AWS::GuardDuty::Filter FindingCriteria - AWS CloudFormation
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

AWS::GuardDuty::Filter FindingCriteria

表示在查询结果时,与指定条件和值匹配的结果属性的映射。

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

JSON

{ "Criterion" : Json, "ItemType" : Condition }

属性

Criterion

表示在查询结果时,与指定条件和值匹配的结果属性的映射。

有关 JSON 条件到其对等控制台的映射,请参阅查找条件。以下是可用的条件:

  • accountId

  • 区域

  • confidence

  • id

  • resource.accessKeyDetails.accessKeyId

  • resource.accessKeyDetails.principalId

  • resource.accessKeyDetails.userName

  • resource.accessKeyDetails.userType

  • resource.instanceDetails.iamInstanceProfile.id

  • resource.instanceDetails.imageId

  • resource.instanceDetails.instanceId

  • resource.instanceDetails.outpostArn

  • resource.instanceDetails.networkInterfaces.ipv6Addresses

  • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

  • resource.instanceDetails.networkInterfaces.publicDnsName

  • resource.instanceDetails.networkInterfaces.publicIp

  • resource.instanceDetails.networkInterfaces.securityGroups.groupId

  • resource.instanceDetails.networkInterfaces.securityGroups.groupName

  • resource.instanceDetails.networkInterfaces.subnetId

  • resource.instanceDetails.networkInterfaces.vpcId

  • resource.instanceDetails.tags.key

  • resource.instanceDetails.tags.value

  • resource.resourceType

  • service.action.actionType

  • service.action.awsApiCallAction.api

  • service.action.awsApiCallAction.callerType

  • service.action.awsApiCallAction.remoteIpDetails.city.cityName

  • service.action.awsApiCallAction.remoteIpDetails.country.countryName

  • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

  • service.action.awsApiCallAction.remoteIpDetails.organization.asn

  • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

  • service.action.awsApiCallAction.serviceName

  • service.action.dnsRequestAction.domain

  • service.action.networkConnectionAction.blocked

  • service.action.networkConnectionAction.connectionDirection

  • service.action.networkConnectionAction.localPortDetails.port

  • service.action.networkConnectionAction.protocol

  • service.action.networkConnectionAction.localIpDetails.ipAddressV4

  • service.action.networkConnectionAction.remoteIpDetails.city.cityName

  • service.action.networkConnectionAction.remoteIpDetails.country.countryName

  • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

  • service.action.networkConnectionAction.remoteIpDetails.organization.asn

  • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

  • service.action.networkConnectionAction.remotePortDetails.port

  • service.additionalInfo.threatListName

  • service.archived

    当此属性设置为 TRUE 时,将会只列出存档的结果。当设置为 FALSE 时,则会只列出未存档的结果。当未设置此属性时,会列出所有现有结果。

  • service.resourceRole

  • severity

  • type

  • updatedAt

    类型:ISO 8601 字符串格式:YYYY-MM-DDTHH:MM:SS.SSSZ 或 YYYY-MM-DDTHH:MM:SSZ 取决于值是否包含毫秒。

必需:否

类型:Json

Update requires: No interruption

ItemType

指定在筛选结果时要应用于单个字段的条件。

必需:否

类型Condition

Update requires: No interruption