aws.securityhub.AutomationRule
Explore with Pulumi AI
Resource for managing an AWS Security Hub Automation Rule.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.securityhub.AutomationRule("example", {
description: "Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk",
ruleName: "Elevate severity of findings that relate to important resources",
ruleOrder: 1,
actions: [{
findingFieldsUpdate: {
severity: {
label: "CRITICAL",
product: 0,
},
note: {
text: "This is a critical resource. Please review ASAP.",
updatedBy: "sechub-automation",
},
types: ["Software and Configuration Checks/Industry and Regulatory Standards"],
userDefinedFields: {
key: "value",
},
},
type: "FINDING_FIELDS_UPDATE",
}],
criteria: {
resourceIds: [{
comparison: "EQUALS",
value: "arn:aws:s3:::examplebucket/*",
}],
},
});
import pulumi
import pulumi_aws as aws
example = aws.securityhub.AutomationRule("example",
description="Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk",
rule_name="Elevate severity of findings that relate to important resources",
rule_order=1,
actions=[{
"finding_fields_update": {
"severity": {
"label": "CRITICAL",
"product": 0,
},
"note": {
"text": "This is a critical resource. Please review ASAP.",
"updated_by": "sechub-automation",
},
"types": ["Software and Configuration Checks/Industry and Regulatory Standards"],
"user_defined_fields": {
"key": "value",
},
},
"type": "FINDING_FIELDS_UPDATE",
}],
criteria={
"resource_ids": [{
"comparison": "EQUALS",
"value": "arn:aws:s3:::examplebucket/*",
}],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityhub.NewAutomationRule(ctx, "example", &securityhub.AutomationRuleArgs{
Description: pulumi.String("Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk"),
RuleName: pulumi.String("Elevate severity of findings that relate to important resources"),
RuleOrder: pulumi.Int(1),
Actions: securityhub.AutomationRuleActionArray{
&securityhub.AutomationRuleActionArgs{
FindingFieldsUpdate: &securityhub.AutomationRuleActionFindingFieldsUpdateArgs{
Severity: &securityhub.AutomationRuleActionFindingFieldsUpdateSeverityArgs{
Label: pulumi.String("CRITICAL"),
Product: pulumi.Float64(0),
},
Note: &securityhub.AutomationRuleActionFindingFieldsUpdateNoteArgs{
Text: pulumi.String("This is a critical resource. Please review ASAP."),
UpdatedBy: pulumi.String("sechub-automation"),
},
Types: pulumi.StringArray{
pulumi.String("Software and Configuration Checks/Industry and Regulatory Standards"),
},
UserDefinedFields: pulumi.StringMap{
"key": pulumi.String("value"),
},
},
Type: pulumi.String("FINDING_FIELDS_UPDATE"),
},
},
Criteria: &securityhub.AutomationRuleCriteriaArgs{
ResourceIds: securityhub.AutomationRuleCriteriaResourceIdArray{
&securityhub.AutomationRuleCriteriaResourceIdArgs{
Comparison: pulumi.String("EQUALS"),
Value: pulumi.String("arn:aws:s3:::examplebucket/*"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.SecurityHub.AutomationRule("example", new()
{
Description = "Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk",
RuleName = "Elevate severity of findings that relate to important resources",
RuleOrder = 1,
Actions = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleActionArgs
{
FindingFieldsUpdate = new Aws.SecurityHub.Inputs.AutomationRuleActionFindingFieldsUpdateArgs
{
Severity = new Aws.SecurityHub.Inputs.AutomationRuleActionFindingFieldsUpdateSeverityArgs
{
Label = "CRITICAL",
Product = 0,
},
Note = new Aws.SecurityHub.Inputs.AutomationRuleActionFindingFieldsUpdateNoteArgs
{
Text = "This is a critical resource. Please review ASAP.",
UpdatedBy = "sechub-automation",
},
Types = new[]
{
"Software and Configuration Checks/Industry and Regulatory Standards",
},
UserDefinedFields =
{
{ "key", "value" },
},
},
Type = "FINDING_FIELDS_UPDATE",
},
},
Criteria = new Aws.SecurityHub.Inputs.AutomationRuleCriteriaArgs
{
ResourceIds = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaResourceIdArgs
{
Comparison = "EQUALS",
Value = "arn:aws:s3:::examplebucket/*",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.securityhub.AutomationRule;
import com.pulumi.aws.securityhub.AutomationRuleArgs;
import com.pulumi.aws.securityhub.inputs.AutomationRuleActionArgs;
import com.pulumi.aws.securityhub.inputs.AutomationRuleActionFindingFieldsUpdateArgs;
import com.pulumi.aws.securityhub.inputs.AutomationRuleActionFindingFieldsUpdateSeverityArgs;
import com.pulumi.aws.securityhub.inputs.AutomationRuleActionFindingFieldsUpdateNoteArgs;
import com.pulumi.aws.securityhub.inputs.AutomationRuleCriteriaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new AutomationRule("example", AutomationRuleArgs.builder()
.description("Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk")
.ruleName("Elevate severity of findings that relate to important resources")
.ruleOrder(1)
.actions(AutomationRuleActionArgs.builder()
.findingFieldsUpdate(AutomationRuleActionFindingFieldsUpdateArgs.builder()
.severity(AutomationRuleActionFindingFieldsUpdateSeverityArgs.builder()
.label("CRITICAL")
.product("0.0")
.build())
.note(AutomationRuleActionFindingFieldsUpdateNoteArgs.builder()
.text("This is a critical resource. Please review ASAP.")
.updatedBy("sechub-automation")
.build())
.types("Software and Configuration Checks/Industry and Regulatory Standards")
.userDefinedFields(Map.of("key", "value"))
.build())
.type("FINDING_FIELDS_UPDATE")
.build())
.criteria(AutomationRuleCriteriaArgs.builder()
.resourceIds(AutomationRuleCriteriaResourceIdArgs.builder()
.comparison("EQUALS")
.value("arn:aws:s3:::examplebucket/*")
.build())
.build())
.build());
}
}
resources:
example:
type: aws:securityhub:AutomationRule
properties:
description: Elevate finding severity to CRITICAL when specific resources such as an S3 bucket is at risk
ruleName: Elevate severity of findings that relate to important resources
ruleOrder: 1
actions:
- findingFieldsUpdate:
severity:
label: CRITICAL
product: '0.0'
note:
text: This is a critical resource. Please review ASAP.
updatedBy: sechub-automation
types:
- Software and Configuration Checks/Industry and Regulatory Standards
userDefinedFields:
key: value
type: FINDING_FIELDS_UPDATE
criteria:
resourceIds:
- comparison: EQUALS
value: arn:aws:s3:::examplebucket/*
Create AutomationRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);
@overload
def AutomationRule(resource_name: str,
args: AutomationRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AutomationRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
rule_name: Optional[str] = None,
rule_order: Optional[int] = None,
actions: Optional[Sequence[AutomationRuleActionArgs]] = None,
criteria: Optional[AutomationRuleCriteriaArgs] = None,
is_terminal: Optional[bool] = None,
rule_status: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)
public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)
public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
type: aws:securityhub:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AutomationRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var automationRuleResource = new Aws.SecurityHub.AutomationRule("automationRuleResource", new()
{
Description = "string",
RuleName = "string",
RuleOrder = 0,
Actions = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleActionArgs
{
FindingFieldsUpdate = new Aws.SecurityHub.Inputs.AutomationRuleActionFindingFieldsUpdateArgs
{
Confidence = 0,
Criticality = 0,
Note = new Aws.SecurityHub.Inputs.AutomationRuleActionFindingFieldsUpdateNoteArgs
{
Text = "string",
UpdatedBy = "string",
},
RelatedFindings = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleActionFindingFieldsUpdateRelatedFindingArgs
{
Id = "string",
ProductArn = "string",
},
},
Severity = new Aws.SecurityHub.Inputs.AutomationRuleActionFindingFieldsUpdateSeverityArgs
{
Label = "string",
Product = 0,
},
Types = new[]
{
"string",
},
UserDefinedFields =
{
{ "string", "string" },
},
VerificationState = "string",
Workflow = new Aws.SecurityHub.Inputs.AutomationRuleActionFindingFieldsUpdateWorkflowArgs
{
Status = "string",
},
},
Type = "string",
},
},
Criteria = new Aws.SecurityHub.Inputs.AutomationRuleCriteriaArgs
{
AwsAccountIds = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaAwsAccountIdArgs
{
Comparison = "string",
Value = "string",
},
},
AwsAccountNames = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaAwsAccountNameArgs
{
Comparison = "string",
Value = "string",
},
},
CompanyNames = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaCompanyNameArgs
{
Comparison = "string",
Value = "string",
},
},
ComplianceAssociatedStandardsIds = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaComplianceAssociatedStandardsIdArgs
{
Comparison = "string",
Value = "string",
},
},
ComplianceSecurityControlIds = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaComplianceSecurityControlIdArgs
{
Comparison = "string",
Value = "string",
},
},
ComplianceStatuses = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaComplianceStatusArgs
{
Comparison = "string",
Value = "string",
},
},
Confidences = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaConfidenceArgs
{
Eq = 0,
Gt = 0,
Gte = 0,
Lt = 0,
Lte = 0,
},
},
CreatedAts = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaCreatedAtArgs
{
DateRange = new Aws.SecurityHub.Inputs.AutomationRuleCriteriaCreatedAtDateRangeArgs
{
Unit = "string",
Value = 0,
},
End = "string",
Start = "string",
},
},
Criticalities = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaCriticalityArgs
{
Eq = 0,
Gt = 0,
Gte = 0,
Lt = 0,
Lte = 0,
},
},
Descriptions = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaDescriptionArgs
{
Comparison = "string",
Value = "string",
},
},
FirstObservedAts = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaFirstObservedAtArgs
{
DateRange = new Aws.SecurityHub.Inputs.AutomationRuleCriteriaFirstObservedAtDateRangeArgs
{
Unit = "string",
Value = 0,
},
End = "string",
Start = "string",
},
},
GeneratorIds = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaGeneratorIdArgs
{
Comparison = "string",
Value = "string",
},
},
Ids = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaIdArgs
{
Comparison = "string",
Value = "string",
},
},
LastObservedAts = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaLastObservedAtArgs
{
DateRange = new Aws.SecurityHub.Inputs.AutomationRuleCriteriaLastObservedAtDateRangeArgs
{
Unit = "string",
Value = 0,
},
End = "string",
Start = "string",
},
},
NoteTexts = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaNoteTextArgs
{
Comparison = "string",
Value = "string",
},
},
NoteUpdatedAts = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaNoteUpdatedAtArgs
{
DateRange = new Aws.SecurityHub.Inputs.AutomationRuleCriteriaNoteUpdatedAtDateRangeArgs
{
Unit = "string",
Value = 0,
},
End = "string",
Start = "string",
},
},
NoteUpdatedBies = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaNoteUpdatedByArgs
{
Comparison = "string",
Value = "string",
},
},
ProductArns = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaProductArnArgs
{
Comparison = "string",
Value = "string",
},
},
ProductNames = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaProductNameArgs
{
Comparison = "string",
Value = "string",
},
},
RecordStates = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaRecordStateArgs
{
Comparison = "string",
Value = "string",
},
},
RelatedFindingsIds = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaRelatedFindingsIdArgs
{
Comparison = "string",
Value = "string",
},
},
RelatedFindingsProductArns = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaRelatedFindingsProductArnArgs
{
Comparison = "string",
Value = "string",
},
},
ResourceApplicationArns = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaResourceApplicationArnArgs
{
Comparison = "string",
Value = "string",
},
},
ResourceApplicationNames = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaResourceApplicationNameArgs
{
Comparison = "string",
Value = "string",
},
},
ResourceDetailsOthers = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaResourceDetailsOtherArgs
{
Comparison = "string",
Key = "string",
Value = "string",
},
},
ResourceIds = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaResourceIdArgs
{
Comparison = "string",
Value = "string",
},
},
ResourcePartitions = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaResourcePartitionArgs
{
Comparison = "string",
Value = "string",
},
},
ResourceRegions = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaResourceRegionArgs
{
Comparison = "string",
Value = "string",
},
},
ResourceTags = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaResourceTagArgs
{
Comparison = "string",
Key = "string",
Value = "string",
},
},
ResourceTypes = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaResourceTypeArgs
{
Comparison = "string",
Value = "string",
},
},
SeverityLabels = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaSeverityLabelArgs
{
Comparison = "string",
Value = "string",
},
},
SourceUrls = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaSourceUrlArgs
{
Comparison = "string",
Value = "string",
},
},
Titles = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaTitleArgs
{
Comparison = "string",
Value = "string",
},
},
Types = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaTypeArgs
{
Comparison = "string",
Value = "string",
},
},
UpdatedAts = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaUpdatedAtArgs
{
DateRange = new Aws.SecurityHub.Inputs.AutomationRuleCriteriaUpdatedAtDateRangeArgs
{
Unit = "string",
Value = 0,
},
End = "string",
Start = "string",
},
},
UserDefinedFields = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaUserDefinedFieldArgs
{
Comparison = "string",
Key = "string",
Value = "string",
},
},
VerificationStates = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaVerificationStateArgs
{
Comparison = "string",
Value = "string",
},
},
WorkflowStatuses = new[]
{
new Aws.SecurityHub.Inputs.AutomationRuleCriteriaWorkflowStatusArgs
{
Comparison = "string",
Value = "string",
},
},
},
IsTerminal = false,
RuleStatus = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := securityhub.NewAutomationRule(ctx, "automationRuleResource", &securityhub.AutomationRuleArgs{
Description: pulumi.String("string"),
RuleName: pulumi.String("string"),
RuleOrder: pulumi.Int(0),
Actions: securityhub.AutomationRuleActionArray{
&securityhub.AutomationRuleActionArgs{
FindingFieldsUpdate: &securityhub.AutomationRuleActionFindingFieldsUpdateArgs{
Confidence: pulumi.Int(0),
Criticality: pulumi.Int(0),
Note: &securityhub.AutomationRuleActionFindingFieldsUpdateNoteArgs{
Text: pulumi.String("string"),
UpdatedBy: pulumi.String("string"),
},
RelatedFindings: securityhub.AutomationRuleActionFindingFieldsUpdateRelatedFindingArray{
&securityhub.AutomationRuleActionFindingFieldsUpdateRelatedFindingArgs{
Id: pulumi.String("string"),
ProductArn: pulumi.String("string"),
},
},
Severity: &securityhub.AutomationRuleActionFindingFieldsUpdateSeverityArgs{
Label: pulumi.String("string"),
Product: pulumi.Float64(0),
},
Types: pulumi.StringArray{
pulumi.String("string"),
},
UserDefinedFields: pulumi.StringMap{
"string": pulumi.String("string"),
},
VerificationState: pulumi.String("string"),
Workflow: &securityhub.AutomationRuleActionFindingFieldsUpdateWorkflowArgs{
Status: pulumi.String("string"),
},
},
Type: pulumi.String("string"),
},
},
Criteria: &securityhub.AutomationRuleCriteriaArgs{
AwsAccountIds: securityhub.AutomationRuleCriteriaAwsAccountIdArray{
&securityhub.AutomationRuleCriteriaAwsAccountIdArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
AwsAccountNames: securityhub.AutomationRuleCriteriaAwsAccountNameArray{
&securityhub.AutomationRuleCriteriaAwsAccountNameArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
CompanyNames: securityhub.AutomationRuleCriteriaCompanyNameArray{
&securityhub.AutomationRuleCriteriaCompanyNameArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ComplianceAssociatedStandardsIds: securityhub.AutomationRuleCriteriaComplianceAssociatedStandardsIdArray{
&securityhub.AutomationRuleCriteriaComplianceAssociatedStandardsIdArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ComplianceSecurityControlIds: securityhub.AutomationRuleCriteriaComplianceSecurityControlIdArray{
&securityhub.AutomationRuleCriteriaComplianceSecurityControlIdArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ComplianceStatuses: securityhub.AutomationRuleCriteriaComplianceStatusArray{
&securityhub.AutomationRuleCriteriaComplianceStatusArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Confidences: securityhub.AutomationRuleCriteriaConfidenceArray{
&securityhub.AutomationRuleCriteriaConfidenceArgs{
Eq: pulumi.Float64(0),
Gt: pulumi.Float64(0),
Gte: pulumi.Float64(0),
Lt: pulumi.Float64(0),
Lte: pulumi.Float64(0),
},
},
CreatedAts: securityhub.AutomationRuleCriteriaCreatedAtArray{
&securityhub.AutomationRuleCriteriaCreatedAtArgs{
DateRange: &securityhub.AutomationRuleCriteriaCreatedAtDateRangeArgs{
Unit: pulumi.String("string"),
Value: pulumi.Int(0),
},
End: pulumi.String("string"),
Start: pulumi.String("string"),
},
},
Criticalities: securityhub.AutomationRuleCriteriaCriticalityArray{
&securityhub.AutomationRuleCriteriaCriticalityArgs{
Eq: pulumi.Float64(0),
Gt: pulumi.Float64(0),
Gte: pulumi.Float64(0),
Lt: pulumi.Float64(0),
Lte: pulumi.Float64(0),
},
},
Descriptions: securityhub.AutomationRuleCriteriaDescriptionArray{
&securityhub.AutomationRuleCriteriaDescriptionArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
FirstObservedAts: securityhub.AutomationRuleCriteriaFirstObservedAtArray{
&securityhub.AutomationRuleCriteriaFirstObservedAtArgs{
DateRange: &securityhub.AutomationRuleCriteriaFirstObservedAtDateRangeArgs{
Unit: pulumi.String("string"),
Value: pulumi.Int(0),
},
End: pulumi.String("string"),
Start: pulumi.String("string"),
},
},
GeneratorIds: securityhub.AutomationRuleCriteriaGeneratorIdArray{
&securityhub.AutomationRuleCriteriaGeneratorIdArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Ids: securityhub.AutomationRuleCriteriaIdArray{
&securityhub.AutomationRuleCriteriaIdArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
LastObservedAts: securityhub.AutomationRuleCriteriaLastObservedAtArray{
&securityhub.AutomationRuleCriteriaLastObservedAtArgs{
DateRange: &securityhub.AutomationRuleCriteriaLastObservedAtDateRangeArgs{
Unit: pulumi.String("string"),
Value: pulumi.Int(0),
},
End: pulumi.String("string"),
Start: pulumi.String("string"),
},
},
NoteTexts: securityhub.AutomationRuleCriteriaNoteTextArray{
&securityhub.AutomationRuleCriteriaNoteTextArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
NoteUpdatedAts: securityhub.AutomationRuleCriteriaNoteUpdatedAtArray{
&securityhub.AutomationRuleCriteriaNoteUpdatedAtArgs{
DateRange: &securityhub.AutomationRuleCriteriaNoteUpdatedAtDateRangeArgs{
Unit: pulumi.String("string"),
Value: pulumi.Int(0),
},
End: pulumi.String("string"),
Start: pulumi.String("string"),
},
},
NoteUpdatedBies: securityhub.AutomationRuleCriteriaNoteUpdatedByArray{
&securityhub.AutomationRuleCriteriaNoteUpdatedByArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ProductArns: securityhub.AutomationRuleCriteriaProductArnArray{
&securityhub.AutomationRuleCriteriaProductArnArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ProductNames: securityhub.AutomationRuleCriteriaProductNameArray{
&securityhub.AutomationRuleCriteriaProductNameArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
RecordStates: securityhub.AutomationRuleCriteriaRecordStateArray{
&securityhub.AutomationRuleCriteriaRecordStateArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
RelatedFindingsIds: securityhub.AutomationRuleCriteriaRelatedFindingsIdArray{
&securityhub.AutomationRuleCriteriaRelatedFindingsIdArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
RelatedFindingsProductArns: securityhub.AutomationRuleCriteriaRelatedFindingsProductArnArray{
&securityhub.AutomationRuleCriteriaRelatedFindingsProductArnArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ResourceApplicationArns: securityhub.AutomationRuleCriteriaResourceApplicationArnArray{
&securityhub.AutomationRuleCriteriaResourceApplicationArnArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ResourceApplicationNames: securityhub.AutomationRuleCriteriaResourceApplicationNameArray{
&securityhub.AutomationRuleCriteriaResourceApplicationNameArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ResourceDetailsOthers: securityhub.AutomationRuleCriteriaResourceDetailsOtherArray{
&securityhub.AutomationRuleCriteriaResourceDetailsOtherArgs{
Comparison: pulumi.String("string"),
Key: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ResourceIds: securityhub.AutomationRuleCriteriaResourceIdArray{
&securityhub.AutomationRuleCriteriaResourceIdArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ResourcePartitions: securityhub.AutomationRuleCriteriaResourcePartitionArray{
&securityhub.AutomationRuleCriteriaResourcePartitionArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ResourceRegions: securityhub.AutomationRuleCriteriaResourceRegionArray{
&securityhub.AutomationRuleCriteriaResourceRegionArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ResourceTags: securityhub.AutomationRuleCriteriaResourceTagArray{
&securityhub.AutomationRuleCriteriaResourceTagArgs{
Comparison: pulumi.String("string"),
Key: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
ResourceTypes: securityhub.AutomationRuleCriteriaResourceTypeArray{
&securityhub.AutomationRuleCriteriaResourceTypeArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
SeverityLabels: securityhub.AutomationRuleCriteriaSeverityLabelArray{
&securityhub.AutomationRuleCriteriaSeverityLabelArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
SourceUrls: securityhub.AutomationRuleCriteriaSourceUrlArray{
&securityhub.AutomationRuleCriteriaSourceUrlArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Titles: securityhub.AutomationRuleCriteriaTitleArray{
&securityhub.AutomationRuleCriteriaTitleArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
Types: securityhub.AutomationRuleCriteriaTypeArray{
&securityhub.AutomationRuleCriteriaTypeArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
UpdatedAts: securityhub.AutomationRuleCriteriaUpdatedAtArray{
&securityhub.AutomationRuleCriteriaUpdatedAtArgs{
DateRange: &securityhub.AutomationRuleCriteriaUpdatedAtDateRangeArgs{
Unit: pulumi.String("string"),
Value: pulumi.Int(0),
},
End: pulumi.String("string"),
Start: pulumi.String("string"),
},
},
UserDefinedFields: securityhub.AutomationRuleCriteriaUserDefinedFieldArray{
&securityhub.AutomationRuleCriteriaUserDefinedFieldArgs{
Comparison: pulumi.String("string"),
Key: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
VerificationStates: securityhub.AutomationRuleCriteriaVerificationStateArray{
&securityhub.AutomationRuleCriteriaVerificationStateArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
WorkflowStatuses: securityhub.AutomationRuleCriteriaWorkflowStatusArray{
&securityhub.AutomationRuleCriteriaWorkflowStatusArgs{
Comparison: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
},
IsTerminal: pulumi.Bool(false),
RuleStatus: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var automationRuleResource = new AutomationRule("automationRuleResource", AutomationRuleArgs.builder()
.description("string")
.ruleName("string")
.ruleOrder(0)
.actions(AutomationRuleActionArgs.builder()
.findingFieldsUpdate(AutomationRuleActionFindingFieldsUpdateArgs.builder()
.confidence(0)
.criticality(0)
.note(AutomationRuleActionFindingFieldsUpdateNoteArgs.builder()
.text("string")
.updatedBy("string")
.build())
.relatedFindings(AutomationRuleActionFindingFieldsUpdateRelatedFindingArgs.builder()
.id("string")
.productArn("string")
.build())
.severity(AutomationRuleActionFindingFieldsUpdateSeverityArgs.builder()
.label("string")
.product(0)
.build())
.types("string")
.userDefinedFields(Map.of("string", "string"))
.verificationState("string")
.workflow(AutomationRuleActionFindingFieldsUpdateWorkflowArgs.builder()
.status("string")
.build())
.build())
.type("string")
.build())
.criteria(AutomationRuleCriteriaArgs.builder()
.awsAccountIds(AutomationRuleCriteriaAwsAccountIdArgs.builder()
.comparison("string")
.value("string")
.build())
.awsAccountNames(AutomationRuleCriteriaAwsAccountNameArgs.builder()
.comparison("string")
.value("string")
.build())
.companyNames(AutomationRuleCriteriaCompanyNameArgs.builder()
.comparison("string")
.value("string")
.build())
.complianceAssociatedStandardsIds(AutomationRuleCriteriaComplianceAssociatedStandardsIdArgs.builder()
.comparison("string")
.value("string")
.build())
.complianceSecurityControlIds(AutomationRuleCriteriaComplianceSecurityControlIdArgs.builder()
.comparison("string")
.value("string")
.build())
.complianceStatuses(AutomationRuleCriteriaComplianceStatusArgs.builder()
.comparison("string")
.value("string")
.build())
.confidences(AutomationRuleCriteriaConfidenceArgs.builder()
.eq(0)
.gt(0)
.gte(0)
.lt(0)
.lte(0)
.build())
.createdAts(AutomationRuleCriteriaCreatedAtArgs.builder()
.dateRange(AutomationRuleCriteriaCreatedAtDateRangeArgs.builder()
.unit("string")
.value(0)
.build())
.end("string")
.start("string")
.build())
.criticalities(AutomationRuleCriteriaCriticalityArgs.builder()
.eq(0)
.gt(0)
.gte(0)
.lt(0)
.lte(0)
.build())
.descriptions(AutomationRuleCriteriaDescriptionArgs.builder()
.comparison("string")
.value("string")
.build())
.firstObservedAts(AutomationRuleCriteriaFirstObservedAtArgs.builder()
.dateRange(AutomationRuleCriteriaFirstObservedAtDateRangeArgs.builder()
.unit("string")
.value(0)
.build())
.end("string")
.start("string")
.build())
.generatorIds(AutomationRuleCriteriaGeneratorIdArgs.builder()
.comparison("string")
.value("string")
.build())
.ids(AutomationRuleCriteriaIdArgs.builder()
.comparison("string")
.value("string")
.build())
.lastObservedAts(AutomationRuleCriteriaLastObservedAtArgs.builder()
.dateRange(AutomationRuleCriteriaLastObservedAtDateRangeArgs.builder()
.unit("string")
.value(0)
.build())
.end("string")
.start("string")
.build())
.noteTexts(AutomationRuleCriteriaNoteTextArgs.builder()
.comparison("string")
.value("string")
.build())
.noteUpdatedAts(AutomationRuleCriteriaNoteUpdatedAtArgs.builder()
.dateRange(AutomationRuleCriteriaNoteUpdatedAtDateRangeArgs.builder()
.unit("string")
.value(0)
.build())
.end("string")
.start("string")
.build())
.noteUpdatedBies(AutomationRuleCriteriaNoteUpdatedByArgs.builder()
.comparison("string")
.value("string")
.build())
.productArns(AutomationRuleCriteriaProductArnArgs.builder()
.comparison("string")
.value("string")
.build())
.productNames(AutomationRuleCriteriaProductNameArgs.builder()
.comparison("string")
.value("string")
.build())
.recordStates(AutomationRuleCriteriaRecordStateArgs.builder()
.comparison("string")
.value("string")
.build())
.relatedFindingsIds(AutomationRuleCriteriaRelatedFindingsIdArgs.builder()
.comparison("string")
.value("string")
.build())
.relatedFindingsProductArns(AutomationRuleCriteriaRelatedFindingsProductArnArgs.builder()
.comparison("string")
.value("string")
.build())
.resourceApplicationArns(AutomationRuleCriteriaResourceApplicationArnArgs.builder()
.comparison("string")
.value("string")
.build())
.resourceApplicationNames(AutomationRuleCriteriaResourceApplicationNameArgs.builder()
.comparison("string")
.value("string")
.build())
.resourceDetailsOthers(AutomationRuleCriteriaResourceDetailsOtherArgs.builder()
.comparison("string")
.key("string")
.value("string")
.build())
.resourceIds(AutomationRuleCriteriaResourceIdArgs.builder()
.comparison("string")
.value("string")
.build())
.resourcePartitions(AutomationRuleCriteriaResourcePartitionArgs.builder()
.comparison("string")
.value("string")
.build())
.resourceRegions(AutomationRuleCriteriaResourceRegionArgs.builder()
.comparison("string")
.value("string")
.build())
.resourceTags(AutomationRuleCriteriaResourceTagArgs.builder()
.comparison("string")
.key("string")
.value("string")
.build())
.resourceTypes(AutomationRuleCriteriaResourceTypeArgs.builder()
.comparison("string")
.value("string")
.build())
.severityLabels(AutomationRuleCriteriaSeverityLabelArgs.builder()
.comparison("string")
.value("string")
.build())
.sourceUrls(AutomationRuleCriteriaSourceUrlArgs.builder()
.comparison("string")
.value("string")
.build())
.titles(AutomationRuleCriteriaTitleArgs.builder()
.comparison("string")
.value("string")
.build())
.types(AutomationRuleCriteriaTypeArgs.builder()
.comparison("string")
.value("string")
.build())
.updatedAts(AutomationRuleCriteriaUpdatedAtArgs.builder()
.dateRange(AutomationRuleCriteriaUpdatedAtDateRangeArgs.builder()
.unit("string")
.value(0)
.build())
.end("string")
.start("string")
.build())
.userDefinedFields(AutomationRuleCriteriaUserDefinedFieldArgs.builder()
.comparison("string")
.key("string")
.value("string")
.build())
.verificationStates(AutomationRuleCriteriaVerificationStateArgs.builder()
.comparison("string")
.value("string")
.build())
.workflowStatuses(AutomationRuleCriteriaWorkflowStatusArgs.builder()
.comparison("string")
.value("string")
.build())
.build())
.isTerminal(false)
.ruleStatus("string")
.tags(Map.of("string", "string"))
.build());
automation_rule_resource = aws.securityhub.AutomationRule("automationRuleResource",
description="string",
rule_name="string",
rule_order=0,
actions=[{
"finding_fields_update": {
"confidence": 0,
"criticality": 0,
"note": {
"text": "string",
"updated_by": "string",
},
"related_findings": [{
"id": "string",
"product_arn": "string",
}],
"severity": {
"label": "string",
"product": 0,
},
"types": ["string"],
"user_defined_fields": {
"string": "string",
},
"verification_state": "string",
"workflow": {
"status": "string",
},
},
"type": "string",
}],
criteria={
"aws_account_ids": [{
"comparison": "string",
"value": "string",
}],
"aws_account_names": [{
"comparison": "string",
"value": "string",
}],
"company_names": [{
"comparison": "string",
"value": "string",
}],
"compliance_associated_standards_ids": [{
"comparison": "string",
"value": "string",
}],
"compliance_security_control_ids": [{
"comparison": "string",
"value": "string",
}],
"compliance_statuses": [{
"comparison": "string",
"value": "string",
}],
"confidences": [{
"eq": 0,
"gt": 0,
"gte": 0,
"lt": 0,
"lte": 0,
}],
"created_ats": [{
"date_range": {
"unit": "string",
"value": 0,
},
"end": "string",
"start": "string",
}],
"criticalities": [{
"eq": 0,
"gt": 0,
"gte": 0,
"lt": 0,
"lte": 0,
}],
"descriptions": [{
"comparison": "string",
"value": "string",
}],
"first_observed_ats": [{
"date_range": {
"unit": "string",
"value": 0,
},
"end": "string",
"start": "string",
}],
"generator_ids": [{
"comparison": "string",
"value": "string",
}],
"ids": [{
"comparison": "string",
"value": "string",
}],
"last_observed_ats": [{
"date_range": {
"unit": "string",
"value": 0,
},
"end": "string",
"start": "string",
}],
"note_texts": [{
"comparison": "string",
"value": "string",
}],
"note_updated_ats": [{
"date_range": {
"unit": "string",
"value": 0,
},
"end": "string",
"start": "string",
}],
"note_updated_bies": [{
"comparison": "string",
"value": "string",
}],
"product_arns": [{
"comparison": "string",
"value": "string",
}],
"product_names": [{
"comparison": "string",
"value": "string",
}],
"record_states": [{
"comparison": "string",
"value": "string",
}],
"related_findings_ids": [{
"comparison": "string",
"value": "string",
}],
"related_findings_product_arns": [{
"comparison": "string",
"value": "string",
}],
"resource_application_arns": [{
"comparison": "string",
"value": "string",
}],
"resource_application_names": [{
"comparison": "string",
"value": "string",
}],
"resource_details_others": [{
"comparison": "string",
"key": "string",
"value": "string",
}],
"resource_ids": [{
"comparison": "string",
"value": "string",
}],
"resource_partitions": [{
"comparison": "string",
"value": "string",
}],
"resource_regions": [{
"comparison": "string",
"value": "string",
}],
"resource_tags": [{
"comparison": "string",
"key": "string",
"value": "string",
}],
"resource_types": [{
"comparison": "string",
"value": "string",
}],
"severity_labels": [{
"comparison": "string",
"value": "string",
}],
"source_urls": [{
"comparison": "string",
"value": "string",
}],
"titles": [{
"comparison": "string",
"value": "string",
}],
"types": [{
"comparison": "string",
"value": "string",
}],
"updated_ats": [{
"date_range": {
"unit": "string",
"value": 0,
},
"end": "string",
"start": "string",
}],
"user_defined_fields": [{
"comparison": "string",
"key": "string",
"value": "string",
}],
"verification_states": [{
"comparison": "string",
"value": "string",
}],
"workflow_statuses": [{
"comparison": "string",
"value": "string",
}],
},
is_terminal=False,
rule_status="string",
tags={
"string": "string",
})
const automationRuleResource = new aws.securityhub.AutomationRule("automationRuleResource", {
description: "string",
ruleName: "string",
ruleOrder: 0,
actions: [{
findingFieldsUpdate: {
confidence: 0,
criticality: 0,
note: {
text: "string",
updatedBy: "string",
},
relatedFindings: [{
id: "string",
productArn: "string",
}],
severity: {
label: "string",
product: 0,
},
types: ["string"],
userDefinedFields: {
string: "string",
},
verificationState: "string",
workflow: {
status: "string",
},
},
type: "string",
}],
criteria: {
awsAccountIds: [{
comparison: "string",
value: "string",
}],
awsAccountNames: [{
comparison: "string",
value: "string",
}],
companyNames: [{
comparison: "string",
value: "string",
}],
complianceAssociatedStandardsIds: [{
comparison: "string",
value: "string",
}],
complianceSecurityControlIds: [{
comparison: "string",
value: "string",
}],
complianceStatuses: [{
comparison: "string",
value: "string",
}],
confidences: [{
eq: 0,
gt: 0,
gte: 0,
lt: 0,
lte: 0,
}],
createdAts: [{
dateRange: {
unit: "string",
value: 0,
},
end: "string",
start: "string",
}],
criticalities: [{
eq: 0,
gt: 0,
gte: 0,
lt: 0,
lte: 0,
}],
descriptions: [{
comparison: "string",
value: "string",
}],
firstObservedAts: [{
dateRange: {
unit: "string",
value: 0,
},
end: "string",
start: "string",
}],
generatorIds: [{
comparison: "string",
value: "string",
}],
ids: [{
comparison: "string",
value: "string",
}],
lastObservedAts: [{
dateRange: {
unit: "string",
value: 0,
},
end: "string",
start: "string",
}],
noteTexts: [{
comparison: "string",
value: "string",
}],
noteUpdatedAts: [{
dateRange: {
unit: "string",
value: 0,
},
end: "string",
start: "string",
}],
noteUpdatedBies: [{
comparison: "string",
value: "string",
}],
productArns: [{
comparison: "string",
value: "string",
}],
productNames: [{
comparison: "string",
value: "string",
}],
recordStates: [{
comparison: "string",
value: "string",
}],
relatedFindingsIds: [{
comparison: "string",
value: "string",
}],
relatedFindingsProductArns: [{
comparison: "string",
value: "string",
}],
resourceApplicationArns: [{
comparison: "string",
value: "string",
}],
resourceApplicationNames: [{
comparison: "string",
value: "string",
}],
resourceDetailsOthers: [{
comparison: "string",
key: "string",
value: "string",
}],
resourceIds: [{
comparison: "string",
value: "string",
}],
resourcePartitions: [{
comparison: "string",
value: "string",
}],
resourceRegions: [{
comparison: "string",
value: "string",
}],
resourceTags: [{
comparison: "string",
key: "string",
value: "string",
}],
resourceTypes: [{
comparison: "string",
value: "string",
}],
severityLabels: [{
comparison: "string",
value: "string",
}],
sourceUrls: [{
comparison: "string",
value: "string",
}],
titles: [{
comparison: "string",
value: "string",
}],
types: [{
comparison: "string",
value: "string",
}],
updatedAts: [{
dateRange: {
unit: "string",
value: 0,
},
end: "string",
start: "string",
}],
userDefinedFields: [{
comparison: "string",
key: "string",
value: "string",
}],
verificationStates: [{
comparison: "string",
value: "string",
}],
workflowStatuses: [{
comparison: "string",
value: "string",
}],
},
isTerminal: false,
ruleStatus: "string",
tags: {
string: "string",
},
});
type: aws:securityhub:AutomationRule
properties:
actions:
- findingFieldsUpdate:
confidence: 0
criticality: 0
note:
text: string
updatedBy: string
relatedFindings:
- id: string
productArn: string
severity:
label: string
product: 0
types:
- string
userDefinedFields:
string: string
verificationState: string
workflow:
status: string
type: string
criteria:
awsAccountIds:
- comparison: string
value: string
awsAccountNames:
- comparison: string
value: string
companyNames:
- comparison: string
value: string
complianceAssociatedStandardsIds:
- comparison: string
value: string
complianceSecurityControlIds:
- comparison: string
value: string
complianceStatuses:
- comparison: string
value: string
confidences:
- eq: 0
gt: 0
gte: 0
lt: 0
lte: 0
createdAts:
- dateRange:
unit: string
value: 0
end: string
start: string
criticalities:
- eq: 0
gt: 0
gte: 0
lt: 0
lte: 0
descriptions:
- comparison: string
value: string
firstObservedAts:
- dateRange:
unit: string
value: 0
end: string
start: string
generatorIds:
- comparison: string
value: string
ids:
- comparison: string
value: string
lastObservedAts:
- dateRange:
unit: string
value: 0
end: string
start: string
noteTexts:
- comparison: string
value: string
noteUpdatedAts:
- dateRange:
unit: string
value: 0
end: string
start: string
noteUpdatedBies:
- comparison: string
value: string
productArns:
- comparison: string
value: string
productNames:
- comparison: string
value: string
recordStates:
- comparison: string
value: string
relatedFindingsIds:
- comparison: string
value: string
relatedFindingsProductArns:
- comparison: string
value: string
resourceApplicationArns:
- comparison: string
value: string
resourceApplicationNames:
- comparison: string
value: string
resourceDetailsOthers:
- comparison: string
key: string
value: string
resourceIds:
- comparison: string
value: string
resourcePartitions:
- comparison: string
value: string
resourceRegions:
- comparison: string
value: string
resourceTags:
- comparison: string
key: string
value: string
resourceTypes:
- comparison: string
value: string
severityLabels:
- comparison: string
value: string
sourceUrls:
- comparison: string
value: string
titles:
- comparison: string
value: string
types:
- comparison: string
value: string
updatedAts:
- dateRange:
unit: string
value: 0
end: string
start: string
userDefinedFields:
- comparison: string
key: string
value: string
verificationStates:
- comparison: string
value: string
workflowStatuses:
- comparison: string
value: string
description: string
isTerminal: false
ruleName: string
ruleOrder: 0
ruleStatus: string
tags:
string: string
AutomationRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AutomationRule resource accepts the following input properties:
- Description string
- The description of the rule.
- Rule
Name string - The name of the rule.
- Rule
Order int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- Actions
List<Automation
Rule Action> - A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - Criteria
Automation
Rule Criteria - A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- Is
Terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - Rule
Status string - Whether the rule is active after it is created.
- Dictionary<string, string>
- Description string
- The description of the rule.
- Rule
Name string - The name of the rule.
- Rule
Order int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- Actions
[]Automation
Rule Action Args - A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - Criteria
Automation
Rule Criteria Args - A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- Is
Terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - Rule
Status string - Whether the rule is active after it is created.
- map[string]string
- description String
- The description of the rule.
- rule
Name String - The name of the rule.
- rule
Order Integer - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- actions
List<Automation
Rule Action> - A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - criteria
Automation
Rule Criteria - A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- is
Terminal Boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - rule
Status String - Whether the rule is active after it is created.
- Map<String,String>
- description string
- The description of the rule.
- rule
Name string - The name of the rule.
- rule
Order number - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- actions
Automation
Rule Action[] - A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - criteria
Automation
Rule Criteria - A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- is
Terminal boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - rule
Status string - Whether the rule is active after it is created.
- {[key: string]: string}
- description str
- The description of the rule.
- rule_
name str - The name of the rule.
- rule_
order int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- actions
Sequence[Automation
Rule Action Args] - A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - criteria
Automation
Rule Criteria Args - A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- is_
terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - rule_
status str - Whether the rule is active after it is created.
- Mapping[str, str]
- description String
- The description of the rule.
- rule
Name String - The name of the rule.
- rule
Order Number - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- actions List<Property Map>
- A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - criteria Property Map
- A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- is
Terminal Boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - rule
Status String - Whether the rule is active after it is created.
- Map<String>
Outputs
All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:
Look up Existing AutomationRule Resource
Get an existing AutomationRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AutomationRuleState, opts?: CustomResourceOptions): AutomationRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[AutomationRuleActionArgs]] = None,
arn: Optional[str] = None,
criteria: Optional[AutomationRuleCriteriaArgs] = None,
description: Optional[str] = None,
is_terminal: Optional[bool] = None,
rule_name: Optional[str] = None,
rule_order: Optional[int] = None,
rule_status: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None) -> AutomationRule
func GetAutomationRule(ctx *Context, name string, id IDInput, state *AutomationRuleState, opts ...ResourceOption) (*AutomationRule, error)
public static AutomationRule Get(string name, Input<string> id, AutomationRuleState? state, CustomResourceOptions? opts = null)
public static AutomationRule get(String name, Output<String> id, AutomationRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Actions
List<Automation
Rule Action> - A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - Arn string
- The ARN of the Security Hub automation rule.
- Criteria
Automation
Rule Criteria - A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- Description string
- The description of the rule.
- Is
Terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - Rule
Name string - The name of the rule.
- Rule
Order int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- Rule
Status string - Whether the rule is active after it is created.
- Dictionary<string, string>
- Dictionary<string, string>
- Actions
[]Automation
Rule Action Args - A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - Arn string
- The ARN of the Security Hub automation rule.
- Criteria
Automation
Rule Criteria Args - A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- Description string
- The description of the rule.
- Is
Terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - Rule
Name string - The name of the rule.
- Rule
Order int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- Rule
Status string - Whether the rule is active after it is created.
- map[string]string
- map[string]string
- actions
List<Automation
Rule Action> - A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - arn String
- The ARN of the Security Hub automation rule.
- criteria
Automation
Rule Criteria - A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- description String
- The description of the rule.
- is
Terminal Boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - rule
Name String - The name of the rule.
- rule
Order Integer - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- rule
Status String - Whether the rule is active after it is created.
- Map<String,String>
- Map<String,String>
- actions
Automation
Rule Action[] - A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - arn string
- The ARN of the Security Hub automation rule.
- criteria
Automation
Rule Criteria - A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- description string
- The description of the rule.
- is
Terminal boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - rule
Name string - The name of the rule.
- rule
Order number - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- rule
Status string - Whether the rule is active after it is created.
- {[key: string]: string}
- {[key: string]: string}
- actions
Sequence[Automation
Rule Action Args] - A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - arn str
- The ARN of the Security Hub automation rule.
- criteria
Automation
Rule Criteria Args - A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- description str
- The description of the rule.
- is_
terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - rule_
name str - The name of the rule.
- rule_
order int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- rule_
status str - Whether the rule is active after it is created.
- Mapping[str, str]
- Mapping[str, str]
- actions List<Property Map>
- A block that specifies one or more actions to update finding fields if a finding matches the conditions specified in
Criteria
. Documented below. - arn String
- The ARN of the Security Hub automation rule.
- criteria Property Map
- A block that specifies a set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. Documented below.
- description String
- The description of the rule.
- is
Terminal Boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. Defaults to
false
. - rule
Name String - The name of the rule.
- rule
Order Number - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- rule
Status String - Whether the rule is active after it is created.
- Map<String>
- Map<String>
Supporting Types
AutomationRuleAction, AutomationRuleActionArgs
- Finding
Fields AutomationUpdate Rule Action Finding Fields Update - A block that specifies that the automation rule action is an update to a finding field. Documented below.
- Type string
- Specifies that the rule action should update the
Types
finding field. TheTypes
finding field classifies findings in the format of namespace/category/classifier.
- Finding
Fields AutomationUpdate Rule Action Finding Fields Update - A block that specifies that the automation rule action is an update to a finding field. Documented below.
- Type string
- Specifies that the rule action should update the
Types
finding field. TheTypes
finding field classifies findings in the format of namespace/category/classifier.
- finding
Fields AutomationUpdate Rule Action Finding Fields Update - A block that specifies that the automation rule action is an update to a finding field. Documented below.
- type String
- Specifies that the rule action should update the
Types
finding field. TheTypes
finding field classifies findings in the format of namespace/category/classifier.
- finding
Fields AutomationUpdate Rule Action Finding Fields Update - A block that specifies that the automation rule action is an update to a finding field. Documented below.
- type string
- Specifies that the rule action should update the
Types
finding field. TheTypes
finding field classifies findings in the format of namespace/category/classifier.
- finding_
fields_ Automationupdate Rule Action Finding Fields Update - A block that specifies that the automation rule action is an update to a finding field. Documented below.
- type str
- Specifies that the rule action should update the
Types
finding field. TheTypes
finding field classifies findings in the format of namespace/category/classifier.
- finding
Fields Property MapUpdate - A block that specifies that the automation rule action is an update to a finding field. Documented below.
- type String
- Specifies that the rule action should update the
Types
finding field. TheTypes
finding field classifies findings in the format of namespace/category/classifier.
AutomationRuleActionFindingFieldsUpdate, AutomationRuleActionFindingFieldsUpdateArgs
- Confidence int
- The rule action updates the
Confidence
field of a finding. - Criticality int
- The rule action updates the
Criticality
field of a finding. - Note
Automation
Rule Action Finding Fields Update Note - A resource block that updates the note. Documented below.
- List<Automation
Rule Action Finding Fields Update Related Finding> - A resource block that the rule action updates the
RelatedFindings
field of a finding. Documented below. - Severity
Automation
Rule Action Finding Fields Update Severity - A resource block that updates to the severity information for a finding. Documented below.
- Types List<string>
- The rule action updates the
Types
field of a finding. - User
Defined Dictionary<string, string>Fields - The rule action updates the
UserDefinedFields
field of a finding. - Verification
State string - The rule action updates the
VerificationState
field of a finding. The allowed values are the followingUNKNOWN
,TRUE_POSITIVE
,FALSE_POSITIVE
andBENIGN_POSITIVE
. - Workflow
Automation
Rule Action Finding Fields Update Workflow - A resource block that is used to update information about the investigation into the finding. Documented below.
- Confidence int
- The rule action updates the
Confidence
field of a finding. - Criticality int
- The rule action updates the
Criticality
field of a finding. - Note
Automation
Rule Action Finding Fields Update Note - A resource block that updates the note. Documented below.
- []Automation
Rule Action Finding Fields Update Related Finding - A resource block that the rule action updates the
RelatedFindings
field of a finding. Documented below. - Severity
Automation
Rule Action Finding Fields Update Severity - A resource block that updates to the severity information for a finding. Documented below.
- Types []string
- The rule action updates the
Types
field of a finding. - User
Defined map[string]stringFields - The rule action updates the
UserDefinedFields
field of a finding. - Verification
State string - The rule action updates the
VerificationState
field of a finding. The allowed values are the followingUNKNOWN
,TRUE_POSITIVE
,FALSE_POSITIVE
andBENIGN_POSITIVE
. - Workflow
Automation
Rule Action Finding Fields Update Workflow - A resource block that is used to update information about the investigation into the finding. Documented below.
- confidence Integer
- The rule action updates the
Confidence
field of a finding. - criticality Integer
- The rule action updates the
Criticality
field of a finding. - note
Automation
Rule Action Finding Fields Update Note - A resource block that updates the note. Documented below.
- List<Automation
Rule Action Finding Fields Update Related Finding> - A resource block that the rule action updates the
RelatedFindings
field of a finding. Documented below. - severity
Automation
Rule Action Finding Fields Update Severity - A resource block that updates to the severity information for a finding. Documented below.
- types List<String>
- The rule action updates the
Types
field of a finding. - user
Defined Map<String,String>Fields - The rule action updates the
UserDefinedFields
field of a finding. - verification
State String - The rule action updates the
VerificationState
field of a finding. The allowed values are the followingUNKNOWN
,TRUE_POSITIVE
,FALSE_POSITIVE
andBENIGN_POSITIVE
. - workflow
Automation
Rule Action Finding Fields Update Workflow - A resource block that is used to update information about the investigation into the finding. Documented below.
- confidence number
- The rule action updates the
Confidence
field of a finding. - criticality number
- The rule action updates the
Criticality
field of a finding. - note
Automation
Rule Action Finding Fields Update Note - A resource block that updates the note. Documented below.
- Automation
Rule Action Finding Fields Update Related Finding[] - A resource block that the rule action updates the
RelatedFindings
field of a finding. Documented below. - severity
Automation
Rule Action Finding Fields Update Severity - A resource block that updates to the severity information for a finding. Documented below.
- types string[]
- The rule action updates the
Types
field of a finding. - user
Defined {[key: string]: string}Fields - The rule action updates the
UserDefinedFields
field of a finding. - verification
State string - The rule action updates the
VerificationState
field of a finding. The allowed values are the followingUNKNOWN
,TRUE_POSITIVE
,FALSE_POSITIVE
andBENIGN_POSITIVE
. - workflow
Automation
Rule Action Finding Fields Update Workflow - A resource block that is used to update information about the investigation into the finding. Documented below.
- confidence int
- The rule action updates the
Confidence
field of a finding. - criticality int
- The rule action updates the
Criticality
field of a finding. - note
Automation
Rule Action Finding Fields Update Note - A resource block that updates the note. Documented below.
- Sequence[Automation
Rule Action Finding Fields Update Related Finding] - A resource block that the rule action updates the
RelatedFindings
field of a finding. Documented below. - severity
Automation
Rule Action Finding Fields Update Severity - A resource block that updates to the severity information for a finding. Documented below.
- types Sequence[str]
- The rule action updates the
Types
field of a finding. - user_
defined_ Mapping[str, str]fields - The rule action updates the
UserDefinedFields
field of a finding. - verification_
state str - The rule action updates the
VerificationState
field of a finding. The allowed values are the followingUNKNOWN
,TRUE_POSITIVE
,FALSE_POSITIVE
andBENIGN_POSITIVE
. - workflow
Automation
Rule Action Finding Fields Update Workflow - A resource block that is used to update information about the investigation into the finding. Documented below.
- confidence Number
- The rule action updates the
Confidence
field of a finding. - criticality Number
- The rule action updates the
Criticality
field of a finding. - note Property Map
- A resource block that updates the note. Documented below.
- List<Property Map>
- A resource block that the rule action updates the
RelatedFindings
field of a finding. Documented below. - severity Property Map
- A resource block that updates to the severity information for a finding. Documented below.
- types List<String>
- The rule action updates the
Types
field of a finding. - user
Defined Map<String>Fields - The rule action updates the
UserDefinedFields
field of a finding. - verification
State String - The rule action updates the
VerificationState
field of a finding. The allowed values are the followingUNKNOWN
,TRUE_POSITIVE
,FALSE_POSITIVE
andBENIGN_POSITIVE
. - workflow Property Map
- A resource block that is used to update information about the investigation into the finding. Documented below.
AutomationRuleActionFindingFieldsUpdateNote, AutomationRuleActionFindingFieldsUpdateNoteArgs
- text str
- The updated note text.
- updated_
by str - The principal that updated the note.
AutomationRuleActionFindingFieldsUpdateRelatedFinding, AutomationRuleActionFindingFieldsUpdateRelatedFindingArgs
- Id string
- The product-generated identifier for a related finding.
- Product
Arn string - The ARN of the product that generated a related finding.
- Id string
- The product-generated identifier for a related finding.
- Product
Arn string - The ARN of the product that generated a related finding.
- id String
- The product-generated identifier for a related finding.
- product
Arn String - The ARN of the product that generated a related finding.
- id string
- The product-generated identifier for a related finding.
- product
Arn string - The ARN of the product that generated a related finding.
- id str
- The product-generated identifier for a related finding.
- product_
arn str - The ARN of the product that generated a related finding.
- id String
- The product-generated identifier for a related finding.
- product
Arn String - The ARN of the product that generated a related finding.
AutomationRuleActionFindingFieldsUpdateSeverity, AutomationRuleActionFindingFieldsUpdateSeverityArgs
AutomationRuleActionFindingFieldsUpdateWorkflow, AutomationRuleActionFindingFieldsUpdateWorkflowArgs
- Status string
- The status of the investigation into the finding. The allowed values are the following
NEW
,NOTIFIED
,RESOLVED
andSUPPRESSED
.
- Status string
- The status of the investigation into the finding. The allowed values are the following
NEW
,NOTIFIED
,RESOLVED
andSUPPRESSED
.
- status String
- The status of the investigation into the finding. The allowed values are the following
NEW
,NOTIFIED
,RESOLVED
andSUPPRESSED
.
- status string
- The status of the investigation into the finding. The allowed values are the following
NEW
,NOTIFIED
,RESOLVED
andSUPPRESSED
.
- status str
- The status of the investigation into the finding. The allowed values are the following
NEW
,NOTIFIED
,RESOLVED
andSUPPRESSED
.
- status String
- The status of the investigation into the finding. The allowed values are the following
NEW
,NOTIFIED
,RESOLVED
andSUPPRESSED
.
AutomationRuleCriteria, AutomationRuleCriteriaArgs
- Aws
Account List<AutomationIds Rule Criteria Aws Account Id> - The AWS account ID in which a finding was generated. Documented below.
- Aws
Account List<AutomationNames Rule Criteria Aws Account Name> - The name of the AWS account in which a finding was generated. Documented below.
- Company
Names List<AutomationRule Criteria Company Name> - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Documented below.
- Compliance
Associated List<AutomationStandards Ids Rule Criteria Compliance Associated Standards Id> - The unique identifier of a standard in which a control is enabled. Documented below.
- Compliance
Security List<AutomationControl Ids Rule Criteria Compliance Security Control Id> - The security control ID for which a finding was generated. Security control IDs are the same across standards. Documented below.
- Compliance
Statuses List<AutomationRule Criteria Compliance Status> - The result of a security check. This field is only used for findings generated from controls. Documented below.
- Confidences
List<Automation
Rule Criteria Confidence> - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. Documented below. - Created
Ats List<AutomationRule Criteria Created At> - A timestamp that indicates when this finding record was created. Documented below.
- Criticalities
List<Automation
Rule Criteria Criticality> - The level of importance that is assigned to the resources that are associated with a finding. Documented below.
- Descriptions
List<Automation
Rule Criteria Description> - A finding's description. Documented below.
- First
Observed List<AutomationAts Rule Criteria First Observed At> - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. Documented below.
- Generator
Ids List<AutomationRule Criteria Generator Id> - The identifier for the solution-specific component that generated a finding. Documented below.
- Ids
List<Automation
Rule Criteria Id> - The product-specific identifier for a finding. Documented below.
- Last
Observed List<AutomationAts Rule Criteria Last Observed At> - A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. Documented below.
- Note
Texts List<AutomationRule Criteria Note Text> - The text of a user-defined note that's added to a finding. Documented below.
- Note
Updated List<AutomationAts Rule Criteria Note Updated At> - The timestamp of when the note was updated. Documented below.
- Note
Updated List<AutomationBies Rule Criteria Note Updated By> - The principal that created a note. Documented below.
- Product
Arns List<AutomationRule Criteria Product Arn> - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Documented below.
- Product
Names List<AutomationRule Criteria Product Name> - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Documented below.
- Record
States List<AutomationRule Criteria Record State> - Provides the current state of a finding. Documented below.
- List<Automation
Rule Criteria Related Findings Id> - The product-generated identifier for a related finding. Documented below.
- List<Automation
Rule Criteria Related Findings Product Arn> - The ARN for the product that generated a related finding. Documented below.
- Resource
Application List<AutomationArns Rule Criteria Resource Application Arn> - The Amazon Resource Name (ARN) of the application that is related to a finding. Documented below.
- Resource
Application List<AutomationNames Rule Criteria Resource Application Name> - The name of the application that is related to a finding. Documented below.
- Resource
Details List<AutomationOthers Rule Criteria Resource Details Other> - Custom fields and values about the resource that a finding pertains to. Documented below.
- Resource
Ids List<AutomationRule Criteria Resource Id> - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Documented below.
- Resource
Partitions List<AutomationRule Criteria Resource Partition> - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions. Each AWS account is scoped to one partition. Documented below.
- Resource
Regions List<AutomationRule Criteria Resource Region> - The AWS Region where the resource that a finding pertains to is located. Documented below.
- List<Automation
Rule Criteria Resource Tag> - A list of AWS tags associated with a resource at the time the finding was processed. Documented below.
- Resource
Types List<AutomationRule Criteria Resource Type> - The type of resource that the finding pertains to. Documented below.
- Severity
Labels List<AutomationRule Criteria Severity Label> - The severity value of the finding. Documented below.
- Source
Urls List<AutomationRule Criteria Source Url> - Provides a URL that links to a page about the current finding in the finding product. Documented below.
- Titles
List<Automation
Rule Criteria Title> - A finding's title. Documented below.
- Types
List<Automation
Rule Criteria Type> - One or more finding types in the format of namespace/category/classifier that classify a finding. Documented below.
- Updated
Ats List<AutomationRule Criteria Updated At> - A timestamp that indicates when the finding record was most recently updated. Documented below.
- User
Defined List<AutomationFields Rule Criteria User Defined Field> - A list of user-defined name and value string pairs added to a finding. Documented below.
- Verification
States List<AutomationRule Criteria Verification State> - Provides the veracity of a finding. Documented below.
- Workflow
Statuses List<AutomationRule Criteria Workflow Status> - Provides information about the status of the investigation into a finding. Documented below.
- Aws
Account []AutomationIds Rule Criteria Aws Account Id - The AWS account ID in which a finding was generated. Documented below.
- Aws
Account []AutomationNames Rule Criteria Aws Account Name - The name of the AWS account in which a finding was generated. Documented below.
- Company
Names []AutomationRule Criteria Company Name - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Documented below.
- Compliance
Associated []AutomationStandards Ids Rule Criteria Compliance Associated Standards Id - The unique identifier of a standard in which a control is enabled. Documented below.
- Compliance
Security []AutomationControl Ids Rule Criteria Compliance Security Control Id - The security control ID for which a finding was generated. Security control IDs are the same across standards. Documented below.
- Compliance
Statuses []AutomationRule Criteria Compliance Status - The result of a security check. This field is only used for findings generated from controls. Documented below.
- Confidences
[]Automation
Rule Criteria Confidence - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. Documented below. - Created
Ats []AutomationRule Criteria Created At - A timestamp that indicates when this finding record was created. Documented below.
- Criticalities
[]Automation
Rule Criteria Criticality - The level of importance that is assigned to the resources that are associated with a finding. Documented below.
- Descriptions
[]Automation
Rule Criteria Description - A finding's description. Documented below.
- First
Observed []AutomationAts Rule Criteria First Observed At - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. Documented below.
- Generator
Ids []AutomationRule Criteria Generator Id - The identifier for the solution-specific component that generated a finding. Documented below.
- Ids
[]Automation
Rule Criteria Id - The product-specific identifier for a finding. Documented below.
- Last
Observed []AutomationAts Rule Criteria Last Observed At - A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. Documented below.
- Note
Texts []AutomationRule Criteria Note Text - The text of a user-defined note that's added to a finding. Documented below.
- Note
Updated []AutomationAts Rule Criteria Note Updated At - The timestamp of when the note was updated. Documented below.
- Note
Updated []AutomationBies Rule Criteria Note Updated By - The principal that created a note. Documented below.
- Product
Arns []AutomationRule Criteria Product Arn - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Documented below.
- Product
Names []AutomationRule Criteria Product Name - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Documented below.
- Record
States []AutomationRule Criteria Record State - Provides the current state of a finding. Documented below.
- []Automation
Rule Criteria Related Findings Id - The product-generated identifier for a related finding. Documented below.
- []Automation
Rule Criteria Related Findings Product Arn - The ARN for the product that generated a related finding. Documented below.
- Resource
Application []AutomationArns Rule Criteria Resource Application Arn - The Amazon Resource Name (ARN) of the application that is related to a finding. Documented below.
- Resource
Application []AutomationNames Rule Criteria Resource Application Name - The name of the application that is related to a finding. Documented below.
- Resource
Details []AutomationOthers Rule Criteria Resource Details Other - Custom fields and values about the resource that a finding pertains to. Documented below.
- Resource
Ids []AutomationRule Criteria Resource Id - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Documented below.
- Resource
Partitions []AutomationRule Criteria Resource Partition - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions. Each AWS account is scoped to one partition. Documented below.
- Resource
Regions []AutomationRule Criteria Resource Region - The AWS Region where the resource that a finding pertains to is located. Documented below.
- []Automation
Rule Criteria Resource Tag - A list of AWS tags associated with a resource at the time the finding was processed. Documented below.
- Resource
Types []AutomationRule Criteria Resource Type - The type of resource that the finding pertains to. Documented below.
- Severity
Labels []AutomationRule Criteria Severity Label - The severity value of the finding. Documented below.
- Source
Urls []AutomationRule Criteria Source Url - Provides a URL that links to a page about the current finding in the finding product. Documented below.
- Titles
[]Automation
Rule Criteria Title - A finding's title. Documented below.
- Types
[]Automation
Rule Criteria Type - One or more finding types in the format of namespace/category/classifier that classify a finding. Documented below.
- Updated
Ats []AutomationRule Criteria Updated At - A timestamp that indicates when the finding record was most recently updated. Documented below.
- User
Defined []AutomationFields Rule Criteria User Defined Field - A list of user-defined name and value string pairs added to a finding. Documented below.
- Verification
States []AutomationRule Criteria Verification State - Provides the veracity of a finding. Documented below.
- Workflow
Statuses []AutomationRule Criteria Workflow Status - Provides information about the status of the investigation into a finding. Documented below.
- aws
Account List<AutomationIds Rule Criteria Aws Account Id> - The AWS account ID in which a finding was generated. Documented below.
- aws
Account List<AutomationNames Rule Criteria Aws Account Name> - The name of the AWS account in which a finding was generated. Documented below.
- company
Names List<AutomationRule Criteria Company Name> - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Documented below.
- compliance
Associated List<AutomationStandards Ids Rule Criteria Compliance Associated Standards Id> - The unique identifier of a standard in which a control is enabled. Documented below.
- compliance
Security List<AutomationControl Ids Rule Criteria Compliance Security Control Id> - The security control ID for which a finding was generated. Security control IDs are the same across standards. Documented below.
- compliance
Statuses List<AutomationRule Criteria Compliance Status> - The result of a security check. This field is only used for findings generated from controls. Documented below.
- confidences
List<Automation
Rule Criteria Confidence> - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. Documented below. - created
Ats List<AutomationRule Criteria Created At> - A timestamp that indicates when this finding record was created. Documented below.
- criticalities
List<Automation
Rule Criteria Criticality> - The level of importance that is assigned to the resources that are associated with a finding. Documented below.
- descriptions
List<Automation
Rule Criteria Description> - A finding's description. Documented below.
- first
Observed List<AutomationAts Rule Criteria First Observed At> - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. Documented below.
- generator
Ids List<AutomationRule Criteria Generator Id> - The identifier for the solution-specific component that generated a finding. Documented below.
- ids
List<Automation
Rule Criteria Id> - The product-specific identifier for a finding. Documented below.
- last
Observed List<AutomationAts Rule Criteria Last Observed At> - A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. Documented below.
- note
Texts List<AutomationRule Criteria Note Text> - The text of a user-defined note that's added to a finding. Documented below.
- note
Updated List<AutomationAts Rule Criteria Note Updated At> - The timestamp of when the note was updated. Documented below.
- note
Updated List<AutomationBies Rule Criteria Note Updated By> - The principal that created a note. Documented below.
- product
Arns List<AutomationRule Criteria Product Arn> - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Documented below.
- product
Names List<AutomationRule Criteria Product Name> - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Documented below.
- record
States List<AutomationRule Criteria Record State> - Provides the current state of a finding. Documented below.
- List<Automation
Rule Criteria Related Findings Id> - The product-generated identifier for a related finding. Documented below.
- List<Automation
Rule Criteria Related Findings Product Arn> - The ARN for the product that generated a related finding. Documented below.
- resource
Application List<AutomationArns Rule Criteria Resource Application Arn> - The Amazon Resource Name (ARN) of the application that is related to a finding. Documented below.
- resource
Application List<AutomationNames Rule Criteria Resource Application Name> - The name of the application that is related to a finding. Documented below.
- resource
Details List<AutomationOthers Rule Criteria Resource Details Other> - Custom fields and values about the resource that a finding pertains to. Documented below.
- resource
Ids List<AutomationRule Criteria Resource Id> - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Documented below.
- resource
Partitions List<AutomationRule Criteria Resource Partition> - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions. Each AWS account is scoped to one partition. Documented below.
- resource
Regions List<AutomationRule Criteria Resource Region> - The AWS Region where the resource that a finding pertains to is located. Documented below.
- List<Automation
Rule Criteria Resource Tag> - A list of AWS tags associated with a resource at the time the finding was processed. Documented below.
- resource
Types List<AutomationRule Criteria Resource Type> - The type of resource that the finding pertains to. Documented below.
- severity
Labels List<AutomationRule Criteria Severity Label> - The severity value of the finding. Documented below.
- source
Urls List<AutomationRule Criteria Source Url> - Provides a URL that links to a page about the current finding in the finding product. Documented below.
- titles
List<Automation
Rule Criteria Title> - A finding's title. Documented below.
- types
List<Automation
Rule Criteria Type> - One or more finding types in the format of namespace/category/classifier that classify a finding. Documented below.
- updated
Ats List<AutomationRule Criteria Updated At> - A timestamp that indicates when the finding record was most recently updated. Documented below.
- user
Defined List<AutomationFields Rule Criteria User Defined Field> - A list of user-defined name and value string pairs added to a finding. Documented below.
- verification
States List<AutomationRule Criteria Verification State> - Provides the veracity of a finding. Documented below.
- workflow
Statuses List<AutomationRule Criteria Workflow Status> - Provides information about the status of the investigation into a finding. Documented below.
- aws
Account AutomationIds Rule Criteria Aws Account Id[] - The AWS account ID in which a finding was generated. Documented below.
- aws
Account AutomationNames Rule Criteria Aws Account Name[] - The name of the AWS account in which a finding was generated. Documented below.
- company
Names AutomationRule Criteria Company Name[] - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Documented below.
- compliance
Associated AutomationStandards Ids Rule Criteria Compliance Associated Standards Id[] - The unique identifier of a standard in which a control is enabled. Documented below.
- compliance
Security AutomationControl Ids Rule Criteria Compliance Security Control Id[] - The security control ID for which a finding was generated. Security control IDs are the same across standards. Documented below.
- compliance
Statuses AutomationRule Criteria Compliance Status[] - The result of a security check. This field is only used for findings generated from controls. Documented below.
- confidences
Automation
Rule Criteria Confidence[] - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. Documented below. - created
Ats AutomationRule Criteria Created At[] - A timestamp that indicates when this finding record was created. Documented below.
- criticalities
Automation
Rule Criteria Criticality[] - The level of importance that is assigned to the resources that are associated with a finding. Documented below.
- descriptions
Automation
Rule Criteria Description[] - A finding's description. Documented below.
- first
Observed AutomationAts Rule Criteria First Observed At[] - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. Documented below.
- generator
Ids AutomationRule Criteria Generator Id[] - The identifier for the solution-specific component that generated a finding. Documented below.
- ids
Automation
Rule Criteria Id[] - The product-specific identifier for a finding. Documented below.
- last
Observed AutomationAts Rule Criteria Last Observed At[] - A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. Documented below.
- note
Texts AutomationRule Criteria Note Text[] - The text of a user-defined note that's added to a finding. Documented below.
- note
Updated AutomationAts Rule Criteria Note Updated At[] - The timestamp of when the note was updated. Documented below.
- note
Updated AutomationBies Rule Criteria Note Updated By[] - The principal that created a note. Documented below.
- product
Arns AutomationRule Criteria Product Arn[] - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Documented below.
- product
Names AutomationRule Criteria Product Name[] - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Documented below.
- record
States AutomationRule Criteria Record State[] - Provides the current state of a finding. Documented below.
- Automation
Rule Criteria Related Findings Id[] - The product-generated identifier for a related finding. Documented below.
- Automation
Rule Criteria Related Findings Product Arn[] - The ARN for the product that generated a related finding. Documented below.
- resource
Application AutomationArns Rule Criteria Resource Application Arn[] - The Amazon Resource Name (ARN) of the application that is related to a finding. Documented below.
- resource
Application AutomationNames Rule Criteria Resource Application Name[] - The name of the application that is related to a finding. Documented below.
- resource
Details AutomationOthers Rule Criteria Resource Details Other[] - Custom fields and values about the resource that a finding pertains to. Documented below.
- resource
Ids AutomationRule Criteria Resource Id[] - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Documented below.
- resource
Partitions AutomationRule Criteria Resource Partition[] - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions. Each AWS account is scoped to one partition. Documented below.
- resource
Regions AutomationRule Criteria Resource Region[] - The AWS Region where the resource that a finding pertains to is located. Documented below.
- Automation
Rule Criteria Resource Tag[] - A list of AWS tags associated with a resource at the time the finding was processed. Documented below.
- resource
Types AutomationRule Criteria Resource Type[] - The type of resource that the finding pertains to. Documented below.
- severity
Labels AutomationRule Criteria Severity Label[] - The severity value of the finding. Documented below.
- source
Urls AutomationRule Criteria Source Url[] - Provides a URL that links to a page about the current finding in the finding product. Documented below.
- titles
Automation
Rule Criteria Title[] - A finding's title. Documented below.
- types
Automation
Rule Criteria Type[] - One or more finding types in the format of namespace/category/classifier that classify a finding. Documented below.
- updated
Ats AutomationRule Criteria Updated At[] - A timestamp that indicates when the finding record was most recently updated. Documented below.
- user
Defined AutomationFields Rule Criteria User Defined Field[] - A list of user-defined name and value string pairs added to a finding. Documented below.
- verification
States AutomationRule Criteria Verification State[] - Provides the veracity of a finding. Documented below.
- workflow
Statuses AutomationRule Criteria Workflow Status[] - Provides information about the status of the investigation into a finding. Documented below.
- aws_
account_ Sequence[Automationids Rule Criteria Aws Account Id] - The AWS account ID in which a finding was generated. Documented below.
- aws_
account_ Sequence[Automationnames Rule Criteria Aws Account Name] - The name of the AWS account in which a finding was generated. Documented below.
- company_
names Sequence[AutomationRule Criteria Company Name] - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Documented below.
- compliance_
associated_ Sequence[Automationstandards_ ids Rule Criteria Compliance Associated Standards Id] - The unique identifier of a standard in which a control is enabled. Documented below.
- compliance_
security_ Sequence[Automationcontrol_ ids Rule Criteria Compliance Security Control Id] - The security control ID for which a finding was generated. Security control IDs are the same across standards. Documented below.
- compliance_
statuses Sequence[AutomationRule Criteria Compliance Status] - The result of a security check. This field is only used for findings generated from controls. Documented below.
- confidences
Sequence[Automation
Rule Criteria Confidence] - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. Documented below. - created_
ats Sequence[AutomationRule Criteria Created At] - A timestamp that indicates when this finding record was created. Documented below.
- criticalities
Sequence[Automation
Rule Criteria Criticality] - The level of importance that is assigned to the resources that are associated with a finding. Documented below.
- descriptions
Sequence[Automation
Rule Criteria Description] - A finding's description. Documented below.
- first_
observed_ Sequence[Automationats Rule Criteria First Observed At] - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. Documented below.
- generator_
ids Sequence[AutomationRule Criteria Generator Id] - The identifier for the solution-specific component that generated a finding. Documented below.
- ids
Sequence[Automation
Rule Criteria Id] - The product-specific identifier for a finding. Documented below.
- last_
observed_ Sequence[Automationats Rule Criteria Last Observed At] - A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. Documented below.
- note_
texts Sequence[AutomationRule Criteria Note Text] - The text of a user-defined note that's added to a finding. Documented below.
- note_
updated_ Sequence[Automationats Rule Criteria Note Updated At] - The timestamp of when the note was updated. Documented below.
- note_
updated_ Sequence[Automationbies Rule Criteria Note Updated By] - The principal that created a note. Documented below.
- product_
arns Sequence[AutomationRule Criteria Product Arn] - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Documented below.
- product_
names Sequence[AutomationRule Criteria Product Name] - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Documented below.
- record_
states Sequence[AutomationRule Criteria Record State] - Provides the current state of a finding. Documented below.
- Sequence[Automation
Rule Criteria Related Findings Id] - The product-generated identifier for a related finding. Documented below.
- Sequence[Automation
Rule Criteria Related Findings Product Arn] - The ARN for the product that generated a related finding. Documented below.
- resource_
application_ Sequence[Automationarns Rule Criteria Resource Application Arn] - The Amazon Resource Name (ARN) of the application that is related to a finding. Documented below.
- resource_
application_ Sequence[Automationnames Rule Criteria Resource Application Name] - The name of the application that is related to a finding. Documented below.
- resource_
details_ Sequence[Automationothers Rule Criteria Resource Details Other] - Custom fields and values about the resource that a finding pertains to. Documented below.
- resource_
ids Sequence[AutomationRule Criteria Resource Id] - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Documented below.
- resource_
partitions Sequence[AutomationRule Criteria Resource Partition] - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions. Each AWS account is scoped to one partition. Documented below.
- resource_
regions Sequence[AutomationRule Criteria Resource Region] - The AWS Region where the resource that a finding pertains to is located. Documented below.
- Sequence[Automation
Rule Criteria Resource Tag] - A list of AWS tags associated with a resource at the time the finding was processed. Documented below.
- resource_
types Sequence[AutomationRule Criteria Resource Type] - The type of resource that the finding pertains to. Documented below.
- severity_
labels Sequence[AutomationRule Criteria Severity Label] - The severity value of the finding. Documented below.
- source_
urls Sequence[AutomationRule Criteria Source Url] - Provides a URL that links to a page about the current finding in the finding product. Documented below.
- titles
Sequence[Automation
Rule Criteria Title] - A finding's title. Documented below.
- types
Sequence[Automation
Rule Criteria Type] - One or more finding types in the format of namespace/category/classifier that classify a finding. Documented below.
- updated_
ats Sequence[AutomationRule Criteria Updated At] - A timestamp that indicates when the finding record was most recently updated. Documented below.
- user_
defined_ Sequence[Automationfields Rule Criteria User Defined Field] - A list of user-defined name and value string pairs added to a finding. Documented below.
- verification_
states Sequence[AutomationRule Criteria Verification State] - Provides the veracity of a finding. Documented below.
- workflow_
statuses Sequence[AutomationRule Criteria Workflow Status] - Provides information about the status of the investigation into a finding. Documented below.
- aws
Account List<Property Map>Ids - The AWS account ID in which a finding was generated. Documented below.
- aws
Account List<Property Map>Names - The name of the AWS account in which a finding was generated. Documented below.
- company
Names List<Property Map> - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Documented below.
- compliance
Associated List<Property Map>Standards Ids - The unique identifier of a standard in which a control is enabled. Documented below.
- compliance
Security List<Property Map>Control Ids - The security control ID for which a finding was generated. Security control IDs are the same across standards. Documented below.
- compliance
Statuses List<Property Map> - The result of a security check. This field is only used for findings generated from controls. Documented below.
- confidences List<Property Map>
- The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence
is scored on a 0–100 basis using a ratio scale. A value of0
means 0 percent confidence, and a value of100
means 100 percent confidence. Documented below. - created
Ats List<Property Map> - A timestamp that indicates when this finding record was created. Documented below.
- criticalities List<Property Map>
- The level of importance that is assigned to the resources that are associated with a finding. Documented below.
- descriptions List<Property Map>
- A finding's description. Documented below.
- first
Observed List<Property Map>Ats - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. Documented below.
- generator
Ids List<Property Map> - The identifier for the solution-specific component that generated a finding. Documented below.
- ids List<Property Map>
- The product-specific identifier for a finding. Documented below.
- last
Observed List<Property Map>Ats - A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. Documented below.
- note
Texts List<Property Map> - The text of a user-defined note that's added to a finding. Documented below.
- note
Updated List<Property Map>Ats - The timestamp of when the note was updated. Documented below.
- note
Updated List<Property Map>Bies - The principal that created a note. Documented below.
- product
Arns List<Property Map> - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Documented below.
- product
Names List<Property Map> - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Documented below.
- record
States List<Property Map> - Provides the current state of a finding. Documented below.
- List<Property Map>
- The product-generated identifier for a related finding. Documented below.
- List<Property Map>
- The ARN for the product that generated a related finding. Documented below.
- resource
Application List<Property Map>Arns - The Amazon Resource Name (ARN) of the application that is related to a finding. Documented below.
- resource
Application List<Property Map>Names - The name of the application that is related to a finding. Documented below.
- resource
Details List<Property Map>Others - Custom fields and values about the resource that a finding pertains to. Documented below.
- resource
Ids List<Property Map> - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Documented below.
- resource
Partitions List<Property Map> - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions. Each AWS account is scoped to one partition. Documented below.
- resource
Regions List<Property Map> - The AWS Region where the resource that a finding pertains to is located. Documented below.
- List<Property Map>
- A list of AWS tags associated with a resource at the time the finding was processed. Documented below.
- resource
Types List<Property Map> - The type of resource that the finding pertains to. Documented below.
- severity
Labels List<Property Map> - The severity value of the finding. Documented below.
- source
Urls List<Property Map> - Provides a URL that links to a page about the current finding in the finding product. Documented below.
- titles List<Property Map>
- A finding's title. Documented below.
- types List<Property Map>
- One or more finding types in the format of namespace/category/classifier that classify a finding. Documented below.
- updated
Ats List<Property Map> - A timestamp that indicates when the finding record was most recently updated. Documented below.
- user
Defined List<Property Map>Fields - A list of user-defined name and value string pairs added to a finding. Documented below.
- verification
States List<Property Map> - Provides the veracity of a finding. Documented below.
- workflow
Statuses List<Property Map> - Provides information about the status of the investigation into a finding. Documented below.
AutomationRuleCriteriaAwsAccountId, AutomationRuleCriteriaAwsAccountIdArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaAwsAccountName, AutomationRuleCriteriaAwsAccountNameArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaCompanyName, AutomationRuleCriteriaCompanyNameArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaComplianceAssociatedStandardsId, AutomationRuleCriteriaComplianceAssociatedStandardsIdArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaComplianceSecurityControlId, AutomationRuleCriteriaComplianceSecurityControlIdArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaComplianceStatus, AutomationRuleCriteriaComplianceStatusArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaConfidence, AutomationRuleCriteriaConfidenceArgs
- Eq double
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- Gt double
- Gte double
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- Lt double
- Lte double
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- Eq float64
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- Gt float64
- Gte float64
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- Lt float64
- Lte float64
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- eq Double
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- gt Double
- gte Double
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- lt Double
- lte Double
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- eq number
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- gt number
- gte number
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- lt number
- lte number
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- eq float
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- gt float
- gte float
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- lt float
- lte float
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- eq Number
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- gt Number
- gte Number
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- lt Number
- lte Number
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
AutomationRuleCriteriaCreatedAt, AutomationRuleCriteriaCreatedAtArgs
- Date
Range AutomationRule Criteria Created At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- End string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - Start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- Date
Range AutomationRule Criteria Created At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- End string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - Start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range AutomationRule Criteria Created At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end String
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start String
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range AutomationRule Criteria Created At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date_
range AutomationRule Criteria Created At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end str
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start str
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range Property Map - A configuration block of the date range for the date filter. See date_range below for more details.
- end String
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start String
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
AutomationRuleCriteriaCreatedAtDateRange, AutomationRuleCriteriaCreatedAtDateRangeArgs
AutomationRuleCriteriaCriticality, AutomationRuleCriteriaCriticalityArgs
- Eq double
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- Gt double
- Gte double
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- Lt double
- Lte double
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- Eq float64
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- Gt float64
- Gte float64
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- Lt float64
- Lte float64
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- eq Double
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- gt Double
- gte Double
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- lt Double
- lte Double
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- eq number
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- gt number
- gte number
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- lt number
- lte number
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- eq float
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- gt float
- gte float
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- lt float
- lte float
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- eq Number
- The equal-to condition to be applied to a single field when querying for findings, provided as a String.
- gt Number
- gte Number
- The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.
- lt Number
- lte Number
- The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.
AutomationRuleCriteriaDescription, AutomationRuleCriteriaDescriptionArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaFirstObservedAt, AutomationRuleCriteriaFirstObservedAtArgs
- Date
Range AutomationRule Criteria First Observed At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- End string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - Start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- Date
Range AutomationRule Criteria First Observed At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- End string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - Start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range AutomationRule Criteria First Observed At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end String
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start String
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range AutomationRule Criteria First Observed At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date_
range AutomationRule Criteria First Observed At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end str
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start str
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range Property Map - A configuration block of the date range for the date filter. See date_range below for more details.
- end String
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start String
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
AutomationRuleCriteriaFirstObservedAtDateRange, AutomationRuleCriteriaFirstObservedAtDateRangeArgs
AutomationRuleCriteriaGeneratorId, AutomationRuleCriteriaGeneratorIdArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaId, AutomationRuleCriteriaIdArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaLastObservedAt, AutomationRuleCriteriaLastObservedAtArgs
- Date
Range AutomationRule Criteria Last Observed At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- End string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - Start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- Date
Range AutomationRule Criteria Last Observed At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- End string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - Start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range AutomationRule Criteria Last Observed At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end String
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start String
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range AutomationRule Criteria Last Observed At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date_
range AutomationRule Criteria Last Observed At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end str
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start str
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range Property Map - A configuration block of the date range for the date filter. See date_range below for more details.
- end String
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start String
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
AutomationRuleCriteriaLastObservedAtDateRange, AutomationRuleCriteriaLastObservedAtDateRangeArgs
AutomationRuleCriteriaNoteText, AutomationRuleCriteriaNoteTextArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaNoteUpdatedAt, AutomationRuleCriteriaNoteUpdatedAtArgs
- Date
Range AutomationRule Criteria Note Updated At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- End string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - Start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- Date
Range AutomationRule Criteria Note Updated At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- End string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - Start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range AutomationRule Criteria Note Updated At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end String
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start String
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range AutomationRule Criteria Note Updated At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date_
range AutomationRule Criteria Note Updated At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end str
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start str
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range Property Map - A configuration block of the date range for the date filter. See date_range below for more details.
- end String
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start String
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
AutomationRuleCriteriaNoteUpdatedAtDateRange, AutomationRuleCriteriaNoteUpdatedAtDateRangeArgs
AutomationRuleCriteriaNoteUpdatedBy, AutomationRuleCriteriaNoteUpdatedByArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaProductArn, AutomationRuleCriteriaProductArnArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaProductName, AutomationRuleCriteriaProductNameArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaRecordState, AutomationRuleCriteriaRecordStateArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaRelatedFindingsId, AutomationRuleCriteriaRelatedFindingsIdArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaRelatedFindingsProductArn, AutomationRuleCriteriaRelatedFindingsProductArnArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaResourceApplicationArn, AutomationRuleCriteriaResourceApplicationArnArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaResourceApplicationName, AutomationRuleCriteriaResourceApplicationNameArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaResourceDetailsOther, AutomationRuleCriteriaResourceDetailsOtherArgs
- Comparison string
- Key string
- The key of the map filter.
- Value string
- Comparison string
- Key string
- The key of the map filter.
- Value string
- comparison String
- key String
- The key of the map filter.
- value String
- comparison string
- key string
- The key of the map filter.
- value string
- comparison str
- key str
- The key of the map filter.
- value str
- comparison String
- key String
- The key of the map filter.
- value String
AutomationRuleCriteriaResourceId, AutomationRuleCriteriaResourceIdArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaResourcePartition, AutomationRuleCriteriaResourcePartitionArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaResourceRegion, AutomationRuleCriteriaResourceRegionArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaResourceTag, AutomationRuleCriteriaResourceTagArgs
- Comparison string
- Key string
- The key of the map filter.
- Value string
- Comparison string
- Key string
- The key of the map filter.
- Value string
- comparison String
- key String
- The key of the map filter.
- value String
- comparison string
- key string
- The key of the map filter.
- value string
- comparison str
- key str
- The key of the map filter.
- value str
- comparison String
- key String
- The key of the map filter.
- value String
AutomationRuleCriteriaResourceType, AutomationRuleCriteriaResourceTypeArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaSeverityLabel, AutomationRuleCriteriaSeverityLabelArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaSourceUrl, AutomationRuleCriteriaSourceUrlArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaTitle, AutomationRuleCriteriaTitleArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaType, AutomationRuleCriteriaTypeArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaUpdatedAt, AutomationRuleCriteriaUpdatedAtArgs
- Date
Range AutomationRule Criteria Updated At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- End string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - Start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- Date
Range AutomationRule Criteria Updated At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- End string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - Start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range AutomationRule Criteria Updated At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end String
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start String
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range AutomationRule Criteria Updated At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end string
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start string
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date_
range AutomationRule Criteria Updated At Date Range - A configuration block of the date range for the date filter. See date_range below for more details.
- end str
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start str
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
- date
Range Property Map - A configuration block of the date range for the date filter. See date_range below for more details.
- end String
- An end date for the date filter. Required with
start
ifdate_range
is not specified. - start String
- A start date for the date filter. Required with
end
ifdate_range
is not specified.
AutomationRuleCriteriaUpdatedAtDateRange, AutomationRuleCriteriaUpdatedAtDateRangeArgs
AutomationRuleCriteriaUserDefinedField, AutomationRuleCriteriaUserDefinedFieldArgs
- Comparison string
- Key string
- The key of the map filter.
- Value string
- Comparison string
- Key string
- The key of the map filter.
- Value string
- comparison String
- key String
- The key of the map filter.
- value String
- comparison string
- key string
- The key of the map filter.
- value string
- comparison str
- key str
- The key of the map filter.
- value str
- comparison String
- key String
- The key of the map filter.
- value String
AutomationRuleCriteriaVerificationState, AutomationRuleCriteriaVerificationStateArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
AutomationRuleCriteriaWorkflowStatus, AutomationRuleCriteriaWorkflowStatusArgs
- Comparison string
- Value string
- Comparison string
- Value string
- comparison String
- value String
- comparison string
- value string
- comparison str
- value str
- comparison String
- value String
Import
Using pulumi import
, import Security Hub automation rule using their ARN. For example:
$ pulumi import aws:securityhub/automationRule:AutomationRule example arn:aws:securityhub:us-west-2:123456789012:automation-rule/473eddde-f5c4-4ae5-85c7-e922f271fffc
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.