We recommend new projects start with resources from the AWS provider.
aws-native.securityhub.Insight
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
The AWS::SecurityHub::Insight resource represents the AWS Security Hub Insight in your account. An AWS Security Hub insight is a collection of related findings.
Create Insight Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Insight(name: string, args: InsightArgs, opts?: CustomResourceOptions);
@overload
def Insight(resource_name: str,
args: InsightArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Insight(resource_name: str,
opts: Optional[ResourceOptions] = None,
filters: Optional[InsightAwsSecurityFindingFiltersArgs] = None,
group_by_attribute: Optional[str] = None,
name: Optional[str] = None)
func NewInsight(ctx *Context, name string, args InsightArgs, opts ...ResourceOption) (*Insight, error)
public Insight(string name, InsightArgs args, CustomResourceOptions? opts = null)
public Insight(String name, InsightArgs args)
public Insight(String name, InsightArgs args, CustomResourceOptions options)
type: aws-native:securityhub:Insight
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args InsightArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args InsightArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args InsightArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args InsightArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args InsightArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Insight Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Insight resource accepts the following input properties:
- Filters
Pulumi.
Aws Native. Security Hub. Inputs. Insight Aws Security Finding Filters - One or more attributes used to filter the findings included in the insight
- Group
By stringAttribute - The grouping attribute for the insight's findings
- Name string
- The name of a Security Hub insight
- Filters
Insight
Aws Security Finding Filters Args - One or more attributes used to filter the findings included in the insight
- Group
By stringAttribute - The grouping attribute for the insight's findings
- Name string
- The name of a Security Hub insight
- filters
Insight
Aws Security Finding Filters - One or more attributes used to filter the findings included in the insight
- group
By StringAttribute - The grouping attribute for the insight's findings
- name String
- The name of a Security Hub insight
- filters
Insight
Aws Security Finding Filters - One or more attributes used to filter the findings included in the insight
- group
By stringAttribute - The grouping attribute for the insight's findings
- name string
- The name of a Security Hub insight
- filters
Insight
Aws Security Finding Filters Args - One or more attributes used to filter the findings included in the insight
- group_
by_ strattribute - The grouping attribute for the insight's findings
- name str
- The name of a Security Hub insight
- filters Property Map
- One or more attributes used to filter the findings included in the insight
- group
By StringAttribute - The grouping attribute for the insight's findings
- name String
- The name of a Security Hub insight
Outputs
All input properties are implicitly available as output properties. Additionally, the Insight resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Insight
Arn string - The ARN of a Security Hub insight
- Id string
- The provider-assigned unique ID for this managed resource.
- Insight
Arn string - The ARN of a Security Hub insight
- id String
- The provider-assigned unique ID for this managed resource.
- insight
Arn String - The ARN of a Security Hub insight
- id string
- The provider-assigned unique ID for this managed resource.
- insight
Arn string - The ARN of a Security Hub insight
- id str
- The provider-assigned unique ID for this managed resource.
- insight_
arn str - The ARN of a Security Hub insight
- id String
- The provider-assigned unique ID for this managed resource.
- insight
Arn String - The ARN of a Security Hub insight
Supporting Types
InsightAwsSecurityFindingFilters, InsightAwsSecurityFindingFiltersArgs
- Aws
Account List<Pulumi.Id Aws Native. Security Hub. Inputs. Insight String Filter> - The AWS account ID in which a finding is generated.
- Aws
Account List<Pulumi.Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the AWS account in which a finding is generated.
- Company
Name List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the findings provider (company) that owns the solution (product) that generates findings.
- Compliance
Associated List<Pulumi.Standards Id Aws Native. Security Hub. Inputs. Insight String Filter> - The unique identifier of a standard in which a control is enabled.
- Compliance
Security List<Pulumi.Control Id Aws Native. Security Hub. Inputs. Insight String Filter> - The unique identifier of a control across standards.
- Compliance
Security List<Pulumi.Control Parameters Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of a security control parameter.
- Compliance
Security List<Pulumi.Control Parameters Value Aws Native. Security Hub. Inputs. Insight String Filter> - The current value of a security control parameter.
- Compliance
Status List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- Confidence
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight Number Filter> - A finding's confidence.
- Created
At List<Pulumi.Aws Native. Security Hub. Inputs. Insight Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- Criticality
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight Number Filter> - The level of importance assigned to the resources associated with the finding.
- Description
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - A finding's description.
- Finding
Provider List<Pulumi.Fields Confidence Aws Native. Security Hub. Inputs. Insight Number Filter> - The finding provider value for the finding confidence.
- Finding
Provider List<Pulumi.Fields Criticality Aws Native. Security Hub. Inputs. Insight Number Filter> - The finding provider value for the level of importance assigned to the resources associated with the findings.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The finding identifier of a related finding that is identified by the finding provider.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The ARN of the solution that generated a related finding that is identified by the finding provider.
- Finding
Provider List<Pulumi.Fields Severity Label Aws Native. Security Hub. Inputs. Insight String Filter> - The finding provider value for the severity label.
- Finding
Provider List<Pulumi.Fields Severity Original Aws Native. Security Hub. Inputs. Insight String Filter> - The finding provider's original value for the severity.
- Finding
Provider List<Pulumi.Fields Types Aws Native. Security Hub. Inputs. Insight String Filter> - One or more finding types that the finding provider assigned to the finding.
- First
Observed List<Pulumi.At Aws Native. Security Hub. Inputs. Insight Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- Generator
Id List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- Id
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The security findings provider-specific identifier for a finding.
- Keyword
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight Keyword Filter> - A keyword for a finding.
- Last
Observed List<Pulumi.At Aws Native. Security Hub. Inputs. Insight Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- Malware
Name List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the malware that was observed.
- Malware
Path List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The filesystem path of the malware that was observed.
- Malware
State List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The state of the malware that was observed.
- Malware
Type List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The type of the malware that was observed.
- Network
Destination List<Pulumi.Domain Aws Native. Security Hub. Inputs. Insight String Filter> - The destination domain of network-related information about a finding.
- Network
Destination List<Pulumi.Ip V4 Aws Native. Security Hub. Inputs. Insight Ip Filter> - The destination IPv4 address of network-related information about a finding.
- Network
Destination List<Pulumi.Ip V6 Aws Native. Security Hub. Inputs. Insight Ip Filter> - The destination IPv6 address of network-related information about a finding.
- Network
Destination List<Pulumi.Port Aws Native. Security Hub. Inputs. Insight Number Filter> - The destination port of network-related information about a finding.
- Network
Direction List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - Indicates the direction of network traffic associated with a finding.
- Network
Protocol List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The protocol of network-related information about a finding.
- Network
Source List<Pulumi.Domain Aws Native. Security Hub. Inputs. Insight String Filter> - The source domain of network-related information about a finding.
- Network
Source List<Pulumi.Ip V4 Aws Native. Security Hub. Inputs. Insight Ip Filter> - The source IPv4 address of network-related information about a finding.
- Network
Source List<Pulumi.Ip V6 Aws Native. Security Hub. Inputs. Insight Ip Filter> - The source IPv6 address of network-related information about a finding.
- Network
Source List<Pulumi.Mac Aws Native. Security Hub. Inputs. Insight String Filter> - The source media access control (MAC) address of network-related information about a finding.
- Network
Source List<Pulumi.Port Aws Native. Security Hub. Inputs. Insight Number Filter> - The source port of network-related information about a finding.
- Note
Text List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The text of a note.
- Note
Updated List<Pulumi.At Aws Native. Security Hub. Inputs. Insight Date Filter> - The timestamp of when the note was updated.
- Note
Updated List<Pulumi.By Aws Native. Security Hub. Inputs. Insight String Filter> - The principal that created a note.
- Process
Launched List<Pulumi.At Aws Native. Security Hub. Inputs. Insight Date Filter> - A timestamp that identifies when the process was launched.
- Process
Name List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the process.
- Process
Parent List<Pulumi.Pid Aws Native. Security Hub. Inputs. Insight Number Filter> - The parent process ID.
- Process
Path List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The path to the process executable.
- Process
Pid List<Pulumi.Aws Native. Security Hub. Inputs. Insight Number Filter> - The process ID.
- Process
Terminated List<Pulumi.At Aws Native. Security Hub. Inputs. Insight Date Filter> - A timestamp that identifies when the process was terminated.
- Product
Arn List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- Product
Fields List<Pulumi.Aws Native. Security Hub. Inputs. Insight Map Filter> - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- Product
Name List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the solution (product) that generates findings.
- Recommendation
Text List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The recommendation of what to do about the issue described in a finding.
- Record
State List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The updated record state for the finding.
- Region
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The Region from which the finding was generated.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The solution-generated identifier for a related finding.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - The ARN of the solution that generated a related finding.
- Resource
Application List<Pulumi.Arn Aws Native. Security Hub. Inputs. Insight String Filter> - The ARN of the application that is related to a finding.
- Resource
Application List<Pulumi.Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the application that is related to a finding.
- Resource
Aws List<Pulumi.Ec2Instance Iam Instance Profile Arn Aws Native. Security Hub. Inputs. Insight String Filter> - The IAM profile ARN of the instance.
- Resource
Aws List<Pulumi.Ec2Instance Image Id Aws Native. Security Hub. Inputs. Insight String Filter> - The Amazon Machine Image (AMI) ID of the instance.
- Resource
Aws List<Pulumi.Ec2Instance Ip V4Addresses Aws Native. Security Hub. Inputs. Insight Ip Filter> - The IPv4 addresses associated with the instance.
- Resource
Aws List<Pulumi.Ec2Instance Ip V6Addresses Aws Native. Security Hub. Inputs. Insight Ip Filter> - The IPv6 addresses associated with the instance.
- Resource
Aws List<Pulumi.Ec2Instance Key Name Aws Native. Security Hub. Inputs. Insight String Filter> - The key name associated with the instance.
- Resource
Aws List<Pulumi.Ec2Instance Launched At Aws Native. Security Hub. Inputs. Insight Date Filter> - The date and time the instance was launched.
- Resource
Aws List<Pulumi.Ec2Instance Subnet Id Aws Native. Security Hub. Inputs. Insight String Filter> - The identifier of the subnet that the instance was launched in.
- Resource
Aws List<Pulumi.Ec2Instance Type Aws Native. Security Hub. Inputs. Insight String Filter> - The instance type of the instance.
- Resource
Aws List<Pulumi.Ec2Instance Vpc Id Aws Native. Security Hub. Inputs. Insight String Filter> - The identifier of the VPC that the instance was launched in.
- Resource
Aws List<Pulumi.Iam Access Key Created At Aws Native. Security Hub. Inputs. Insight Date Filter> - The creation date/time of the IAM access key related to a finding.
- Resource
Aws List<Pulumi.Iam Access Key Principal Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the principal that is associated with an IAM access key.
- Resource
Aws List<Pulumi.Iam Access Key Status Aws Native. Security Hub. Inputs. Insight String Filter> - The status of the IAM access key related to a finding.
- Resource
Aws List<Pulumi.Iam Access Key User Name Aws Native. Security Hub. Inputs. Insight String Filter> - The user associated with the IAM access key related to a finding.
- Resource
Aws List<Pulumi.Iam User User Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of an IAM user.
- Resource
Aws List<Pulumi.S3Bucket Owner Id Aws Native. Security Hub. Inputs. Insight String Filter> - The canonical user ID of the owner of the S3 bucket.
- Resource
Aws List<Pulumi.S3Bucket Owner Name Aws Native. Security Hub. Inputs. Insight String Filter> - The display name of the owner of the S3 bucket.
- Resource
Container List<Pulumi.Image Id Aws Native. Security Hub. Inputs. Insight String Filter> - The identifier of the image related to a finding.
- Resource
Container List<Pulumi.Image Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the image related to a finding.
- Resource
Container List<Pulumi.Launched At Aws Native. Security Hub. Inputs. Insight Date Filter> - A timestamp that identifies when the container was started.
- Resource
Container List<Pulumi.Name Aws Native. Security Hub. Inputs. Insight String Filter> - The name of the container related to a finding.
- Resource
Details List<Pulumi.Other Aws Native. Security Hub. Inputs. Insight Map Filter> - The details of a resource that doesn't have a specific subfield for the resource type defined.
- Resource
Id List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The canonical identifier for the given resource type.
- Resource
Partition List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The canonical AWS partition name that the Region is assigned to.
- Resource
Region List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The canonical AWS external Region name where this resource is located.
- List<Pulumi.
Aws Native. Security Hub. Inputs. Insight Map Filter> - A list of AWS tags associated with a resource at the time the finding was processed.
- Resource
Type List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - Specifies the type of the resource that details are provided for.
- Sample
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight Boolean Filter> - Indicates whether or not sample findings are included in the filter results.
- Severity
Label List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The label of a finding's severity.
- Severity
Normalized List<Pulumi.Aws Native. Security Hub. Inputs. Insight Number Filter> - The normalized severity of a finding.
- Severity
Product List<Pulumi.Aws Native. Security Hub. Inputs. Insight Number Filter> - The native severity as defined by the security findings provider's solution that generated the finding.
- Source
Url List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - A URL that links to a page about the current finding in the security findings provider's solution.
- Threat
Intel List<Pulumi.Indicator Category Aws Native. Security Hub. Inputs. Insight String Filter> - The category of a threat intelligence indicator.
- Threat
Intel List<Pulumi.Indicator Last Observed At Aws Native. Security Hub. Inputs. Insight Date Filter> - A timestamp that identifies the last observation of a threat intelligence indicator.
- Threat
Intel List<Pulumi.Indicator Source Aws Native. Security Hub. Inputs. Insight String Filter> - The source of the threat intelligence.
- Threat
Intel List<Pulumi.Indicator Source Url Aws Native. Security Hub. Inputs. Insight String Filter> - The URL for more details from the source of the threat intelligence.
- Threat
Intel List<Pulumi.Indicator Type Aws Native. Security Hub. Inputs. Insight String Filter> - The type of a threat intelligence indicator.
- Threat
Intel List<Pulumi.Indicator Value Aws Native. Security Hub. Inputs. Insight String Filter> - The value of a threat intelligence indicator.
- Title
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - A finding's title.
- Type
List<Pulumi.
Aws Native. Security Hub. Inputs. Insight String Filter> - A finding type in the format of namespace/category/classifier that classifies a finding.
- Updated
At List<Pulumi.Aws Native. Security Hub. Inputs. Insight Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- User
Defined List<Pulumi.Fields Aws Native. Security Hub. Inputs. Insight Map Filter> - A list of name/value string pairs associated with the finding.
- Verification
State List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The veracity of a finding.
- Vulnerabilities
Exploit List<Pulumi.Available Aws Native. Security Hub. Inputs. Insight String Filter> - Indicates whether a software vulnerability in your environment has a known exploit.
- Vulnerabilities
Fix List<Pulumi.Available Aws Native. Security Hub. Inputs. Insight String Filter> - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- Workflow
State List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The workflow state of a finding.
- Workflow
Status List<Pulumi.Aws Native. Security Hub. Inputs. Insight String Filter> - The status of the investigation into a finding.
- Aws
Account []InsightId String Filter - The AWS account ID in which a finding is generated.
- Aws
Account []InsightName String Filter - The name of the AWS account in which a finding is generated.
- Company
Name []InsightString Filter - The name of the findings provider (company) that owns the solution (product) that generates findings.
- Compliance
Associated []InsightStandards Id String Filter - The unique identifier of a standard in which a control is enabled.
- Compliance
Security []InsightControl Id String Filter - The unique identifier of a control across standards.
- Compliance
Security []InsightControl Parameters Name String Filter - The name of a security control parameter.
- Compliance
Security []InsightControl Parameters Value String Filter - The current value of a security control parameter.
- Compliance
Status []InsightString Filter - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- Confidence
[]Insight
Number Filter - A finding's confidence.
- Created
At []InsightDate Filter - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- Criticality
[]Insight
Number Filter - The level of importance assigned to the resources associated with the finding.
- Description
[]Insight
String Filter - A finding's description.
- Finding
Provider []InsightFields Confidence Number Filter - The finding provider value for the finding confidence.
- Finding
Provider []InsightFields Criticality Number Filter - The finding provider value for the level of importance assigned to the resources associated with the findings.
- []Insight
String Filter - The finding identifier of a related finding that is identified by the finding provider.
- []Insight
String Filter - The ARN of the solution that generated a related finding that is identified by the finding provider.
- Finding
Provider []InsightFields Severity Label String Filter - The finding provider value for the severity label.
- Finding
Provider []InsightFields Severity Original String Filter - The finding provider's original value for the severity.
- Finding
Provider []InsightFields Types String Filter - One or more finding types that the finding provider assigned to the finding.
- First
Observed []InsightAt Date Filter - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- Generator
Id []InsightString Filter - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- Id
[]Insight
String Filter - The security findings provider-specific identifier for a finding.
- Keyword
[]Insight
Keyword Filter - A keyword for a finding.
- Last
Observed []InsightAt Date Filter - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- Malware
Name []InsightString Filter - The name of the malware that was observed.
- Malware
Path []InsightString Filter - The filesystem path of the malware that was observed.
- Malware
State []InsightString Filter - The state of the malware that was observed.
- Malware
Type []InsightString Filter - The type of the malware that was observed.
- Network
Destination []InsightDomain String Filter - The destination domain of network-related information about a finding.
- Network
Destination []InsightIp V4 Ip Filter - The destination IPv4 address of network-related information about a finding.
- Network
Destination []InsightIp V6 Ip Filter - The destination IPv6 address of network-related information about a finding.
- Network
Destination []InsightPort Number Filter - The destination port of network-related information about a finding.
- Network
Direction []InsightString Filter - Indicates the direction of network traffic associated with a finding.
- Network
Protocol []InsightString Filter - The protocol of network-related information about a finding.
- Network
Source []InsightDomain String Filter - The source domain of network-related information about a finding.
- Network
Source []InsightIp V4 Ip Filter - The source IPv4 address of network-related information about a finding.
- Network
Source []InsightIp V6 Ip Filter - The source IPv6 address of network-related information about a finding.
- Network
Source []InsightMac String Filter - The source media access control (MAC) address of network-related information about a finding.
- Network
Source []InsightPort Number Filter - The source port of network-related information about a finding.
- Note
Text []InsightString Filter - The text of a note.
- Note
Updated []InsightAt Date Filter - The timestamp of when the note was updated.
- Note
Updated []InsightBy String Filter - The principal that created a note.
- Process
Launched []InsightAt Date Filter - A timestamp that identifies when the process was launched.
- Process
Name []InsightString Filter - The name of the process.
- Process
Parent []InsightPid Number Filter - The parent process ID.
- Process
Path []InsightString Filter - The path to the process executable.
- Process
Pid []InsightNumber Filter - The process ID.
- Process
Terminated []InsightAt Date Filter - A timestamp that identifies when the process was terminated.
- Product
Arn []InsightString Filter - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- Product
Fields []InsightMap Filter - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- Product
Name []InsightString Filter - The name of the solution (product) that generates findings.
- Recommendation
Text []InsightString Filter - The recommendation of what to do about the issue described in a finding.
- Record
State []InsightString Filter - The updated record state for the finding.
- Region
[]Insight
String Filter - The Region from which the finding was generated.
- []Insight
String Filter - The solution-generated identifier for a related finding.
- []Insight
String Filter - The ARN of the solution that generated a related finding.
- Resource
Application []InsightArn String Filter - The ARN of the application that is related to a finding.
- Resource
Application []InsightName String Filter - The name of the application that is related to a finding.
- Resource
Aws []InsightEc2Instance Iam Instance Profile Arn String Filter - The IAM profile ARN of the instance.
- Resource
Aws []InsightEc2Instance Image Id String Filter - The Amazon Machine Image (AMI) ID of the instance.
- Resource
Aws []InsightEc2Instance Ip V4Addresses Ip Filter - The IPv4 addresses associated with the instance.
- Resource
Aws []InsightEc2Instance Ip V6Addresses Ip Filter - The IPv6 addresses associated with the instance.
- Resource
Aws []InsightEc2Instance Key Name String Filter - The key name associated with the instance.
- Resource
Aws []InsightEc2Instance Launched At Date Filter - The date and time the instance was launched.
- Resource
Aws []InsightEc2Instance Subnet Id String Filter - The identifier of the subnet that the instance was launched in.
- Resource
Aws []InsightEc2Instance Type String Filter - The instance type of the instance.
- Resource
Aws []InsightEc2Instance Vpc Id String Filter - The identifier of the VPC that the instance was launched in.
- Resource
Aws []InsightIam Access Key Created At Date Filter - The creation date/time of the IAM access key related to a finding.
- Resource
Aws []InsightIam Access Key Principal Name String Filter - The name of the principal that is associated with an IAM access key.
- Resource
Aws []InsightIam Access Key Status String Filter - The status of the IAM access key related to a finding.
- Resource
Aws []InsightIam Access Key User Name String Filter - The user associated with the IAM access key related to a finding.
- Resource
Aws []InsightIam User User Name String Filter - The name of an IAM user.
- Resource
Aws []InsightS3Bucket Owner Id String Filter - The canonical user ID of the owner of the S3 bucket.
- Resource
Aws []InsightS3Bucket Owner Name String Filter - The display name of the owner of the S3 bucket.
- Resource
Container []InsightImage Id String Filter - The identifier of the image related to a finding.
- Resource
Container []InsightImage Name String Filter - The name of the image related to a finding.
- Resource
Container []InsightLaunched At Date Filter - A timestamp that identifies when the container was started.
- Resource
Container []InsightName String Filter - The name of the container related to a finding.
- Resource
Details []InsightOther Map Filter - The details of a resource that doesn't have a specific subfield for the resource type defined.
- Resource
Id []InsightString Filter - The canonical identifier for the given resource type.
- Resource
Partition []InsightString Filter - The canonical AWS partition name that the Region is assigned to.
- Resource
Region []InsightString Filter - The canonical AWS external Region name where this resource is located.
- []Insight
Map Filter - A list of AWS tags associated with a resource at the time the finding was processed.
- Resource
Type []InsightString Filter - Specifies the type of the resource that details are provided for.
- Sample
[]Insight
Boolean Filter - Indicates whether or not sample findings are included in the filter results.
- Severity
Label []InsightString Filter - The label of a finding's severity.
- Severity
Normalized []InsightNumber Filter - The normalized severity of a finding.
- Severity
Product []InsightNumber Filter - The native severity as defined by the security findings provider's solution that generated the finding.
- Source
Url []InsightString Filter - A URL that links to a page about the current finding in the security findings provider's solution.
- Threat
Intel []InsightIndicator Category String Filter - The category of a threat intelligence indicator.
- Threat
Intel []InsightIndicator Last Observed At Date Filter - A timestamp that identifies the last observation of a threat intelligence indicator.
- Threat
Intel []InsightIndicator Source String Filter - The source of the threat intelligence.
- Threat
Intel []InsightIndicator Source Url String Filter - The URL for more details from the source of the threat intelligence.
- Threat
Intel []InsightIndicator Type String Filter - The type of a threat intelligence indicator.
- Threat
Intel []InsightIndicator Value String Filter - The value of a threat intelligence indicator.
- Title
[]Insight
String Filter - A finding's title.
- Type
[]Insight
String Filter - A finding type in the format of namespace/category/classifier that classifies a finding.
- Updated
At []InsightDate Filter - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- User
Defined []InsightFields Map Filter - A list of name/value string pairs associated with the finding.
- Verification
State []InsightString Filter - The veracity of a finding.
- Vulnerabilities
Exploit []InsightAvailable String Filter - Indicates whether a software vulnerability in your environment has a known exploit.
- Vulnerabilities
Fix []InsightAvailable String Filter - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- Workflow
State []InsightString Filter - The workflow state of a finding.
- Workflow
Status []InsightString Filter - The status of the investigation into a finding.
- aws
Account List<InsightId String Filter> - The AWS account ID in which a finding is generated.
- aws
Account List<InsightName String Filter> - The name of the AWS account in which a finding is generated.
- company
Name List<InsightString Filter> - The name of the findings provider (company) that owns the solution (product) that generates findings.
- compliance
Associated List<InsightStandards Id String Filter> - The unique identifier of a standard in which a control is enabled.
- compliance
Security List<InsightControl Id String Filter> - The unique identifier of a control across standards.
- compliance
Security List<InsightControl Parameters Name String Filter> - The name of a security control parameter.
- compliance
Security List<InsightControl Parameters Value String Filter> - The current value of a security control parameter.
- compliance
Status List<InsightString Filter> - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- confidence
List<Insight
Number Filter> - A finding's confidence.
- created
At List<InsightDate Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- criticality
List<Insight
Number Filter> - The level of importance assigned to the resources associated with the finding.
- description
List<Insight
String Filter> - A finding's description.
- finding
Provider List<InsightFields Confidence Number Filter> - The finding provider value for the finding confidence.
- finding
Provider List<InsightFields Criticality Number Filter> - The finding provider value for the level of importance assigned to the resources associated with the findings.
- List<Insight
String Filter> - The finding identifier of a related finding that is identified by the finding provider.
- List<Insight
String Filter> - The ARN of the solution that generated a related finding that is identified by the finding provider.
- finding
Provider List<InsightFields Severity Label String Filter> - The finding provider value for the severity label.
- finding
Provider List<InsightFields Severity Original String Filter> - The finding provider's original value for the severity.
- finding
Provider List<InsightFields Types String Filter> - One or more finding types that the finding provider assigned to the finding.
- first
Observed List<InsightAt Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- generator
Id List<InsightString Filter> - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- id
List<Insight
String Filter> - The security findings provider-specific identifier for a finding.
- keyword
List<Insight
Keyword Filter> - A keyword for a finding.
- last
Observed List<InsightAt Date Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- malware
Name List<InsightString Filter> - The name of the malware that was observed.
- malware
Path List<InsightString Filter> - The filesystem path of the malware that was observed.
- malware
State List<InsightString Filter> - The state of the malware that was observed.
- malware
Type List<InsightString Filter> - The type of the malware that was observed.
- network
Destination List<InsightDomain String Filter> - The destination domain of network-related information about a finding.
- network
Destination List<InsightIp V4 Ip Filter> - The destination IPv4 address of network-related information about a finding.
- network
Destination List<InsightIp V6 Ip Filter> - The destination IPv6 address of network-related information about a finding.
- network
Destination List<InsightPort Number Filter> - The destination port of network-related information about a finding.
- network
Direction List<InsightString Filter> - Indicates the direction of network traffic associated with a finding.
- network
Protocol List<InsightString Filter> - The protocol of network-related information about a finding.
- network
Source List<InsightDomain String Filter> - The source domain of network-related information about a finding.
- network
Source List<InsightIp V4 Ip Filter> - The source IPv4 address of network-related information about a finding.
- network
Source List<InsightIp V6 Ip Filter> - The source IPv6 address of network-related information about a finding.
- network
Source List<InsightMac String Filter> - The source media access control (MAC) address of network-related information about a finding.
- network
Source List<InsightPort Number Filter> - The source port of network-related information about a finding.
- note
Text List<InsightString Filter> - The text of a note.
- note
Updated List<InsightAt Date Filter> - The timestamp of when the note was updated.
- note
Updated List<InsightBy String Filter> - The principal that created a note.
- process
Launched List<InsightAt Date Filter> - A timestamp that identifies when the process was launched.
- process
Name List<InsightString Filter> - The name of the process.
- process
Parent List<InsightPid Number Filter> - The parent process ID.
- process
Path List<InsightString Filter> - The path to the process executable.
- process
Pid List<InsightNumber Filter> - The process ID.
- process
Terminated List<InsightAt Date Filter> - A timestamp that identifies when the process was terminated.
- product
Arn List<InsightString Filter> - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- product
Fields List<InsightMap Filter> - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- product
Name List<InsightString Filter> - The name of the solution (product) that generates findings.
- recommendation
Text List<InsightString Filter> - The recommendation of what to do about the issue described in a finding.
- record
State List<InsightString Filter> - The updated record state for the finding.
- region
List<Insight
String Filter> - The Region from which the finding was generated.
- List<Insight
String Filter> - The solution-generated identifier for a related finding.
- List<Insight
String Filter> - The ARN of the solution that generated a related finding.
- resource
Application List<InsightArn String Filter> - The ARN of the application that is related to a finding.
- resource
Application List<InsightName String Filter> - The name of the application that is related to a finding.
- resource
Aws List<InsightEc2Instance Iam Instance Profile Arn String Filter> - The IAM profile ARN of the instance.
- resource
Aws List<InsightEc2Instance Image Id String Filter> - The Amazon Machine Image (AMI) ID of the instance.
- resource
Aws List<InsightEc2Instance Ip V4Addresses Ip Filter> - The IPv4 addresses associated with the instance.
- resource
Aws List<InsightEc2Instance Ip V6Addresses Ip Filter> - The IPv6 addresses associated with the instance.
- resource
Aws List<InsightEc2Instance Key Name String Filter> - The key name associated with the instance.
- resource
Aws List<InsightEc2Instance Launched At Date Filter> - The date and time the instance was launched.
- resource
Aws List<InsightEc2Instance Subnet Id String Filter> - The identifier of the subnet that the instance was launched in.
- resource
Aws List<InsightEc2Instance Type String Filter> - The instance type of the instance.
- resource
Aws List<InsightEc2Instance Vpc Id String Filter> - The identifier of the VPC that the instance was launched in.
- resource
Aws List<InsightIam Access Key Created At Date Filter> - The creation date/time of the IAM access key related to a finding.
- resource
Aws List<InsightIam Access Key Principal Name String Filter> - The name of the principal that is associated with an IAM access key.
- resource
Aws List<InsightIam Access Key Status String Filter> - The status of the IAM access key related to a finding.
- resource
Aws List<InsightIam Access Key User Name String Filter> - The user associated with the IAM access key related to a finding.
- resource
Aws List<InsightIam User User Name String Filter> - The name of an IAM user.
- resource
Aws List<InsightS3Bucket Owner Id String Filter> - The canonical user ID of the owner of the S3 bucket.
- resource
Aws List<InsightS3Bucket Owner Name String Filter> - The display name of the owner of the S3 bucket.
- resource
Container List<InsightImage Id String Filter> - The identifier of the image related to a finding.
- resource
Container List<InsightImage Name String Filter> - The name of the image related to a finding.
- resource
Container List<InsightLaunched At Date Filter> - A timestamp that identifies when the container was started.
- resource
Container List<InsightName String Filter> - The name of the container related to a finding.
- resource
Details List<InsightOther Map Filter> - The details of a resource that doesn't have a specific subfield for the resource type defined.
- resource
Id List<InsightString Filter> - The canonical identifier for the given resource type.
- resource
Partition List<InsightString Filter> - The canonical AWS partition name that the Region is assigned to.
- resource
Region List<InsightString Filter> - The canonical AWS external Region name where this resource is located.
- List<Insight
Map Filter> - A list of AWS tags associated with a resource at the time the finding was processed.
- resource
Type List<InsightString Filter> - Specifies the type of the resource that details are provided for.
- sample
List<Insight
Boolean Filter> - Indicates whether or not sample findings are included in the filter results.
- severity
Label List<InsightString Filter> - The label of a finding's severity.
- severity
Normalized List<InsightNumber Filter> - The normalized severity of a finding.
- severity
Product List<InsightNumber Filter> - The native severity as defined by the security findings provider's solution that generated the finding.
- source
Url List<InsightString Filter> - A URL that links to a page about the current finding in the security findings provider's solution.
- threat
Intel List<InsightIndicator Category String Filter> - The category of a threat intelligence indicator.
- threat
Intel List<InsightIndicator Last Observed At Date Filter> - A timestamp that identifies the last observation of a threat intelligence indicator.
- threat
Intel List<InsightIndicator Source String Filter> - The source of the threat intelligence.
- threat
Intel List<InsightIndicator Source Url String Filter> - The URL for more details from the source of the threat intelligence.
- threat
Intel List<InsightIndicator Type String Filter> - The type of a threat intelligence indicator.
- threat
Intel List<InsightIndicator Value String Filter> - The value of a threat intelligence indicator.
- title
List<Insight
String Filter> - A finding's title.
- type
List<Insight
String Filter> - A finding type in the format of namespace/category/classifier that classifies a finding.
- updated
At List<InsightDate Filter> - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- user
Defined List<InsightFields Map Filter> - A list of name/value string pairs associated with the finding.
- verification
State List<InsightString Filter> - The veracity of a finding.
- vulnerabilities
Exploit List<InsightAvailable String Filter> - Indicates whether a software vulnerability in your environment has a known exploit.
- vulnerabilities
Fix List<InsightAvailable String Filter> - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- workflow
State List<InsightString Filter> - The workflow state of a finding.
- workflow
Status List<InsightString Filter> - The status of the investigation into a finding.
- aws
Account InsightId String Filter[] - The AWS account ID in which a finding is generated.
- aws
Account InsightName String Filter[] - The name of the AWS account in which a finding is generated.
- company
Name InsightString Filter[] - The name of the findings provider (company) that owns the solution (product) that generates findings.
- compliance
Associated InsightStandards Id String Filter[] - The unique identifier of a standard in which a control is enabled.
- compliance
Security InsightControl Id String Filter[] - The unique identifier of a control across standards.
- compliance
Security InsightControl Parameters Name String Filter[] - The name of a security control parameter.
- compliance
Security InsightControl Parameters Value String Filter[] - The current value of a security control parameter.
- compliance
Status InsightString Filter[] - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- confidence
Insight
Number Filter[] - A finding's confidence.
- created
At InsightDate Filter[] - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- criticality
Insight
Number Filter[] - The level of importance assigned to the resources associated with the finding.
- description
Insight
String Filter[] - A finding's description.
- finding
Provider InsightFields Confidence Number Filter[] - The finding provider value for the finding confidence.
- finding
Provider InsightFields Criticality Number Filter[] - The finding provider value for the level of importance assigned to the resources associated with the findings.
- Insight
String Filter[] - The finding identifier of a related finding that is identified by the finding provider.
- Insight
String Filter[] - The ARN of the solution that generated a related finding that is identified by the finding provider.
- finding
Provider InsightFields Severity Label String Filter[] - The finding provider value for the severity label.
- finding
Provider InsightFields Severity Original String Filter[] - The finding provider's original value for the severity.
- finding
Provider InsightFields Types String Filter[] - One or more finding types that the finding provider assigned to the finding.
- first
Observed InsightAt Date Filter[] - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- generator
Id InsightString Filter[] - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- id
Insight
String Filter[] - The security findings provider-specific identifier for a finding.
- keyword
Insight
Keyword Filter[] - A keyword for a finding.
- last
Observed InsightAt Date Filter[] - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- malware
Name InsightString Filter[] - The name of the malware that was observed.
- malware
Path InsightString Filter[] - The filesystem path of the malware that was observed.
- malware
State InsightString Filter[] - The state of the malware that was observed.
- malware
Type InsightString Filter[] - The type of the malware that was observed.
- network
Destination InsightDomain String Filter[] - The destination domain of network-related information about a finding.
- network
Destination InsightIp V4 Ip Filter[] - The destination IPv4 address of network-related information about a finding.
- network
Destination InsightIp V6 Ip Filter[] - The destination IPv6 address of network-related information about a finding.
- network
Destination InsightPort Number Filter[] - The destination port of network-related information about a finding.
- network
Direction InsightString Filter[] - Indicates the direction of network traffic associated with a finding.
- network
Protocol InsightString Filter[] - The protocol of network-related information about a finding.
- network
Source InsightDomain String Filter[] - The source domain of network-related information about a finding.
- network
Source InsightIp V4 Ip Filter[] - The source IPv4 address of network-related information about a finding.
- network
Source InsightIp V6 Ip Filter[] - The source IPv6 address of network-related information about a finding.
- network
Source InsightMac String Filter[] - The source media access control (MAC) address of network-related information about a finding.
- network
Source InsightPort Number Filter[] - The source port of network-related information about a finding.
- note
Text InsightString Filter[] - The text of a note.
- note
Updated InsightAt Date Filter[] - The timestamp of when the note was updated.
- note
Updated InsightBy String Filter[] - The principal that created a note.
- process
Launched InsightAt Date Filter[] - A timestamp that identifies when the process was launched.
- process
Name InsightString Filter[] - The name of the process.
- process
Parent InsightPid Number Filter[] - The parent process ID.
- process
Path InsightString Filter[] - The path to the process executable.
- process
Pid InsightNumber Filter[] - The process ID.
- process
Terminated InsightAt Date Filter[] - A timestamp that identifies when the process was terminated.
- product
Arn InsightString Filter[] - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- product
Fields InsightMap Filter[] - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- product
Name InsightString Filter[] - The name of the solution (product) that generates findings.
- recommendation
Text InsightString Filter[] - The recommendation of what to do about the issue described in a finding.
- record
State InsightString Filter[] - The updated record state for the finding.
- region
Insight
String Filter[] - The Region from which the finding was generated.
- Insight
String Filter[] - The solution-generated identifier for a related finding.
- Insight
String Filter[] - The ARN of the solution that generated a related finding.
- resource
Application InsightArn String Filter[] - The ARN of the application that is related to a finding.
- resource
Application InsightName String Filter[] - The name of the application that is related to a finding.
- resource
Aws InsightEc2Instance Iam Instance Profile Arn String Filter[] - The IAM profile ARN of the instance.
- resource
Aws InsightEc2Instance Image Id String Filter[] - The Amazon Machine Image (AMI) ID of the instance.
- resource
Aws InsightEc2Instance Ip V4Addresses Ip Filter[] - The IPv4 addresses associated with the instance.
- resource
Aws InsightEc2Instance Ip V6Addresses Ip Filter[] - The IPv6 addresses associated with the instance.
- resource
Aws InsightEc2Instance Key Name String Filter[] - The key name associated with the instance.
- resource
Aws InsightEc2Instance Launched At Date Filter[] - The date and time the instance was launched.
- resource
Aws InsightEc2Instance Subnet Id String Filter[] - The identifier of the subnet that the instance was launched in.
- resource
Aws InsightEc2Instance Type String Filter[] - The instance type of the instance.
- resource
Aws InsightEc2Instance Vpc Id String Filter[] - The identifier of the VPC that the instance was launched in.
- resource
Aws InsightIam Access Key Created At Date Filter[] - The creation date/time of the IAM access key related to a finding.
- resource
Aws InsightIam Access Key Principal Name String Filter[] - The name of the principal that is associated with an IAM access key.
- resource
Aws InsightIam Access Key Status String Filter[] - The status of the IAM access key related to a finding.
- resource
Aws InsightIam Access Key User Name String Filter[] - The user associated with the IAM access key related to a finding.
- resource
Aws InsightIam User User Name String Filter[] - The name of an IAM user.
- resource
Aws InsightS3Bucket Owner Id String Filter[] - The canonical user ID of the owner of the S3 bucket.
- resource
Aws InsightS3Bucket Owner Name String Filter[] - The display name of the owner of the S3 bucket.
- resource
Container InsightImage Id String Filter[] - The identifier of the image related to a finding.
- resource
Container InsightImage Name String Filter[] - The name of the image related to a finding.
- resource
Container InsightLaunched At Date Filter[] - A timestamp that identifies when the container was started.
- resource
Container InsightName String Filter[] - The name of the container related to a finding.
- resource
Details InsightOther Map Filter[] - The details of a resource that doesn't have a specific subfield for the resource type defined.
- resource
Id InsightString Filter[] - The canonical identifier for the given resource type.
- resource
Partition InsightString Filter[] - The canonical AWS partition name that the Region is assigned to.
- resource
Region InsightString Filter[] - The canonical AWS external Region name where this resource is located.
- Insight
Map Filter[] - A list of AWS tags associated with a resource at the time the finding was processed.
- resource
Type InsightString Filter[] - Specifies the type of the resource that details are provided for.
- sample
Insight
Boolean Filter[] - Indicates whether or not sample findings are included in the filter results.
- severity
Label InsightString Filter[] - The label of a finding's severity.
- severity
Normalized InsightNumber Filter[] - The normalized severity of a finding.
- severity
Product InsightNumber Filter[] - The native severity as defined by the security findings provider's solution that generated the finding.
- source
Url InsightString Filter[] - A URL that links to a page about the current finding in the security findings provider's solution.
- threat
Intel InsightIndicator Category String Filter[] - The category of a threat intelligence indicator.
- threat
Intel InsightIndicator Last Observed At Date Filter[] - A timestamp that identifies the last observation of a threat intelligence indicator.
- threat
Intel InsightIndicator Source String Filter[] - The source of the threat intelligence.
- threat
Intel InsightIndicator Source Url String Filter[] - The URL for more details from the source of the threat intelligence.
- threat
Intel InsightIndicator Type String Filter[] - The type of a threat intelligence indicator.
- threat
Intel InsightIndicator Value String Filter[] - The value of a threat intelligence indicator.
- title
Insight
String Filter[] - A finding's title.
- type
Insight
String Filter[] - A finding type in the format of namespace/category/classifier that classifies a finding.
- updated
At InsightDate Filter[] - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- user
Defined InsightFields Map Filter[] - A list of name/value string pairs associated with the finding.
- verification
State InsightString Filter[] - The veracity of a finding.
- vulnerabilities
Exploit InsightAvailable String Filter[] - Indicates whether a software vulnerability in your environment has a known exploit.
- vulnerabilities
Fix InsightAvailable String Filter[] - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- workflow
State InsightString Filter[] - The workflow state of a finding.
- workflow
Status InsightString Filter[] - The status of the investigation into a finding.
- aws_
account_ Sequence[Insightid String Filter] - The AWS account ID in which a finding is generated.
- aws_
account_ Sequence[Insightname String Filter] - The name of the AWS account in which a finding is generated.
- company_
name Sequence[InsightString Filter] - The name of the findings provider (company) that owns the solution (product) that generates findings.
- compliance_
associated_ Sequence[Insightstandards_ id String Filter] - The unique identifier of a standard in which a control is enabled.
- compliance_
security_ Sequence[Insightcontrol_ id String Filter] - The unique identifier of a control across standards.
- compliance_
security_ Sequence[Insightcontrol_ parameters_ name String Filter] - The name of a security control parameter.
- compliance_
security_ Sequence[Insightcontrol_ parameters_ value String Filter] - The current value of a security control parameter.
- compliance_
status Sequence[InsightString Filter] - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- confidence
Sequence[Insight
Number Filter] - A finding's confidence.
- created_
at Sequence[InsightDate Filter] - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- criticality
Sequence[Insight
Number Filter] - The level of importance assigned to the resources associated with the finding.
- description
Sequence[Insight
String Filter] - A finding's description.
- finding_
provider_ Sequence[Insightfields_ confidence Number Filter] - The finding provider value for the finding confidence.
- finding_
provider_ Sequence[Insightfields_ criticality Number Filter] - The finding provider value for the level of importance assigned to the resources associated with the findings.
- Sequence[Insight
String Filter] - The finding identifier of a related finding that is identified by the finding provider.
- Sequence[Insight
String Filter] - The ARN of the solution that generated a related finding that is identified by the finding provider.
- finding_
provider_ Sequence[Insightfields_ severity_ label String Filter] - The finding provider value for the severity label.
- finding_
provider_ Sequence[Insightfields_ severity_ original String Filter] - The finding provider's original value for the severity.
- finding_
provider_ Sequence[Insightfields_ types String Filter] - One or more finding types that the finding provider assigned to the finding.
- first_
observed_ Sequence[Insightat Date Filter] - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- generator_
id Sequence[InsightString Filter] - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- id
Sequence[Insight
String Filter] - The security findings provider-specific identifier for a finding.
- keyword
Sequence[Insight
Keyword Filter] - A keyword for a finding.
- last_
observed_ Sequence[Insightat Date Filter] - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- malware_
name Sequence[InsightString Filter] - The name of the malware that was observed.
- malware_
path Sequence[InsightString Filter] - The filesystem path of the malware that was observed.
- malware_
state Sequence[InsightString Filter] - The state of the malware that was observed.
- malware_
type Sequence[InsightString Filter] - The type of the malware that was observed.
- network_
destination_ Sequence[Insightdomain String Filter] - The destination domain of network-related information about a finding.
- network_
destination_ Sequence[Insightip_ v4 Ip Filter] - The destination IPv4 address of network-related information about a finding.
- network_
destination_ Sequence[Insightip_ v6 Ip Filter] - The destination IPv6 address of network-related information about a finding.
- network_
destination_ Sequence[Insightport Number Filter] - The destination port of network-related information about a finding.
- network_
direction Sequence[InsightString Filter] - Indicates the direction of network traffic associated with a finding.
- network_
protocol Sequence[InsightString Filter] - The protocol of network-related information about a finding.
- network_
source_ Sequence[Insightdomain String Filter] - The source domain of network-related information about a finding.
- network_
source_ Sequence[Insightip_ v4 Ip Filter] - The source IPv4 address of network-related information about a finding.
- network_
source_ Sequence[Insightip_ v6 Ip Filter] - The source IPv6 address of network-related information about a finding.
- network_
source_ Sequence[Insightmac String Filter] - The source media access control (MAC) address of network-related information about a finding.
- network_
source_ Sequence[Insightport Number Filter] - The source port of network-related information about a finding.
- note_
text Sequence[InsightString Filter] - The text of a note.
- note_
updated_ Sequence[Insightat Date Filter] - The timestamp of when the note was updated.
- note_
updated_ Sequence[Insightby String Filter] - The principal that created a note.
- process_
launched_ Sequence[Insightat Date Filter] - A timestamp that identifies when the process was launched.
- process_
name Sequence[InsightString Filter] - The name of the process.
- process_
parent_ Sequence[Insightpid Number Filter] - The parent process ID.
- process_
path Sequence[InsightString Filter] - The path to the process executable.
- process_
pid Sequence[InsightNumber Filter] - The process ID.
- process_
terminated_ Sequence[Insightat Date Filter] - A timestamp that identifies when the process was terminated.
- product_
arn Sequence[InsightString Filter] - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- product_
fields Sequence[InsightMap Filter] - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- product_
name Sequence[InsightString Filter] - The name of the solution (product) that generates findings.
- recommendation_
text Sequence[InsightString Filter] - The recommendation of what to do about the issue described in a finding.
- record_
state Sequence[InsightString Filter] - The updated record state for the finding.
- region
Sequence[Insight
String Filter] - The Region from which the finding was generated.
- Sequence[Insight
String Filter] - The solution-generated identifier for a related finding.
- Sequence[Insight
String Filter] - The ARN of the solution that generated a related finding.
- resource_
application_ Sequence[Insightarn String Filter] - The ARN of the application that is related to a finding.
- resource_
application_ Sequence[Insightname String Filter] - The name of the application that is related to a finding.
- resource_
aws_ Sequence[Insightec2_ instance_ iam_ instance_ profile_ arn String Filter] - The IAM profile ARN of the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ image_ id String Filter] - The Amazon Machine Image (AMI) ID of the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ ip_ v4_ addresses Ip Filter] - The IPv4 addresses associated with the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ ip_ v6_ addresses Ip Filter] - The IPv6 addresses associated with the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ key_ name String Filter] - The key name associated with the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ launched_ at Date Filter] - The date and time the instance was launched.
- resource_
aws_ Sequence[Insightec2_ instance_ subnet_ id String Filter] - The identifier of the subnet that the instance was launched in.
- resource_
aws_ Sequence[Insightec2_ instance_ type String Filter] - The instance type of the instance.
- resource_
aws_ Sequence[Insightec2_ instance_ vpc_ id String Filter] - The identifier of the VPC that the instance was launched in.
- resource_
aws_ Sequence[Insightiam_ access_ key_ created_ at Date Filter] - The creation date/time of the IAM access key related to a finding.
- resource_
aws_ Sequence[Insightiam_ access_ key_ principal_ name String Filter] - The name of the principal that is associated with an IAM access key.
- resource_
aws_ Sequence[Insightiam_ access_ key_ status String Filter] - The status of the IAM access key related to a finding.
- resource_
aws_ Sequence[Insightiam_ access_ key_ user_ name String Filter] - The user associated with the IAM access key related to a finding.
- resource_
aws_ Sequence[Insightiam_ user_ user_ name String Filter] - The name of an IAM user.
- resource_
aws_ Sequence[Insights3_ bucket_ owner_ id String Filter] - The canonical user ID of the owner of the S3 bucket.
- resource_
aws_ Sequence[Insights3_ bucket_ owner_ name String Filter] - The display name of the owner of the S3 bucket.
- resource_
container_ Sequence[Insightimage_ id String Filter] - The identifier of the image related to a finding.
- resource_
container_ Sequence[Insightimage_ name String Filter] - The name of the image related to a finding.
- resource_
container_ Sequence[Insightlaunched_ at Date Filter] - A timestamp that identifies when the container was started.
- resource_
container_ Sequence[Insightname String Filter] - The name of the container related to a finding.
- resource_
details_ Sequence[Insightother Map Filter] - The details of a resource that doesn't have a specific subfield for the resource type defined.
- resource_
id Sequence[InsightString Filter] - The canonical identifier for the given resource type.
- resource_
partition Sequence[InsightString Filter] - The canonical AWS partition name that the Region is assigned to.
- resource_
region Sequence[InsightString Filter] - The canonical AWS external Region name where this resource is located.
- Sequence[Insight
Map Filter] - A list of AWS tags associated with a resource at the time the finding was processed.
- resource_
type Sequence[InsightString Filter] - Specifies the type of the resource that details are provided for.
- sample
Sequence[Insight
Boolean Filter] - Indicates whether or not sample findings are included in the filter results.
- severity_
label Sequence[InsightString Filter] - The label of a finding's severity.
- severity_
normalized Sequence[InsightNumber Filter] - The normalized severity of a finding.
- severity_
product Sequence[InsightNumber Filter] - The native severity as defined by the security findings provider's solution that generated the finding.
- source_
url Sequence[InsightString Filter] - A URL that links to a page about the current finding in the security findings provider's solution.
- threat_
intel_ Sequence[Insightindicator_ category String Filter] - The category of a threat intelligence indicator.
- threat_
intel_ Sequence[Insightindicator_ last_ observed_ at Date Filter] - A timestamp that identifies the last observation of a threat intelligence indicator.
- threat_
intel_ Sequence[Insightindicator_ source String Filter] - The source of the threat intelligence.
- threat_
intel_ Sequence[Insightindicator_ source_ url String Filter] - The URL for more details from the source of the threat intelligence.
- threat_
intel_ Sequence[Insightindicator_ type String Filter] - The type of a threat intelligence indicator.
- threat_
intel_ Sequence[Insightindicator_ value String Filter] - The value of a threat intelligence indicator.
- title
Sequence[Insight
String Filter] - A finding's title.
- type
Sequence[Insight
String Filter] - A finding type in the format of namespace/category/classifier that classifies a finding.
- updated_
at Sequence[InsightDate Filter] - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- user_
defined_ Sequence[Insightfields Map Filter] - A list of name/value string pairs associated with the finding.
- verification_
state Sequence[InsightString Filter] - The veracity of a finding.
- vulnerabilities_
exploit_ Sequence[Insightavailable String Filter] - Indicates whether a software vulnerability in your environment has a known exploit.
- vulnerabilities_
fix_ Sequence[Insightavailable String Filter] - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- workflow_
state Sequence[InsightString Filter] - The workflow state of a finding.
- workflow_
status Sequence[InsightString Filter] - The status of the investigation into a finding.
- aws
Account List<Property Map>Id - The AWS account ID in which a finding is generated.
- aws
Account List<Property Map>Name - The name of the AWS account in which a finding is generated.
- company
Name List<Property Map> - The name of the findings provider (company) that owns the solution (product) that generates findings.
- compliance
Associated List<Property Map>Standards Id - The unique identifier of a standard in which a control is enabled.
- compliance
Security List<Property Map>Control Id - The unique identifier of a control across standards.
- compliance
Security List<Property Map>Control Parameters Name - The name of a security control parameter.
- compliance
Security List<Property Map>Control Parameters Value - The current value of a security control parameter.
- compliance
Status List<Property Map> - Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard.
- confidence List<Property Map>
- A finding's confidence.
- created
At List<Property Map> - An ISO8601-formatted timestamp that indicates when the security findings provider captured the potential security issue that a finding captured.
- criticality List<Property Map>
- The level of importance assigned to the resources associated with the finding.
- description List<Property Map>
- A finding's description.
- finding
Provider List<Property Map>Fields Confidence - The finding provider value for the finding confidence.
- finding
Provider List<Property Map>Fields Criticality - The finding provider value for the level of importance assigned to the resources associated with the findings.
- List<Property Map>
- The finding identifier of a related finding that is identified by the finding provider.
- List<Property Map>
- The ARN of the solution that generated a related finding that is identified by the finding provider.
- finding
Provider List<Property Map>Fields Severity Label - The finding provider value for the severity label.
- finding
Provider List<Property Map>Fields Severity Original - The finding provider's original value for the severity.
- finding
Provider List<Property Map>Fields Types - One or more finding types that the finding provider assigned to the finding.
- first
Observed List<Property Map>At - An ISO8601-formatted timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.
- generator
Id List<Property Map> - The identifier for the solution-specific component (a discrete unit of logic) that generated a finding.
- id List<Property Map>
- The security findings provider-specific identifier for a finding.
- keyword List<Property Map>
- A keyword for a finding.
- last
Observed List<Property Map>At - An ISO8601-formatted timestamp that indicates when the security findings provider most recently observed the potential security issue that a finding captured.
- malware
Name List<Property Map> - The name of the malware that was observed.
- malware
Path List<Property Map> - The filesystem path of the malware that was observed.
- malware
State List<Property Map> - The state of the malware that was observed.
- malware
Type List<Property Map> - The type of the malware that was observed.
- network
Destination List<Property Map>Domain - The destination domain of network-related information about a finding.
- network
Destination List<Property Map>Ip V4 - The destination IPv4 address of network-related information about a finding.
- network
Destination List<Property Map>Ip V6 - The destination IPv6 address of network-related information about a finding.
- network
Destination List<Property Map>Port - The destination port of network-related information about a finding.
- network
Direction List<Property Map> - Indicates the direction of network traffic associated with a finding.
- network
Protocol List<Property Map> - The protocol of network-related information about a finding.
- network
Source List<Property Map>Domain - The source domain of network-related information about a finding.
- network
Source List<Property Map>Ip V4 - The source IPv4 address of network-related information about a finding.
- network
Source List<Property Map>Ip V6 - The source IPv6 address of network-related information about a finding.
- network
Source List<Property Map>Mac - The source media access control (MAC) address of network-related information about a finding.
- network
Source List<Property Map>Port - The source port of network-related information about a finding.
- note
Text List<Property Map> - The text of a note.
- note
Updated List<Property Map>At - The timestamp of when the note was updated.
- note
Updated List<Property Map>By - The principal that created a note.
- process
Launched List<Property Map>At - A timestamp that identifies when the process was launched.
- process
Name List<Property Map> - The name of the process.
- process
Parent List<Property Map>Pid - The parent process ID.
- process
Path List<Property Map> - The path to the process executable.
- process
Pid List<Property Map> - The process ID.
- process
Terminated List<Property Map>At - A timestamp that identifies when the process was terminated.
- product
Arn List<Property Map> - The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
- product
Fields List<Property Map> - A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.
- product
Name List<Property Map> - The name of the solution (product) that generates findings.
- recommendation
Text List<Property Map> - The recommendation of what to do about the issue described in a finding.
- record
State List<Property Map> - The updated record state for the finding.
- region List<Property Map>
- The Region from which the finding was generated.
- List<Property Map>
- The solution-generated identifier for a related finding.
- List<Property Map>
- The ARN of the solution that generated a related finding.
- resource
Application List<Property Map>Arn - The ARN of the application that is related to a finding.
- resource
Application List<Property Map>Name - The name of the application that is related to a finding.
- resource
Aws List<Property Map>Ec2Instance Iam Instance Profile Arn - The IAM profile ARN of the instance.
- resource
Aws List<Property Map>Ec2Instance Image Id - The Amazon Machine Image (AMI) ID of the instance.
- resource
Aws List<Property Map>Ec2Instance Ip V4Addresses - The IPv4 addresses associated with the instance.
- resource
Aws List<Property Map>Ec2Instance Ip V6Addresses - The IPv6 addresses associated with the instance.
- resource
Aws List<Property Map>Ec2Instance Key Name - The key name associated with the instance.
- resource
Aws List<Property Map>Ec2Instance Launched At - The date and time the instance was launched.
- resource
Aws List<Property Map>Ec2Instance Subnet Id - The identifier of the subnet that the instance was launched in.
- resource
Aws List<Property Map>Ec2Instance Type - The instance type of the instance.
- resource
Aws List<Property Map>Ec2Instance Vpc Id - The identifier of the VPC that the instance was launched in.
- resource
Aws List<Property Map>Iam Access Key Created At - The creation date/time of the IAM access key related to a finding.
- resource
Aws List<Property Map>Iam Access Key Principal Name - The name of the principal that is associated with an IAM access key.
- resource
Aws List<Property Map>Iam Access Key Status - The status of the IAM access key related to a finding.
- resource
Aws List<Property Map>Iam Access Key User Name - The user associated with the IAM access key related to a finding.
- resource
Aws List<Property Map>Iam User User Name - The name of an IAM user.
- resource
Aws List<Property Map>S3Bucket Owner Id - The canonical user ID of the owner of the S3 bucket.
- resource
Aws List<Property Map>S3Bucket Owner Name - The display name of the owner of the S3 bucket.
- resource
Container List<Property Map>Image Id - The identifier of the image related to a finding.
- resource
Container List<Property Map>Image Name - The name of the image related to a finding.
- resource
Container List<Property Map>Launched At - A timestamp that identifies when the container was started.
- resource
Container List<Property Map>Name - The name of the container related to a finding.
- resource
Details List<Property Map>Other - The details of a resource that doesn't have a specific subfield for the resource type defined.
- resource
Id List<Property Map> - The canonical identifier for the given resource type.
- resource
Partition List<Property Map> - The canonical AWS partition name that the Region is assigned to.
- resource
Region List<Property Map> - The canonical AWS external Region name where this resource is located.
- List<Property Map>
- A list of AWS tags associated with a resource at the time the finding was processed.
- resource
Type List<Property Map> - Specifies the type of the resource that details are provided for.
- sample List<Property Map>
- Indicates whether or not sample findings are included in the filter results.
- severity
Label List<Property Map> - The label of a finding's severity.
- severity
Normalized List<Property Map> - The normalized severity of a finding.
- severity
Product List<Property Map> - The native severity as defined by the security findings provider's solution that generated the finding.
- source
Url List<Property Map> - A URL that links to a page about the current finding in the security findings provider's solution.
- threat
Intel List<Property Map>Indicator Category - The category of a threat intelligence indicator.
- threat
Intel List<Property Map>Indicator Last Observed At - A timestamp that identifies the last observation of a threat intelligence indicator.
- threat
Intel List<Property Map>Indicator Source - The source of the threat intelligence.
- threat
Intel List<Property Map>Indicator Source Url - The URL for more details from the source of the threat intelligence.
- threat
Intel List<Property Map>Indicator Type - The type of a threat intelligence indicator.
- threat
Intel List<Property Map>Indicator Value - The value of a threat intelligence indicator.
- title List<Property Map>
- A finding's title.
- type List<Property Map>
- A finding type in the format of namespace/category/classifier that classifies a finding.
- updated
At List<Property Map> - An ISO8601-formatted timestamp that indicates when the security findings provider last updated the finding record.
- user
Defined List<Property Map>Fields - A list of name/value string pairs associated with the finding.
- verification
State List<Property Map> - The veracity of a finding.
- vulnerabilities
Exploit List<Property Map>Available - Indicates whether a software vulnerability in your environment has a known exploit.
- vulnerabilities
Fix List<Property Map>Available - Indicates whether a vulnerability is fixed in a newer version of the affected software packages.
- workflow
State List<Property Map> - The workflow state of a finding.
- workflow
Status List<Property Map> - The status of the investigation into a finding.
InsightBooleanFilter, InsightBooleanFilterArgs
- Value bool
- The value of the boolean.
- Value bool
- The value of the boolean.
- value Boolean
- The value of the boolean.
- value boolean
- The value of the boolean.
- value bool
- The value of the boolean.
- value Boolean
- The value of the boolean.
InsightDateFilter, InsightDateFilterArgs
- Date
Range Pulumi.Aws Native. Security Hub. Inputs. Insight Date Range - A date range for the date filter.
- End string
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- Start string
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- Date
Range InsightDate Range - A date range for the date filter.
- End string
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- Start string
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date
Range InsightDate Range - A date range for the date filter.
- end String
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start String
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date
Range InsightDate Range - A date range for the date filter.
- end string
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start string
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date_
range InsightDate Range - A date range for the date filter.
- end str
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start str
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- date
Range Property Map - A date range for the date filter.
- end String
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
- start String
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Z
or("+" / "-") time-hour [":" time-minute]
. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ
(for example,2019-01-31T23:00:00Z
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ
(for example,2019-01-31T23:00:00.123456789Z
)YYYY-MM-DDTHH:MM:SS+HH:MM
(for example,2024-01-04T15:25:10+17:59
)YYYY-MM-DDTHH:MM:SS-HHMM
(for example,2024-01-04T15:25:10-1759
)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM
(for example,2024-01-04T15:25:10.123456789+17:59
)
InsightDateRange, InsightDateRangeArgs
- Unit
Pulumi.
Aws Native. Security Hub. Insight Date Range Unit - A date range unit for the date filter.
- Value double
- A date range value for the date filter.
- Unit
Insight
Date Range Unit - A date range unit for the date filter.
- Value float64
- A date range value for the date filter.
- unit
Insight
Date Range Unit - A date range unit for the date filter.
- value Double
- A date range value for the date filter.
- unit
Insight
Date Range Unit - A date range unit for the date filter.
- value number
- A date range value for the date filter.
- unit
Insight
Date Range Unit - A date range unit for the date filter.
- value float
- A date range value for the date filter.
InsightDateRangeUnit, InsightDateRangeUnitArgs
- Days
- DAYS
- Insight
Date Range Unit Days - DAYS
- Days
- DAYS
- Days
- DAYS
- DAYS
- DAYS
- "DAYS"
- DAYS
InsightIpFilter, InsightIpFilterArgs
- Cidr string
- A finding's CIDR value.
- Cidr string
- A finding's CIDR value.
- cidr String
- A finding's CIDR value.
- cidr string
- A finding's CIDR value.
- cidr str
- A finding's CIDR value.
- cidr String
- A finding's CIDR value.
InsightKeywordFilter, InsightKeywordFilterArgs
- Value string
- A value for the keyword.
- Value string
- A value for the keyword.
- value String
- A value for the keyword.
- value string
- A value for the keyword.
- value str
- A value for the keyword.
- value String
- A value for the keyword.
InsightMapFilter, InsightMapFilterArgs
- Comparison
Pulumi.
Aws Native. Security Hub. Insight Map Filter Comparison - The condition to apply to the key value when filtering Security Hub findings with a map filter.
- Key string
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - Value string
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- Comparison
Insight
Map Filter Comparison - The condition to apply to the key value when filtering Security Hub findings with a map filter.
- Key string
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - Value string
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison
Insight
Map Filter Comparison - The condition to apply to the key value when filtering Security Hub findings with a map filter.
- key String
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value String
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison
Insight
Map Filter Comparison - The condition to apply to the key value when filtering Security Hub findings with a map filter.
- key string
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value string
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison
Insight
Map Filter Comparison - The condition to apply to the key value when filtering Security Hub findings with a map filter.
- key str
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value str
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
- comparison "EQUALS" | "NOT_EQUALS"
- The condition to apply to the key value when filtering Security Hub findings with a map filter.
- key String
- The key of the map filter. For example, for
ResourceTags
,Key
identifies the name of the tag. ForUserDefinedFields
,Key
is the name of the field. - value String
- The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Department
might beSecurity
. If you providesecurity
as the filter value, then there's no match.
InsightMapFilterComparison, InsightMapFilterComparisonArgs
- Equals
Value - EQUALS
- Not
Equals - NOT_EQUALS
- Insight
Map Filter Comparison Equals - EQUALS
- Insight
Map Filter Comparison Not Equals - NOT_EQUALS
- Equals
- EQUALS
- Not
Equals - NOT_EQUALS
- Equals
- EQUALS
- Not
Equals - NOT_EQUALS
- EQUALS
- EQUALS
- NOT_EQUALS
- NOT_EQUALS
- "EQUALS"
- EQUALS
- "NOT_EQUALS"
- NOT_EQUALS
InsightNumberFilter, InsightNumberFilterArgs
InsightStringFilter, InsightStringFilterArgs
- Comparison
Pulumi.
Aws Native. Security Hub. Insight String Filter Comparison The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- Value string
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- Comparison
Insight
String Filter Comparison The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- Value string
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison
Insight
String Filter Comparison The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- value String
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison
Insight
String Filter Comparison The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- value string
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison
Insight
String Filter Comparison The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- value str
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
- comparison "EQUALS" | "PREFIX" | "NOT_EQUALS" | "PREFIX_NOT_EQUALS"
The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS
. For example, the filterTitle CONTAINS CloudFront
matches findings that have aTitle
that includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS
. For example, the filterAwsAccountId EQUALS 123456789012
only matches findings that have an account ID of123456789012
. - To search for values that start with the filter value, use
PREFIX
. For example, the filterResourceRegion PREFIX us
matches findings that have aResourceRegion
that starts withus
. AResourceRegion
that starts with a different value, such asaf
,ap
, orca
, doesn't match.
CONTAINS
,EQUALS
, andPREFIX
filters on the same field are joined byOR
. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatch
match a finding that includes eitherCloudFront
,CloudWatch
, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
- To search for values that exclude the filter value, use
NOT_CONTAINS
. For example, the filterTitle NOT_CONTAINS CloudFront
matches findings that have aTitle
that excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS
. For example, the filterAwsAccountId NOT_EQUALS 123456789012
only matches findings that have an account ID other than123456789012
. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS
. For example, the filterResourceRegion PREFIX_NOT_EQUALS us
matches findings with aResourceRegion
that starts with a value other thanus
.
NOT_CONTAINS
,NOT_EQUALS
, andPREFIX_NOT_EQUALS
filters on the same field are joined byAND
. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch
match a finding that excludes bothCloudFront
andCloudWatch
in the title.You can’t have both a
CONTAINS
filter and aNOT_CONTAINS
filter on the same field. Similarly, you can't provide both anEQUALS
filter and aNOT_EQUALS
orPREFIX_NOT_EQUALS
filter on the same field. Combining filters in this way returns an error.CONTAINS
filters can only be used with otherCONTAINS
filters.NOT_CONTAINS
filters can only be used with otherNOT_CONTAINS
filters.You can combine
PREFIX
filters withNOT_EQUALS
orPREFIX_NOT_EQUALS
filters for the same field. Security Hub first processes thePREFIX
filters, and then theNOT_EQUALS
orPREFIX_NOT_EQUALS
filters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIam
orAwsEc2
. It then excludes findings that have a resource type ofAwsIamPolicy
and findings that have a resource type ofAwsEc2NetworkInterface
.ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINS
andNOT_CONTAINS
operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .- To search for values that include the filter value, use
- value String
- The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub
. If you providesecurity hub
as the filter value, there's no match.
InsightStringFilterComparison, InsightStringFilterComparisonArgs
- Equals
Value - EQUALS
- Prefix
- PREFIX
- Not
Equals - NOT_EQUALS
- Prefix
Not Equals - PREFIX_NOT_EQUALS
- Insight
String Filter Comparison Equals - EQUALS
- Insight
String Filter Comparison Prefix - PREFIX
- Insight
String Filter Comparison Not Equals - NOT_EQUALS
- Insight
String Filter Comparison Prefix Not Equals - PREFIX_NOT_EQUALS
- Equals
- EQUALS
- Prefix
- PREFIX
- Not
Equals - NOT_EQUALS
- Prefix
Not Equals - PREFIX_NOT_EQUALS
- Equals
- EQUALS
- Prefix
- PREFIX
- Not
Equals - NOT_EQUALS
- Prefix
Not Equals - PREFIX_NOT_EQUALS
- EQUALS
- EQUALS
- PREFIX
- PREFIX
- NOT_EQUALS
- NOT_EQUALS
- PREFIX_NOT_EQUALS
- PREFIX_NOT_EQUALS
- "EQUALS"
- EQUALS
- "PREFIX"
- PREFIX
- "NOT_EQUALS"
- NOT_EQUALS
- "PREFIX_NOT_EQUALS"
- PREFIX_NOT_EQUALS
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.