List<Pulumi.Ec2Instance Ip V6Addresses Aws Native. Security Hub. Inputs. Insight Ip Filter> - The IPv6 addresses associated with the instance.
- Resource
Aws List<Pulumi.Ec2Instance Key Name Aws Native. Security Hub. Inputs. Insight String Filter> - The key name associated with the instance.
- Resource
Aws List<Pulumi.Ec2Instance Launched At Aws Native. Security Hub. Inputs. Insight Date Filter> - The date and time the instance was launched.
- Resource
Aws List<Pulumi.Ec2Instance Subnet Id Aws Native. Security Hub. Inputs. Insight String Filter> - The identifier of the subnet that the instance was launched in.
- Resource
Aws List<Pulumi.Ec2Instance Type Aws Native. Security Hub. Inputs. Insight String Filter> - The instance type of the instance.
- Resource
Aws List<Pulumi.Ec2Instance Vpc Id Aws Native. Security Hub. Inputs. Insight String Filter> - The identifier of the VPC that the instance was launched in.
- Resource
Aws List<Pulumi.Iam Access Key Created At Aws Native. Security Hub. Inputs. Insight Date Filter> - The creation date/time of the IAM access key related to a finding.
- Resource
Aws List<Pulumi.Iam Access Key Principal Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the principal that is associated with an IAM access key.
- Resource
Aws List<Pulumi.Iam Access Key Status Aws Native. Security Hub. Inputs. Insight String Filter> - The status of the IAM access key related to a finding.
- Resource
Aws List<Pulumi.Iam Access Key User Name Aws Native. Security Hub. Inputs. Insight String Filter> - The user associated with the IAM access key related to a finding.
- Resource
Aws List<Pulumi.Iam User User Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of an IAM user.
- Resource
Aws List<Pulumi.S3Bucket Owner Id Aws Native. Security Hub. Inputs. Insight String Filter> - The canonical user ID of the owner of the S3 bucket.
- Resource
Aws List<Pulumi.S3Bucket Owner Name Aws Native. Security Hub. Inputs. Insight String Filter> - The display name of the owner of the S3 bucket.
- Resource
Container List<Pulumi.Image Id Aws Native. Security Hub. Inputs. Insight String Filter> - The identifier of the image related to a finding.
- Resource
Container List<Pulumi.Image Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the image related to a finding.
- Resource
Container List<Pulumi.Launched At Aws Native. Security Hub. Inputs. Insight Date Filter> - A timestamp that identifies when the container was started.
- Resource
Container List<Pulumi.Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the container related to a finding.
- Resource
Details List<Pulumi.Other Aws Native. Security Hub. Inputs. Insight Map Filter> - The details of a resource that doesn't have a specific subfield for the resource type defined.
- Resource
Id List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The canonical identifier for the given resource type.
- Resource
Partition List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The canonical AWS partition name that the Region is assigned to.
- Resource
Region List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The canonical AWS external Region name where this resource is located.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Insight Map Filter> - A list of AWS tags associated with a resource at the time the finding was processed.
- Resource
Type List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - Specifies the type of the resource that details are provided for.
- Sample
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight Boolean Filter> - Indicates whether or not sample findings are included in the filter results.
- Severity
Label List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The label of a finding's severity.
- Severity
Normalized List<Pulumi.Aws Native. Security Hub. Inputs. Insight Number Filter> - The normalized severity of a finding.
- Severity
Product List<Pulumi.Aws Native. Security Hub. Inputs. Insight Number Filter> - The native severity as defined by the security findings provider's solution that generated the finding.
- Source
Url List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - A URL that links to a page about the current finding in the security findings provider's solution.
- Threat
Intel List<Pulumi.Indicator Category Aws Native. Security Hub. Inputs. Insight String Filter> - The category of a threat intelligence indicator.
- Threat
Intel List<Pulumi.Indicator Last Observed At Aws Native. Security Hub. Inputs. Insight Date Filter> - A timestamp that identifies the last observation of a threat intelligence indicator.
- Threat
Intel List<Pulumi.Indicator Source Aws Native. Security Hub. Inputs. Insight String Filter> - The source of the threat intelligence.
- Threat
Intel List<Pulumi.Indicator Source Url Aws Native. Security Hub. Inputs. Insight String Filter> - The URL for more details from the source of the threat intelligence.
- Threat
Intel List<Pulumi.Indicator Type Aws Native. Security Hub. Inputs. Insight String Filter> - The type of a threat intelligence indicator.
- Threat
Intel List<Pulumi.Indicator Value Aws Native. Security Hub. Inputs. Insight String Filter> - The value of a threat intelligence indicator.
- Title
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - A finding's title.
- Type
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - A finding type in the format of namespace/category/classifier that classifies a finding.
- Updated
At List<Pulumi.Aws Native. Security Hub. Inputs. Insight Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- User
Defined List<Pulumi.Fields Aws Native. Security Hub. Inputs. Insight Map Filter> - A list of name/value string pairs associated with the finding.
- Verification
State List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The veracity of a finding.
- Vulnerabilities
Exploit List<Pulumi.Available Aws Native. Security Hub. Inputs. Insight String Filter> - Indicates whether a software vulnerability in your environment has a known exploit.
- Vulnerabilities
Fix List<Pulumi.Available Aws Native. Security Hub. Inputs. Insight String Filter> - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- Workflow
State List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The workflow state of a finding.
- Workflow
Status List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The status of the investigation into a finding.
- Aws
Account []InsightId String Filter - The AWS account ID in which a finding is generated.
- Aws
Account []InsightName String Filter - The name of the AWS account in which a finding is generated.
- Company
Name []InsightString Filter - The name of the findings provider (company) that owns the solution (product) that generates findings.
- Compliance
Associated []InsightStandards Id String Filter - The unique identifier of a standard in which a control is enabled.
- Compliance
Security []InsightControl Id String Filter - The unique identifier of a control across standards.
- Compliance
Security []InsightControl Parameters Name String Filter - The name of a security control parameter.
- Compliance
Security []InsightControl Parameters Value String Filter - The current value of a security control parameter.
- Compliance
Status []InsightString Filter - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- Confidence
[]Insight
Number Filter - A finding's confidence.
- Created
At []InsightDate Filter - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- Criticality
[]Insight
Number Filter - The level of importance assigned to the resources associated with the finding.
- Description
[]Insight
String Filter - A finding's description.
- Finding
Provider []InsightFields Confidence Number Filter - The finding provider value for the finding confidence.
- Finding
Provider []InsightFields Criticality Number Filter - The finding provider value for the level of importance assigned to the resources associated with the findings.
- []Insight
String Filter - The finding identifier of a related finding that is identified by the finding provider.
- []Insight
String Filter - The ARN of the solution that generated a related finding that is identified by the finding provider.
- Finding
Provider []InsightFields Severity Label String Filter - The finding provider value for the severity label.
- Finding
Provider []InsightFields Severity Original String Filter - The finding provider's original value for the severity.
- Finding
Provider []InsightFields Types String Filter - One or more finding types that the finding provider assigned to the finding.
- First
Observed []InsightAt Date Filter - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- Generator
Id []InsightString Filter - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- Id
[]Insight
String Filter - The security findings provider-specific identifier for a finding.
- Keyword
[]Insight
Keyword Filter - A keyword for a finding.
- Last
Observed []InsightAt Date Filter - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- Malware
Name []InsightString Filter - The name of the malware that was observed.
- Malware
Path []InsightString Filter - The filesystem path of the malware that was observed.
- Malware
State []InsightString Filter - The state of the malware that was observed.
- Malware
Type []InsightString Filter - The type of the malware that was observed.
- Network
Destination []InsightDomain String Filter - The destination domain of network-related information about a finding.
- Network
Destination []InsightIp V4 Ip Filter - The destination IPv4 address of network-related information about a finding.
- Network
Destination []InsightIp V6 Ip Filter - The destination IPv6 address of network-related information about a finding.
- Network
Destination []InsightPort Number Filter - The destination port of network-related information about a finding.
- Network
Direction []InsightString Filter - Indicates the direction of network traffic associated with a finding.
- Network
Protocol []InsightString Filter - The protocol of network-related information about a finding.
- Network
Source []InsightDomain String Filter - The source domain of network-related information about a finding.
- Network
Source []InsightIp V4 Ip Filter - The source IPv4 address of network-related information about a finding.
- Network
Source []InsightIp V6 Ip Filter - The source IPv6 address of network-related information about a finding.
- Network
Source []InsightMac String Filter - The source media access control (MAC) address of network-related information about a finding.
- Network
Source []InsightPort Number Filter - The source port of network-related information about a finding.
- Note
Text []InsightString Filter - The text of a note.
- Note
Updated []InsightAt Date Filter - The timestamp of when the note was updated.
- Note
Updated []InsightBy String Filter - The principal that created a note.
- Process
Launched []InsightAt Date Filter - A timestamp that identifies when the process was launched.
- Process
Name []InsightString Filter - The name of the process.
- Process
Parent []InsightPid Number Filter - The parent process ID.
- Process
Path []InsightString Filter - The path to the process executable.
- Process
Pid []InsightNumber Filter - The process ID.
- Process
Terminated []InsightAt Date Filter - A timestamp that identifies when the process was terminated.
- Product
Arn []InsightString Filter - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- Product
Fields []InsightMap Filter - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- Product
Name []InsightString Filter - The name of the solution (product) that generates findings.
- Recommendation
Text []InsightString Filter - The recommendation of what to do about the issue described in a finding.
- Record
State []InsightString Filter - The updated record state for the finding.
- Region
[]Insight
String Filter - The Region from which the finding was generated.
- []Insight
String Filter - The solution-generated identifier for a related finding.
- []Insight
String Filter - The ARN of the solution that generated a related finding.
- Resource
Application []InsightArn String Filter - The ARN of the application that is related to a finding.
- Resource
Application []InsightName String Filter - The name of the application that is related to a finding.
- Resource
Aws []InsightEc2Instance Iam Instance Profile Arn String Filter - The IAM profile ARN of the instance.
- Resource
Aws []InsightEc2Instance Image Id String Filter - The Amazon Machine Image (AMI) ID of the instance.
- Resource
Aws []InsightEc2Instance Ip V4Addresses Ip Filter - The IPv4 addresses associated with the instance.
- Resource
Aws []InsightEc2Instance Ip V6Addresses Ip Filter - The IPv6 addresses associated with the instance.
- Resource
Aws []InsightEc2Instance Key Name String Filter - The key name associated with the instance.
- Resource
Aws []InsightEc2Instance Launched At Date Filter - The date and time the instance was launched.
- Resource
Aws []InsightEc2Instance Subnet Id String Filter - The identifier of the subnet that the instance was launched in.
- Resource
Aws []InsightEc2Instance Type String Filter - The instance type of the instance.
- Resource
Aws []InsightEc2Instance Vpc Id String Filter - The identifier of the VPC that the instance was launched in.
- Resource
Aws []InsightIam Access Key Created At Date Filter - The creation date/time of the IAM access key related to a finding.
- Resource
Aws []InsightIam Access Key Principal Name String Filter - The name of the principal that is associated with an IAM access key.
- Resource
Aws []InsightIam Access Key Status String Filter - The status of the IAM access key related to a finding.
- Resource
Aws []InsightIam Access Key User Name String Filter - The user associated with the IAM access key related to a finding.
- Resource
Aws []InsightIam User User Name String Filter - The name of an IAM user.
- Resource
Aws []InsightS3Bucket Owner Id String Filter - The canonical user ID of the owner of the S3 bucket.
- Resource
Aws []InsightS3Bucket Owner Name String Filter - The display name of the owner of the S3 bucket.
- Resource
Container []InsightImage Id String Filter - The identifier of the image related to a finding.
- Resource
Container []InsightImage Name String Filter - The name of the image related to a finding.
- Resource
Container []InsightLaunched At Date Filter - A timestamp that identifies when the container was started.
- Resource
Container []InsightName String Filter - The name of the container related to a finding.
- Resource
Details []InsightOther Map Filter - The details of a resource that doesn't have a specific subfield for the resource type defined.
- Resource
Id []InsightString Filter - The canonical identifier for the given resource type.
- Resource
Partition []InsightString Filter - The canonical AWS partition name that the Region is assigned to.
- Resource
Region []InsightString Filter - The canonical AWS external Region name where this resource is located.
- []Insight
Map Filter - A list of AWS tags associated with a resource at the time the finding was processed.
- Resource
Type []InsightString Filter - Specifies the type of the resource that details are provided for.
- Sample
[]Insight
Boolean Filter - Indicates whether or not sample findings are included in the filter results.
- Severity
Label []InsightString Filter - The label of a finding's severity.
- Severity
Normalized []InsightNumber Filter - The normalized severity of a finding.
- Severity
Product []InsightNumber Filter - The native severity as defined by the security findings provider's solution that generated the finding.
- Source
Url []InsightString Filter - A URL that links to a page about the current finding in the security findings provider's solution.
- Threat
Intel []InsightIndicator Category String Filter - The category of a threat intelligence indicator.
- Threat
Intel []InsightIndicator Last Observed At Date Filter - A timestamp that identifies the last observation of a threat intelligence indicator.
- Threat
Intel []InsightIndicator Source String Filter - The source of the threat intelligence.
- Threat
Intel []InsightIndicator Source Url String Filter - The URL for more details from the source of the threat intelligence.
- Threat
Intel []InsightIndicator Type String Filter - The type of a threat intelligence indicator.
- Threat
Intel []InsightIndicator Value String Filter - The value of a threat intelligence indicator.
- Title
[]Insight
String Filter - A finding's title.
- Type
[]Insight
String Filter - A finding type in the format of namespace/category/classifier that classifies a finding.
- Updated
At []InsightDate Filter - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- User
Defined []InsightFields Map Filter - A list of name/value string pairs associated with the finding.
- Verification
State []InsightString Filter - The veracity of a finding.
- Vulnerabilities
Exploit []InsightAvailable String Filter - Indicates whether a software vulnerability in your environment has a known exploit.
- Vulnerabilities
Fix []InsightAvailable String Filter - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- Workflow
State []InsightString Filter - The workflow state of a finding.
- Workflow
Status []InsightString Filter - The status of the investigation into a finding.
- aws
Account List<InsightId String Filter> - The AWS account ID in which a finding is generated.
- aws
Account List<InsightName String Filter> - The name of the AWS account in which a finding is generated.
- company
Name List<InsightString Filter> - The name of the findings provider (company) that owns the solution (product) that generates findings.
- compliance
Associated List<InsightStandards Id String Filter> - The unique identifier of a standard in which a control is enabled.
- compliance
Security List<InsightControl Id String Filter> - The unique identifier of a control across standards.
- compliance
Security List<InsightControl Parameters Name String Filter> - The name of a security control parameter.
- compliance
Security List<InsightControl Parameters Value String Filter> - The current value of a security control parameter.
- compliance
Status List<InsightString Filter> - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- confidence
List<Insight
Number Filter> - A finding's confidence.
- created
At List<InsightDate Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- criticality
List<Insight
Number Filter> - The level of importance assigned to the resources associated with the finding.
- description
List<Insight
String Filter> - A finding's description.
- finding
Provider List<InsightFields Confidence Number Filter> - The finding provider value for the finding confidence.
- finding
Provider List<InsightFields Criticality Number Filter> - The finding provider value for the level of importance assigned to the resources associated with the findings.
- List<Insight
String Filter> - The finding identifier of a related finding that is identified by the finding provider.
- List<Insight
String Filter> - The ARN of the solution that generated a related finding that is identified by the finding provider.
- finding
Provider List<InsightFields Severity Label String Filter> - The finding provider value for the severity label.
- finding
Provider List<InsightFields Severity Original String Filter> - The finding provider's original value for the severity.
- finding
Provider List<InsightFields Types String Filter> - One or more finding types that the finding provider assigned to the finding.
- first
Observed List<InsightAt Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- generator
Id List<InsightString Filter> - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- id
List<Insight
String Filter> - The security findings provider-specific identifier for a finding.
- keyword
List<Insight
Keyword Filter> - A keyword for a finding.
- last
Observed List<InsightAt Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- malware
Name List<InsightString Filter> - The name of the malware that was observed.
- malware
Path List<InsightString Filter> - The filesystem path of the malware that was observed.
- malware
State List<InsightString Filter> - The state of the malware that was observed.
- malware
Type List<InsightString Filter> - The type of the malware that was observed.
- network
Destination List<InsightDomain String Filter> - The destination domain of network-related information about a finding.
- network
Destination List<InsightIp V4 Ip Filter> - The destination IPv4 address of network-related information about a finding.
- network
Destination List<InsightIp V6 Ip Filter> - The destination IPv6 address of network-related information about a finding.
- network
Destination List<InsightPort Number Filter> - The destination port of network-related information about a finding.
- network
Direction List<InsightString Filter> - Indicates the direction of network traffic associated with a finding.
- network
Protocol List<InsightString Filter> - The protocol of network-related information about a finding.
- network
Source List<InsightDomain String Filter> - The source domain of network-related information about a finding.
- network
Source List<InsightIp V4 Ip Filter> - The source IPv4 address of network-related information about a finding.
- network
Source List<InsightIp V6 Ip Filter> - The source IPv6 address of network-related information about a finding.
- network
Source List<InsightMac String Filter> - The source media access control (MAC) address of network-related information about a finding.
- network
Source List<InsightPort Number Filter> - The source port of network-related information about a finding.
- note
Text List<InsightString Filter> - The text of a note.
- note
Updated List<InsightAt Date Filter> - The timestamp of when the note was updated.
- note
Updated List<InsightBy String Filter> - The principal that created a note.
- process
Launched List<InsightAt Date Filter> - A timestamp that identifies when the process was launched.
- process
Name List<InsightString Filter> - The name of the process.
- process
Parent List<InsightPid Number Filter> - The parent process ID.
- process
Path List<InsightString Filter> - The path to the process executable.
- process
Pid List<InsightNumber Filter> - The process ID.
- process
Terminated List<InsightAt Date Filter> - A timestamp that identifies when the process was terminated.
- product
Arn List<InsightString Filter> - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- product
Fields List<InsightMap Filter> - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- product
Name List<InsightString Filter> - The name of the solution (product) that generates findings.
- recommendation
Text List<InsightString Filter> - The recommendation of what to do about the issue described in a finding.
- record
State List<InsightString Filter> - The updated record state for the finding.
- region
List<Insight
String Filter> - The Region from which the finding was generated.
- List<Insight
String Filter> - The solution-generated identifier for a related finding.
- List<Insight
String Filter> - The ARN of the solution that generated a related finding.
- resource
Application List<InsightArn String Filter> - The ARN of the application that is related to a finding.
- resource
Application List<InsightName String Filter> - The name of the application that is related to a finding.
- resource
Aws List<InsightEc2Instance Iam Instance Profile Arn String Filter> - The IAM profile ARN of the instance.
- resource
Aws List<InsightEc2Instance Image Id String Filter> - The Amazon Machine Image (AMI) ID of the instance.
- resource
Aws List<InsightEc2Instance Ip V4Addresses Ip Filter> - The IPv4 addresses associated with the instance.
- resource
Aws List<InsightEc2Instance Ip V6Addresses Ip Filter> - The IPv6 addresses associated with the instance.
- resource
Aws List<InsightEc2Instance Key Name String Filter> - The key name associated with the instance.
- resource
Aws List<InsightEc2Instance Launched At Date Filter> - The date and time the instance was launched.
- resource
Aws List<InsightEc2Instance Subnet Id String Filter> - The identifier of the subnet that the instance was launched in.
- resource
Aws List<InsightEc2Instance Type String Filter> - The instance type of the instance.
- resource
Aws List<InsightEc2Instance Vpc Id String Filter> - The identifier of the VPC that the instance was launched in.
- resource
Aws List<InsightIam Access Key Created At Date Filter> - The creation date/time of the IAM access key related to a finding.
- resource
Aws List<InsightIam Access Key Principal Name String Filter> - The name of the principal that is associated with an IAM access key.
- resource
Aws List<InsightIam Access Key Status String Filter> - The status of the IAM access key related to a finding.
- resource
Aws List<InsightIam Access Key User Name String Filter> - The user associated with the IAM access key related to a finding.
- resource
Aws List<InsightIam User User Name String Filter> - The name of an IAM user.
- resource
Aws List<InsightS3Bucket Owner Id String Filter> - The canonical user ID of the owner of the S3 bucket.
- resource
Aws List<InsightS3Bucket Owner Name String Filter> - The display name of the owner of the S3 bucket.
- resource
Container List<InsightImage Id String Filter> - The identifier of the image related to a finding.
- resource
Container List<InsightImage Name String Filter> - The name of the image related to a finding.
- resource
Container List<InsightLaunched At Date Filter> - A timestamp that identifies when the container was started.
- resource
Container List<InsightName String Filter> - The name of the container related to a finding.
- resource
Details List<InsightOther Map Filter> - The details of a resource that doesn't have a specific subfield for the resource type defined.
- resource
Id List<InsightString Filter> - The canonical identifier for the given resource type.
- resource
Partition List<InsightString Filter> - The canonical AWS partition name that the Region is assigned to.
- resource
Region List<InsightString Filter> - The canonical AWS external Region name where this resource is located.
- List<Insight
Map Filter> - A list of AWS tags associated with a resource at the time the finding was processed.
- resource
Type List<InsightString Filter> - Specifies the type of the resource that details are provided for.
- sample
List<Insight
Boolean Filter> - Indicates whether or not sample findings are included in the filter results.
- severity
Label List<InsightString Filter> - The label of a finding's severity.
- severity
Normalized List<InsightNumber Filter> - The normalized severity of a finding.
- severity
Product List<InsightNumber Filter> - The native severity as defined by the security findings provider's solution that generated the finding.
- source
Url List<InsightString Filter> - A URL that links to a page about the current finding in the security findings provider's solution.
- threat
Intel List<InsightIndicator Category String Filter> - The category of a threat intelligence indicator.
- threat
Intel List<InsightIndicator Last Observed At Date Filter> - A timestamp that identifies the last observation of a threat intelligence indicator.
- threat
Intel List<InsightIndicator Source String Filter> - The source of the threat intelligence.
- threat
Intel List<InsightIndicator Source Url String Filter> - The URL for more details from the source of the threat intelligence.
- threat
Intel List<InsightIndicator Type String Filter> - The type of a threat intelligence indicator.
- threat
Intel List<InsightIndicator Value String Filter> - The value of a threat intelligence indicator.
- title
List<Insight
String Filter> - A finding's title.
- type
List<Insight
String Filter> - A finding type in the format of namespace/category/classifier that classifies a finding.
- updated
At List<InsightDate Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- user
Defined List<InsightFields Map Filter> - A list of name/value string pairs associated with the finding.
- verification
State List<InsightString Filter> - The veracity of a finding.
- vulnerabilities
Exploit List<InsightAvailable String Filter> - Indicates whether a software vulnerability in your environment has a known exploit.
- vulnerabilities
Fix List<InsightAvailable String Filter> - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- workflow
State List<InsightString Filter> - The workflow state of a finding.
- workflow
Status List<InsightString Filter> - The status of the investigation into a finding.
- aws
Account InsightId String Filter[] - The AWS account ID in which a finding is generated.
- aws
Account InsightName String Filter[] - The name of the AWS account in which a finding is generated.
- company
Name InsightString Filter[] - The name of the findings provider (company) that owns the solution (product) that generates findings.
- compliance
Associated InsightStandards Id String Filter[] - The unique identifier of a standard in which a control is enabled.
- compliance
Security InsightControl Id String Filter[] - The unique identifier of a control across standards.
- compliance
Security InsightControl Parameters Name String Filter[] - The name of a security control parameter.
- compliance
Security InsightControl Parameters Value String Filter[] - The current value of a security control parameter.
- compliance
Status InsightString Filter[] - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- confidence
Insight
Number Filter[] - A finding's confidence.
- created
At InsightDate Filter[] - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- criticality
Insight
Number Filter[] - The level of importance assigned to the resources associated with the finding.
- description
Insight
String Filter[] - A finding's description.
- finding
Provider InsightFields Confidence Number Filter[] - The finding provider value for the finding confidence.
- finding
Provider InsightFields Criticality Number Filter[] - The finding provider value for the level of importance assigned to the resources associated with the findings.
- Insight
String Filter[] - The finding identifier of a related finding that is identified by the finding provider.
- Insight
String Filter[] - The ARN of the solution that generated a related finding that is identified by the finding provider.
- finding
Provider InsightFields Severity Label String Filter[] - The finding provider value for the severity label.
- finding
Provider InsightFields Severity Original String Filter[] - The finding provider's original value for the severity.
- finding
Provider InsightFields Types String Filter[] - One or more finding types that the finding provider assigned to the finding.
- first
Observed InsightAt Date Filter[] - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- generator
Id InsightString Filter[] - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- id
Insight
String Filter[] - The security findings provider-specific identifier for a finding.
- keyword
Insight
Keyword Filter[] - A keyword for a finding.
- last
Observed InsightAt Date Filter[] - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- malware
Name InsightString Filter[] - The name of the malware that was observed.
- malware
Path InsightString Filter[] - The filesystem path of the malware that was observed.
- malware
State InsightString Filter[] - The state of the malware that was observed.
- malware
Type InsightString Filter[] - The type of the malware that was observed.
- network
Destination InsightDomain String Filter[] - The destination domain of network-related information about a finding.
- network
Destination InsightIp V4 Ip Filter[] - The destination IPv4 address of network-related information about a finding.
- network
Destination InsightIp V6 Ip Filter[] - The destination IPv6 address of network-related information about a finding.
- network
Destination InsightPort Number Filter[] - The destination port of network-related information about a finding.
- network
Direction InsightString Filter[] - Indicates the direction of network traffic associated with a finding.
- network
Protocol InsightString Filter[] - The protocol of network-related information about a finding.
- network
Source InsightDomain String Filter[] - The source domain of network-related information about a finding.
- network
Source InsightIp V4 Ip Filter[] - The source IPv4 address of network-related information about a finding.
- network
Source InsightIp V6 Ip Filter[] - The source IPv6 address of network-related information about a finding.
- network
Source InsightMac String Filter[] - The source media access control (MAC) address of network-related information about a finding.
- network
Source InsightPort Number Filter[] - The source port of network-related information about a finding.
- note
Text InsightString Filter[] - The text of a note.
- note
Updated InsightAt Date Filter[] - The timestamp of when the note was updated.
- note
Updated InsightBy String Filter[] - The principal that created a note.
- process
Launched InsightAt Date Filter[] - A timestamp that identifies when the process was launched.
- process
Name InsightString Filter[] - The name of the process.
- process
Parent InsightPid Number Filter[] - The parent process ID.
- process
Path InsightString Filter[] - The path to the process executable.
- process
Pid InsightNumber Filter[] - The process ID.
- process
Terminated InsightAt Date Filter[] - A timestamp that identifies when the process was terminated.
- product
Arn InsightString Filter[] - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- product
Fields InsightMap Filter[] - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- product
Name InsightString Filter[] - The name of the solution (product) that generates findings.
- recommendation
Text InsightString Filter[] - The recommendation of what to do about the issue described in a finding.
- record
State InsightString Filter[] - The updated record state for the finding.
- region
Insight
String Filter[] - The Region from which the finding was generated.
- Insight
String Filter[] - The solution-generated identifier for a related finding.
- Insight
String Filter[] - The ARN of the solution that generated a related finding.
- resource
Application InsightArn String Filter[] - The ARN of the application that is related to a finding.
- resource
Application InsightName String Filter[] - The name of the application that is related to a finding.
- resource
Aws InsightEc2Instance Iam Instance Profile Arn String Filter[] - The IAM profile ARN of the instance.
- resource
Aws InsightEc2Instance Image Id String Filter[] - The Amazon Machine Image (AMI) ID of the instance.
- resource
Aws InsightEc2Instance Ip V4Addresses Ip Filter[] - The IPv4 addresses associated with the instance.
- resource
Aws InsightEc2Instance Ip V6Addresses Ip Filter[] - The IPv6 addresses associated with the instance.
- resource
Aws InsightEc2Instance Key Name String Filter[] - The key name associated with the instance.
- resource
Aws InsightEc2Instance Launched At Date Filter[] - The date and time the instance was launched.
- resource
Aws InsightEc2Instance Subnet Id String Filter[] - The identifier of the subnet that the instance was launched in.
- resource
Aws InsightEc2Instance Type String Filter[] - The instance type of the instance.
- resource
Aws InsightEc2Instance Vpc Id String Filter[] - The identifier of the VPC that the instance was launched in.
- resource
Aws InsightIam Access Key Created At Date Filter[] - The creation date/time of the IAM access key related to a finding.
- resource
Aws InsightIam Access Key Principal Name String Filter[] - The name of the principal that is associated with an IAM access key.
- resource
Aws InsightIam Access Key Status String Filter[] - The status of the IAM access key related to a finding.
- resource
Aws InsightIam Access Key User Name String Filter[] - The user associated with the IAM access key related to a finding.
- resource
Aws InsightIam User User Name String Filter[] - The name of an IAM user.
- resource
Aws InsightS3Bucket Owner Id String Filter[] - The canonical user ID of the owner of the S3 bucket.
- resource
Aws InsightS3Bucket Owner Name String Filter[] - The display name of the owner of the S3 bucket.
- resource
Container InsightImage Id String Filter[] - The identifier of the image related to a finding.
- resource
Container InsightImage Name String Filter[] - The name of the image related to a finding.
- resource
Container InsightLaunched At Date Filter[] - A timestamp that identifies when the container was started.
- resource
Container InsightName String Filter[] - The name of the container related to a finding.
- resource
Details InsightOther Map Filter[] - The details of a resource that doesn't have a specific subfield for the resource type defined.
- resource
Id InsightString Filter[] - The canonical identifier for the given resource type.
- resource
Partition InsightString Filter[] - The canonical AWS partition name that the Region is assigned to.
- resource
Region InsightString Filter[] - The canonical AWS external Region name where this resource is located.
- Insight
Map Filter[] - A list of AWS tags associated with a resource at the time the finding was processed.
- resource
Type InsightString Filter[] - Specifies the type of the resource that details are provided for.
- sample
Insight
Boolean Filter[] - Indicates whether or not sample findings are included in the filter results.
- severity
Label InsightString Filter[] - The label of a finding's severity.
- severity
Normalized InsightNumber Filter[] - The normalized severity of a finding.
- severity
Product InsightNumber Filter[] - The native severity as defined by the security findings provider's solution that generated the finding.
- source
Url InsightString Filter[] - A URL that links to a page about the current finding in the security findings provider's solution.
- threat
Intel InsightIndicator Category String Filter[] - The category of a threat intelligence indicator.
- threat
Intel InsightIndicator Last Observed At Date Filter[] - A timestamp that identifies the last observation of a threat intelligence indicator.
- threat
Intel InsightIndicator Source String Filter[] - The source of the threat intelligence.
- threat
Intel InsightIndicator Source Url String Filter[] - The URL for more details from the source of the threat intelligence.
- threat
Intel InsightIndicator Type String Filter[] - The type of a threat intelligence indicator.
- threat
Intel InsightIndicator Value String Filter[] - The value of a threat intelligence indicator.
- title
Insight
String Filter[] - A finding's title.
- type
Insight
String Filter[] - A finding type in the format of namespace/category/classifier that classifies a finding.
- updated
At InsightDate Filter[] - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- user
Defined InsightFields Map Filter[] - A list of name/value string pairs associated with the finding.
- verification
State InsightString Filter[] - The veracity of a finding.
- vulnerabilities
Exploit InsightAvailable String Filter[] - Indicates whether a software vulnerability in your environment has a known exploit.
- vulnerabilities
Fix InsightAvailable String Filter[] - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- workflow
State InsightString Filter[] - The workflow state of a finding.
- workflow
Status InsightString Filter[] - The status of the investigation into a finding.
- aws_
account_ Sequence[Insightid String Filter] - The AWS account ID in which a finding is generated.
- aws_
account_ Sequence[Insightname String Filter] - The name of the AWS account in which a finding is generated.
- company_
name Sequence[InsightString Filter] - The name of the findings provider (company) that owns the solution (product) that generates findings.
- compliance_
associated_ Sequence[Insightstandards_ id String Filter] - The unique identifier of a standard in which a control is enabled.
- compliance_
security_ Sequence[Insightcontrol_ id String Filter] - The unique identifier of a control across standards.
- compliance_
security_ Sequence[Insightcontrol_ parameters_ name String Filter] - The name of a security control parameter.
- compliance_
security_ Sequence[Insightcontrol_ parameters_ value String Filter] - The current value of a security control parameter.
- compliance_
status Sequence[InsightString Filter] - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- confidence
Sequence[Insight
Number Filter] - A finding's confidence.
- created_
at Sequence[InsightDate Filter] - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- criticality
Sequence[Insight
Number Filter] - The level of importance assigned to the resources associated with the finding.
- description
Sequence[Insight
String Filter] - A finding's description.
- finding_
provider_ Sequence[Insightfields_ confidence Number Filter] - The finding provider value for the finding confidence.
- finding_
provider_ Sequence[Insightfields_ criticality Number Filter] - The finding provider value for the level of importance assigned to the resources associated with the findings.
- Sequence[Insight
String Filter] - The finding identifier of a related finding that is identified by the finding provider.
- Sequence[Insight
String Filter] - The ARN of the solution that generated a related finding that is identified by the finding provider.
- finding_
provider_ Sequence[Insightfields_ severity_ label String Filter] - The finding provider value for the severity label.
- finding_
provider_ Sequence[Insightfields_ severity_ original String Filter] - The finding provider's original value for the severity.
- finding_
provider_ Sequence[Insightfields_ types String Filter] - One or more finding types that the finding provider assigned to the finding.
- first_
observed_ Sequence[Insightat Date Filter] - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- generator_
id Sequence[InsightString Filter] - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- id
Sequence[Insight
String Filter] - The security findings provider-specific identifier for a finding.
- keyword
Sequence[Insight
Keyword Filter] - A keyword for a finding.
- last_
observed_ Sequence[Insightat Date Filter] - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- malware_
name Sequence[InsightString Filter] - The name of the malware that was observed.
- malware_
path Sequence[InsightString Filter] - The filesystem path of the malware that was observed.
- malware_
state Sequence[InsightString Filter] - The state of the malware that was observed.
- malware_
type Sequence[InsightString Filter] - The type of the malware that was observed.
- network_
destination_ Sequence[Insightdomain String Filter] - The destination domain of network-related information about a finding.
- network_
destination_ Sequence[Insightip_ v4 Ip Filter] - The destination IPv4 address of network-related information about a finding.
- network_
destination_ Sequence[Insightip_ v6 Ip Filter] - The destination IPv6 address of network-related information about a finding.
- network_
destination_ Sequence[Insightport Number Filter] - The destination port of network-related information about a finding.
- network_
direction Sequence[InsightString Filter] - Indicates the direction of network traffic associated with a finding.
- network_
protocol Sequence[InsightString Filter] - The protocol of network-related information about a finding.
- network_
source_ Sequence[Insightdomain String Filter] - The source domain of network-related information about a finding.
- network_
source_ Sequence[Insightip_ v4 Ip Filter] - The source IPv4 address of network-related information about a finding.
- network_
source_ Sequence[Insightip_ v6 Ip Filter] - The source IPv6 address of network-related information about a finding.
- network_
source_ Sequence[Insightmac String Filter] - The source media access control (MAC) address of network-related information about a finding.
- network_
source_ Sequence[Insightport Number Filter] - The source port of network-related information about a finding.
- note_
text Sequence[InsightString Filter] - The text of a note.
- note_
updated_ Sequence[Insightat Date Filter] - The timestamp of when the note was updated.
- note_
updated_ Sequence[Insightby String Filter] - The principal that created a note.
- process_
launched_ Sequence[Insightat Date Filter] - A timestamp that identifies when the process was launched.
- process_
name Sequence[InsightString Filter] - The name of the process.
- process_
parent_ Sequence[Insightpid Number Filter] - The parent process ID.
- process_
path Sequence[InsightString Filter] - The path to the process executable.
- process_
pid Sequence[InsightNumber Filter] - The process ID.
- process_
terminated_ Sequence[Insightat Date Filter] - A timestamp that identifies when the process was terminated.
- product_
arn Sequence[InsightString Filter] - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- product_
fields Sequence[InsightMap Filter] - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- product_
name Sequence[InsightString Filter] - The name of the solution (product) that generates findings.
- recommendation_
text Sequence[InsightString Filter] - The recommendation of what to do about the issue described in a finding.
- record_
state Sequence[InsightString Filter] - The updated record state for the finding.
- region
Sequence[Insight
String Filter] - The Region from which the finding was generated.
- Sequence[Insight
String Filter] - The solution-generated identifier for a related finding.
- Sequence[Insight
String Filter] - The ARN of the solution that generated a related finding.
- resource_
application_ Sequence[Insightarn String Filter] - The ARN of the application that is related to a finding.
- resource_
application_ Sequence[Insightname String Filter] - The name of the application that is related to a finding.
- resource_
aws_ Sequence[Insightec2_ instance_ iam_ instance_ profile_ arn String Filter] - The IAM profile ARN of the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ image_ id String Filter] - The Amazon Machine Image (AMI) ID of the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ ip_ v4_ addresses Ip Filter] - The IPv4 addresses associated with the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ ip_ v6_ addresses Ip Filter] - The IPv6 addresses associated with the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ key_ name String Filter] - The key name associated with the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ launched_ at Date Filter] - The date and time the instance was launched.
- resource_
aws_ Sequence[Insightec2_ instance_ subnet_ id String Filter] - The identifier of the subnet that the instance was launched in.
- resource_
aws_ Sequence[Insightec2_ instance_ type String Filter] - The instance type of the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ vpc_ id String Filter] - The identifier of the VPC that the instance was launched in.
- resource_
aws_ Sequence[Insightiam_ access_ key_ created_ at Date Filter] - The creation date/time of the IAM access key related to a finding.
- resource_
aws_ Sequence[Insightiam_ access_ key_ principal_ name String Filter] - The name of the principal that is associated with an IAM access key.
- resource_
aws_ Sequence[Insightiam_ access_ key_ status String Filter] - The status of the IAM access key related to a finding.
- resource_
aws_ Sequence[Insightiam_ access_ key_ user_ name String Filter] - The user associated with the IAM access key related to a finding.
- resource_
aws_ Sequence[Insightiam_ user_ user_ name String Filter] - The name of an IAM user.
- resource_
aws_ Sequence[Insights3_ bucket_ owner_ id String Filter] - The canonical user ID of the owner of the S3 bucket.
- resource_
aws_ Sequence[Insights3_ bucket_ owner_ name String Filter] - The display name of the owner of the S3 bucket.
- resource_
container_ Sequence[Insightimage_ id String Filter] - The identifier of the image related to a finding.
- resource_
container_ Sequence[Insightimage_ name String Filter] - The name of the image related to a finding.
- resource_
container_ Sequence[Insightlaunched_ at Date Filter] - A timestamp that identifies when the container was started.
- resource_
container_ Sequence[Insightname String Filter] - The name of the container related to a finding.
- resource_
details_ Sequence[Insightother Map Filter] - The details of a resource that doesn't have a specific subfield for the resource type defined.
- resource_
id Sequence[InsightString Filter] - The canonical identifier for the given resource type.
- resource_
partition Sequence[InsightString Filter] - The canonical AWS partition name that the Region is assigned to.
- resource_
region Sequence[InsightString Filter] - The canonical AWS external Region name where this resource is located.
- Sequence[Insight
Map Filter] - A list of AWS tags associated with a resource at the time the finding was processed.
- resource_
type Sequence[InsightString Filter] - Specifies the type of the resource that details are provided for.
- sample
Sequence[Insight
Boolean Filter] - Indicates whether or not sample findings are included in the filter results.
- severity_
label Sequence[InsightString Filter] - The label of a finding's severity.
- severity_
normalized Sequence[InsightNumber Filter] - The normalized severity of a finding.
- severity_
product Sequence[InsightNumber Filter] - The native severity as defined by the security findings provider's solution that generated the finding.
- source_
url Sequence[InsightString Filter] - A URL that links to a page about the current finding in the security findings provider's solution.
- threat_
intel_ Sequence[Insightindicator_ category String Filter] - The category of a threat intelligence indicator.
- threat_
intel_ Sequence[Insightindicator_ last_ observed_ at Date Filter] - A timestamp that identifies the last observation of a threat intelligence indicator.
- threat_
intel_ Sequence[Insightindicator_ source String Filter] - The source of the threat intelligence.
- threat_
intel_ Sequence[Insightindicator_ source_ url String Filter] - The URL for more details from the source of the threat intelligence.
- threat_
intel_ Sequence[Insightindicator_ type String Filter] - The type of a threat intelligence indicator.
- threat_
intel_ Sequence[Insightindicator_ value String Filter] - The value of a threat intelligence indicator.
- title
Sequence[Insight
String Filter] - A finding's title.
- type
Sequence[Insight
String Filter] - A finding type in the format of namespace/category/classifier that classifies a finding.
- updated_
at Sequence[InsightDate Filter] - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- user_
defined_ Sequence[Insightfields Map Filter] - A list of name/value string pairs associated with the finding.
- verification_
state Sequence[InsightString Filter] - The veracity of a finding.
- vulnerabilities_
exploit_ Sequence[Insightavailable String Filter] - Indicates whether a software vulnerability in your environment has a known exploit.
- vulnerabilities_
fix_ Sequence[Insightavailable String Filter] - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- workflow_
state Sequence[InsightString Filter] - The workflow state of a finding.
- workflow_
status Sequence[InsightString Filter] - The status of the investigation into a finding.
- aws
Account List<Property Map>Id - The AWS account ID in which a finding is generated.
- aws
Account List<Property Map>Name - The name of the AWS account in which a finding is generated.
- company
Name List<Property Map> - The name of the findings provider (company) that owns the solution (product) that generates findings.
- compliance
Associated List<Property Map>Standards Id - The unique identifier of a standard in which a control is enabled.
- compliance
Security List<Property Map>Control Id - The unique identifier of a control across standards.
- compliance
Security List<Property Map>Control Parameters Name - The name of a security control parameter.
- compliance
Security List<Property Map>Control Parameters Value - The current value of a security control parameter.
- compliance
Status List<Property Map> - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- confidence List<Property Map>
- A finding's confidence.
- created
At List<Property Map> - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- criticality List<Property Map>
- The level of importance assigned to the resources associated with the finding.
- description List<Property Map>
- A finding's description.
- finding
Provider List<Property Map>Fields Confidence - The finding provider value for the finding confidence.
- finding
Provider List<Property Map>Fields Criticality - The finding provider value for the level of importance assigned to the resources associated with the findings.
- List<Property Map>
- The finding identifier of a related finding that is identified by the finding provider.
- List<Property Map>
- The ARN of the solution that generated a related finding that is identified by the finding provider.
- finding
Provider List<Property Map>Fields Severity Label - The finding provider value for the severity label.
- finding
Provider List<Property Map>Fields Severity Original - The finding provider's original value for the severity.
- finding
Provider List<Property Map>Fields Types - One or more finding types that the finding provider assigned to the finding.
- first
Observed List<Property Map>At - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- generator
Id List<Property Map> - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- id List<Property Map>
- The security findings provider-specific identifier for a finding.
- keyword List<Property Map>
- A keyword for a finding.
- last
Observed List<Property Map>At - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- malware
Name List<Property Map> - The name of the malware that was observed.
- malware
Path List<Property Map> - The filesystem path of the malware that was observed.
- malware
State List<Property Map> - The state of the malware that was observed.
- malware
Type List<Property Map> - The type of the malware that was observed.
- network
Destination List<Property Map>Domain - The destination domain of network-related information about a finding.
- network
Destination List<Property Map>Ip V4 - The destination IPv4 address of network-related information about a finding.
- network
Destination List<Property Map>Ip V6 - The destination IPv6 address of network-related information about a finding.
- network
Destination List<Property Map>Port - The destination port of network-related information about a finding.
- network
Direction List<Property Map> - Indicates the direction of network traffic associated with a finding.
- network
Protocol List<Property Map> - The protocol of network-related information about a finding.
- network
Source List<Property Map>Domain - The source domain of network-related information about a finding.
- network
Source List<Property Map>Ip V4 - The source IPv4 address of network-related information about a finding.
- network
Source List<Property Map>Ip V6 - The source IPv6 address of network-related information about a finding.
- network
Source List<Property Map>Mac - The source media access control (MAC) address of network-related information about a finding.
- network
Source List<Property Map>Port - The source port of network-related information about a finding.
- note
Text List<Property Map> - The text of a note.
- note
Updated List<Property Map>At - The timestamp of when the note was updated.
- note
Updated List<Property Map>By - The principal that created a note.
- process
Launched List<Property Map>At - A timestamp that identifies when the process was launched.
- process
Name List<Property Map> - The name of the process.
- process
Parent List<Property Map>Pid - The parent process ID.
- process
Path List<Property Map> - The path to the process executable.
- process
Pid List<Property Map> - The process ID.
- process
Terminated List<Property Map>At - A timestamp that identifies when the process was terminated.
- product
Arn List<Property Map> - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- product
Fields List<Property Map> - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- product
Name List<Property Map> - The name of the solution (product) that generates findings.
- recommendation
Text List<Property Map> - The recommendation of what to do about the issue described in a finding.
- record
State List<Property Map> - The updated record state for the finding.
- region List<Property Map>
- The Region from which the finding was generated.
- List<Property Map>
- The solution-generated identifier for a related finding.
- List<Property Map>
- The ARN of the solution that generated a related finding.
- resource
Application List<Property Map>Arn - The ARN of the application that is related to a finding.
- resource
Application List<Property Map>Name - The name of the application that is related to a finding.
- resource
Aws List<Property Map>Ec2Instance Iam Instance Profile Arn - The IAM profile ARN of the instance.
- resource
Aws List<Property Map>Ec2Instance Image Id - The Amazon Machine Image (AMI) ID of the instance.
- resource
Aws List<Property Map>Ec2Instance Ip V4Addresses - The IPv4 addresses associated with the instance.
- resource
Aws List<Property Map>Ec2Instance Ip V6Addresses - The IPv6 addresses associated with the instance.
- resource
Aws List<Property Map>Ec2Instance Key Name - The key name associated with the instance.
- resource
Aws List<Property Map>Ec2Instance Launched At - The date and time the instance was launched.
- resource
Aws List<Property Map>Ec2Instance Subnet Id - The identifier of the subnet that the instance was launched in.
- resource
Aws List<Property Map>Ec2Instance Type - The instance type of the instance.
- resource
Aws List<Property Map>Ec2Instance Vpc Id - The identifier of the VPC that the instance was launched in.
- resource
Aws List<Property Map>Iam Access Key Created At - The creation date/time of the IAM access key related to a finding.
- resource
Aws List<Property Map>Iam Access Key Principal Name - The name of the principal that is associated with an IAM access key.
- resource
Aws List<Property Map>Iam Access Key Status - The status of the IAM access key related to a finding.
- resource
Aws List<Property Map>Iam Access Key User Name - The user associated with the IAM access key related to a finding.
- resource
Aws List<Property Map>Iam User User Name - The name of an IAM user.
- resource
Aws List<Property Map>S3Bucket Owner Id - The canonical user ID of the owner of the S3 bucket.
- resource
Aws List<Property Map>S3Bucket Owner Name - The display name of the owner of the S3 bucket.
- resource
Container List<Property Map>Image Id - The identifier of the image related to a finding.
- resource
Container List<Property Map>Image Name - The name of the image related to a finding.
- resource
Container List<Property Map>Launched At - A timestamp that identifies when the container was started.
- resource
Container List<Property Map>Name - The name of the container related to a finding.
- resource
Details List<Property Map>Other - The details of a resource that doesn't have a specific subfield for the resource type defined.
- resource
Id List<Property Map> - The canonical identifier for the given resource type.
- resource
Partition List<Property Map> - The canonical AWS partition name that the Region is assigned to.
- resource
Region List<Property Map> - The canonical AWS external Region name where this resource is located.
- List<Property Map>
- A list of AWS tags associated with a resource at the time the finding was processed.
- resource
Type List<Property Map> - Specifies the type of the resource that details are provided for.
- sample List<Property Map>
- Indicates whether or not sample findings are included in the filter results.
- severity
Label List<Property Map> - The label of a finding's severity.
- severity
Normalized List<Property Map> - The normalized severity of a finding.
- severity
Product List<Property Map> - The native severity as defined by the security findings provider's solution that generated the finding.
- source
Url List<Property Map> - A URL that links to a page about the current finding in the security findings provider's solution.
- threat
Intel List<Property Map>Indicator Category - The category of a threat intelligence indicator.
- threat
Intel List<Property Map>Indicator Last Observed At - A timestamp that identifies the last observation of a threat intelligence indicator.
- threat
Intel List<Property Map>Indicator Source - The source of the threat intelligence.
- threat
Intel List<Property Map>Indicator Source Url - The URL for more details from the source of the threat intelligence.
- threat
Intel List<Property Map>Indicator Type - The type of a threat intelligence indicator.
- threat
Intel List<Property Map>Indicator Value - The value of a threat intelligence indicator.
- title List<Property Map>
- A finding's title.
- type List<Property Map>
- A finding type in the format of namespace/category/classifier that classifies a finding.
- updated
At List<Property Map> - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- user
Defined List<Property Map>Fields - A list of name/value string pairs associated with the finding.
- verification
State List<Property Map> - The veracity of a finding.
- vulnerabilities
Exploit List<Property Map>Available - Indicates whether a software vulnerability in your environment has a known exploit.
- vulnerabilities
Fix List<Property Map>Available - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- workflow
State List<Property Map> - The workflow state of a finding.
- workflow
Status List<Property Map> - The status of the investigation into a finding.
InsightBooleanFilter
- Value bool
- The value of the boolean.
- Value bool
- The value of the boolean.
- value Boolean
- The value of the boolean.
- value boolean
- The value of the boolean.
- value bool
- The value of the boolean.
- value Boolean
- The value of the boolean.
InsightDateFilter
- Date
Range Pulumi.Aws Native. Security Hub. Inputs. Insight Date Range - A date range for the date filter.
- End string
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- Start string
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- Date
Range InsightDate Range - A date range for the date filter.
- End string
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- Start string
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date
Range InsightDate Range - A date range for the date filter.
- end String
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start String
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date
Range InsightDate Range - A date range for the date filter.
- end string
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start string
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date_
range InsightDate Range - A date range for the date filter.
- end str
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start str
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date
Range Property Map - A date range for the date filter.
- end String
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start String
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
InsightDateRange
- Unit
Pulumi.
Aws Native. Security Hub. Insight Date Range Unit - A date range unit for the date filter.
- Value double
- A date range value for the date filter.
- Unit
Insight
Date Range Unit - A date range unit for the date filter.
- Value float64
- A date range value for the date filter.
- unit
Insight
Date Range Unit - A date range unit for the date filter.
- value Double
- A date range value for the date filter.
- unit
Insight
Date Range Unit - A date range unit for the date filter.
- value number
- A date range value for the date filter.
- unit
Insight
Date Range Unit - A date range unit for the date filter.
- value float
- A date range value for the date filter.
InsightDateRangeUnit
InsightIpFilter
- Cidr string
- A finding's CIDR value.
- Cidr string
- A finding's CIDR value.
- cidr String
- A finding's CIDR value.
- cidr string
- A finding's CIDR value.
- cidr str
- A finding's CIDR value.
- cidr String
- A finding's CIDR value.
InsightKeywordFilter
- Value string
- A value for the keyword.
- Value string
- A value for the keyword.
- value String
- A value for the keyword.
- value string
- A value for the keyword.
- value str
- A value for the keyword.
- value String
- A value for the keyword.
InsightMapFilter
- Comparison
Pulumi.
Aws Native. Security Hub. Insight Map Filter Comparison - The condition to apply to the key value when filtering Security Hub findings with a map filter.
- Key string
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - Value string
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- Comparison
Insight
Map Filter Comparison - The condition to apply to the key value when filtering Security Hub findings with a map filter.
- Key string
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - Value string
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison
Insight
Map Filter Comparison - The condition to apply to the key value when filtering Security Hub findings with a map filter.
- key String
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value String
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison
Insight
Map Filter Comparison - The condition to apply to the key value when filtering Security Hub findings with a map filter.
- key string
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value string
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison
Insight
Map Filter Comparison - The condition to apply to the key value when filtering Security Hub findings with a map filter.
- key str
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value str
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison "EQUALS" | "NOT_EQUALS"
- The condition to apply to the key value when filtering Security Hub findings with a map filter.
- key String
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value String
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
InsightMapFilterComparison
InsightNumberFilter
InsightStringFilter
- Comparison
Pulumi.
Aws Native. Security Hub. Insight String Filter Comparison The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- Value string
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- Comparison
Insight
String Filter Comparison The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- Value string
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison
Insight
String Filter Comparison The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- value String
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison
Insight
String Filter Comparison The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- value string
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison
Insight
String Filter Comparison The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- value str
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison "EQUALS" | "PREFIX" | "NOT_EQUALS" | "PREFIX_NOT_EQUALS"
The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- value String
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
InsightStringFilterComparison
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.