AWS Native v0.112.0, Jul 24 24

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.112.0 published on Wednesday, Jul 24, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.securityhub.getAutomationRule

Explore with Pulumi AI

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.112.0 published on Wednesday, Jul 24, 2024 by Pulumi

pulumi/pulumi-aws-native

Using getAutomationRule

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAutomationRule(args: GetAutomationRuleArgs, opts?: InvokeOptions): Promise<GetAutomationRuleResult>
function getAutomationRuleOutput(args: GetAutomationRuleOutputArgs, opts?: InvokeOptions): Output<GetAutomationRuleResult>

def get_automation_rule(rule_arn: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetAutomationRuleResult
def get_automation_rule_output(rule_arn: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetAutomationRuleResult]

func LookupAutomationRule(ctx *Context, args *LookupAutomationRuleArgs, opts ...InvokeOption) (*LookupAutomationRuleResult, error)
func LookupAutomationRuleOutput(ctx *Context, args *LookupAutomationRuleOutputArgs, opts ...InvokeOption) LookupAutomationRuleResultOutput

> Note: This function is named LookupAutomationRule in the Go SDK.

public static class GetAutomationRule 
{
    public static Task<GetAutomationRuleResult> InvokeAsync(GetAutomationRuleArgs args, InvokeOptions? opts = null)
    public static Output<GetAutomationRuleResult> Invoke(GetAutomationRuleInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetAutomationRuleResult> getAutomationRule(GetAutomationRuleArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: aws-native:securityhub:getAutomationRule
  arguments:
    # arguments dictionary

The following arguments are supported:

RuleArn string: The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

RuleArn string: The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

ruleArn String: The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

ruleArn string: The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

rule_arn str: The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

ruleArn String: The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

getAutomationRule Result

The following output properties are available:

Actions List<Pulumi.AwsNative.SecurityHub.Outputs.AutomationRulesAction>

One or more actions to update finding fields if a finding matches the conditions specified in Criteria .

CreatedAt string

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

CreatedBy string

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

Criteria Pulumi.AwsNative.SecurityHub.Outputs.AutomationRulesFindingFilters

A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.

Description string

A description of the rule.

IsTerminal bool

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.

RuleArn string

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

RuleName string

The name of the rule.

RuleOrder int

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

RuleStatus Pulumi.AwsNative.SecurityHub.AutomationRuleRuleStatus

Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.

Tags Dictionary<string, string>

User-defined tags associated with an automation rule.

UpdatedAt string

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

Actions []AutomationRulesAction

One or more actions to update finding fields if a finding matches the conditions specified in Criteria .

CreatedAt string

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

CreatedBy string

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

Criteria AutomationRulesFindingFilters

Description string

A description of the rule.

IsTerminal bool

RuleArn string

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

RuleName string

The name of the rule.

RuleOrder int

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

RuleStatus AutomationRuleRuleStatus

Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.

Tags map[string]string

User-defined tags associated with an automation rule.

UpdatedAt string

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

actions List<AutomationRulesAction>

One or more actions to update finding fields if a finding matches the conditions specified in Criteria .

createdAt String

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

createdBy String

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

criteria AutomationRulesFindingFilters

description String

A description of the rule.

isTerminal Boolean

ruleArn String

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

ruleName String

The name of the rule.

ruleOrder Integer

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

ruleStatus AutomationRuleRuleStatus

Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.

tags Map<String,String>

User-defined tags associated with an automation rule.

updatedAt String

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

actions AutomationRulesAction[]

One or more actions to update finding fields if a finding matches the conditions specified in Criteria .

createdAt string

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

createdBy string

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

criteria AutomationRulesFindingFilters

description string

A description of the rule.

isTerminal boolean

ruleArn string

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

ruleName string

The name of the rule.

ruleOrder number

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

ruleStatus AutomationRuleRuleStatus

Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.

tags {[key: string]: string}

User-defined tags associated with an automation rule.

updatedAt string

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

actions Sequence[AutomationRulesAction]

One or more actions to update finding fields if a finding matches the conditions specified in Criteria .

created_at str

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

created_by str

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

criteria AutomationRulesFindingFilters

description str

A description of the rule.

is_terminal bool

rule_arn str

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

rule_name str

The name of the rule.

rule_order int

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

rule_status AutomationRuleRuleStatus

Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.

tags Mapping[str, str]

User-defined tags associated with an automation rule.

updated_at str

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

actions List<Property Map>

One or more actions to update finding fields if a finding matches the conditions specified in Criteria .

createdAt String

A timestamp that indicates when the rule was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

createdBy String

The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .

criteria Property Map

description String

A description of the rule.

isTerminal Boolean

ruleArn String

The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

ruleName String

The name of the rule.

ruleOrder Number

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

ruleStatus "ENABLED" | "DISABLED"

Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.

tags Map<String>

User-defined tags associated with an automation rule.

updatedAt String

A timestamp that indicates when the rule was most recently updated.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

Supporting Types

AutomationRuleDateFilter

DateRange Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateRange

A date range for the date filter.

End string

A timestamp that provides the end date for the date filter.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Start string

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

DateRange AutomationRuleDateRange

A date range for the date filter.

End string

A timestamp that provides the end date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Start string

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

dateRange AutomationRuleDateRange

A date range for the date filter.

end String

A timestamp that provides the end date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

start String

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

dateRange AutomationRuleDateRange

A date range for the date filter.

end string

A timestamp that provides the end date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

start string

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

date_range AutomationRuleDateRange

A date range for the date filter.

end str

A timestamp that provides the end date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

start str

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

dateRange Property Map

A date range for the date filter.

end String

A timestamp that provides the end date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

start String

A timestamp that provides the start date for the date filter.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

AutomationRuleDateRange

Unit Pulumi.AwsNative.SecurityHub.AutomationRuleDateRangeUnit: A date range unit for the date filter.
Value double: A date range value for the date filter.

Unit AutomationRuleDateRangeUnit: A date range unit for the date filter.
Value float64: A date range value for the date filter.

unit AutomationRuleDateRangeUnit: A date range unit for the date filter.
value Double: A date range value for the date filter.

unit AutomationRuleDateRangeUnit: A date range unit for the date filter.
value number: A date range value for the date filter.

unit AutomationRuleDateRangeUnit: A date range unit for the date filter.
value float: A date range value for the date filter.

unit "DAYS": A date range unit for the date filter.
value Number: A date range value for the date filter.

AutomationRuleDateRangeUnit

AutomationRuleMapFilter

Comparison Pulumi.AwsNative.SecurityHub.AutomationRuleMapFilterComparison

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

Key string

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

Value string

The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.

Comparison AutomationRuleMapFilterComparison

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

Key string

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

Value string

comparison AutomationRuleMapFilterComparison

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

key String

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

value String

comparison AutomationRuleMapFilterComparison

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

key string

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

value string

comparison AutomationRuleMapFilterComparison

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

key str

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

value str

comparison "EQUALS" | "NOT_EQUALS" | "CONTAINS" | "NOT_CONTAINS"

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

To search for values that don't have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

key String

The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.

value String

AutomationRuleMapFilterComparison

AutomationRuleNoteUpdate

Text string: The updated note text.
UpdatedBy string: The principal that updated the note.

Text string: The updated note text.
UpdatedBy string: The principal that updated the note.

text String: The updated note text.
updatedBy String: The principal that updated the note.

text string: The updated note text.
updatedBy string: The principal that updated the note.

text str: The updated note text.
updated_by str: The principal that updated the note.

text String: The updated note text.
updatedBy String: The principal that updated the note.

AutomationRuleNumberFilter

Eq double: The equal-to condition to be applied to a single field when querying for findings.
Gte double: The greater-than-equal condition to be applied to a single field when querying for findings.
Lte double: The less-than-equal condition to be applied to a single field when querying for findings.

Eq float64: The equal-to condition to be applied to a single field when querying for findings.
Gte float64: The greater-than-equal condition to be applied to a single field when querying for findings.
Lte float64: The less-than-equal condition to be applied to a single field when querying for findings.

eq Double: The equal-to condition to be applied to a single field when querying for findings.
gte Double: The greater-than-equal condition to be applied to a single field when querying for findings.
lte Double: The less-than-equal condition to be applied to a single field when querying for findings.

eq number: The equal-to condition to be applied to a single field when querying for findings.
gte number: The greater-than-equal condition to be applied to a single field when querying for findings.
lte number: The less-than-equal condition to be applied to a single field when querying for findings.

eq float: The equal-to condition to be applied to a single field when querying for findings.
gte float: The greater-than-equal condition to be applied to a single field when querying for findings.
lte float: The less-than-equal condition to be applied to a single field when querying for findings.

eq Number: The equal-to condition to be applied to a single field when querying for findings.
gte Number: The greater-than-equal condition to be applied to a single field when querying for findings.
lte Number: The less-than-equal condition to be applied to a single field when querying for findings.

AutomationRuleRelatedFinding

Id string

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductArn string

The Amazon Resource Name (ARN) for the product that generated a related finding.

Id string

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductArn string

The Amazon Resource Name (ARN) for the product that generated a related finding.

id String

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn String

The Amazon Resource Name (ARN) for the product that generated a related finding.

id string

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn string

The Amazon Resource Name (ARN) for the product that generated a related finding.

id str

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

product_arn str

The Amazon Resource Name (ARN) for the product that generated a related finding.

id String

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn String

The Amazon Resource Name (ARN) for the product that generated a related finding.

AutomationRuleRuleStatus

AutomationRuleSeverityUpdate

Label Pulumi.AwsNative.SecurityHub.AutomationRuleSeverityUpdateLabel

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

Normalized int

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

Product double

The native severity as defined by the AWS service or integrated partner product that generated the finding.

Label AutomationRuleSeverityUpdateLabel

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

Normalized int

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

Product float64

The native severity as defined by the AWS service or integrated partner product that generated the finding.

label AutomationRuleSeverityUpdateLabel

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

normalized Integer

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

product Double

The native severity as defined by the AWS service or integrated partner product that generated the finding.

label AutomationRuleSeverityUpdateLabel

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

normalized number

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

product number

The native severity as defined by the AWS service or integrated partner product that generated the finding.

label AutomationRuleSeverityUpdateLabel

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

normalized int

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

product float

The native severity as defined by the AWS service or integrated partner product that generated the finding.

label "INFORMATIONAL" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"

The severity value of the finding. The allowed values are the following.

INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.

normalized Number

The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

If you provide Normalized and do not provide Label , Label is set automatically as follows.

0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL

product Number

The native severity as defined by the AWS service or integrated partner product that generated the finding.

AutomationRuleSeverityUpdateLabel

AutomationRuleStringFilter

Comparison Pulumi.AwsNative.SecurityHub.AutomationRuleStringFilterComparison

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

Value string

The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.

Comparison AutomationRuleStringFilterComparison

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

Value string

comparison AutomationRuleStringFilterComparison

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

value String

comparison AutomationRuleStringFilterComparison

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

value string

comparison AutomationRuleStringFilterComparison

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

value str

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

To search for values that don’t have the filter value, use one of the following comparison operators:

To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

ResourceType PREFIX AwsIam
ResourceType PREFIX AwsEc2
ResourceType NOT_EQUALS AwsIamPolicy
ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

value String

AutomationRuleStringFilterComparison

AutomationRuleWorkflowUpdate

Status Pulumi.AwsNative.SecurityHub.AutomationRuleWorkflowUpdateStatus

The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

Status AutomationRuleWorkflowUpdateStatus

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

status AutomationRuleWorkflowUpdateStatus

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

status AutomationRuleWorkflowUpdateStatus

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

status AutomationRuleWorkflowUpdateStatus

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

status "NEW" | "NOTIFIED" | "RESOLVED" | "SUPPRESSED"

The allowed values are the following.

NEW - The initial state of a finding, before it is reviewed.

Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

The record state changes from ARCHIVED to ACTIVE .
The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

AutomationRuleWorkflowUpdateStatus

AutomationRulesAction

FindingFieldsUpdate Pulumi.AwsNative.SecurityHub.Inputs.AutomationRulesFindingFieldsUpdate: Specifies that the automation rule action is an update to a finding field.
Type Pulumi.AwsNative.SecurityHub.AutomationRulesActionType: Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

FindingFieldsUpdate AutomationRulesFindingFieldsUpdate: Specifies that the automation rule action is an update to a finding field.
Type AutomationRulesActionType: Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

findingFieldsUpdate AutomationRulesFindingFieldsUpdate: Specifies that the automation rule action is an update to a finding field.
type AutomationRulesActionType: Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

findingFieldsUpdate AutomationRulesFindingFieldsUpdate: Specifies that the automation rule action is an update to a finding field.
type AutomationRulesActionType: Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

finding_fields_update AutomationRulesFindingFieldsUpdate: Specifies that the automation rule action is an update to a finding field.
type AutomationRulesActionType: Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

findingFieldsUpdate Property Map: Specifies that the automation rule action is an update to a finding field.
type "FINDING_FIELDS_UPDATE": Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

AutomationRulesActionType

AutomationRulesFindingFieldsUpdate

Confidence int: The rule action updates the Confidence field of a finding.
Criticality int: The rule action updates the Criticality field of a finding.
Note Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNoteUpdate: The rule action will update the Note field of a finding.
RelatedFindings List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFinding>: The rule action will update the RelatedFindings field of a finding.
Severity Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleSeverityUpdate: The rule action will update the Severity field of a finding.
Types List<string>: The rule action updates the Types field of a finding.
UserDefinedFields Dictionary<string, string>: The rule action updates the UserDefinedFields field of a finding.
VerificationState Pulumi.AwsNative.SecurityHub.AutomationRulesFindingFieldsUpdateVerificationState: The rule action updates the VerificationState field of a finding.
Workflow Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleWorkflowUpdate: The rule action will update the Workflow field of a finding.

Confidence int: The rule action updates the Confidence field of a finding.
Criticality int: The rule action updates the Criticality field of a finding.
Note AutomationRuleNoteUpdate: The rule action will update the Note field of a finding.
RelatedFindings []AutomationRuleRelatedFinding: The rule action will update the RelatedFindings field of a finding.
Severity AutomationRuleSeverityUpdate: The rule action will update the Severity field of a finding.
Types []string: The rule action updates the Types field of a finding.
UserDefinedFields map[string]string: The rule action updates the UserDefinedFields field of a finding.
VerificationState AutomationRulesFindingFieldsUpdateVerificationState: The rule action updates the VerificationState field of a finding.
Workflow AutomationRuleWorkflowUpdate: The rule action will update the Workflow field of a finding.

confidence Integer: The rule action updates the Confidence field of a finding.
criticality Integer: The rule action updates the Criticality field of a finding.
note AutomationRuleNoteUpdate: The rule action will update the Note field of a finding.
relatedFindings List<AutomationRuleRelatedFinding>: The rule action will update the RelatedFindings field of a finding.
severity AutomationRuleSeverityUpdate: The rule action will update the Severity field of a finding.
types List<String>: The rule action updates the Types field of a finding.
userDefinedFields Map<String,String>: The rule action updates the UserDefinedFields field of a finding.
verificationState AutomationRulesFindingFieldsUpdateVerificationState: The rule action updates the VerificationState field of a finding.
workflow AutomationRuleWorkflowUpdate: The rule action will update the Workflow field of a finding.

confidence number: The rule action updates the Confidence field of a finding.
criticality number: The rule action updates the Criticality field of a finding.
note AutomationRuleNoteUpdate: The rule action will update the Note field of a finding.
relatedFindings AutomationRuleRelatedFinding[]: The rule action will update the RelatedFindings field of a finding.
severity AutomationRuleSeverityUpdate: The rule action will update the Severity field of a finding.
types string[]: The rule action updates the Types field of a finding.
userDefinedFields {[key: string]: string}: The rule action updates the UserDefinedFields field of a finding.
verificationState AutomationRulesFindingFieldsUpdateVerificationState: The rule action updates the VerificationState field of a finding.
workflow AutomationRuleWorkflowUpdate: The rule action will update the Workflow field of a finding.

confidence int: The rule action updates the Confidence field of a finding.
criticality int: The rule action updates the Criticality field of a finding.
note AutomationRuleNoteUpdate: The rule action will update the Note field of a finding.
related_findings Sequence[AutomationRuleRelatedFinding]: The rule action will update the RelatedFindings field of a finding.
severity AutomationRuleSeverityUpdate: The rule action will update the Severity field of a finding.
types Sequence[str]: The rule action updates the Types field of a finding.
user_defined_fields Mapping[str, str]: The rule action updates the UserDefinedFields field of a finding.
verification_state AutomationRulesFindingFieldsUpdateVerificationState: The rule action updates the VerificationState field of a finding.
workflow AutomationRuleWorkflowUpdate: The rule action will update the Workflow field of a finding.

confidence Number: The rule action updates the Confidence field of a finding.
criticality Number: The rule action updates the Criticality field of a finding.
note Property Map: The rule action will update the Note field of a finding.
relatedFindings List<Property Map>: The rule action will update the RelatedFindings field of a finding.
severity Property Map: The rule action will update the Severity field of a finding.
types List<String>: The rule action updates the Types field of a finding.
userDefinedFields Map<String>: The rule action updates the UserDefinedFields field of a finding.
verificationState "UNKNOWN" | "TRUE_POSITIVE" | "FALSE_POSITIVE" | "BENIGN_POSITIVE": The rule action updates the VerificationState field of a finding.
workflow Property Map: The rule action will update the Workflow field of a finding.

AutomationRulesFindingFieldsUpdateVerificationState

AutomationRulesFindingFilters

AwsAccountId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

CompanyName List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceAssociatedStandardsId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceSecurityControlId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceStatus List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Confidence List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilter>

The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

CreatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Criticality List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilter>

The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Description List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

FirstObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

GeneratorId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Id List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

LastObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteText List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteUpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteUpdatedBy List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductName List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

RecordState List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceDetailsOther List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

ResourcePartition List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceRegion List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceTags List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceType List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

SeverityLabel List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

SourceUrl List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Title List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Type List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

UpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

UserDefinedFields List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

VerificationState List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

WorkflowStatus List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

AwsAccountId []AutomationRuleStringFilter

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

CompanyName []AutomationRuleStringFilter

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceAssociatedStandardsId []AutomationRuleStringFilter

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceSecurityControlId []AutomationRuleStringFilter

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceStatus []AutomationRuleStringFilter

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Confidence []AutomationRuleNumberFilter

Array Members: Minimum number of 1 item. Maximum number of 20 items.

CreatedAt []AutomationRuleDateFilter

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Criticality []AutomationRuleNumberFilter

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Description []AutomationRuleStringFilter

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

FirstObservedAt []AutomationRuleDateFilter

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

GeneratorId []AutomationRuleStringFilter

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Id []AutomationRuleStringFilter

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

LastObservedAt []AutomationRuleDateFilter

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteText []AutomationRuleStringFilter

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteUpdatedAt []AutomationRuleDateFilter

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteUpdatedBy []AutomationRuleStringFilter

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductArn []AutomationRuleStringFilter

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductName []AutomationRuleStringFilter

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

RecordState []AutomationRuleStringFilter

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceDetailsOther []AutomationRuleMapFilter

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceId []AutomationRuleStringFilter

Array Members: Minimum number of 1 item. Maximum number of 100 items.

ResourcePartition []AutomationRuleStringFilter

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceRegion []AutomationRuleStringFilter

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceTags []AutomationRuleMapFilter

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceType []AutomationRuleStringFilter

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

SeverityLabel []AutomationRuleStringFilter

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

SourceUrl []AutomationRuleStringFilter

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Title []AutomationRuleStringFilter

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Type []AutomationRuleStringFilter

Array Members: Minimum number of 1 item. Maximum number of 20 items.

UpdatedAt []AutomationRuleDateFilter

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

UserDefinedFields []AutomationRuleMapFilter

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

VerificationState []AutomationRuleStringFilter

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

WorkflowStatus []AutomationRuleStringFilter

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

awsAccountId List<AutomationRuleStringFilter>

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

companyName List<AutomationRuleStringFilter>

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceAssociatedStandardsId List<AutomationRuleStringFilter>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceSecurityControlId List<AutomationRuleStringFilter>

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceStatus List<AutomationRuleStringFilter>

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

confidence List<AutomationRuleNumberFilter>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

createdAt List<AutomationRuleDateFilter>

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

criticality List<AutomationRuleNumberFilter>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

description List<AutomationRuleStringFilter>

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

firstObservedAt List<AutomationRuleDateFilter>

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

generatorId List<AutomationRuleStringFilter>

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

id List<AutomationRuleStringFilter>

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

lastObservedAt List<AutomationRuleDateFilter>

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteText List<AutomationRuleStringFilter>

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedAt List<AutomationRuleDateFilter>

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedBy List<AutomationRuleStringFilter>

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn List<AutomationRuleStringFilter>

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productName List<AutomationRuleStringFilter>

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

recordState List<AutomationRuleStringFilter>

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceDetailsOther List<AutomationRuleMapFilter>

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceId List<AutomationRuleStringFilter>

Array Members: Minimum number of 1 item. Maximum number of 100 items.

resourcePartition List<AutomationRuleStringFilter>

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceRegion List<AutomationRuleStringFilter>

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceTags List<AutomationRuleMapFilter>

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceType List<AutomationRuleStringFilter>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

severityLabel List<AutomationRuleStringFilter>

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

sourceUrl List<AutomationRuleStringFilter>

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

title List<AutomationRuleStringFilter>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

type List<AutomationRuleStringFilter>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

updatedAt List<AutomationRuleDateFilter>

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

userDefinedFields List<AutomationRuleMapFilter>

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

verificationState List<AutomationRuleStringFilter>

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

workflowStatus List<AutomationRuleStringFilter>

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

awsAccountId AutomationRuleStringFilter[]

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

companyName AutomationRuleStringFilter[]

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceAssociatedStandardsId AutomationRuleStringFilter[]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceSecurityControlId AutomationRuleStringFilter[]

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceStatus AutomationRuleStringFilter[]

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

confidence AutomationRuleNumberFilter[]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

createdAt AutomationRuleDateFilter[]

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

criticality AutomationRuleNumberFilter[]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

description AutomationRuleStringFilter[]

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

firstObservedAt AutomationRuleDateFilter[]

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

generatorId AutomationRuleStringFilter[]

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

id AutomationRuleStringFilter[]

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

lastObservedAt AutomationRuleDateFilter[]

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteText AutomationRuleStringFilter[]

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedAt AutomationRuleDateFilter[]

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedBy AutomationRuleStringFilter[]

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn AutomationRuleStringFilter[]

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productName AutomationRuleStringFilter[]

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

recordState AutomationRuleStringFilter[]

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceDetailsOther AutomationRuleMapFilter[]

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceId AutomationRuleStringFilter[]

Array Members: Minimum number of 1 item. Maximum number of 100 items.

resourcePartition AutomationRuleStringFilter[]

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceRegion AutomationRuleStringFilter[]

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceTags AutomationRuleMapFilter[]

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceType AutomationRuleStringFilter[]

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

severityLabel AutomationRuleStringFilter[]

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

sourceUrl AutomationRuleStringFilter[]

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

title AutomationRuleStringFilter[]

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

type AutomationRuleStringFilter[]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

updatedAt AutomationRuleDateFilter[]

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

userDefinedFields AutomationRuleMapFilter[]

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

verificationState AutomationRuleStringFilter[]

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

workflowStatus AutomationRuleStringFilter[]

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

aws_account_id Sequence[AutomationRuleStringFilter]

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

company_name Sequence[AutomationRuleStringFilter]

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

compliance_associated_standards_id Sequence[AutomationRuleStringFilter]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

compliance_security_control_id Sequence[AutomationRuleStringFilter]

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

compliance_status Sequence[AutomationRuleStringFilter]

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

confidence Sequence[AutomationRuleNumberFilter]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

created_at Sequence[AutomationRuleDateFilter]

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

criticality Sequence[AutomationRuleNumberFilter]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

description Sequence[AutomationRuleStringFilter]

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

first_observed_at Sequence[AutomationRuleDateFilter]

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

generator_id Sequence[AutomationRuleStringFilter]

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

id Sequence[AutomationRuleStringFilter]

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

last_observed_at Sequence[AutomationRuleDateFilter]

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

note_text Sequence[AutomationRuleStringFilter]

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

note_updated_at Sequence[AutomationRuleDateFilter]

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

note_updated_by Sequence[AutomationRuleStringFilter]

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

product_arn Sequence[AutomationRuleStringFilter]

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

product_name Sequence[AutomationRuleStringFilter]

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

record_state Sequence[AutomationRuleStringFilter]

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resource_details_other Sequence[AutomationRuleMapFilter]

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resource_id Sequence[AutomationRuleStringFilter]

Array Members: Minimum number of 1 item. Maximum number of 100 items.

resource_partition Sequence[AutomationRuleStringFilter]

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resource_region Sequence[AutomationRuleStringFilter]

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resource_tags Sequence[AutomationRuleMapFilter]

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resource_type Sequence[AutomationRuleStringFilter]

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

severity_label Sequence[AutomationRuleStringFilter]

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

source_url Sequence[AutomationRuleStringFilter]

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

title Sequence[AutomationRuleStringFilter]

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

type Sequence[AutomationRuleStringFilter]

Array Members: Minimum number of 1 item. Maximum number of 20 items.

updated_at Sequence[AutomationRuleDateFilter]

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

user_defined_fields Sequence[AutomationRuleMapFilter]

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

verification_state Sequence[AutomationRuleStringFilter]

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

workflow_status Sequence[AutomationRuleStringFilter]

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

awsAccountId List<Property Map>

The AWS account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

companyName List<Property Map>

The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceAssociatedStandardsId List<Property Map>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceSecurityControlId List<Property Map>

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

complianceStatus List<Property Map>

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

confidence List<Property Map>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

createdAt List<Property Map>

A timestamp that indicates when this finding record was created.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

criticality List<Property Map>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

description List<Property Map>

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

firstObservedAt List<Property Map>

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

generatorId List<Property Map>

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

id List<Property Map>

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

lastObservedAt List<Property Map>

A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteText List<Property Map>

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedAt List<Property Map>

The timestamp of when the note was updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

noteUpdatedBy List<Property Map>

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productArn List<Property Map>

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

productName List<Property Map>

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

recordState List<Property Map>

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceDetailsOther List<Property Map>

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceId List<Property Map>

Array Members: Minimum number of 1 item. Maximum number of 100 items.

resourcePartition List<Property Map>

The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceRegion List<Property Map>

The AWS Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceTags List<Property Map>

A list of AWS tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

resourceType List<Property Map>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

severityLabel List<Property Map>

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

sourceUrl List<Property Map>

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

title List<Property Map>

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

type List<Property Map>

Array Members: Minimum number of 1 item. Maximum number of 20 items.

updatedAt List<Property Map>

A timestamp that indicates when the finding record was most recently updated.

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

Array Members: Minimum number of 1 item. Maximum number of 20 items.

userDefinedFields List<Property Map>

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

verificationState List<Property Map>

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

workflowStatus List<Property Map>

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.112.0 published on Wednesday, Jul 24, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.securityhub.getAutomationRule

On this page

On this page

Using getAutomationRule

getAutomationRule Result

Supporting Types

AutomationRuleDateFilter

AutomationRuleDateRange

AutomationRuleDateRangeUnit

AutomationRuleMapFilter

AutomationRuleMapFilterComparison

AutomationRuleNoteUpdate

AutomationRuleNumberFilter

AutomationRuleRelatedFinding

AutomationRuleRuleStatus

AutomationRuleSeverityUpdate

AutomationRuleSeverityUpdateLabel

AutomationRuleStringFilter

AutomationRuleStringFilterComparison

AutomationRuleWorkflowUpdate

AutomationRuleWorkflowUpdateStatus

AutomationRulesAction

AutomationRulesActionType

AutomationRulesFindingFieldsUpdate

AutomationRulesFindingFieldsUpdateVerificationState

AutomationRulesFindingFilters

Package Details

On this page

On this page