CfnAutomationRuleProps

class aws_cdk.aws_securityhub.CfnAutomationRuleProps(*, actions, criteria, description, rule_name, rule_order, is_terminal=None, rule_status=None, tags=None)

Bases: object

Properties for defining a CfnAutomationRule.

Parameters:

actions (Union[IResolvable, Sequence[Union[IResolvable, AutomationRulesActionProperty, Dict[str, Any]]]]) – One or more actions to update finding fields if a finding matches the conditions specified in Criteria .
criteria (Union[IResolvable, AutomationRulesFindingFiltersProperty, Dict[str, Any]]) – A set of AWS Security Finding Format (ASFF) finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding.
description (str) – A description of the rule.
rule_name (str) – The name of the rule.
rule_order (Union[int, float]) – An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.
is_terminal (Union[bool, IResolvable, None]) – Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn’t evaluate other rules for the finding. By default, a rule isn’t terminal.
rule_status (Optional[str]) – Whether the rule is active after it is created. If this parameter is equal to ENABLED , Security Hub applies the rule to findings and finding updates after the rule is created.
tags (Optional[Mapping[str, str]]) – User-defined tags associated with an automation rule.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_securityhub as securityhub

cfn_automation_rule_props = securityhub.CfnAutomationRuleProps(
    actions=[securityhub.CfnAutomationRule.AutomationRulesActionProperty(
        finding_fields_update=securityhub.CfnAutomationRule.AutomationRulesFindingFieldsUpdateProperty(
            confidence=123,
            criticality=123,
            note=securityhub.CfnAutomationRule.NoteUpdateProperty(
                text="text",
                updated_by="updatedBy"
            ),
            related_findings=[securityhub.CfnAutomationRule.RelatedFindingProperty(
                id="id",
                product_arn="productArn"
            )],
            severity=securityhub.CfnAutomationRule.SeverityUpdateProperty(
                label="label",
                normalized=123,
                product=123
            ),
            types=["types"],
            user_defined_fields={
                "user_defined_fields_key": "userDefinedFields"
            },
            verification_state="verificationState",
            workflow=securityhub.CfnAutomationRule.WorkflowUpdateProperty(
                status="status"
            )
        ),
        type="type"
    )],
    criteria=securityhub.CfnAutomationRule.AutomationRulesFindingFiltersProperty(
        aws_account_id=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        company_name=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        compliance_associated_standards_id=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        compliance_security_control_id=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        compliance_status=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        confidence=[securityhub.CfnAutomationRule.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        created_at=[securityhub.CfnAutomationRule.DateFilterProperty(
            date_range=securityhub.CfnAutomationRule.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        criticality=[securityhub.CfnAutomationRule.NumberFilterProperty(
            eq=123,
            gte=123,
            lte=123
        )],
        description=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        first_observed_at=[securityhub.CfnAutomationRule.DateFilterProperty(
            date_range=securityhub.CfnAutomationRule.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        generator_id=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        id=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        last_observed_at=[securityhub.CfnAutomationRule.DateFilterProperty(
            date_range=securityhub.CfnAutomationRule.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        note_text=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        note_updated_at=[securityhub.CfnAutomationRule.DateFilterProperty(
            date_range=securityhub.CfnAutomationRule.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        note_updated_by=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        product_arn=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        product_name=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        record_state=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        related_findings_id=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        related_findings_product_arn=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_details_other=[securityhub.CfnAutomationRule.MapFilterProperty(
            comparison="comparison",
            key="key",
            value="value"
        )],
        resource_id=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_partition=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_region=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        resource_tags=[securityhub.CfnAutomationRule.MapFilterProperty(
            comparison="comparison",
            key="key",
            value="value"
        )],
        resource_type=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        severity_label=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        source_url=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        title=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        type=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        updated_at=[securityhub.CfnAutomationRule.DateFilterProperty(
            date_range=securityhub.CfnAutomationRule.DateRangeProperty(
                unit="unit",
                value=123
            ),
            end="end",
            start="start"
        )],
        user_defined_fields=[securityhub.CfnAutomationRule.MapFilterProperty(
            comparison="comparison",
            key="key",
            value="value"
        )],
        verification_state=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )],
        workflow_status=[securityhub.CfnAutomationRule.StringFilterProperty(
            comparison="comparison",
            value="value"
        )]
    ),
    description="description",
    rule_name="ruleName",
    rule_order=123,

    # the properties below are optional
    is_terminal=False,
    rule_status="ruleStatus",
    tags={
        "tags_key": "tags"
    }
)

Attributes

actions

One or more actions to update finding fields if a finding matches the conditions specified in Criteria .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html#cfn-securityhub-automationrule-actions

criteria

A set of AWS Security Finding Format (ASFF) finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the criteria specified in this parameter, Security Hub applies the rule action to the finding.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html#cfn-securityhub-automationrule-criteria

description

A description of the rule.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrule.html#cfn-securityhub-automationrule-description

is_terminal

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria.

This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn’t evaluate other rules for the finding. By default, a rule isn’t terminal.