You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::GuardDuty::Types::CreateFilterRequest

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing CreateFilterRequest as input to an Aws::Client method, you can use a vanilla Hash:

{
  detector_id: "DetectorId", # required
  name: "FilterName", # required
  description: "FilterDescription",
  action: "NOOP", # accepts NOOP, ARCHIVE
  rank: 1,
  finding_criteria: { # required
    criterion: {
      "String" => {
        eq: ["String"],
        neq: ["String"],
        gt: 1,
        gte: 1,
        lt: 1,
        lte: 1,
        equals: ["String"],
        not_equals: ["String"],
        greater_than: 1,
        greater_than_or_equal: 1,
        less_than: 1,
        less_than_or_equal: 1,
      },
    },
  },
  client_token: "ClientToken",
  tags: {
    "TagKey" => "TagValue",
  },
}

Instance Attribute Summary collapse

Instance Attribute Details

#actionString

Specifies the action that is to be applied to the findings that match the filter.

Possible values:

  • NOOP
  • ARCHIVE

Returns:

  • (String)

    Specifies the action that is to be applied to the findings that match the filter.

#client_tokenString

The idempotency token for the create request.

Returns:

  • (String)

    The idempotency token for the create request.

#descriptionString

The description of the filter.

Returns:

  • (String)

    The description of the filter.

#detector_idString

The unique ID of the detector of the GuardDuty account that you want to create a filter for.

Returns:

  • (String)

    The unique ID of the detector of the GuardDuty account that you want to create a filter for.

#finding_criteriaTypes::FindingCriteria

Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

  • accountId

  • region

  • confidence

  • id

  • resource.accessKeyDetails.accessKeyId

  • resource.accessKeyDetails.principalId

  • resource.accessKeyDetails.userName

  • resource.accessKeyDetails.userType

  • resource.instanceDetails.iamInstanceProfile.id

  • resource.instanceDetails.imageId

  • resource.instanceDetails.instanceId

  • resource.instanceDetails.outpostArn

  • resource.instanceDetails.networkInterfaces.ipv6Addresses

  • resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress

  • resource.instanceDetails.networkInterfaces.publicDnsName

  • resource.instanceDetails.networkInterfaces.publicIp

  • resource.instanceDetails.networkInterfaces.securityGroups.groupId

  • resource.instanceDetails.networkInterfaces.securityGroups.groupName

  • resource.instanceDetails.networkInterfaces.subnetId

  • resource.instanceDetails.networkInterfaces.vpcId

  • resource.instanceDetails.tags.key

  • resource.instanceDetails.tags.value

  • resource.resourceType

  • service.action.actionType

  • service.action.awsApiCallAction.api

  • service.action.awsApiCallAction.callerType

  • service.action.awsApiCallAction.remoteIpDetails.city.cityName

  • service.action.awsApiCallAction.remoteIpDetails.country.countryName

  • service.action.awsApiCallAction.remoteIpDetails.ipAddressV4

  • service.action.awsApiCallAction.remoteIpDetails.organization.asn

  • service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg

  • service.action.awsApiCallAction.serviceName

  • service.action.dnsRequestAction.domain

  • service.action.networkConnectionAction.blocked

  • service.action.networkConnectionAction.connectionDirection

  • service.action.networkConnectionAction.localPortDetails.port

  • service.action.networkConnectionAction.protocol

  • service.action.networkConnectionAction.localIpDetails.ipAddressV4

  • service.action.networkConnectionAction.remoteIpDetails.city.cityName

  • service.action.networkConnectionAction.remoteIpDetails.country.countryName

  • service.action.networkConnectionAction.remoteIpDetails.ipAddressV4

  • service.action.networkConnectionAction.remoteIpDetails.organization.asn

  • service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg

  • service.action.networkConnectionAction.remotePortDetails.port

  • service.additionalInfo.threatListName

  • service.archived

    When this attribute is set to TRUE, only archived findings are listed. When it\'s set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

  • service.resourceRole

  • severity

  • type

  • updatedAt

    Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

Returns:

#nameString

The name of the filter.

Returns:

  • (String)

    The name of the filter.

#rankInteger

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

Returns:

  • (Integer)

    Specifies the position of the filter in the list of current filters.

#tagsHash<String,String>

The tags to be added to a new filter resource.

Returns:

  • (Hash<String,String>)

    The tags to be added to a new filter resource.