1. Packages
  2. AWS Native
  3. API Docs
  4. securityhub
  5. getAutomationRule

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.108.4 published on Tuesday, Jun 18, 2024 by Pulumi

aws-native.securityhub.getAutomationRule

Explore with Pulumi AI

aws-native logo

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.108.4 published on Tuesday, Jun 18, 2024 by Pulumi

    The AWS::SecurityHub::AutomationRule resource specifies an automation rule based on input parameters. For more information, see Automation rules in the User Guide.

    Using getAutomationRule

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAutomationRule(args: GetAutomationRuleArgs, opts?: InvokeOptions): Promise<GetAutomationRuleResult>
    function getAutomationRuleOutput(args: GetAutomationRuleOutputArgs, opts?: InvokeOptions): Output<GetAutomationRuleResult>
    def get_automation_rule(rule_arn: Optional[str] = None,
                            opts: Optional[InvokeOptions] = None) -> GetAutomationRuleResult
    def get_automation_rule_output(rule_arn: Optional[pulumi.Input[str]] = None,
                            opts: Optional[InvokeOptions] = None) -> Output[GetAutomationRuleResult]
    func LookupAutomationRule(ctx *Context, args *LookupAutomationRuleArgs, opts ...InvokeOption) (*LookupAutomationRuleResult, error)
    func LookupAutomationRuleOutput(ctx *Context, args *LookupAutomationRuleOutputArgs, opts ...InvokeOption) LookupAutomationRuleResultOutput

    > Note: This function is named LookupAutomationRule in the Go SDK.

    public static class GetAutomationRule 
    {
        public static Task<GetAutomationRuleResult> InvokeAsync(GetAutomationRuleArgs args, InvokeOptions? opts = null)
        public static Output<GetAutomationRuleResult> Invoke(GetAutomationRuleInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetAutomationRuleResult> getAutomationRule(GetAutomationRuleArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws-native:securityhub:getAutomationRule
      arguments:
        # arguments dictionary

    The following arguments are supported:

    RuleArn string
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    RuleArn string
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    ruleArn String
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    ruleArn string
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    rule_arn str
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    ruleArn String
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .

    getAutomationRule Result

    The following output properties are available:

    Actions List<Pulumi.AwsNative.SecurityHub.Outputs.AutomationRulesAction>
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    CreatedAt string

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    CreatedBy string
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    Criteria Pulumi.AwsNative.SecurityHub.Outputs.AutomationRulesFindingFilters
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    Description string
    A description of the rule.
    IsTerminal bool
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    RuleArn string
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    RuleName string
    The name of the rule.
    RuleOrder int
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    RuleStatus Pulumi.AwsNative.SecurityHub.AutomationRuleRuleStatus
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    Tags Dictionary<string, string>
    User-defined tags associated with an automation rule.
    UpdatedAt string

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    Actions []AutomationRulesAction
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    CreatedAt string

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    CreatedBy string
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    Criteria AutomationRulesFindingFilters
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    Description string
    A description of the rule.
    IsTerminal bool
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    RuleArn string
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    RuleName string
    The name of the rule.
    RuleOrder int
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    RuleStatus AutomationRuleRuleStatus
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    Tags map[string]string
    User-defined tags associated with an automation rule.
    UpdatedAt string

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    actions List<AutomationRulesAction>
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    createdAt String

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    createdBy String
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    criteria AutomationRulesFindingFilters
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    description String
    A description of the rule.
    isTerminal Boolean
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    ruleArn String
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    ruleName String
    The name of the rule.
    ruleOrder Integer
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    ruleStatus AutomationRuleRuleStatus
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    tags Map<String,String>
    User-defined tags associated with an automation rule.
    updatedAt String

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    actions AutomationRulesAction[]
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    createdAt string

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    createdBy string
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    criteria AutomationRulesFindingFilters
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    description string
    A description of the rule.
    isTerminal boolean
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    ruleArn string
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    ruleName string
    The name of the rule.
    ruleOrder number
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    ruleStatus AutomationRuleRuleStatus
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    tags {[key: string]: string}
    User-defined tags associated with an automation rule.
    updatedAt string

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    actions Sequence[AutomationRulesAction]
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    created_at str

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    created_by str
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    criteria AutomationRulesFindingFilters
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    description str
    A description of the rule.
    is_terminal bool
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    rule_arn str
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    rule_name str
    The name of the rule.
    rule_order int
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    rule_status AutomationRuleRuleStatus
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    tags Mapping[str, str]
    User-defined tags associated with an automation rule.
    updated_at str

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    actions List<Property Map>
    One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
    createdAt String

    A timestamp that indicates when the rule was created.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    createdBy String
    The principal that created the rule. For example, arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe .
    criteria Property Map
    A set of Security Finding Format (ASFF) finding field attributes and corresponding expected values that ASH uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, ASH applies the rule action to the finding.
    description String
    A description of the rule.
    isTerminal Boolean
    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.
    ruleArn String
    The Amazon Resource Name (ARN) of the automation rule that you create. For example, arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 .
    ruleName String
    The name of the rule.
    ruleOrder Number
    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
    ruleStatus "ENABLED" | "DISABLED"
    Whether the rule is active after it is created. If this parameter is equal to ENABLED, ASH applies the rule to findings and finding updates after the rule is created.
    tags Map<String>
    User-defined tags associated with an automation rule.
    updatedAt String

    A timestamp that indicates when the rule was most recently updated.

    Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z .

    Supporting Types

    AutomationRuleDateFilter

    DateRange Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateRange
    A date range for the date filter.
    End string

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    Start string

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    DateRange AutomationRuleDateRange
    A date range for the date filter.
    End string

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    Start string

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    dateRange AutomationRuleDateRange
    A date range for the date filter.
    end String

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start String

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    dateRange AutomationRuleDateRange
    A date range for the date filter.
    end string

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start string

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    date_range AutomationRuleDateRange
    A date range for the date filter.
    end str

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start str

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    dateRange Property Map
    A date range for the date filter.
    end String

    A timestamp that provides the end date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )
    start String

    A timestamp that provides the start date for the date filter.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    AutomationRuleDateRange

    Unit Pulumi.AwsNative.SecurityHub.AutomationRuleDateRangeUnit
    A date range unit for the date filter.
    Value double
    A date range value for the date filter.
    Unit AutomationRuleDateRangeUnit
    A date range unit for the date filter.
    Value float64
    A date range value for the date filter.
    unit AutomationRuleDateRangeUnit
    A date range unit for the date filter.
    value Double
    A date range value for the date filter.
    unit AutomationRuleDateRangeUnit
    A date range unit for the date filter.
    value number
    A date range value for the date filter.
    unit AutomationRuleDateRangeUnit
    A date range unit for the date filter.
    value float
    A date range value for the date filter.
    unit "DAYS"
    A date range unit for the date filter.
    value Number
    A date range value for the date filter.

    AutomationRuleDateRangeUnit

    AutomationRuleMapFilter

    Comparison Pulumi.AwsNative.SecurityHub.AutomationRuleMapFilterComparison

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    Key string
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    Value string
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    Comparison AutomationRuleMapFilterComparison

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    Key string
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    Value string
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison AutomationRuleMapFilterComparison

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    key String
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value String
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison AutomationRuleMapFilterComparison

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    key string
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value string
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison AutomationRuleMapFilterComparison

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    key str
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value str
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.
    comparison "EQUALS" | "NOT_EQUALS" | "CONTAINS" | "NOT_CONTAINS"

    The condition to apply to the key value when filtering Security Hub findings with a map filter.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.
    • To search for values that exactly match the filter value, use EQUALS . For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

    CONTAINS and EQUALS filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security , Finance , or both values.

    To search for values that don't have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.
    • To search for values other than the filter value, use NOT_EQUALS . For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

    NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

    CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    key String
    The key of the map filter. For example, for ResourceTags , Key identifies the name of the tag. For UserDefinedFields , Key is the name of the field.
    value String
    The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security . If you provide security as the filter value, then there's no match.

    AutomationRuleMapFilterComparison

    AutomationRuleNoteUpdate

    Text string
    The updated note text.
    UpdatedBy string
    The principal that updated the note.
    Text string
    The updated note text.
    UpdatedBy string
    The principal that updated the note.
    text String
    The updated note text.
    updatedBy String
    The principal that updated the note.
    text string
    The updated note text.
    updatedBy string
    The principal that updated the note.
    text str
    The updated note text.
    updated_by str
    The principal that updated the note.
    text String
    The updated note text.
    updatedBy String
    The principal that updated the note.

    AutomationRuleNumberFilter

    Eq double
    The equal-to condition to be applied to a single field when querying for findings.
    Gte double
    The greater-than-equal condition to be applied to a single field when querying for findings.
    Lte double
    The less-than-equal condition to be applied to a single field when querying for findings.
    Eq float64
    The equal-to condition to be applied to a single field when querying for findings.
    Gte float64
    The greater-than-equal condition to be applied to a single field when querying for findings.
    Lte float64
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq Double
    The equal-to condition to be applied to a single field when querying for findings.
    gte Double
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte Double
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq number
    The equal-to condition to be applied to a single field when querying for findings.
    gte number
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte number
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq float
    The equal-to condition to be applied to a single field when querying for findings.
    gte float
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte float
    The less-than-equal condition to be applied to a single field when querying for findings.
    eq Number
    The equal-to condition to be applied to a single field when querying for findings.
    gte Number
    The greater-than-equal condition to be applied to a single field when querying for findings.
    lte Number
    The less-than-equal condition to be applied to a single field when querying for findings.

    AutomationRuleRelatedFinding

    Id string

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductArn string
    The Amazon Resource Name (ARN) for the product that generated a related finding.
    Id string

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductArn string
    The Amazon Resource Name (ARN) for the product that generated a related finding.
    id String

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn String
    The Amazon Resource Name (ARN) for the product that generated a related finding.
    id string

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn string
    The Amazon Resource Name (ARN) for the product that generated a related finding.
    id str

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    product_arn str
    The Amazon Resource Name (ARN) for the product that generated a related finding.
    id String

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn String
    The Amazon Resource Name (ARN) for the product that generated a related finding.

    AutomationRuleRuleStatus

    AutomationRuleSeverityUpdate

    Label Pulumi.AwsNative.SecurityHub.AutomationRuleSeverityUpdateLabel
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    Normalized int

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    Product double
    The native severity as defined by the AWS service or integrated partner product that generated the finding.
    Label AutomationRuleSeverityUpdateLabel
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    Normalized int

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    Product float64
    The native severity as defined by the AWS service or integrated partner product that generated the finding.
    label AutomationRuleSeverityUpdateLabel
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    normalized Integer

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    product Double
    The native severity as defined by the AWS service or integrated partner product that generated the finding.
    label AutomationRuleSeverityUpdateLabel
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    normalized number

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    product number
    The native severity as defined by the AWS service or integrated partner product that generated the finding.
    label AutomationRuleSeverityUpdateLabel
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    normalized int

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    product float
    The native severity as defined by the AWS service or integrated partner product that generated the finding.
    label "INFORMATIONAL" | "LOW" | "MEDIUM" | "HIGH" | "CRITICAL"
    The severity value of the finding. The allowed values are the following.

    • INFORMATIONAL - No issue was found.
    • LOW - The issue does not require action on its own.
    • MEDIUM - The issue must be addressed but not urgently.
    • HIGH - The issue must be addressed as a priority.
    • CRITICAL - The issue must be remediated immediately to avoid it escalating.
    normalized Number

    The normalized severity for the finding. This attribute is to be deprecated in favor of Label .

    If you provide Normalized and do not provide Label , Label is set automatically as follows.

    • 0 - INFORMATIONAL
    • 1–39 - LOW
    • 40–69 - MEDIUM
    • 70–89 - HIGH
    • 90–100 - CRITICAL
    product Number
    The native severity as defined by the AWS service or integrated partner product that generated the finding.

    AutomationRuleSeverityUpdateLabel

    AutomationRuleStringFilter

    Comparison Pulumi.AwsNative.SecurityHub.AutomationRuleStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    Value string
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    Comparison AutomationRuleStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    Value string
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison AutomationRuleStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value String
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison AutomationRuleStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value string
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison AutomationRuleStringFilterComparison

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value str
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.
    comparison "EQUALS" | "PREFIX" | "NOT_EQUALS" | "PREFIX_NOT_EQUALS" | "CONTAINS" | "NOT_CONTAINS"

    The condition to apply to a string value when filtering Security Hub findings.

    To search for values that have the filter value, use one of the following comparison operators:

    • To search for values that include the filter value, use CONTAINS . For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.
    • To search for values that exactly match the filter value, use EQUALS . For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012 .
    • To search for values that start with the filter value, use PREFIX . For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us . A ResourceRegion that starts with a different value, such as af , ap , or ca , doesn't match.

    CONTAINS , EQUALS , and PREFIX filters on the same field are joined by OR . A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront , CloudWatch , or both strings in the title.

    To search for values that don’t have the filter value, use one of the following comparison operators:

    • To search for values that exclude the filter value, use NOT_CONTAINS . For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.
    • To search for values other than the filter value, use NOT_EQUALS . For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012 .
    • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS . For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us .

    NOT_CONTAINS , NOT_EQUALS , and PREFIX_NOT_EQUALS filters on the same field are joined by AND . A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

    You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

    You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

    For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2 . It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface .

    • ResourceType PREFIX AwsIam
    • ResourceType PREFIX AwsEc2
    • ResourceType NOT_EQUALS AwsIamPolicy
    • ResourceType NOT_EQUALS AwsEc2NetworkInterface

    CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .

    value String
    The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub . If you provide security hub as the filter value, there's no match.

    AutomationRuleStringFilterComparison

    AutomationRuleWorkflowUpdate

    Status Pulumi.AwsNative.SecurityHub.AutomationRuleWorkflowUpdateStatus

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
    Status AutomationRuleWorkflowUpdateStatus

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
    status AutomationRuleWorkflowUpdateStatus

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
    status AutomationRuleWorkflowUpdateStatus

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
    status AutomationRuleWorkflowUpdateStatus

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
    status "NEW" | "NOTIFIED" | "RESOLVED" | "SUPPRESSED"

    The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

    The allowed values are the following.

    • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE .
    • The compliance status changes from PASSED to either WARNING , FAILED , or NOT_AVAILABLE .
    • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
    • RESOLVED - The finding was reviewed and remediated and is now considered resolved.
    • SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.

    AutomationRuleWorkflowUpdateStatus

    AutomationRulesAction

    FindingFieldsUpdate Pulumi.AwsNative.SecurityHub.Inputs.AutomationRulesFindingFieldsUpdate
    Specifies that the automation rule action is an update to a finding field.
    Type Pulumi.AwsNative.SecurityHub.AutomationRulesActionType
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
    FindingFieldsUpdate AutomationRulesFindingFieldsUpdate
    Specifies that the automation rule action is an update to a finding field.
    Type AutomationRulesActionType
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
    findingFieldsUpdate AutomationRulesFindingFieldsUpdate
    Specifies that the automation rule action is an update to a finding field.
    type AutomationRulesActionType
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
    findingFieldsUpdate AutomationRulesFindingFieldsUpdate
    Specifies that the automation rule action is an update to a finding field.
    type AutomationRulesActionType
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
    finding_fields_update AutomationRulesFindingFieldsUpdate
    Specifies that the automation rule action is an update to a finding field.
    type AutomationRulesActionType
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
    findingFieldsUpdate Property Map
    Specifies that the automation rule action is an update to a finding field.
    type "FINDING_FIELDS_UPDATE"
    Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    AutomationRulesActionType

    AutomationRulesFindingFieldsUpdate

    Confidence int
    The rule action updates the Confidence field of a finding.
    Criticality int
    The rule action updates the Criticality field of a finding.
    Note Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNoteUpdate
    The rule action will update the Note field of a finding.
    RelatedFindings List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleRelatedFinding>
    The rule action will update the RelatedFindings field of a finding.
    Severity Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleSeverityUpdate
    The rule action will update the Severity field of a finding.
    Types List<string>
    The rule action updates the Types field of a finding.
    UserDefinedFields Dictionary<string, string>
    The rule action updates the UserDefinedFields field of a finding.
    VerificationState Pulumi.AwsNative.SecurityHub.AutomationRulesFindingFieldsUpdateVerificationState
    The rule action updates the VerificationState field of a finding.
    Workflow Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleWorkflowUpdate
    The rule action will update the Workflow field of a finding.
    Confidence int
    The rule action updates the Confidence field of a finding.
    Criticality int
    The rule action updates the Criticality field of a finding.
    Note AutomationRuleNoteUpdate
    The rule action will update the Note field of a finding.
    RelatedFindings []AutomationRuleRelatedFinding
    The rule action will update the RelatedFindings field of a finding.
    Severity AutomationRuleSeverityUpdate
    The rule action will update the Severity field of a finding.
    Types []string
    The rule action updates the Types field of a finding.
    UserDefinedFields map[string]string
    The rule action updates the UserDefinedFields field of a finding.
    VerificationState AutomationRulesFindingFieldsUpdateVerificationState
    The rule action updates the VerificationState field of a finding.
    Workflow AutomationRuleWorkflowUpdate
    The rule action will update the Workflow field of a finding.
    confidence Integer
    The rule action updates the Confidence field of a finding.
    criticality Integer
    The rule action updates the Criticality field of a finding.
    note AutomationRuleNoteUpdate
    The rule action will update the Note field of a finding.
    relatedFindings List<AutomationRuleRelatedFinding>
    The rule action will update the RelatedFindings field of a finding.
    severity AutomationRuleSeverityUpdate
    The rule action will update the Severity field of a finding.
    types List<String>
    The rule action updates the Types field of a finding.
    userDefinedFields Map<String,String>
    The rule action updates the UserDefinedFields field of a finding.
    verificationState AutomationRulesFindingFieldsUpdateVerificationState
    The rule action updates the VerificationState field of a finding.
    workflow AutomationRuleWorkflowUpdate
    The rule action will update the Workflow field of a finding.
    confidence number
    The rule action updates the Confidence field of a finding.
    criticality number
    The rule action updates the Criticality field of a finding.
    note AutomationRuleNoteUpdate
    The rule action will update the Note field of a finding.
    relatedFindings AutomationRuleRelatedFinding[]
    The rule action will update the RelatedFindings field of a finding.
    severity AutomationRuleSeverityUpdate
    The rule action will update the Severity field of a finding.
    types string[]
    The rule action updates the Types field of a finding.
    userDefinedFields {[key: string]: string}
    The rule action updates the UserDefinedFields field of a finding.
    verificationState AutomationRulesFindingFieldsUpdateVerificationState
    The rule action updates the VerificationState field of a finding.
    workflow AutomationRuleWorkflowUpdate
    The rule action will update the Workflow field of a finding.
    confidence int
    The rule action updates the Confidence field of a finding.
    criticality int
    The rule action updates the Criticality field of a finding.
    note AutomationRuleNoteUpdate
    The rule action will update the Note field of a finding.
    related_findings Sequence[AutomationRuleRelatedFinding]
    The rule action will update the RelatedFindings field of a finding.
    severity AutomationRuleSeverityUpdate
    The rule action will update the Severity field of a finding.
    types Sequence[str]
    The rule action updates the Types field of a finding.
    user_defined_fields Mapping[str, str]
    The rule action updates the UserDefinedFields field of a finding.
    verification_state AutomationRulesFindingFieldsUpdateVerificationState
    The rule action updates the VerificationState field of a finding.
    workflow AutomationRuleWorkflowUpdate
    The rule action will update the Workflow field of a finding.
    confidence Number
    The rule action updates the Confidence field of a finding.
    criticality Number
    The rule action updates the Criticality field of a finding.
    note Property Map
    The rule action will update the Note field of a finding.
    relatedFindings List<Property Map>
    The rule action will update the RelatedFindings field of a finding.
    severity Property Map
    The rule action will update the Severity field of a finding.
    types List<String>
    The rule action updates the Types field of a finding.
    userDefinedFields Map<String>
    The rule action updates the UserDefinedFields field of a finding.
    verificationState "UNKNOWN" | "TRUE_POSITIVE" | "FALSE_POSITIVE" | "BENIGN_POSITIVE"
    The rule action updates the VerificationState field of a finding.
    workflow Property Map
    The rule action will update the Workflow field of a finding.

    AutomationRulesFindingFieldsUpdateVerificationState

    AutomationRulesFindingFilters

    AwsAccountId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    CompanyName List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceAssociatedStandardsId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceSecurityControlId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceStatus List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Confidence List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilter>

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    CreatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Criticality List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleNumberFilter>

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Description List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    FirstObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    GeneratorId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    Id List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    LastObservedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteText List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteUpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteUpdatedBy List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductName List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RecordState List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RelatedFindingsId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RelatedFindingsProductArn List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceDetailsOther List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceId List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    ResourcePartition List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceRegion List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceTags List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceType List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    SeverityLabel List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    SourceUrl List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Title List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    Type List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    UpdatedAt List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleDateFilter>

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    UserDefinedFields List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleMapFilter>

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    VerificationState List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    WorkflowStatus List<Pulumi.AwsNative.SecurityHub.Inputs.AutomationRuleStringFilter>

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    AwsAccountId []AutomationRuleStringFilter

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    CompanyName []AutomationRuleStringFilter

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceAssociatedStandardsId []AutomationRuleStringFilter

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceSecurityControlId []AutomationRuleStringFilter

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ComplianceStatus []AutomationRuleStringFilter

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Confidence []AutomationRuleNumberFilter

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    CreatedAt []AutomationRuleDateFilter

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Criticality []AutomationRuleNumberFilter

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Description []AutomationRuleStringFilter

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    FirstObservedAt []AutomationRuleDateFilter

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    GeneratorId []AutomationRuleStringFilter

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    Id []AutomationRuleStringFilter

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    LastObservedAt []AutomationRuleDateFilter

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteText []AutomationRuleStringFilter

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteUpdatedAt []AutomationRuleDateFilter

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    NoteUpdatedBy []AutomationRuleStringFilter

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductArn []AutomationRuleStringFilter

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ProductName []AutomationRuleStringFilter

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RecordState []AutomationRuleStringFilter

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RelatedFindingsId []AutomationRuleStringFilter

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    RelatedFindingsProductArn []AutomationRuleStringFilter

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceDetailsOther []AutomationRuleMapFilter

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceId []AutomationRuleStringFilter

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    ResourcePartition []AutomationRuleStringFilter

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceRegion []AutomationRuleStringFilter

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceTags []AutomationRuleMapFilter

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    ResourceType []AutomationRuleStringFilter

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    SeverityLabel []AutomationRuleStringFilter

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    SourceUrl []AutomationRuleStringFilter

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Title []AutomationRuleStringFilter

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    Type []AutomationRuleStringFilter

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    UpdatedAt []AutomationRuleDateFilter

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    UserDefinedFields []AutomationRuleMapFilter

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    VerificationState []AutomationRuleStringFilter

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    WorkflowStatus []AutomationRuleStringFilter

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    awsAccountId List<AutomationRuleStringFilter>

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    companyName List<AutomationRuleStringFilter>

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceAssociatedStandardsId List<AutomationRuleStringFilter>

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceSecurityControlId List<AutomationRuleStringFilter>

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceStatus List<AutomationRuleStringFilter>

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    confidence List<AutomationRuleNumberFilter>

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    createdAt List<AutomationRuleDateFilter>

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    criticality List<AutomationRuleNumberFilter>

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    description List<AutomationRuleStringFilter>

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    firstObservedAt List<AutomationRuleDateFilter>

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    generatorId List<AutomationRuleStringFilter>

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    id List<AutomationRuleStringFilter>

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    lastObservedAt List<AutomationRuleDateFilter>

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteText List<AutomationRuleStringFilter>

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedAt List<AutomationRuleDateFilter>

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedBy List<AutomationRuleStringFilter>

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn List<AutomationRuleStringFilter>

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productName List<AutomationRuleStringFilter>

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    recordState List<AutomationRuleStringFilter>

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsId List<AutomationRuleStringFilter>

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsProductArn List<AutomationRuleStringFilter>

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceDetailsOther List<AutomationRuleMapFilter>

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceId List<AutomationRuleStringFilter>

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    resourcePartition List<AutomationRuleStringFilter>

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceRegion List<AutomationRuleStringFilter>

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceTags List<AutomationRuleMapFilter>

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceType List<AutomationRuleStringFilter>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    severityLabel List<AutomationRuleStringFilter>

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    sourceUrl List<AutomationRuleStringFilter>

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    title List<AutomationRuleStringFilter>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    type List<AutomationRuleStringFilter>

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    updatedAt List<AutomationRuleDateFilter>

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    userDefinedFields List<AutomationRuleMapFilter>

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    verificationState List<AutomationRuleStringFilter>

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    workflowStatus List<AutomationRuleStringFilter>

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    awsAccountId AutomationRuleStringFilter[]

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    companyName AutomationRuleStringFilter[]

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceAssociatedStandardsId AutomationRuleStringFilter[]

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceSecurityControlId AutomationRuleStringFilter[]

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceStatus AutomationRuleStringFilter[]

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    confidence AutomationRuleNumberFilter[]

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    createdAt AutomationRuleDateFilter[]

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    criticality AutomationRuleNumberFilter[]

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    description AutomationRuleStringFilter[]

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    firstObservedAt AutomationRuleDateFilter[]

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    generatorId AutomationRuleStringFilter[]

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    id AutomationRuleStringFilter[]

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    lastObservedAt AutomationRuleDateFilter[]

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteText AutomationRuleStringFilter[]

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedAt AutomationRuleDateFilter[]

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedBy AutomationRuleStringFilter[]

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn AutomationRuleStringFilter[]

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productName AutomationRuleStringFilter[]

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    recordState AutomationRuleStringFilter[]

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsId AutomationRuleStringFilter[]

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsProductArn AutomationRuleStringFilter[]

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceDetailsOther AutomationRuleMapFilter[]

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceId AutomationRuleStringFilter[]

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    resourcePartition AutomationRuleStringFilter[]

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceRegion AutomationRuleStringFilter[]

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceTags AutomationRuleMapFilter[]

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceType AutomationRuleStringFilter[]

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    severityLabel AutomationRuleStringFilter[]

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    sourceUrl AutomationRuleStringFilter[]

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    title AutomationRuleStringFilter[]

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    type AutomationRuleStringFilter[]

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    updatedAt AutomationRuleDateFilter[]

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    userDefinedFields AutomationRuleMapFilter[]

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    verificationState AutomationRuleStringFilter[]

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    workflowStatus AutomationRuleStringFilter[]

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    aws_account_id Sequence[AutomationRuleStringFilter]

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    company_name Sequence[AutomationRuleStringFilter]

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    compliance_associated_standards_id Sequence[AutomationRuleStringFilter]

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    compliance_security_control_id Sequence[AutomationRuleStringFilter]

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    compliance_status Sequence[AutomationRuleStringFilter]

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    confidence Sequence[AutomationRuleNumberFilter]

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    created_at Sequence[AutomationRuleDateFilter]

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    criticality Sequence[AutomationRuleNumberFilter]

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    description Sequence[AutomationRuleStringFilter]

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    first_observed_at Sequence[AutomationRuleDateFilter]

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    generator_id Sequence[AutomationRuleStringFilter]

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    id Sequence[AutomationRuleStringFilter]

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    last_observed_at Sequence[AutomationRuleDateFilter]

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    note_text Sequence[AutomationRuleStringFilter]

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    note_updated_at Sequence[AutomationRuleDateFilter]

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    note_updated_by Sequence[AutomationRuleStringFilter]

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    product_arn Sequence[AutomationRuleStringFilter]

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    product_name Sequence[AutomationRuleStringFilter]

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    record_state Sequence[AutomationRuleStringFilter]

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    related_findings_id Sequence[AutomationRuleStringFilter]

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    related_findings_product_arn Sequence[AutomationRuleStringFilter]

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resource_details_other Sequence[AutomationRuleMapFilter]

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resource_id Sequence[AutomationRuleStringFilter]

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    resource_partition Sequence[AutomationRuleStringFilter]

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resource_region Sequence[AutomationRuleStringFilter]

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resource_tags Sequence[AutomationRuleMapFilter]

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resource_type Sequence[AutomationRuleStringFilter]

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    severity_label Sequence[AutomationRuleStringFilter]

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    source_url Sequence[AutomationRuleStringFilter]

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    title Sequence[AutomationRuleStringFilter]

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    type Sequence[AutomationRuleStringFilter]

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    updated_at Sequence[AutomationRuleDateFilter]

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    user_defined_fields Sequence[AutomationRuleMapFilter]

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    verification_state Sequence[AutomationRuleStringFilter]

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    workflow_status Sequence[AutomationRuleStringFilter]

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    awsAccountId List<Property Map>

    The AWS account ID in which a finding was generated.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    companyName List<Property Map>

    The name of the company for the product that generated the finding. For control-based findings, the company is AWS .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceAssociatedStandardsId List<Property Map>

    The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceSecurityControlId List<Property Map>

    The security control ID for which a finding was generated. Security control IDs are the same across standards.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    complianceStatus List<Property Map>

    The result of a security check. This field is only used for findings generated from controls.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    confidence List<Property Map>

    The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    createdAt List<Property Map>

    A timestamp that indicates when this finding record was created.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    criticality List<Property Map>

    The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    description List<Property Map>

    A finding's description.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    firstObservedAt List<Property Map>

    A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    generatorId List<Property Map>

    The identifier for the solution-specific component that generated a finding.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    id List<Property Map>

    The product-specific identifier for a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    lastObservedAt List<Property Map>

    A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteText List<Property Map>

    The text of a user-defined note that's added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedAt List<Property Map>

    The timestamp of when the note was updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    noteUpdatedBy List<Property Map>

    The principal that created a note.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productArn List<Property Map>

    The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    productName List<Property Map>

    Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    recordState List<Property Map>

    Provides the current state of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsId List<Property Map>

    The product-generated identifier for a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    relatedFindingsProductArn List<Property Map>

    The ARN for the product that generated a related finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceDetailsOther List<Property Map>

    Custom fields and values about the resource that a finding pertains to.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceId List<Property Map>

    The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    resourcePartition List<Property Map>

    The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceRegion List<Property Map>

    The AWS Region where the resource that a finding pertains to is located.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceTags List<Property Map>

    A list of AWS tags associated with a resource at the time the finding was processed.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    resourceType List<Property Map>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    severityLabel List<Property Map>

    The severity value of the finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    sourceUrl List<Property Map>

    Provides a URL that links to a page about the current finding in the finding product.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    title List<Property Map>

    A finding's title.

    Array Members: Minimum number of 1 item. Maximum number of 100 items.

    type List<Property Map>

    One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    updatedAt List<Property Map>

    A timestamp that indicates when the finding record was most recently updated.

    This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute] . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

    • YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z )
    • YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59 )
    • YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759 )
    • YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59 )

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    userDefinedFields List<Property Map>

    A list of user-defined name and value string pairs added to a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    verificationState List<Property Map>

    Provides the veracity of a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    workflowStatus List<Property Map>

    Provides information about the status of the investigation into a finding.

    Array Members: Minimum number of 1 item. Maximum number of 20 items.

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    AWS Native is in preview. AWS Classic is fully supported.

    AWS Native v0.108.4 published on Tuesday, Jun 18, 2024 by Pulumi