CfnAutomationRule
- class aws_cdk.aws_securityhub.CfnAutomationRule(scope, id, *, actions=None, criteria=None, description=None, is_terminal=None, rule_name=None, rule_order=None, rule_status=None, tags=None)
Bases:
CfnResourceThe
AWS::SecurityHub::AutomationRuleresource specifies an automation rule based on input parameters.For more information, see Automation rules in the AWS Security Hub User Guide .
- See:
- CloudformationResource:
AWS::SecurityHub::AutomationRule
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub # id: Any # updated_by: Any cfn_automation_rule = securityhub.CfnAutomationRule(self, "MyCfnAutomationRule", actions=[securityhub.CfnAutomationRule.AutomationRulesActionProperty( finding_fields_update=securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty( confidence=123, criticality=123, note=securityhub.CfnAutomationRule.NoteUpdateProperty( text="text", updated_by=updated_by ), related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty( id=id, product_arn="productArn" )], severity=securityhub.CfnAutomationRule.SeverityUpdateProperty( label="label", normalized=123, product=123 ), types=["types"], user_defined_fields={ "user_defined_fields_key": "userDefinedFields" }, verification_state="verificationState", workflow=securityhub.CfnAutomationRule.WorkflowUpdateProperty( status="status" ) ), type="type" )], criteria=securityhub.CfnAutomationRule.AutomationRulesFindingFiltersProperty( aws_account_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], company_name=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], compliance_associated_standards_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], compliance_security_control_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], compliance_status=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], confidence=[securityhub.CfnAutomationRule.NumberFilterProperty( eq=123, gte=123, lte=123 )], created_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], criticality=[securityhub.CfnAutomationRule.NumberFilterProperty( eq=123, gte=123, lte=123 )], description=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], first_observed_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], generator_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], last_observed_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], note_text=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], note_updated_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], note_updated_by=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], product_arn=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], product_name=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], record_state=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], related_findings_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], related_findings_product_arn=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_details_other=[securityhub.CfnAutomationRule.MapFilterProperty( comparison="comparison", key="key", value="value" )], resource_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_partition=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_region=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_tags=[securityhub.CfnAutomationRule.MapFilterProperty( comparison="comparison", key="key", value="value" )], resource_type=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], severity_label=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], source_url=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], title=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], type=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], updated_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], user_defined_fields=[securityhub.CfnAutomationRule.MapFilterProperty( comparison="comparison", key="key", value="value" )], verification_state=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], workflow_status=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )] ), description="description", is_terminal=False, rule_name="ruleName", rule_order=123, rule_status="ruleStatus", tags={ "tags_key": "tags" } )
- Parameters:
scope (
Construct) – Scope in which this resource is defined.id (
str) – Construct identifier for this resource (unique in its scope).actions (
Union[IResolvable,Sequence[Union[IResolvable,AutomationRulesActionProperty,Dict[str,Any]]],None]) – One or more actions to update finding fields if a finding matches the conditions specified inCriteria.criteria (
Union[IResolvable,AutomationRulesFindingFiltersProperty,Dict[str,Any],None]) – A set of AWS Security Finding Format (ASFF) finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding.description (
Optional[str]) – A description of the rule.is_terminal (
Union[bool,IResolvable,None]) – Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn’t evaluate other rules for the finding. By default, a rule isn’t terminal.rule_name (
Optional[str]) – The name of the rule.rule_order (
Union[int,float,None]) – An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.rule_status (
Optional[str]) – Whether the rule is active after it is created. If this parameter is equal toENABLED, Security Hub applies the rule to findings and finding updates after the rule is created.tags (
Optional[Mapping[str,str]]) – User-defined tags associated with an automation rule.
Methods
- add_deletion_override(path)
Syntactic sugar for
addOverride(path, undefined).- Parameters:
path (
str) – The path of the value to delete.- Return type:
None
- add_dependency(target)
Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.
- Parameters:
target (
CfnResource) –- Return type:
None
- add_depends_on(target)
(deprecated) Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
- Parameters:
target (
CfnResource) –- Deprecated:
use addDependency
- Stability:
deprecated
- Return type:
None
- add_metadata(key, value)
Add a value to the CloudFormation Resource Metadata.
- Parameters:
key (
str) –value (
Any) –
- See:
- Return type:
None
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.
- add_override(path, value)
Adds an override to the synthesized CloudFormation resource.
To add a property override, either use
addPropertyOverrideor prefixpathwith “Properties.” (i.e.Properties.TopicName).If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path.
To include a literal
.in the property name, prefix with a\. In most programming languages you will need to write this as"\\."because the\itself will need to be escaped.For example:
cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"]) cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE")
would add the overrides Example:
"Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... }
The
valueargument toaddOverridewill not be processed or translated in any way. Pass raw JSON values in here with the correct capitalization for CloudFormation. If you pass CDK classes or structs, they will be rendered with lowercased key names, and CloudFormation will reject the template.- Parameters:
path (
str) –The path of the property, you can use dot notation to override values in complex types. Any intermediate keys will be created as needed.
value (
Any) –The value. Could be primitive or complex.
- Return type:
None
- add_property_deletion_override(property_path)
Adds an override that deletes the value of a property from the resource definition.
- Parameters:
property_path (
str) – The path to the property.- Return type:
None
- add_property_override(property_path, value)
Adds an override to a resource property.
Syntactic sugar for
addOverride("Properties.<...>", value).- Parameters:
property_path (
str) – The path of the property.value (
Any) – The value.
- Return type:
None
- apply_removal_policy(policy=None, *, apply_to_update_replace_policy=None, default=None)
Sets the deletion policy of the resource based on the removal policy specified.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN). In some cases, a snapshot can be taken of the resource prior to deletion (RemovalPolicy.SNAPSHOT). A list of resources that support this policy can be found in the following link:- Parameters:
policy (
Optional[RemovalPolicy]) –apply_to_update_replace_policy (
Optional[bool]) – Apply the same deletion policy to the resource’s “UpdateReplacePolicy”. Default: truedefault (
Optional[RemovalPolicy]) – The default policy to apply in case the removal policy is not defined. Default: - Default value is resource specific. To determine the default value for a resource, please consult that specific resource’s documentation.
- See:
- Return type:
None
- get_att(attribute_name, type_hint=None)
Returns a token for an runtime attribute of this resource.
Ideally, use generated attribute accessors (e.g.
resource.arn), but this can be used for future compatibility in case there is no generated attribute.- Parameters:
attribute_name (
str) – The name of the attribute.type_hint (
Optional[ResolutionTypeHint]) –
- Return type:
- get_metadata(key)
Retrieve a value value from the CloudFormation Resource Metadata.
- Parameters:
key (
str) –- See:
- Return type:
Any
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.
- inspect(inspector)
Examines the CloudFormation resource and discloses attributes.
- Parameters:
inspector (
TreeInspector) – tree inspector to collect and process attributes.- Return type:
None
- obtain_dependencies()
Retrieves an array of resources this resource depends on.
This assembles dependencies on resources across stacks (including nested stacks) automatically.
- Return type:
List[Union[Stack,CfnResource]]
- obtain_resource_dependencies()
Get a shallow copy of dependencies between this resource and other resources in the same stack.
- Return type:
List[CfnResource]
- override_logical_id(new_logical_id)
Overrides the auto-generated logical ID with a specific ID.
- Parameters:
new_logical_id (
str) – The new logical ID to use for this stack element.- Return type:
None
- remove_dependency(target)
Indicates that this resource no longer depends on another resource.
This can be used for resources across stacks (including nested stacks) and the dependency will automatically be removed from the relevant scope.
- Parameters:
target (
CfnResource) –- Return type:
None
- replace_dependency(target, new_target)
Replaces one dependency with another.
- Parameters:
target (
CfnResource) – The dependency to replace.new_target (
CfnResource) – The new dependency to add.
- Return type:
None
- to_string()
Returns a string representation of this construct.
- Return type:
str- Returns:
a string representation of this resource
Attributes
- CFN_RESOURCE_TYPE_NAME = 'AWS::SecurityHub::AutomationRule'
- actions
One or more actions to update finding fields if a finding matches the conditions specified in
Criteria.
- attr_created_at
A timestamp that indicates when the rule was created.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.- CloudformationAttribute:
CreatedAt
- attr_created_by
The principal that created the rule.
For example,
arn:aws:sts::123456789012:assumed-role/Developer-Role/JaneDoe.- CloudformationAttribute:
CreatedBy
- attr_rule_arn
The Amazon Resource Name (ARN) of the automation rule that you create.
For example,
arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.- CloudformationAttribute:
RuleArn
- attr_updated_at
A timestamp that indicates when the rule was most recently updated.
Uses the
date-timeformat specified in RFC 3339 section 5.6, Internet Date/Time Format . The value cannot contain spaces. For example,2020-03-22T13:22:13.933Z.- CloudformationAttribute:
UpdatedAt
- cdk_tag_manager
Tag Manager which manages the tags for this resource.
- cfn_options
Options for this resource, such as condition, update policy etc.
- cfn_resource_type
AWS resource type.
- creation_stack
return:
the stack trace of the point where this Resource was created from, sourced from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most node +internal+ entries filtered.
- criteria
//docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html>`_ finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding.
- Type:
A set of `AWS Security Finding Format (ASFF) <https
- description
A description of the rule.
- is_terminal
Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria.
- logical_id
The logical ID for this CloudFormation stack element.
The logical ID of the element is calculated from the path of the resource node in the construct tree.
To override this value, use
overrideLogicalId(newLogicalId).- Returns:
the logical ID as a stringified token. This value will only get resolved during synthesis.
- node
The tree node.
- ref
Return a string that will be resolved to a CloudFormation
{ Ref }for this element.If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through
Lazy.any({ produce: resource.ref }).
- rule_name
The name of the rule.
- rule_order
An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings.
- rule_status
Whether the rule is active after it is created.
- stack
The stack in which this element is defined.
CfnElements must be defined within a stack scope (directly or indirectly).
- tags
User-defined tags associated with an automation rule.
Static Methods
- classmethod is_cfn_element(x)
Returns
trueif a construct is a stack element (i.e. part of the synthesized cloudformation template).Uses duck-typing instead of
instanceofto allow stack elements from different versions of this library to be included in the same stack.- Parameters:
x (
Any) –- Return type:
bool- Returns:
The construct as a stack element or undefined if it is not a stack element.
- classmethod is_cfn_resource(x)
Check whether the given object is a CfnResource.
- Parameters:
x (
Any) –- Return type:
bool
- classmethod is_construct(x)
Checks if
xis a construct.Use this method instead of
instanceofto properly detectConstructinstances, even when the construct library is symlinked.Explanation: in JavaScript, multiple copies of the
constructslibrary on disk are seen as independent, completely different libraries. As a consequence, the classConstructin each copy of theconstructslibrary is seen as a different class, and an instance of one class will not test asinstanceofthe other class.npm installwill not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of theconstructslibrary can be accidentally installed, andinstanceofwill behave unpredictably. It is safest to avoid usinginstanceof, and using this type-testing method instead.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsConstruct.
AutomationRulesActionProperty
- class CfnAutomationRule.AutomationRulesActionProperty(*, finding_fields_update, type)
Bases:
objectOne or more actions to update finding fields if a finding matches the defined criteria of the rule.
- Parameters:
finding_fields_update (
Union[IResolvable,AutomationRulesFindingFieldsUpdateProperty,Dict[str,Any]]) – Specifies that the automation rule action is an update to a finding field.type (
str) – Specifies that the rule action should update theTypesfinding field. TheTypesfinding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub # id: Any # updated_by: Any automation_rules_action_property = securityhub.CfnAutomationRule.AutomationRulesActionProperty( finding_fields_update=securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty( confidence=123, criticality=123, note=securityhub.CfnAutomationRule.NoteUpdateProperty( text="text", updated_by=updated_by ), related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty( id=id, product_arn="productArn" )], severity=securityhub.CfnAutomationRule.SeverityUpdateProperty( label="label", normalized=123, product=123 ), types=["types"], user_defined_fields={ "user_defined_fields_key": "userDefinedFields" }, verification_state="verificationState", workflow=securityhub.CfnAutomationRule.WorkflowUpdateProperty( status="status" ) ), type="type" )
Attributes
- finding_fields_update
Specifies that the automation rule action is an update to a finding field.
- type
Specifies that the rule action should update the
Typesfinding field.The
Typesfinding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
AutomationRulesFindingFieldsUpdateProperty
- class CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty(*, confidence=None, criticality=None, note=None, related_findings=None, severity=None, types=None, user_defined_fields=None, verification_state=None, workflow=None)
Bases:
objectIdentifies the finding fields that the automation rule action updates when a finding matches the defined criteria.
- Parameters:
confidence (
Union[int,float,None]) – The rule action updates theConfidencefield of a finding.criticality (
Union[int,float,None]) – The rule action updates theCriticalityfield of a finding.note (
Union[IResolvable,NoteUpdateProperty,Dict[str,Any],None]) – The rule action will update theNotefield of a finding.related_findings (
Union[IResolvable,Sequence[Union[IResolvable,RelatedFindingProperty,Dict[str,Any]]],None]) – The rule action will update theRelatedFindingsfield of a finding.severity (
Union[IResolvable,SeverityUpdateProperty,Dict[str,Any],None]) – The rule action will update theSeverityfield of a finding.types (
Optional[Sequence[str]]) – The rule action updates theTypesfield of a finding.user_defined_fields (
Union[IResolvable,Mapping[str,str],None]) – The rule action updates theUserDefinedFieldsfield of a finding.verification_state (
Optional[str]) – The rule action updates theVerificationStatefield of a finding.workflow (
Union[IResolvable,WorkflowUpdateProperty,Dict[str,Any],None]) – The rule action will update theWorkflowfield of a finding.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub # id: Any # updated_by: Any automation_rules_finding_fields_update_property = securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty( confidence=123, criticality=123, note=securityhub.CfnAutomationRule.NoteUpdateProperty( text="text", updated_by=updated_by ), related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty( id=id, product_arn="productArn" )], severity=securityhub.CfnAutomationRule.SeverityUpdateProperty( label="label", normalized=123, product=123 ), types=["types"], user_defined_fields={ "user_defined_fields_key": "userDefinedFields" }, verification_state="verificationState", workflow=securityhub.CfnAutomationRule.WorkflowUpdateProperty( status="status" ) )
Attributes
- confidence
The rule action updates the
Confidencefield of a finding.
- criticality
The rule action updates the
Criticalityfield of a finding.
- note
The rule action will update the
Notefield of a finding.
The rule action will update the
RelatedFindingsfield of a finding.
- severity
The rule action will update the
Severityfield of a finding.
- types
The rule action updates the
Typesfield of a finding.
- user_defined_fields
The rule action updates the
UserDefinedFieldsfield of a finding.
- verification_state
The rule action updates the
VerificationStatefield of a finding.
- workflow
The rule action will update the
Workflowfield of a finding.
AutomationRulesFindingFiltersProperty
- class CfnAutomationRule.AutomationRulesFindingFiltersProperty(*, aws_account_id=None, company_name=None, compliance_associated_standards_id=None, compliance_security_control_id=None, compliance_status=None, confidence=None, created_at=None, criticality=None, description=None, first_observed_at=None, generator_id=None, id=None, last_observed_at=None, note_text=None, note_updated_at=None, note_updated_by=None, product_arn=None, product_name=None, record_state=None, related_findings_id=None, related_findings_product_arn=None, resource_details_other=None, resource_id=None, resource_partition=None, resource_region=None, resource_tags=None, resource_type=None, severity_label=None, source_url=None, title=None, type=None, updated_at=None, user_defined_fields=None, verification_state=None, workflow_status=None)
Bases:
objectThe criteria that determine which findings a rule applies to.
- Parameters:
aws_account_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The AWS account ID in which a finding was generated. Array Members: Minimum number of 1 item. Maximum number of 100 items.company_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The name of the company for the product that generated the finding. For control-based findings, the company is AWS . Array Members: Minimum number of 1 item. Maximum number of 20 items.compliance_associated_standards_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. Array Members: Minimum number of 1 item. Maximum number of 20 items.compliance_security_control_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The security control ID for which a finding was generated. Security control IDs are the same across standards. Array Members: Minimum number of 1 item. Maximum number of 20 items.compliance_status (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The result of a security check. This field is only used for findings generated from controls. Array Members: Minimum number of 1 item. Maximum number of 20 items.confidence (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.Confidenceis scored on a 0–100 basis using a ratio scale. A value of0means 0 percent confidence, and a value of100means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn’t been verified. For more information, see Confidence in the AWS Security Hub User Guide . Array Members: Minimum number of 1 item. Maximum number of 20 items.created_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) – A timestamp that indicates when this finding record was created. This field accepts only the specified formats. Timestamps can end withZor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: -YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z) -YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59) -YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59) Array Members: Minimum number of 1 item. Maximum number of 20 items.criticality (
Union[IResolvable,Sequence[Union[IResolvable,NumberFilterProperty,Dict[str,Any]]],None]) – The level of importance that is assigned to the resources that are associated with a finding.Criticalityis scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0means that the underlying resources have no criticality, and a score of100is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide . Array Members: Minimum number of 1 item. Maximum number of 20 items.description (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – A finding’s description. Array Members: Minimum number of 1 item. Maximum number of 20 items.first_observed_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) – A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. This field accepts only the specified formats. Timestamps can end withZor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: -YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z) -YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59) -YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59) Array Members: Minimum number of 1 item. Maximum number of 20 items.generator_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The identifier for the solution-specific component that generated a finding. Array Members: Minimum number of 1 item. Maximum number of 100 items.id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The product-specific identifier for a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.last_observed_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) – A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. This field accepts only the specified formats. Timestamps can end withZor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: -YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z) -YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59) -YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59) Array Members: Minimum number of 1 item. Maximum number of 20 items.note_text (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The text of a user-defined note that’s added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.note_updated_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) – The timestamp of when the note was updated. This field accepts only the specified formats. Timestamps can end withZor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: -YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z) -YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59) -YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59) Array Members: Minimum number of 1 item. Maximum number of 20 items.note_updated_by (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The principal that created a note. Array Members: Minimum number of 1 item. Maximum number of 20 items.product_arn (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.product_name (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. Array Members: Minimum number of 1 item. Maximum number of 20 items.record_state (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – Provides the current state of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.related_findings_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The product-generated identifier for a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.related_findings_product_arn (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The ARN for the product that generated a related finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.resource_details_other (
Union[IResolvable,Sequence[Union[IResolvable,MapFilterProperty,Dict[str,Any]]],None]) – Custom fields and values about the resource that a finding pertains to. Array Members: Minimum number of 1 item. Maximum number of 20 items.resource_id (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource. Array Members: Minimum number of 1 item. Maximum number of 100 items.resource_partition (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition. Array Members: Minimum number of 1 item. Maximum number of 20 items.resource_region (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The AWS Region where the resource that a finding pertains to is located. Array Members: Minimum number of 1 item. Maximum number of 20 items.resource_tags (
Union[IResolvable,Sequence[Union[IResolvable,MapFilterProperty,Dict[str,Any]]],None]) – A list of AWS tags associated with a resource at the time the finding was processed. Array Members: Minimum number of 1 item. Maximum number of 20 items.resource_type (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – A finding’s title. Array Members: Minimum number of 1 item. Maximum number of 100 items.severity_label (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – The severity value of the finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.source_url (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – Provides a URL that links to a page about the current finding in the finding product. Array Members: Minimum number of 1 item. Maximum number of 20 items.title (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – A finding’s title. Array Members: Minimum number of 1 item. Maximum number of 100 items.type (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) –One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide . Array Members: Minimum number of 1 item. Maximum number of 20 items.
updated_at (
Union[IResolvable,Sequence[Union[IResolvable,DateFilterProperty,Dict[str,Any]]],None]) – A timestamp that indicates when the finding record was most recently updated. This field accepts only the specified formats. Timestamps can end withZor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: -YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z) -YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59) -YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59) Array Members: Minimum number of 1 item. Maximum number of 20 items.user_defined_fields (
Union[IResolvable,Sequence[Union[IResolvable,MapFilterProperty,Dict[str,Any]]],None]) – A list of user-defined name and value string pairs added to a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.verification_state (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – Provides the veracity of a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.workflow_status (
Union[IResolvable,Sequence[Union[IResolvable,StringFilterProperty,Dict[str,Any]]],None]) – Provides information about the status of the investigation into a finding. Array Members: Minimum number of 1 item. Maximum number of 20 items.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub automation_rules_finding_filters_property = securityhub.CfnAutomationRule.AutomationRulesFindingFiltersProperty( aws_account_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], company_name=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], compliance_associated_standards_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], compliance_security_control_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], compliance_status=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], confidence=[securityhub.CfnAutomationRule.NumberFilterProperty( eq=123, gte=123, lte=123 )], created_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], criticality=[securityhub.CfnAutomationRule.NumberFilterProperty( eq=123, gte=123, lte=123 )], description=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], first_observed_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], generator_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], last_observed_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], note_text=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], note_updated_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], note_updated_by=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], product_arn=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], product_name=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], record_state=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], related_findings_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], related_findings_product_arn=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_details_other=[securityhub.CfnAutomationRule.MapFilterProperty( comparison="comparison", key="key", value="value" )], resource_id=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_partition=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_region=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], resource_tags=[securityhub.CfnAutomationRule.MapFilterProperty( comparison="comparison", key="key", value="value" )], resource_type=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], severity_label=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], source_url=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], title=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], type=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], updated_at=[securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )], user_defined_fields=[securityhub.CfnAutomationRule.MapFilterProperty( comparison="comparison", key="key", value="value" )], verification_state=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )], workflow_status=[securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )] )
Attributes
- aws_account_id
The AWS account ID in which a finding was generated.
Array Members: Minimum number of 1 item. Maximum number of 100 items.
- company_name
The name of the company for the product that generated the finding.
For control-based findings, the company is AWS .
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance_associated_standards_id
The unique identifier of a standard in which a control is enabled.
This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance_security_control_id
The security control ID for which a finding was generated. Security control IDs are the same across standards.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- compliance_status
The result of a security check. This field is only used for findings generated from controls.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- confidence
The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidenceis scored on a 0–100 basis using a ratio scale. A value of0means 0 percent confidence, and a value of100means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn’t been verified. For more information, see Confidence in the AWS Security Hub User Guide .Array Members: Minimum number of 1 item. Maximum number of 20 items.
- created_at
A timestamp that indicates when this finding record was created.
This field accepts only the specified formats. Timestamps can end with
Zor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z)YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59)YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- criticality
The level of importance that is assigned to the resources that are associated with a finding.
Criticalityis scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of0means that the underlying resources have no criticality, and a score of100is reserved for the most critical resources. For more information, see Criticality in the AWS Security Hub User Guide .Array Members: Minimum number of 1 item. Maximum number of 20 items.
- description
A finding’s description.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- first_observed_at
A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.
This field accepts only the specified formats. Timestamps can end with
Zor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z)YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59)YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- generator_id
The identifier for the solution-specific component that generated a finding.
Array Members: Minimum number of 1 item. Maximum number of 100 items.
- id
The product-specific identifier for a finding.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- last_observed_at
A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.
This field accepts only the specified formats. Timestamps can end with
Zor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z)YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59)YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note_text
The text of a user-defined note that’s added to a finding.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note_updated_at
The timestamp of when the note was updated.
This field accepts only the specified formats. Timestamps can end with
Zor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z)YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59)YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- note_updated_by
The principal that created a note.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product_arn
The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- product_name
Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- record_state
Provides the current state of a finding.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
The product-generated identifier for a related finding.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
The ARN for the product that generated a related finding.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_details_other
Custom fields and values about the resource that a finding pertains to.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_id
The identifier for the given resource type.
For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.
Array Members: Minimum number of 1 item. Maximum number of 100 items.
- resource_partition
The partition in which the resource that the finding pertains to is located.
A partition is a group of AWS Regions . Each AWS account is scoped to one partition.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_region
The AWS Region where the resource that a finding pertains to is located.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_tags
A list of AWS tags associated with a resource at the time the finding was processed.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- resource_type
A finding’s title.
Array Members: Minimum number of 1 item. Maximum number of 100 items.
- severity_label
The severity value of the finding.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- source_url
Provides a URL that links to a page about the current finding in the finding product.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- title
A finding’s title.
Array Members: Minimum number of 1 item. Maximum number of 100 items.
- type
One or more finding types in the format of namespace/category/classifier that classify a finding.
For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the AWS Security Hub User Guide .
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- updated_at
A timestamp that indicates when the finding record was most recently updated.
This field accepts only the specified formats. Timestamps can end with
Zor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z)YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59)YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59)
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- user_defined_fields
A list of user-defined name and value string pairs added to a finding.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- verification_state
Provides the veracity of a finding.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
- workflow_status
Provides information about the status of the investigation into a finding.
Array Members: Minimum number of 1 item. Maximum number of 20 items.
DateFilterProperty
- class CfnAutomationRule.DateFilterProperty(*, date_range=None, end=None, start=None)
Bases:
objectA date filter for querying findings.
- Parameters:
date_range (
Union[IResolvable,DateRangeProperty,Dict[str,Any],None]) – A date range for the date filter.end (
Optional[str]) – A timestamp that provides the end date for the date filter. This field accepts only the specified formats. Timestamps can end withZor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: -YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z) -YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59) -YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59)start (
Optional[str]) – A timestamp that provides the start date for the date filter. This field accepts only the specified formats. Timestamps can end withZor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples: -YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z) -YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59) -YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759) -YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59)
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub date_filter_property = securityhub.CfnAutomationRule.DateFilterProperty( date_range=securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 ), end="end", start="start" )
Attributes
- date_range
A date range for the date filter.
- end
A timestamp that provides the end date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Zor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z)YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59)YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59)
- start
A timestamp that provides the start date for the date filter.
This field accepts only the specified formats. Timestamps can end with
Zor("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:YYYY-MM-DDTHH:MM:SSZ(for example,2019-01-31T23:00:00Z)YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ(for example,2019-01-31T23:00:00.123456789Z)YYYY-MM-DDTHH:MM:SS+HH:MM(for example,2024-01-04T15:25:10+17:59)YYYY-MM-DDTHH:MM:SS-HHMM(for example,2024-01-04T15:25:10-1759)YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM(for example,2024-01-04T15:25:10.123456789+17:59)
DateRangeProperty
- class CfnAutomationRule.DateRangeProperty(*, unit, value)
Bases:
objectA date range for the date filter.
- Parameters:
unit (
str) – A date range unit for the date filter.value (
Union[int,float]) – A date range value for the date filter.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub date_range_property = securityhub.CfnAutomationRule.DateRangeProperty( unit="unit", value=123 )
Attributes
- unit
A date range unit for the date filter.
- value
A date range value for the date filter.
MapFilterProperty
- class CfnAutomationRule.MapFilterProperty(*, comparison, key, value)
Bases:
objectA map filter for filtering AWS Security Hub findings.
Each map filter provides the field to check for, the value to check for, and the comparison operator.
- Parameters:
comparison (
str) –The condition to apply to the key value when filtering Security Hub findings with a map filter. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use
CONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match. - To search for values that exactly match the filter value, useEQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, useNOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag. - To search for values other than the filter value, useNOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .key (
str) – The key of the map filter. For example, forResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field.value (
str) – The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag calledDepartmentmight beSecurity. If you providesecurityas the filter value, then there’s no match.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub map_filter_property = securityhub.CfnAutomationRule.MapFilterProperty( comparison="comparison", key="key", value="value" )
Attributes
- comparison
The condition to apply to the key value when filtering Security Hub findings with a map filter.
To search for values that have the filter value, use one of the following comparison operators:
To search for values that include the filter value, use
CONTAINS. For example, for theResourceTagsfield, the filterDepartment CONTAINS Securitymatches findings that include the valueSecurityfor theDepartmenttag. In the same example, a finding with a value ofSecurity teamfor theDepartmenttag is a match.To search for values that exactly match the filter value, use
EQUALS. For example, for theResourceTagsfield, the filterDepartment EQUALS Securitymatches findings that have the valueSecurityfor theDepartmenttag.
CONTAINSandEQUALSfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersDepartment CONTAINS Security OR Department CONTAINS Financematch a finding that includes eitherSecurity,Finance, or both values.To search for values that don’t have the filter value, use one of the following comparison operators:
To search for values that exclude the filter value, use
NOT_CONTAINS. For example, for theResourceTagsfield, the filterDepartment NOT_CONTAINS Financematches findings that exclude the valueFinancefor theDepartmenttag.To search for values other than the filter value, use
NOT_EQUALS. For example, for theResourceTagsfield, the filterDepartment NOT_EQUALS Financematches findings that don’t have the valueFinancefor theDepartmenttag.
NOT_CONTAINSandNOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersDepartment NOT_CONTAINS Security AND Department NOT_CONTAINS Financematch a finding that excludes both theSecurityandFinancevalues.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters.You can’t have both a
CONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t have both anEQUALSfilter and aNOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .
- key
The key of the map filter.
For example, for
ResourceTags,Keyidentifies the name of the tag. ForUserDefinedFields,Keyis the name of the field.
- value
The value for the key in the map filter.
Filter values are case sensitive. For example, one of the values for a tag called
Departmentmight beSecurity. If you providesecurityas the filter value, then there’s no match.
NoteUpdateProperty
- class CfnAutomationRule.NoteUpdateProperty(*, text, updated_by)
Bases:
objectThe updated note.
- Parameters:
text (
str) – The updated note text.updated_by (
Any) – The principal that updated the note.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub # updated_by: Any note_update_property = securityhub.CfnAutomationRule.NoteUpdateProperty( text="text", updated_by=updated_by )
Attributes
- text
The updated note text.
- updated_by
The principal that updated the note.
NumberFilterProperty
- class CfnAutomationRule.NumberFilterProperty(*, eq=None, gte=None, lte=None)
Bases:
objectA number filter for querying findings.
- Parameters:
eq (
Union[int,float,None]) – The equal-to condition to be applied to a single field when querying for findings.gte (
Union[int,float,None]) – The greater-than-equal condition to be applied to a single field when querying for findings.lte (
Union[int,float,None]) – The less-than-equal condition to be applied to a single field when querying for findings.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub number_filter_property = securityhub.CfnAutomationRule.NumberFilterProperty( eq=123, gte=123, lte=123 )
Attributes
- eq
The equal-to condition to be applied to a single field when querying for findings.
- gte
The greater-than-equal condition to be applied to a single field when querying for findings.
- lte
The less-than-equal condition to be applied to a single field when querying for findings.
SeverityUpdateProperty
- class CfnAutomationRule.SeverityUpdateProperty(*, label=None, normalized=None, product=None)
Bases:
objectUpdates to the severity information for a finding.
- Parameters:
label (
Optional[str]) – The severity value of the finding. The allowed values are the following. -INFORMATIONAL- No issue was found. -LOW- The issue does not require action on its own. -MEDIUM- The issue must be addressed but not urgently. -HIGH- The issue must be addressed as a priority. -CRITICAL- The issue must be remediated immediately to avoid it escalating.normalized (
Union[int,float,None]) – The normalized severity for the finding. This attribute is to be deprecated in favor ofLabel. If you provideNormalizedand do not provideLabel,Labelis set automatically as follows. - 0 -INFORMATIONAL- 1–39 -LOW- 40–69 -MEDIUM- 70–89 -HIGH- 90–100 -CRITICALproduct (
Union[int,float,None]) – The native severity as defined by the AWS service or integrated partner product that generated the finding.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub severity_update_property = securityhub.CfnAutomationRule.SeverityUpdateProperty( label="label", normalized=123, product=123 )
Attributes
- label
The severity value of the finding. The allowed values are the following.
INFORMATIONAL- No issue was found.LOW- The issue does not require action on its own.MEDIUM- The issue must be addressed but not urgently.HIGH- The issue must be addressed as a priority.CRITICAL- The issue must be remediated immediately to avoid it escalating.
- normalized
The normalized severity for the finding. This attribute is to be deprecated in favor of
Label.If you provide
Normalizedand do not provideLabel,Labelis set automatically as follows.0 -
INFORMATIONAL1–39 -
LOW40–69 -
MEDIUM70–89 -
HIGH90–100 -
CRITICAL
- product
The native severity as defined by the AWS service or integrated partner product that generated the finding.
StringFilterProperty
- class CfnAutomationRule.StringFilterProperty(*, comparison, value)
Bases:
objectA string filter for filtering AWS Security Hub findings.
- Parameters:
comparison (
str) –The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators: - To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront. - To search for values that exactly match the filter value, useEQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012. - To search for values that start with the filter value, usePREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn’t match.CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators: - To search for values that exclude the filter value, useNOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront. - To search for values other than the filter value, useNOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012. - To search for values that don’t start with the filter value, usePREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title. You can’t have both aCONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters. You can combinePREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with eitherAwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface. -ResourceType PREFIX AwsIam-ResourceType PREFIX AwsEc2-ResourceType NOT_EQUALS AwsIamPolicy-ResourceType NOT_EQUALS AwsEc2NetworkInterfaceCONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .value (
str) – The string filter value. Filter values are case sensitive. For example, the product name for control-based findings isSecurity Hub. If you providesecurity hubas the filter value, there’s no match.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub string_filter_property = securityhub.CfnAutomationRule.StringFilterProperty( comparison="comparison", value="value" )
Attributes
- comparison
The condition to apply to a string value when filtering Security Hub findings.
To search for values that have the filter value, use one of the following comparison operators:
To search for values that include the filter value, use
CONTAINS. For example, the filterTitle CONTAINS CloudFrontmatches findings that have aTitlethat includes the string CloudFront.To search for values that exactly match the filter value, use
EQUALS. For example, the filterAwsAccountId EQUALS 123456789012only matches findings that have an account ID of123456789012.To search for values that start with the filter value, use
PREFIX. For example, the filterResourceRegion PREFIX usmatches findings that have aResourceRegionthat starts withus. AResourceRegionthat starts with a different value, such asaf,ap, orca, doesn’t match.
CONTAINS,EQUALS, andPREFIXfilters on the same field are joined byOR. A finding matches if it matches any one of those filters. For example, the filtersTitle CONTAINS CloudFront OR Title CONTAINS CloudWatchmatch a finding that includes eitherCloudFront,CloudWatch, or both strings in the title.To search for values that don’t have the filter value, use one of the following comparison operators:
To search for values that exclude the filter value, use
NOT_CONTAINS. For example, the filterTitle NOT_CONTAINS CloudFrontmatches findings that have aTitlethat excludes the string CloudFront.To search for values other than the filter value, use
NOT_EQUALS. For example, the filterAwsAccountId NOT_EQUALS 123456789012only matches findings that have an account ID other than123456789012.To search for values that don’t start with the filter value, use
PREFIX_NOT_EQUALS. For example, the filterResourceRegion PREFIX_NOT_EQUALS usmatches findings with aResourceRegionthat starts with a value other thanus.
NOT_CONTAINS,NOT_EQUALS, andPREFIX_NOT_EQUALSfilters on the same field are joined byAND. A finding matches only if it matches all of those filters. For example, the filtersTitle NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatchmatch a finding that excludes bothCloudFrontandCloudWatchin the title.You can’t have both a
CONTAINSfilter and aNOT_CONTAINSfilter on the same field. Similarly, you can’t provide both anEQUALSfilter and aNOT_EQUALSorPREFIX_NOT_EQUALSfilter on the same field. Combining filters in this way returns an error.CONTAINSfilters can only be used with otherCONTAINSfilters.NOT_CONTAINSfilters can only be used with otherNOT_CONTAINSfilters.You can combine
PREFIXfilters withNOT_EQUALSorPREFIX_NOT_EQUALSfilters for the same field. Security Hub first processes thePREFIXfilters, and then theNOT_EQUALSorPREFIX_NOT_EQUALSfilters.For example, for the following filters, Security Hub first identifies findings that have resource types that start with either
AwsIamorAwsEc2. It then excludes findings that have a resource type ofAwsIamPolicyand findings that have a resource type ofAwsEc2NetworkInterface.ResourceType PREFIX AwsIamResourceType PREFIX AwsEc2ResourceType NOT_EQUALS AwsIamPolicyResourceType NOT_EQUALS AwsEc2NetworkInterface
CONTAINSandNOT_CONTAINSoperators can be used only with automation rules. For more information, see Automation rules in the AWS Security Hub User Guide .
- value
The string filter value.
Filter values are case sensitive. For example, the product name for control-based findings is
Security Hub. If you providesecurity hubas the filter value, there’s no match.
WorkflowUpdateProperty
- class CfnAutomationRule.WorkflowUpdateProperty(*, status)
Bases:
objectUsed to update information about the investigation into the finding.
- Parameters:
status (
str) – The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status toSUPPRESSEDorRESOLVEDdoes not prevent a new finding for the same issue. The allowed values are the following. -NEW- The initial state of a finding, before it is reviewed. Security Hub also resetsWorkFlowStatusfromNOTIFIEDorRESOLVEDtoNEWin the following cases: - The record state changes fromARCHIVEDtoACTIVE. - The compliance status changes fromPASSEDto eitherWARNING,FAILED, orNOT_AVAILABLE. -NOTIFIED- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. -RESOLVED- The finding was reviewed and remediated and is now considered resolved. -SUPPRESSED- Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_securityhub as securityhub workflow_update_property = securityhub.CfnAutomationRule.WorkflowUpdateProperty( status="status" )
Attributes
- status
The status of the investigation into the finding.
The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to
SUPPRESSEDorRESOLVEDdoes not prevent a new finding for the same issue.The allowed values are the following.
NEW- The initial state of a finding, before it is reviewed.
Security Hub also resets
WorkFlowStatusfromNOTIFIEDorRESOLVEDtoNEWin the following cases:The record state changes from
ARCHIVEDtoACTIVE.The compliance status changes from
PASSEDto eitherWARNING,FAILED, orNOT_AVAILABLE.NOTIFIED- Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.RESOLVED- The finding was reviewed and remediated and is now considered resolved.SUPPRESSED- Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.