Docs Home
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi
aws-native.securityhub.AutomationRule
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi
The AWS::SecurityHub::AutomationRule resource specifies an automation rule based on input parameters. For more information, see Automation rules in the User Guide.
Example Usage
Example
Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var ruleWithCriteriaActionsTags = new AwsNative.SecurityHub.AutomationRule("ruleWithCriteriaActionsTags", new()
{
RuleName = "Example rule name",
RuleOrder = 5,
Description = "Example rule description.",
IsTerminal = false,
RuleStatus = AwsNative.SecurityHub.AutomationRuleRuleStatus.Enabled,
Criteria = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFiltersArgs
{
ProductName = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "GuardDuty",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "SecurityHub",
},
},
CompanyName = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "AWS",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "Private",
},
},
ProductArn = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "arn:aws:securityhub:us-west-2:123456789012:product/aws",
},
},
AwsAccountId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "123456789012",
},
},
Id = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-finding-id",
},
},
GeneratorId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-generator-id",
},
},
Type = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "type-1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "type-2",
},
},
Description = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "description1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "description2",
},
},
SourceUrl = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "https",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "ftp",
},
},
Title = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "title-1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "title-2",
},
},
SeverityLabel = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "LOW",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "HIGH",
},
},
ResourceType = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "AwsEc2Instance",
},
},
ResourcePartition = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "aws",
},
},
ResourceId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "i-1234567890",
},
},
ResourceRegion = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "us-west",
},
},
ComplianceStatus = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "FAILED",
},
},
ComplianceSecurityControlId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "EC2.3",
},
},
ComplianceAssociatedStandardsId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
},
},
VerificationState = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "BENIGN_POSITIVE",
},
},
RecordState = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "ACTIVE",
},
},
RelatedFindingsProductArn = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
},
},
RelatedFindingsId = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-finding-id-2",
},
},
NoteText = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "example-note-text",
},
},
NoteUpdatedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
NoteUpdatedBy = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.Prefix,
Value = "sechub",
},
},
WorkflowStatus = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleStringFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleStringFilterComparison.EqualsValue,
Value = "NEW",
},
},
FirstObservedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
LastObservedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
CreatedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
DateRange = new AwsNative.SecurityHub.Inputs.AutomationRuleDateRangeArgs
{
Unit = AwsNative.SecurityHub.AutomationRuleDateRangeUnit.Days,
Value = 5,
},
},
},
UpdatedAt = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleDateFilterArgs
{
Start = "2023-04-25T17:05:54.832Z",
End = "2023-05-25T17:05:54.832Z",
},
},
ResourceTags = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "department",
Value = "security",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "department",
Value = "operations",
},
},
UserDefinedFields = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
Key = "key1",
Value = "security",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.EqualsValue,
Key = "key2",
Value = "operations",
},
},
ResourceDetailsOther = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "area",
Value = "na",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleMapFilterArgs
{
Comparison = AwsNative.SecurityHub.AutomationRuleMapFilterComparison.NotEquals,
Key = "department",
Value = "sales",
},
},
Confidence = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
{
Gte = 50,
Lte = 95,
},
},
Criticality = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilterArgs
{
Gte = 50,
Lte = 95,
},
},
},
Actions = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRulesActionArgs
{
Type = AwsNative.SecurityHub.AutomationRulesActionType.FindingFieldsUpdate,
FindingFieldsUpdate = new AwsNative.SecurityHub.Inputs.AutomationRulesFindingFieldsUpdateArgs
{
Severity = new AwsNative.SecurityHub.Inputs.AutomationRuleSeverityUpdateArgs
{
Product = 50,
Label = AwsNative.SecurityHub.AutomationRuleSeverityUpdateLabel.Medium,
Normalized = 60,
},
Types = new[]
{
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
"Industry Compliance",
},
Confidence = 98,
Criticality = 95,
UserDefinedFields =
{
{ "key1", "value1" },
{ "key2", "value2" },
},
RelatedFindings = new[]
{
new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
{
ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
Id = "sample-finding-id-1",
},
new AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFindingArgs
{
ProductArn = "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
Id = "sample-finding-id-2",
},
},
Note = new AwsNative.SecurityHub.Inputs.AutomationRuleNoteUpdateArgs
{
Text = "sample-note-text",
UpdatedBy = "sechub",
},
VerificationState = AwsNative.SecurityHub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
Workflow = new AwsNative.SecurityHub.Inputs.AutomationRuleWorkflowUpdateArgs
{
Status = AwsNative.SecurityHub.AutomationRuleWorkflowUpdateStatus.Notified,
},
},
},
},
Tags =
{
{ "sampleTag", "sampleValue" },
{ "organizationUnit", "pnw" },
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/securityhub"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityhub.NewAutomationRule(ctx, "ruleWithCriteriaActionsTags", &securityhub.AutomationRuleArgs{
RuleName: pulumi.String("Example rule name"),
RuleOrder: pulumi.Int(5),
Description: pulumi.String("Example rule description."),
IsTerminal: pulumi.Bool(false),
RuleStatus: securityhub.AutomationRuleRuleStatusEnabled,
Criteria: &securityhub.AutomationRulesFindingFiltersArgs{
ProductName: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("GuardDuty"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("SecurityHub"),
},
},
CompanyName: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("AWS"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("Private"),
},
},
ProductArn: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/aws"),
},
},
AwsAccountId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("123456789012"),
},
},
Id: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-finding-id"),
},
},
GeneratorId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-generator-id"),
},
},
Type: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("type-1"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("type-2"),
},
},
Description: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("description1"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("description2"),
},
},
SourceUrl: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("https"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("ftp"),
},
},
Title: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("title-1"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("title-2"),
},
},
SeverityLabel: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("LOW"),
},
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("HIGH"),
},
},
ResourceType: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("AwsEc2Instance"),
},
},
ResourcePartition: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("aws"),
},
},
ResourceId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("i-1234567890"),
},
},
ResourceRegion: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("us-west"),
},
},
ComplianceStatus: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("FAILED"),
},
},
ComplianceSecurityControlId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("EC2.3"),
},
},
ComplianceAssociatedStandardsId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("ruleset/cis-aws-foundations-benchmark/v/1.2.0"),
},
},
VerificationState: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("BENIGN_POSITIVE"),
},
},
RecordState: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("ACTIVE"),
},
},
RelatedFindingsProductArn: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("arn:aws:securityhub:eu-central-1::product/aws/securityhub"),
},
},
RelatedFindingsId: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-finding-id-2"),
},
},
NoteText: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("example-note-text"),
},
},
NoteUpdatedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
NoteUpdatedBy: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonPrefix,
Value: pulumi.String("sechub"),
},
},
WorkflowStatus: securityhub.AutomationRuleStringFilterArray{
&securityhub.AutomationRuleStringFilterArgs{
Comparison: securityhub.AutomationRuleStringFilterComparisonEquals,
Value: pulumi.String("NEW"),
},
},
FirstObservedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
LastObservedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
CreatedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
DateRange: &securityhub.AutomationRuleDateRangeArgs{
Unit: securityhub.AutomationRuleDateRangeUnitDays,
Value: pulumi.Float64(5),
},
},
},
UpdatedAt: securityhub.AutomationRuleDateFilterArray{
&securityhub.AutomationRuleDateFilterArgs{
Start: pulumi.String("2023-04-25T17:05:54.832Z"),
End: pulumi.String("2023-05-25T17:05:54.832Z"),
},
},
ResourceTags: securityhub.AutomationRuleMapFilterArray{
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("department"),
Value: pulumi.String("security"),
},
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("department"),
Value: pulumi.String("operations"),
},
},
UserDefinedFields: securityhub.AutomationRuleMapFilterArray{
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
Key: pulumi.String("key1"),
Value: pulumi.String("security"),
},
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonEquals,
Key: pulumi.String("key2"),
Value: pulumi.String("operations"),
},
},
ResourceDetailsOther: securityhub.AutomationRuleMapFilterArray{
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("area"),
Value: pulumi.String("na"),
},
&securityhub.AutomationRuleMapFilterArgs{
Comparison: securityhub.AutomationRuleMapFilterComparisonNotEquals,
Key: pulumi.String("department"),
Value: pulumi.String("sales"),
},
},
Confidence: securityhub.AutomationRuleNumberFilterArray{
&securityhub.AutomationRuleNumberFilterArgs{
Gte: pulumi.Float64(50),
Lte: pulumi.Float64(95),
},
},
Criticality: securityhub.AutomationRuleNumberFilterArray{
&securityhub.AutomationRuleNumberFilterArgs{
Gte: pulumi.Float64(50),
Lte: pulumi.Float64(95),
},
},
},
Actions: securityhub.AutomationRulesActionArray{
&securityhub.AutomationRulesActionArgs{
Type: securityhub.AutomationRulesActionTypeFindingFieldsUpdate,
FindingFieldsUpdate: &securityhub.AutomationRulesFindingFieldsUpdateArgs{
Severity: &securityhub.AutomationRuleSeverityUpdateArgs{
Product: pulumi.Float64(50),
Label: securityhub.AutomationRuleSeverityUpdateLabelMedium,
Normalized: pulumi.Int(60),
},
Types: pulumi.StringArray{
pulumi.String("Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices"),
pulumi.String("Industry Compliance"),
},
Confidence: pulumi.Int(98),
Criticality: pulumi.Int(95),
UserDefinedFields: pulumi.StringMap{
"key1": pulumi.String("value1"),
"key2": pulumi.String("value2"),
},
RelatedFindings: securityhub.AutomationRuleRelatedFindingArray{
&securityhub.AutomationRuleRelatedFindingArgs{
ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
Id: pulumi.String("sample-finding-id-1"),
},
&securityhub.AutomationRuleRelatedFindingArgs{
ProductArn: pulumi.String("arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default"),
Id: pulumi.String("sample-finding-id-2"),
},
},
Note: &securityhub.AutomationRuleNoteUpdateArgs{
Text: pulumi.String("sample-note-text"),
UpdatedBy: pulumi.String("sechub"),
},
VerificationState: securityhub.AutomationRulesFindingFieldsUpdateVerificationStateTruePositive,
Workflow: &securityhub.AutomationRuleWorkflowUpdateArgs{
Status: securityhub.AutomationRuleWorkflowUpdateStatusNotified,
},
},
},
},
Tags: pulumi.StringMap{
"sampleTag": pulumi.String("sampleValue"),
"organizationUnit": pulumi.String("pnw"),
},
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const ruleWithCriteriaActionsTags = new aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags", {
ruleName: "Example rule name",
ruleOrder: 5,
description: "Example rule description.",
isTerminal: false,
ruleStatus: aws_native.securityhub.AutomationRuleRuleStatus.Enabled,
criteria: {
productName: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "GuardDuty",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "SecurityHub",
},
],
companyName: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "AWS",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "Private",
},
],
productArn: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "arn:aws:securityhub:us-west-2:123456789012:product/aws",
},
],
awsAccountId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "123456789012",
}],
id: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-finding-id",
}],
generatorId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-generator-id",
}],
type: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "type-1",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "type-2",
},
],
description: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "description1",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "description2",
},
],
sourceUrl: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "https",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "ftp",
},
],
title: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "title-1",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "title-2",
},
],
severityLabel: [
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "LOW",
},
{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "HIGH",
},
],
resourceType: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "AwsEc2Instance",
}],
resourcePartition: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "aws",
}],
resourceId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "i-1234567890",
}],
resourceRegion: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "us-west",
}],
complianceStatus: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "FAILED",
}],
complianceSecurityControlId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "EC2.3",
}],
complianceAssociatedStandardsId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
}],
verificationState: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "BENIGN_POSITIVE",
}],
recordState: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "ACTIVE",
}],
relatedFindingsProductArn: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
}],
relatedFindingsId: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-finding-id-2",
}],
noteText: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "example-note-text",
}],
noteUpdatedAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
noteUpdatedBy: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Prefix,
value: "sechub",
}],
workflowStatus: [{
comparison: aws_native.securityhub.AutomationRuleStringFilterComparison.Equals,
value: "NEW",
}],
firstObservedAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
lastObservedAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
createdAt: [{
dateRange: {
unit: aws_native.securityhub.AutomationRuleDateRangeUnit.Days,
value: 5,
},
}],
updatedAt: [{
start: "2023-04-25T17:05:54.832Z",
end: "2023-05-25T17:05:54.832Z",
}],
resourceTags: [
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "department",
value: "security",
},
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "department",
value: "operations",
},
],
userDefinedFields: [
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
key: "key1",
value: "security",
},
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.Equals,
key: "key2",
value: "operations",
},
],
resourceDetailsOther: [
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "area",
value: "na",
},
{
comparison: aws_native.securityhub.AutomationRuleMapFilterComparison.NotEquals,
key: "department",
value: "sales",
},
],
confidence: [{
gte: 50,
lte: 95,
}],
criticality: [{
gte: 50,
lte: 95,
}],
},
actions: [{
type: aws_native.securityhub.AutomationRulesActionType.FindingFieldsUpdate,
findingFieldsUpdate: {
severity: {
product: 50,
label: aws_native.securityhub.AutomationRuleSeverityUpdateLabel.Medium,
normalized: 60,
},
types: [
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
"Industry Compliance",
],
confidence: 98,
criticality: 95,
userDefinedFields: {
key1: "value1",
key2: "value2",
},
relatedFindings: [
{
productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
id: "sample-finding-id-1",
},
{
productArn: "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
id: "sample-finding-id-2",
},
],
note: {
text: "sample-note-text",
updatedBy: "sechub",
},
verificationState: aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TruePositive,
workflow: {
status: aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.Notified,
},
},
}],
tags: {
sampleTag: "sampleValue",
organizationUnit: "pnw",
},
});
import pulumi
import pulumi_aws_native as aws_native
rule_with_criteria_actions_tags = aws_native.securityhub.AutomationRule("ruleWithCriteriaActionsTags",
rule_name="Example rule name",
rule_order=5,
description="Example rule description.",
is_terminal=False,
rule_status=aws_native.securityhub.AutomationRuleRuleStatus.ENABLED,
criteria={
"product_name": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "GuardDuty",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "SecurityHub",
},
],
"company_name": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "AWS",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "Private",
},
],
"product_arn": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "arn:aws:securityhub:us-west-2:123456789012:product/aws",
},
],
"aws_account_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "123456789012",
}],
"id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-finding-id",
}],
"generator_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-generator-id",
}],
"type": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "type-1",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "type-2",
},
],
"description": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "description1",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "description2",
},
],
"source_url": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "https",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "ftp",
},
],
"title": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "title-1",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "title-2",
},
],
"severity_label": [
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "LOW",
},
{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "HIGH",
},
],
"resource_type": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "AwsEc2Instance",
}],
"resource_partition": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "aws",
}],
"resource_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "i-1234567890",
}],
"resource_region": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "us-west",
}],
"compliance_status": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "FAILED",
}],
"compliance_security_control_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "EC2.3",
}],
"compliance_associated_standards_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "ruleset/cis-aws-foundations-benchmark/v/1.2.0",
}],
"verification_state": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "BENIGN_POSITIVE",
}],
"record_state": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "ACTIVE",
}],
"related_findings_product_arn": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "arn:aws:securityhub:eu-central-1::product/aws/securityhub",
}],
"related_findings_id": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-finding-id-2",
}],
"note_text": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "example-note-text",
}],
"note_updated_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"note_updated_by": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.PREFIX,
"value": "sechub",
}],
"workflow_status": [{
"comparison": aws_native.securityhub.AutomationRuleStringFilterComparison.EQUALS,
"value": "NEW",
}],
"first_observed_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"last_observed_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"created_at": [{
"date_range": {
"unit": aws_native.securityhub.AutomationRuleDateRangeUnit.DAYS,
"value": 5,
},
}],
"updated_at": [{
"start": "2023-04-25T17:05:54.832Z",
"end": "2023-05-25T17:05:54.832Z",
}],
"resource_tags": [
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "department",
"value": "security",
},
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "department",
"value": "operations",
},
],
"user_defined_fields": [
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
"key": "key1",
"value": "security",
},
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.EQUALS,
"key": "key2",
"value": "operations",
},
],
"resource_details_other": [
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "area",
"value": "na",
},
{
"comparison": aws_native.securityhub.AutomationRuleMapFilterComparison.NOT_EQUALS,
"key": "department",
"value": "sales",
},
],
"confidence": [{
"gte": 50,
"lte": 95,
}],
"criticality": [{
"gte": 50,
"lte": 95,
}],
},
actions=[{
"type": aws_native.securityhub.AutomationRulesActionType.FINDING_FIELDS_UPDATE,
"finding_fields_update": {
"severity": {
"product": 50,
"label": aws_native.securityhub.AutomationRuleSeverityUpdateLabel.MEDIUM,
"normalized": 60,
},
"types": [
"Software and Configuration Checks/Industry and Regulatory Standards/AWS-Foundational-Security-Best-Practices",
"Industry Compliance",
],
"confidence": 98,
"criticality": 95,
"user_defined_fields": {
"key1": "value1",
"key2": "value2",
},
"related_findings": [
{
"product_arn": "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
"id": "sample-finding-id-1",
},
{
"product_arn": "arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default",
"id": "sample-finding-id-2",
},
],
"note": {
"text": "sample-note-text",
"updated_by": "sechub",
},
"verification_state": aws_native.securityhub.AutomationRulesFindingFieldsUpdateVerificationState.TRUE_POSITIVE,
"workflow": {
"status": aws_native.securityhub.AutomationRuleWorkflowUpdateStatus.NOTIFIED,
},
},
}],
tags={
"sampleTag": "sampleValue",
"organizationUnit": "pnw",
})
Coming soon!
Create AutomationRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AutomationRule(name: string, args: AutomationRuleArgs, opts?: CustomResourceOptions);@overload
def AutomationRule(resource_name: str,
args: AutomationRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AutomationRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[AutomationRulesActionArgs]] = None,
criteria: Optional[AutomationRulesFindingFiltersArgs] = None,
description: Optional[str] = None,
rule_order: Optional[int] = None,
is_terminal: Optional[bool] = None,
rule_name: Optional[str] = None,
rule_status: Optional[AutomationRuleRuleStatus] = None,
tags: Optional[Mapping[str, str]] = None)func NewAutomationRule(ctx *Context, name string, args AutomationRuleArgs, opts ...ResourceOption) (*AutomationRule, error)public AutomationRule(string name, AutomationRuleArgs args, CustomResourceOptions? opts = null)public AutomationRule(String name, AutomationRuleArgs args)
public AutomationRule(String name, AutomationRuleArgs args, CustomResourceOptions options)
type: aws-native:securityhub:AutomationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AutomationRuleArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. AutomationRuleArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AutomationRuleArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. AutomationRuleArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. AutomationRuleArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AutomationRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AutomationRule resource accepts the following input properties:
- Actions
This property is required. List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rules Action> - One or more actions to update finding fields if a finding matches the conditions specified in
Criteria. - Criteria
This property is required. Pulumi.Aws Native. Security Hub. Inputs. Automation Rules Finding Filters - A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- Description
This property is required. string - A description of the rule.
- Rule
Order This property is required. int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- Is
Terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- Rule
Name string - The name of the rule.
- Rule
Status Pulumi.Aws Native. Security Hub. Automation Rule Rule Status - Whether the rule is active after it is created. If this parameter is equal to
ENABLED, ASH applies the rule to findings and finding updates after the rule is created. - Dictionary<string, string>
- User-defined tags associated with an automation rule.
- Actions
This property is required. []AutomationRules Action Args - One or more actions to update finding fields if a finding matches the conditions specified in
Criteria. - Criteria
This property is required. AutomationRules Finding Filters Args - A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- Description
This property is required. string - A description of the rule.
- Rule
Order This property is required. int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- Is
Terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- Rule
Name string - The name of the rule.
- Rule
Status AutomationRule Rule Status - Whether the rule is active after it is created. If this parameter is equal to
ENABLED, ASH applies the rule to findings and finding updates after the rule is created. - map[string]string
- User-defined tags associated with an automation rule.
- actions
This property is required. List<AutomationRules Action> - One or more actions to update finding fields if a finding matches the conditions specified in
Criteria. - criteria
This property is required. AutomationRules Finding Filters - A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- description
This property is required. String - A description of the rule.
- rule
Order This property is required. Integer - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- is
Terminal Boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- rule
Name String - The name of the rule.
- rule
Status AutomationRule Rule Status - Whether the rule is active after it is created. If this parameter is equal to
ENABLED, ASH applies the rule to findings and finding updates after the rule is created. - Map<String,String>
- User-defined tags associated with an automation rule.
- actions
This property is required. AutomationRules Action[] - One or more actions to update finding fields if a finding matches the conditions specified in
Criteria. - criteria
This property is required. AutomationRules Finding Filters - A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- description
This property is required. string - A description of the rule.
- rule
Order This property is required. number - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- is
Terminal boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- rule
Name string - The name of the rule.
- rule
Status AutomationRule Rule Status - Whether the rule is active after it is created. If this parameter is equal to
ENABLED, ASH applies the rule to findings and finding updates after the rule is created. - {[key: string]: string}
- User-defined tags associated with an automation rule.
- actions
This property is required. Sequence[AutomationRules Action Args] - One or more actions to update finding fields if a finding matches the conditions specified in
Criteria. - criteria
This property is required. AutomationRules Finding Filters Args - A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- description
This property is required. str - A description of the rule.
- rule_
order This property is required. int - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- is_
terminal bool - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- rule_
name str - The name of the rule.
- rule_
status AutomationRule Rule Status - Whether the rule is active after it is created. If this parameter is equal to
ENABLED, ASH applies the rule to findings and finding updates after the rule is created. - Mapping[str, str]
- User-defined tags associated with an automation rule.
- actions
This property is required. List<Property Map> - One or more actions to update finding fields if a finding matches the conditions specified in
Criteria. - criteria
This property is required. Property Map - A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
- description
This property is required. String - A description of the rule.
- rule
Order This property is required. Number - An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
- is
Terminal Boolean - Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
- rule
Name String - The name of the rule.
- rule
Status "ENABLED" | "DISABLED" - Whether the rule is active after it is created. If this parameter is equal to
ENABLED, ASH applies the rule to findings and finding updates after the rule is created. - Map<String>
- User-defined tags associated with an automation rule.
Outputs
All input properties are implicitly available as output properties. Additionally, the AutomationRule resource produces the following output properties:
- Created
At string A timestamp that indicates when the rule was created.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.- Created
By string - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe. - Id string
- The provider-assigned unique ID for this managed resource.
- Rule
Arn string - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. - Updated
At string A timestamp that indicates when the rule was most recently updated.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.
- Created
At string A timestamp that indicates when the rule was created.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.- Created
By string - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe. - Id string
- The provider-assigned unique ID for this managed resource.
- Rule
Arn string - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. - Updated
At string A timestamp that indicates when the rule was most recently updated.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.
- created
At String A timestamp that indicates when the rule was created.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.- created
By String - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe. - id String
- The provider-assigned unique ID for this managed resource.
- rule
Arn String - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. - updated
At String A timestamp that indicates when the rule was most recently updated.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.
- created
At string A timestamp that indicates when the rule was created.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.- created
By string - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe. - id string
- The provider-assigned unique ID for this managed resource.
- rule
Arn string - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. - updated
At string A timestamp that indicates when the rule was most recently updated.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.
- created_
at str A timestamp that indicates when the rule was created.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.- created_
by str - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe. - id str
- The provider-assigned unique ID for this managed resource.
- rule_
arn str - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. - updated_
at str A timestamp that indicates when the rule was most recently updated.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.
- created
At String A timestamp that indicates when the rule was created.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.- created
By String - The principal that created the rule. For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe. - id String
- The provider-assigned unique ID for this managed resource.
- rule
Arn String - The Amazon Resource Name (ARN) of the automation rule that you create. For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. - updated
At String A timestamp that indicates when the rule was most recently updated.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.
Supporting Types
AutomationRuleDateFilter, AutomationRuleDateFilterArgs
, AutomationRuleDateFilterArgs
- Date
Range Pulumi.Aws Native. Security Hub. Inputs. Automation Rule Date Range - A date range for the date filter.
- End string
- A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
- Start string
- A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
- Date
Range AutomationRule Date Range - A date range for the date filter.
- End string
- A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
- Start string
- A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
- date
Range AutomationRule Date Range - A date range for the date filter.
- end String
- A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
- start String
- A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
- date
Range AutomationRule Date Range - A date range for the date filter.
- end string
- A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
- start string
- A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
- date_
range AutomationRule Date Range - A date range for the date filter.
- end str
- A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
- start str
- A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
- date
Range Property Map - A date range for the date filter.
- end String
- A timestamp that provides the end date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
- start String
- A timestamp that provides the start date for the date filter. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps.
AutomationRuleDateRange, AutomationRuleDateRangeArgs
, AutomationRuleDateRangeArgs
- Unit
This property is required. Pulumi.Aws Native. Security Hub. Automation Rule Date Range Unit - A date range unit for the date filter.
- Value
This property is required. double - A date range value for the date filter.
- Unit
This property is required. AutomationRule Date Range Unit - A date range unit for the date filter.
- Value
This property is required. float64 - A date range value for the date filter.
- unit
This property is required. AutomationRule Date Range Unit - A date range unit for the date filter.
- value
This property is required. Double - A date range value for the date filter.
- unit
This property is required. AutomationRule Date Range Unit - A date range unit for the date filter.
- value
This property is required. number - A date range value for the date filter.
- unit
This property is required. AutomationRule Date Range Unit - A date range unit for the date filter.
- value
This property is required. float - A date range value for the date filter.
AutomationRuleDateRangeUnit, AutomationRuleDateRangeUnitArgs
, AutomationRuleDateRangeUnitArgs
- Days
- DAYS
- Automation
Rule Date Range Unit Days - DAYS
- Days
- DAYS
- Days
- DAYS
- DAYS
- DAYS
- "DAYS"
- DAYS
AutomationRuleMapFilter, AutomationRuleMapFilterArgs
, AutomationRuleMapFilterArgs
- Comparison
This property is required. Pulumi.Aws Native. Security Hub. Automation Rule Map Filter Comparison The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match. - To search for values that exactly match the filter value, use
EQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.
CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag. - To search for values other than the filter value, use
NOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.
NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- Key
This property is required. string - The key of the map filter. For example, for
ResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field. - Value
This property is required. string - The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Departmentmight beSecurity. If you providesecurityas the filter value, then there's no match.
- Comparison
This property is required. AutomationRule Map Filter Comparison The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match. - To search for values that exactly match the filter value, use
EQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.
CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag. - To search for values other than the filter value, use
NOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.
NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- Key
This property is required. string - The key of the map filter. For example, for
ResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field. - Value
This property is required. string - The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Departmentmight beSecurity. If you providesecurityas the filter value, then there's no match.
- comparison
This property is required. AutomationRule Map Filter Comparison The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match. - To search for values that exactly match the filter value, use
EQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.
CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag. - To search for values other than the filter value, use
NOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.
NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- key
This property is required. String - The key of the map filter. For example, for
ResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field. - value
This property is required. String - The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Departmentmight beSecurity. If you providesecurityas the filter value, then there's no match.
- comparison
This property is required. AutomationRule Map Filter Comparison The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match. - To search for values that exactly match the filter value, use
EQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.
CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag. - To search for values other than the filter value, use
NOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.
NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- key
This property is required. string - The key of the map filter. For example, for
ResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field. - value
This property is required. string - The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Departmentmight beSecurity. If you providesecurityas the filter value, then there's no match.
- comparison
This property is required. AutomationRule Map Filter Comparison The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match. - To search for values that exactly match the filter value, use
EQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.
CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag. - To search for values other than the filter value, use
NOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.
NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- key
This property is required. str - The key of the map filter. For example, for
ResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field. - value
This property is required. str - The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Departmentmight beSecurity. If you providesecurityas the filter value, then there's no match.
- comparison
This property is required. "EQUALS" | "NOT_EQUALS" | "CONTAINS" | "NOT_CONTAINS" The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match. - To search for values that exactly match the filter value, use
EQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.
CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values. To search for values that don't have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag. - To search for values other than the filter value, use
NOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.
NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- key
This property is required. String - The key of the map filter. For example, for
ResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field. - value
This property is required. String - The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called
Departmentmight beSecurity. If you providesecurityas the filter value, then there's no match.
AutomationRuleMapFilterComparison, AutomationRuleMapFilterComparisonArgs
, AutomationRuleMapFilterComparisonArgs
- Equals
Value - EQUALS
- Not
Equals - NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- Automation
Rule Map Filter Comparison Equals - EQUALS
- Automation
Rule Map Filter Comparison Not Equals - NOT_EQUALS
- Automation
Rule Map Filter Comparison Contains - CONTAINS
- Automation
Rule Map Filter Comparison Not Contains - NOT_CONTAINS
- Equals
- EQUALS
- Not
Equals - NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- Equals
- EQUALS
- Not
Equals - NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- EQUALS
- EQUALS
- NOT_EQUALS
- NOT_EQUALS
- CONTAINS
- CONTAINS
- NOT_CONTAINS
- NOT_CONTAINS
- "EQUALS"
- EQUALS
- "NOT_EQUALS"
- NOT_EQUALS
- "CONTAINS"
- CONTAINS
- "NOT_CONTAINS"
- NOT_CONTAINS
AutomationRuleNoteUpdate, AutomationRuleNoteUpdateArgs
, AutomationRuleNoteUpdateArgs
- text
This property is required. str - The updated note text.
- updated_
by This property is required. str - The principal that updated the note.
AutomationRuleNumberFilter, AutomationRuleNumberFilterArgs
, AutomationRuleNumberFilterArgs
AutomationRuleRelatedFinding, AutomationRuleRelatedFindingArgs
, AutomationRuleRelatedFindingArgs
- Id
This property is required. string - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Arn This property is required. string - The Amazon Resource Name (ARN) for the product that generated a related finding.
- Id
This property is required. string - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Arn This property is required. string - The Amazon Resource Name (ARN) for the product that generated a related finding.
- id
This property is required. String - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn This property is required. String - The Amazon Resource Name (ARN) for the product that generated a related finding.
- id
This property is required. string - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn This property is required. string - The Amazon Resource Name (ARN) for the product that generated a related finding.
- id
This property is required. str - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product_
arn This property is required. str - The Amazon Resource Name (ARN) for the product that generated a related finding.
- id
This property is required. String - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn This property is required. String - The Amazon Resource Name (ARN) for the product that generated a related finding.
AutomationRuleRuleStatus, AutomationRuleRuleStatusArgs
, AutomationRuleRuleStatusArgs
- Enabled
- ENABLED
- Disabled
- DISABLED
- Automation
Rule Rule Status Enabled - ENABLED
- Automation
Rule Rule Status Disabled - DISABLED
- Enabled
- ENABLED
- Disabled
- DISABLED
- Enabled
- ENABLED
- Disabled
- DISABLED
- ENABLED
- ENABLED
- DISABLED
- DISABLED
- "ENABLED"
- ENABLED
- "DISABLED"
- DISABLED
AutomationRuleSeverityUpdate, AutomationRuleSeverityUpdateArgs
, AutomationRuleSeverityUpdateArgs
- Label
Pulumi.
Aws Native. Security Hub. Automation Rule Severity Update Label - The severity value of the finding. The allowed values are the following.
INFORMATIONAL- No issue was found.LOW- The issue does not require action on its own.MEDIUM- The issue must be addressed but not urgently.HIGH- The issue must be addressed as a priority.CRITICAL- The issue must be remediated immediately to avoid it escalating.
- Normalized int
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label. If you provideNormalizedand don't provideLabel,Labelis set automatically as follows.- 0 -
INFORMATIONAL - 1–39 -
LOW - 40–69 -
MEDIUM - 70–89 -
HIGH - 90–100 -
CRITICAL
- 0 -
- Product double
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
- Label
Automation
Rule Severity Update Label - The severity value of the finding. The allowed values are the following.
INFORMATIONAL- No issue was found.LOW- The issue does not require action on its own.MEDIUM- The issue must be addressed but not urgently.HIGH- The issue must be addressed as a priority.CRITICAL- The issue must be remediated immediately to avoid it escalating.
- Normalized int
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label. If you provideNormalizedand don't provideLabel,Labelis set automatically as follows.- 0 -
INFORMATIONAL - 1–39 -
LOW - 40–69 -
MEDIUM - 70–89 -
HIGH - 90–100 -
CRITICAL
- 0 -
- Product float64
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
- label
Automation
Rule Severity Update Label - The severity value of the finding. The allowed values are the following.
INFORMATIONAL- No issue was found.LOW- The issue does not require action on its own.MEDIUM- The issue must be addressed but not urgently.HIGH- The issue must be addressed as a priority.CRITICAL- The issue must be remediated immediately to avoid it escalating.
- normalized Integer
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label. If you provideNormalizedand don't provideLabel,Labelis set automatically as follows.- 0 -
INFORMATIONAL - 1–39 -
LOW - 40–69 -
MEDIUM - 70–89 -
HIGH - 90–100 -
CRITICAL
- 0 -
- product Double
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
- label
Automation
Rule Severity Update Label - The severity value of the finding. The allowed values are the following.
INFORMATIONAL- No issue was found.LOW- The issue does not require action on its own.MEDIUM- The issue must be addressed but not urgently.HIGH- The issue must be addressed as a priority.CRITICAL- The issue must be remediated immediately to avoid it escalating.
- normalized number
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label. If you provideNormalizedand don't provideLabel,Labelis set automatically as follows.- 0 -
INFORMATIONAL - 1–39 -
LOW - 40–69 -
MEDIUM - 70–89 -
HIGH - 90–100 -
CRITICAL
- 0 -
- product number
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
- label
Automation
Rule Severity Update Label - The severity value of the finding. The allowed values are the following.
INFORMATIONAL- No issue was found.LOW- The issue does not require action on its own.MEDIUM- The issue must be addressed but not urgently.HIGH- The issue must be addressed as a priority.CRITICAL- The issue must be remediated immediately to avoid it escalating.
- normalized int
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label. If you provideNormalizedand don't provideLabel,Labelis set automatically as follows.- 0 -
INFORMATIONAL - 1–39 -
LOW - 40–69 -
MEDIUM - 70–89 -
HIGH - 90–100 -
CRITICAL
- 0 -
- product float
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
- label "INFORMATIONAL" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"
- The severity value of the finding. The allowed values are the following.
INFORMATIONAL- No issue was found.LOW- The issue does not require action on its own.MEDIUM- The issue must be addressed but not urgently.HIGH- The issue must be addressed as a priority.CRITICAL- The issue must be remediated immediately to avoid it escalating.
- normalized Number
- The normalized severity for the finding. This attribute is to be deprecated in favor of
Label. If you provideNormalizedand don't provideLabel,Labelis set automatically as follows.- 0 -
INFORMATIONAL - 1–39 -
LOW - 40–69 -
MEDIUM - 70–89 -
HIGH - 90–100 -
CRITICAL
- 0 -
- product Number
- The native severity as defined by the AWS service or integrated partner product that generated the finding.
AutomationRuleSeverityUpdateLabel, AutomationRuleSeverityUpdateLabelArgs
, AutomationRuleSeverityUpdateLabelArgs
- Informational
- INFORMATIONAL
- Low
- LOW
- Medium
- MEDIUM
- High
- HIGH
- Critical
- CRITICAL
- Automation
Rule Severity Update Label Informational - INFORMATIONAL
- Automation
Rule Severity Update Label Low - LOW
- Automation
Rule Severity Update Label Medium - MEDIUM
- Automation
Rule Severity Update Label High - HIGH
- Automation
Rule Severity Update Label Critical - CRITICAL
- Informational
- INFORMATIONAL
- Low
- LOW
- Medium
- MEDIUM
- High
- HIGH
- Critical
- CRITICAL
- Informational
- INFORMATIONAL
- Low
- LOW
- Medium
- MEDIUM
- High
- HIGH
- Critical
- CRITICAL
- INFORMATIONAL
- INFORMATIONAL
- LOW
- LOW
- MEDIUM
- MEDIUM
- HIGH
- HIGH
- CRITICAL
- CRITICAL
- "INFORMATIONAL"
- INFORMATIONAL
- "LOW"
- LOW
- "MEDIUM"
- MEDIUM
- "HIGH"
- HIGH
- "CRITICAL"
- CRITICAL
AutomationRuleStringFilter, AutomationRuleStringFilterArgs
, AutomationRuleStringFilterArgs
- Comparison
This property is required. Pulumi.Aws Native. Security Hub. Automation Rule String Filter Comparison The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012. - To search for values that start with the filter value, use
PREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn't match.
CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.
NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can't provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can combinePREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface.ResourceType PREFIX AwsIamResourceType PREFIX AwsEc2ResourceType NOT_EQUALS AwsIamPolicyResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- Value
This property is required. string - The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub. If you providesecurity hubas the filter value, there's no match.
- Comparison
This property is required. AutomationRule String Filter Comparison The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012. - To search for values that start with the filter value, use
PREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn't match.
CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.
NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can't provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can combinePREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface.ResourceType PREFIX AwsIamResourceType PREFIX AwsEc2ResourceType NOT_EQUALS AwsIamPolicyResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- Value
This property is required. string - The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub. If you providesecurity hubas the filter value, there's no match.
- comparison
This property is required. AutomationRule String Filter Comparison The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012. - To search for values that start with the filter value, use
PREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn't match.
CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.
NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can't provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can combinePREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface.ResourceType PREFIX AwsIamResourceType PREFIX AwsEc2ResourceType NOT_EQUALS AwsIamPolicyResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- value
This property is required. String - The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub. If you providesecurity hubas the filter value, there's no match.
- comparison
This property is required. AutomationRule String Filter Comparison The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012. - To search for values that start with the filter value, use
PREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn't match.
CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.
NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can't provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can combinePREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface.ResourceType PREFIX AwsIamResourceType PREFIX AwsEc2ResourceType NOT_EQUALS AwsIamPolicyResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- value
This property is required. string - The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub. If you providesecurity hubas the filter value, there's no match.
- comparison
This property is required. AutomationRule String Filter Comparison The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012. - To search for values that start with the filter value, use
PREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn't match.
CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.
NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can't provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can combinePREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface.ResourceType PREFIX AwsIamResourceType PREFIX AwsEc2ResourceType NOT_EQUALS AwsIamPolicyResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- value
This property is required. str - The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub. If you providesecurity hubas the filter value, there's no match.
- comparison
This property is required. "EQUALS" | "PREFIX" | "NOT_EQUALS" | "PREFIX_NOT_EQUALS" | "CONTAINS" | "NOT_CONTAINS" The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:
- To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront. - To search for values that exactly match the filter value, use
EQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012. - To search for values that start with the filter value, use
PREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn't match.
CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:- To search for values that exclude the filter value, use
NOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront. - To search for values other than the filter value, use
NOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012. - To search for values that don't start with the filter value, use
PREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.
NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can't provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can combinePREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface.ResourceType PREFIX AwsIamResourceType PREFIX AwsEc2ResourceType NOT_EQUALS AwsIamPolicyResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the User Guide.- To search for values that include the filter value, use
- value
This property is required. String - The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub. If you providesecurity hubas the filter value, there's no match.
AutomationRuleStringFilterComparison, AutomationRuleStringFilterComparisonArgs
, AutomationRuleStringFilterComparisonArgs
- Equals
Value - EQUALS
- Prefix
- PREFIX
- Not
Equals - NOT_EQUALS
- Prefix
Not Equals - PREFIX_NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- Automation
Rule String Filter Comparison Equals - EQUALS
- Automation
Rule String Filter Comparison Prefix - PREFIX
- Automation
Rule String Filter Comparison Not Equals - NOT_EQUALS
- Automation
Rule String Filter Comparison Prefix Not Equals - PREFIX_NOT_EQUALS
- Automation
Rule String Filter Comparison Contains - CONTAINS
- Automation
Rule String Filter Comparison Not Contains - NOT_CONTAINS
- Equals
- EQUALS
- Prefix
- PREFIX
- Not
Equals - NOT_EQUALS
- Prefix
Not Equals - PREFIX_NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- Equals
- EQUALS
- Prefix
- PREFIX
- Not
Equals - NOT_EQUALS
- Prefix
Not Equals - PREFIX_NOT_EQUALS
- Contains
- CONTAINS
- Not
Contains - NOT_CONTAINS
- EQUALS
- EQUALS
- PREFIX
- PREFIX
- NOT_EQUALS
- NOT_EQUALS
- PREFIX_NOT_EQUALS
- PREFIX_NOT_EQUALS
- CONTAINS
- CONTAINS
- NOT_CONTAINS
- NOT_CONTAINS
- "EQUALS"
- EQUALS
- "PREFIX"
- PREFIX
- "NOT_EQUALS"
- NOT_EQUALS
- "PREFIX_NOT_EQUALS"
- PREFIX_NOT_EQUALS
- "CONTAINS"
- CONTAINS
- "NOT_CONTAINS"
- NOT_CONTAINS
AutomationRuleWorkflowUpdate, AutomationRuleWorkflowUpdateArgs
, AutomationRuleWorkflowUpdateArgs
- Status
This property is required. Pulumi.Aws Native. Security Hub. Automation Rule Workflow Update Status The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSEDorRESOLVEDdoes not prevent a new finding for the same issue. The allowed values are the following.NEW- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatusfromNOTIFIEDorRESOLVEDtoNEWin the following cases:The record state changes from
ARCHIVEDtoACTIVE.The compliance status changes from
PASSEDto eitherWARNING,FAILED, orNOT_AVAILABLE.NOTIFIED- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
- Status
This property is required. AutomationRule Workflow Update Status The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSEDorRESOLVEDdoes not prevent a new finding for the same issue. The allowed values are the following.NEW- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatusfromNOTIFIEDorRESOLVEDtoNEWin the following cases:The record state changes from
ARCHIVEDtoACTIVE.The compliance status changes from
PASSEDto eitherWARNING,FAILED, orNOT_AVAILABLE.NOTIFIED- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
- status
This property is required. AutomationRule Workflow Update Status The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSEDorRESOLVEDdoes not prevent a new finding for the same issue. The allowed values are the following.NEW- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatusfromNOTIFIEDorRESOLVEDtoNEWin the following cases:The record state changes from
ARCHIVEDtoACTIVE.The compliance status changes from
PASSEDto eitherWARNING,FAILED, orNOT_AVAILABLE.NOTIFIED- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
- status
This property is required. AutomationRule Workflow Update Status The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSEDorRESOLVEDdoes not prevent a new finding for the same issue. The allowed values are the following.NEW- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatusfromNOTIFIEDorRESOLVEDtoNEWin the following cases:The record state changes from
ARCHIVEDtoACTIVE.The compliance status changes from
PASSEDto eitherWARNING,FAILED, orNOT_AVAILABLE.NOTIFIED- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
- status
This property is required. AutomationRule Workflow Update Status The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSEDorRESOLVEDdoes not prevent a new finding for the same issue. The allowed values are the following.NEW- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatusfromNOTIFIEDorRESOLVEDtoNEWin the following cases:The record state changes from
ARCHIVEDtoACTIVE.The compliance status changes from
PASSEDto eitherWARNING,FAILED, orNOT_AVAILABLE.NOTIFIED- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
- status
This property is required. "NEW" | "NOTIFIED" | "RESOLVED" | "SUPPRESSED" The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSEDorRESOLVEDdoes not prevent a new finding for the same issue. The allowed values are the following.NEW- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatusfromNOTIFIEDorRESOLVEDtoNEWin the following cases:The record state changes from
ARCHIVEDtoACTIVE.The compliance status changes from
PASSEDto eitherWARNING,FAILED, orNOT_AVAILABLE.NOTIFIED- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
AutomationRuleWorkflowUpdateStatus, AutomationRuleWorkflowUpdateStatusArgs
, AutomationRuleWorkflowUpdateStatusArgs
- New
- NEW
- Notified
- NOTIFIED
- Resolved
- RESOLVED
- Suppressed
- SUPPRESSED
- Automation
Rule Workflow Update Status New - NEW
- Automation
Rule Workflow Update Status Notified - NOTIFIED
- Automation
Rule Workflow Update Status Resolved - RESOLVED
- Automation
Rule Workflow Update Status Suppressed - SUPPRESSED
- New
- NEW
- Notified
- NOTIFIED
- Resolved
- RESOLVED
- Suppressed
- SUPPRESSED
- New
- NEW
- Notified
- NOTIFIED
- Resolved
- RESOLVED
- Suppressed
- SUPPRESSED
- NEW
- NEW
- NOTIFIED
- NOTIFIED
- RESOLVED
- RESOLVED
- SUPPRESSED
- SUPPRESSED
- "NEW"
- NEW
- "NOTIFIED"
- NOTIFIED
- "RESOLVED"
- RESOLVED
- "SUPPRESSED"
- SUPPRESSED
AutomationRulesAction, AutomationRulesActionArgs
, AutomationRulesActionArgs
- Finding
Fields Update This property is required. Pulumi.Aws Native. Security Hub. Inputs. Automation Rules Finding Fields Update - Specifies that the automation rule action is an update to a finding field.
- Type
This property is required. Pulumi.Aws Native. Security Hub. Automation Rules Action Type - Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
- Finding
Fields Update This property is required. AutomationRules Finding Fields Update - Specifies that the automation rule action is an update to a finding field.
- Type
This property is required. AutomationRules Action Type - Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
- finding
Fields Update This property is required. AutomationRules Finding Fields Update - Specifies that the automation rule action is an update to a finding field.
- type
This property is required. AutomationRules Action Type - Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
- finding
Fields Update This property is required. AutomationRules Finding Fields Update - Specifies that the automation rule action is an update to a finding field.
- type
This property is required. AutomationRules Action Type - Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
- finding_
fields_ update This property is required. AutomationRules Finding Fields Update - Specifies that the automation rule action is an update to a finding field.
- type
This property is required. AutomationRules Action Type - Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
- finding
Fields Update This property is required. Property Map - Specifies that the automation rule action is an update to a finding field.
- type
This property is required. "FINDING_FIELDS_UPDATE" - Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
AutomationRulesActionType, AutomationRulesActionTypeArgs
, AutomationRulesActionTypeArgs
- Finding
Fields Update - FINDING_FIELDS_UPDATE
- Automation
Rules Action Type Finding Fields Update - FINDING_FIELDS_UPDATE
- Finding
Fields Update - FINDING_FIELDS_UPDATE
- Finding
Fields Update - FINDING_FIELDS_UPDATE
- FINDING_FIELDS_UPDATE
- FINDING_FIELDS_UPDATE
- "FINDING_FIELDS_UPDATE"
- FINDING_FIELDS_UPDATE
AutomationRulesFindingFieldsUpdate, AutomationRulesFindingFieldsUpdateArgs
, AutomationRulesFindingFieldsUpdateArgs
- Confidence int
- The rule action updates the
Confidencefield of a finding. - Criticality int
- The rule action updates the
Criticalityfield of a finding. - Note
Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Note Update - The rule action will update the
Notefield of a finding. -
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Related Finding> - The rule action will update the
RelatedFindingsfield of a finding. - Severity
Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Severity Update - The rule action will update the
Severityfield of a finding. - Types List<string>
- The rule action updates the
Typesfield of a finding. - User
Defined Dictionary<string, string>Fields - The rule action updates the
UserDefinedFieldsfield of a finding. - Verification
State Pulumi.Aws Native. Security Hub. Automation Rules Finding Fields Update Verification State - The rule action updates the
VerificationStatefield of a finding. - Workflow
Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Workflow Update - The rule action will update the
Workflowfield of a finding.
- Confidence int
- The rule action updates the
Confidencefield of a finding. - Criticality int
- The rule action updates the
Criticalityfield of a finding. - Note
Automation
Rule Note Update - The rule action will update the
Notefield of a finding. -
[]Automation
Rule Related Finding - The rule action will update the
RelatedFindingsfield of a finding. - Severity
Automation
Rule Severity Update - The rule action will update the
Severityfield of a finding. - Types []string
- The rule action updates the
Typesfield of a finding. - User
Defined map[string]stringFields - The rule action updates the
UserDefinedFieldsfield of a finding. - Verification
State AutomationRules Finding Fields Update Verification State - The rule action updates the
VerificationStatefield of a finding. - Workflow
Automation
Rule Workflow Update - The rule action will update the
Workflowfield of a finding.
- confidence Integer
- The rule action updates the
Confidencefield of a finding. - criticality Integer
- The rule action updates the
Criticalityfield of a finding. - note
Automation
Rule Note Update - The rule action will update the
Notefield of a finding. -
List<Automation
Rule Related Finding> - The rule action will update the
RelatedFindingsfield of a finding. - severity
Automation
Rule Severity Update - The rule action will update the
Severityfield of a finding. - types List<String>
- The rule action updates the
Typesfield of a finding. - user
Defined Map<String,String>Fields - The rule action updates the
UserDefinedFieldsfield of a finding. - verification
State AutomationRules Finding Fields Update Verification State - The rule action updates the
VerificationStatefield of a finding. - workflow
Automation
Rule Workflow Update - The rule action will update the
Workflowfield of a finding.
- confidence number
- The rule action updates the
Confidencefield of a finding. - criticality number
- The rule action updates the
Criticalityfield of a finding. - note
Automation
Rule Note Update - The rule action will update the
Notefield of a finding. -
Automation
Rule Related Finding[] - The rule action will update the
RelatedFindingsfield of a finding. - severity
Automation
Rule Severity Update - The rule action will update the
Severityfield of a finding. - types string[]
- The rule action updates the
Typesfield of a finding. - user
Defined {[key: string]: string}Fields - The rule action updates the
UserDefinedFieldsfield of a finding. - verification
State AutomationRules Finding Fields Update Verification State - The rule action updates the
VerificationStatefield of a finding. - workflow
Automation
Rule Workflow Update - The rule action will update the
Workflowfield of a finding.
- confidence int
- The rule action updates the
Confidencefield of a finding. - criticality int
- The rule action updates the
Criticalityfield of a finding. - note
Automation
Rule Note Update - The rule action will update the
Notefield of a finding. -
Sequence[Automation
Rule Related Finding] - The rule action will update the
RelatedFindingsfield of a finding. - severity
Automation
Rule Severity Update - The rule action will update the
Severityfield of a finding. - types Sequence[str]
- The rule action updates the
Typesfield of a finding. - user_
defined_ Mapping[str, str]fields - The rule action updates the
UserDefinedFieldsfield of a finding. - verification_
state AutomationRules Finding Fields Update Verification State - The rule action updates the
VerificationStatefield of a finding. - workflow
Automation
Rule Workflow Update - The rule action will update the
Workflowfield of a finding.
- confidence Number
- The rule action updates the
Confidencefield of a finding. - criticality Number
- The rule action updates the
Criticalityfield of a finding. - note Property Map
- The rule action will update the
Notefield of a finding. - List<Property Map>
- The rule action will update the
RelatedFindingsfield of a finding. - severity Property Map
- The rule action will update the
Severityfield of a finding. - types List<String>
- The rule action updates the
Typesfield of a finding. - user
Defined Map<String>Fields - The rule action updates the
UserDefinedFieldsfield of a finding. - verification
State "UNKNOWN" | "TRUE_POSITIVE" | "FALSE_POSITIVE" | "BENIGN_POSITIVE" - The rule action updates the
VerificationStatefield of a finding. - workflow Property Map
- The rule action will update the
Workflowfield of a finding.
AutomationRulesFindingFieldsUpdateVerificationState, AutomationRulesFindingFieldsUpdateVerificationStateArgs
, AutomationRulesFindingFieldsUpdateVerificationStateArgs
- Unknown
- UNKNOWN
- True
Positive - TRUE_POSITIVE
- False
Positive - FALSE_POSITIVE
- Benign
Positive - BENIGN_POSITIVE
- Automation
Rules Finding Fields Update Verification State Unknown - UNKNOWN
- Automation
Rules Finding Fields Update Verification State True Positive - TRUE_POSITIVE
- Automation
Rules Finding Fields Update Verification State False Positive - FALSE_POSITIVE
- Automation
Rules Finding Fields Update Verification State Benign Positive - BENIGN_POSITIVE
- Unknown
- UNKNOWN
- True
Positive - TRUE_POSITIVE
- False
Positive - FALSE_POSITIVE
- Benign
Positive - BENIGN_POSITIVE
- Unknown
- UNKNOWN
- True
Positive - TRUE_POSITIVE
- False
Positive - FALSE_POSITIVE
- Benign
Positive - BENIGN_POSITIVE
- UNKNOWN
- UNKNOWN
- TRUE_POSITIVE
- TRUE_POSITIVE
- FALSE_POSITIVE
- FALSE_POSITIVE
- BENIGN_POSITIVE
- BENIGN_POSITIVE
- "UNKNOWN"
- UNKNOWN
- "TRUE_POSITIVE"
- TRUE_POSITIVE
- "FALSE_POSITIVE"
- FALSE_POSITIVE
- "BENIGN_POSITIVE"
- BENIGN_POSITIVE
AutomationRulesFindingFilters, AutomationRulesFindingFiltersArgs
, AutomationRulesFindingFiltersArgs
- Aws
Account List<Pulumi.Id Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Company
Name List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Associated List<Pulumi.Standards Id Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Security List<Pulumi.Control Id Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Status List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Confidence
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Number Filter> - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidenceis scored on a 0–100 basis using a ratio scale. A value of0means 0 percent confidence, and a value of100means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - Created
At List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule Date Filter> - A timestamp that indicates when this finding record was created. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Criticality
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Number Filter> - The level of importance that is assigned to the resources that are associated with a finding.
Criticalityis scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0means that the underlying resources have no criticality, and a score of100is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - Description
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- First
Observed List<Pulumi.At Aws Native. Security Hub. Inputs. Automation Rule Date Filter> - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Generator
Id List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Id
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Last
Observed List<Pulumi.At Aws Native. Security Hub. Inputs. Automation Rule Date Filter> - A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Text List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Updated List<Pulumi.At Aws Native. Security Hub. Inputs. Automation Rule Date Filter> - The timestamp of when the note was updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Updated List<Pulumi.By Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Arn List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Name List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Record
State List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Details List<Pulumi.Other Aws Native. Security Hub. Inputs. Automation Rule Map Filter> - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Id List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Resource
Partition List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Region List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule Map Filter> - A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Type List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Severity
Label List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Source
Url List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Title
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Type
List<Pulumi.
Aws Native. Security Hub. Inputs. Automation Rule String Filter> - One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Updated
At List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule Date Filter> - A timestamp that indicates when the finding record was most recently updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- User
Defined List<Pulumi.Fields Aws Native. Security Hub. Inputs. Automation Rule Map Filter> - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Verification
State List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Workflow
Status List<Pulumi.Aws Native. Security Hub. Inputs. Automation Rule String Filter> - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Aws
Account []AutomationId Rule String Filter - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Company
Name []AutomationRule String Filter - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Associated []AutomationStandards Id Rule String Filter - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Security []AutomationControl Id Rule String Filter - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Compliance
Status []AutomationRule String Filter - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Confidence
[]Automation
Rule Number Filter - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidenceis scored on a 0–100 basis using a ratio scale. A value of0means 0 percent confidence, and a value of100means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - Created
At []AutomationRule Date Filter - A timestamp that indicates when this finding record was created. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Criticality
[]Automation
Rule Number Filter - The level of importance that is assigned to the resources that are associated with a finding.
Criticalityis scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0means that the underlying resources have no criticality, and a score of100is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - Description
[]Automation
Rule String Filter - A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- First
Observed []AutomationAt Rule Date Filter - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Generator
Id []AutomationRule String Filter - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Id
[]Automation
Rule String Filter - The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Last
Observed []AutomationAt Rule Date Filter - A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Text []AutomationRule String Filter - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Updated []AutomationAt Rule Date Filter - The timestamp of when the note was updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Note
Updated []AutomationBy Rule String Filter - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Arn []AutomationRule String Filter - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Product
Name []AutomationRule String Filter - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Record
State []AutomationRule String Filter - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
[]Automation
Rule String Filter - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
[]Automation
Rule String Filter - The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Details []AutomationOther Rule Map Filter - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Id []AutomationRule String Filter - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Resource
Partition []AutomationRule String Filter - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Region []AutomationRule String Filter - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
[]Automation
Rule Map Filter - A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Resource
Type []AutomationRule String Filter - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Severity
Label []AutomationRule String Filter - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Source
Url []AutomationRule String Filter - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Title
[]Automation
Rule String Filter - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- Type
[]Automation
Rule String Filter - One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Updated
At []AutomationRule Date Filter - A timestamp that indicates when the finding record was most recently updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- User
Defined []AutomationFields Rule Map Filter - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Verification
State []AutomationRule String Filter - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- Workflow
Status []AutomationRule String Filter - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- aws
Account List<AutomationId Rule String Filter> - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- company
Name List<AutomationRule String Filter> - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Associated List<AutomationStandards Id Rule String Filter> - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Security List<AutomationControl Id Rule String Filter> - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Status List<AutomationRule String Filter> - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- confidence
List<Automation
Rule Number Filter> - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidenceis scored on a 0–100 basis using a ratio scale. A value of0means 0 percent confidence, and a value of100means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - created
At List<AutomationRule Date Filter> - A timestamp that indicates when this finding record was created. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- criticality
List<Automation
Rule Number Filter> - The level of importance that is assigned to the resources that are associated with a finding.
Criticalityis scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0means that the underlying resources have no criticality, and a score of100is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - description
List<Automation
Rule String Filter> - A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- first
Observed List<AutomationAt Rule Date Filter> - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- generator
Id List<AutomationRule String Filter> - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- id
List<Automation
Rule String Filter> - The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- last
Observed List<AutomationAt Rule Date Filter> - A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Text List<AutomationRule String Filter> - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated List<AutomationAt Rule Date Filter> - The timestamp of when the note was updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated List<AutomationBy Rule String Filter> - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn List<AutomationRule String Filter> - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Name List<AutomationRule String Filter> - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- record
State List<AutomationRule String Filter> - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
List<Automation
Rule String Filter> - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
List<Automation
Rule String Filter> - The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Details List<AutomationOther Rule Map Filter> - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Id List<AutomationRule String Filter> - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- resource
Partition List<AutomationRule String Filter> - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Region List<AutomationRule String Filter> - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
List<Automation
Rule Map Filter> - A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Type List<AutomationRule String Filter> - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- severity
Label List<AutomationRule String Filter> - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- source
Url List<AutomationRule String Filter> - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- title
List<Automation
Rule String Filter> - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- type
List<Automation
Rule String Filter> - One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- updated
At List<AutomationRule Date Filter> - A timestamp that indicates when the finding record was most recently updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- user
Defined List<AutomationFields Rule Map Filter> - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- verification
State List<AutomationRule String Filter> - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- workflow
Status List<AutomationRule String Filter> - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- aws
Account AutomationId Rule String Filter[] - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- company
Name AutomationRule String Filter[] - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Associated AutomationStandards Id Rule String Filter[] - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Security AutomationControl Id Rule String Filter[] - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Status AutomationRule String Filter[] - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- confidence
Automation
Rule Number Filter[] - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidenceis scored on a 0–100 basis using a ratio scale. A value of0means 0 percent confidence, and a value of100means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - created
At AutomationRule Date Filter[] - A timestamp that indicates when this finding record was created. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- criticality
Automation
Rule Number Filter[] - The level of importance that is assigned to the resources that are associated with a finding.
Criticalityis scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0means that the underlying resources have no criticality, and a score of100is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - description
Automation
Rule String Filter[] - A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- first
Observed AutomationAt Rule Date Filter[] - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- generator
Id AutomationRule String Filter[] - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- id
Automation
Rule String Filter[] - The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- last
Observed AutomationAt Rule Date Filter[] - A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Text AutomationRule String Filter[] - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated AutomationAt Rule Date Filter[] - The timestamp of when the note was updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated AutomationBy Rule String Filter[] - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn AutomationRule String Filter[] - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Name AutomationRule String Filter[] - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- record
State AutomationRule String Filter[] - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
Automation
Rule String Filter[] - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
Automation
Rule String Filter[] - The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Details AutomationOther Rule Map Filter[] - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Id AutomationRule String Filter[] - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- resource
Partition AutomationRule String Filter[] - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Region AutomationRule String Filter[] - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
Automation
Rule Map Filter[] - A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Type AutomationRule String Filter[] - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- severity
Label AutomationRule String Filter[] - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- source
Url AutomationRule String Filter[] - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- title
Automation
Rule String Filter[] - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- type
Automation
Rule String Filter[] - One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- updated
At AutomationRule Date Filter[] - A timestamp that indicates when the finding record was most recently updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- user
Defined AutomationFields Rule Map Filter[] - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- verification
State AutomationRule String Filter[] - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- workflow
Status AutomationRule String Filter[] - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- aws_
account_ Sequence[Automationid Rule String Filter] - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- company_
name Sequence[AutomationRule String Filter] - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance_
associated_ Sequence[Automationstandards_ id Rule String Filter] - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance_
security_ Sequence[Automationcontrol_ id Rule String Filter] - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance_
status Sequence[AutomationRule String Filter] - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- confidence
Sequence[Automation
Rule Number Filter] - The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidenceis scored on a 0–100 basis using a ratio scale. A value of0means 0 percent confidence, and a value of100means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - created_
at Sequence[AutomationRule Date Filter] - A timestamp that indicates when this finding record was created. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- criticality
Sequence[Automation
Rule Number Filter] - The level of importance that is assigned to the resources that are associated with a finding.
Criticalityis scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0means that the underlying resources have no criticality, and a score of100is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - description
Sequence[Automation
Rule String Filter] - A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- first_
observed_ Sequence[Automationat Rule Date Filter] - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- generator_
id Sequence[AutomationRule String Filter] - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- id
Sequence[Automation
Rule String Filter] - The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- last_
observed_ Sequence[Automationat Rule Date Filter] - A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note_
text Sequence[AutomationRule String Filter] - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note_
updated_ Sequence[Automationat Rule Date Filter] - The timestamp of when the note was updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note_
updated_ Sequence[Automationby Rule String Filter] - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product_
arn Sequence[AutomationRule String Filter] - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product_
name Sequence[AutomationRule String Filter] - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- record_
state Sequence[AutomationRule String Filter] - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
Sequence[Automation
Rule String Filter] - The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
Sequence[Automation
Rule String Filter] - The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_
details_ Sequence[Automationother Rule Map Filter] - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_
id Sequence[AutomationRule String Filter] - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- resource_
partition Sequence[AutomationRule String Filter] - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_
region Sequence[AutomationRule String Filter] - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
-
Sequence[Automation
Rule Map Filter] - A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_
type Sequence[AutomationRule String Filter] - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- severity_
label Sequence[AutomationRule String Filter] - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- source_
url Sequence[AutomationRule String Filter] - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- title
Sequence[Automation
Rule String Filter] - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- type
Sequence[Automation
Rule String Filter] - One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- updated_
at Sequence[AutomationRule Date Filter] - A timestamp that indicates when the finding record was most recently updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- user_
defined_ Sequence[Automationfields Rule Map Filter] - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- verification_
state Sequence[AutomationRule String Filter] - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- workflow_
status Sequence[AutomationRule String Filter] - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- aws
Account List<Property Map>Id - The AWS-account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- company
Name List<Property Map> - The name of the company for the product that generated the finding. For control-based findings, the company is AWS. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Associated List<Property Map>Standards Id - The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Security List<Property Map>Control Id - The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance
Status List<Property Map> - The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- confidence List<Property Map>
- The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidenceis scored on a 0–100 basis using a ratio scale. A value of0means 0 percent confidence, and a value of100means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - created
At List<Property Map> - A timestamp that indicates when this finding record was created. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- criticality List<Property Map>
- The level of importance that is assigned to the resources that are associated with a finding.
Criticalityis scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0means that the underlying resources have no criticality, and a score of100is reserved for the most critical resources. For more information, see Criticality in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items. - description List<Property Map>
- A finding's description. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- first
Observed List<Property Map>At - A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- generator
Id List<Property Map> - The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- id List<Property Map>
- The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- last
Observed List<Property Map>At - A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Text List<Property Map> - The text of a user-defined note that's added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated List<Property Map>At - The timestamp of when the note was updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note
Updated List<Property Map>By - The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Arn List<Property Map> - The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product
Name List<Property Map> - Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- record
State List<Property Map> - Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Property Map>
- The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Property Map>
- The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Details List<Property Map>Other - Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Id List<Property Map> - The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- resource
Partition List<Property Map> - The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Region List<Property Map> - The AWS-Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- List<Property Map>
- A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource
Type List<Property Map> - A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- severity
Label List<Property Map> - The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- source
Url List<Property Map> - Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- title List<Property Map>
- A finding's title. Array Members: Minimum number of 1 item. Maximum number of 100 items.
- type List<Property Map>
- One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the User Guide. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- updated
At List<Property Map> - A timestamp that indicates when the finding record was most recently updated. For more information about the validation and formatting of timestamp fields in ASHlong, see Timestamps. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- user
Defined List<Property Map>Fields - A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- verification
State List<Property Map> - Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- workflow
Status List<Property Map> - Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi